Differences

This shows you the differences between two versions of the page.

--- jisc:fourth_nrps [2018/05/17 08:36] – [Requirements] admin
+++ jisc:fourth_nrps [2018/07/10 07:25] (current) – [Home (fully boarded) sites:] admin
@@ Line 3: / Line 3: @@
 ======Fourth NRPS - Go-Live 9am on 10th July 2018======
 ====Summary====
-In an effort to provide better resilience Jisc are adding a fourth RADIUS server to act as a National RADIUS Proxy Server (NRPS). This will be located at our Leeds data centre along side the third NRPS. In event of a data centre failure there will be at least two NRPS still available.
+In an effort to provide better resilience Jisc are adding a fourth RADIUS server to act as a National RADIUS Proxy Server (NRPS). This will be located at our Leeds data centre along side the third NRPS. In event of a data centre failure there will be at least two NRPS still available, which is still resilient because only one NRPS is required to handle to load.
 [{{:jisc:fourthnrps.png?400|New Topology. Green lines indicate new relationships}}]
-====Requirements====
+==== Home (fully boarded) sites:====
+===Requirements===
-Home (fully boarded) sites:
 Each of the NRPS is entirely independent and each has all sites configured as clients and proxies. If a NRPS was missing the configuration for a site then it would not be able to proxy authentication requests from, or to, that site.
@@ Line 13: / Line 12: @@
 **Note: Only RADIUS servers (RRPS if you're a Federations, ORPS is connecting individually) directly connected to Jisc are affected by this change.**
+===Plan===
-Visited Only sites:
+It is expected that the connected sites add their new configuration on, or before the Go-Live date. Depending on the site, their software and their policy each site will decide whether to configure the new NRPS in advance of the date or on the date i.e. if it's not feasible to add the configuration in such a way that it's resident but inactive then configuring on the day is the alternative.
+===Method====
-Because Visited Only sites are only sending authentication requests to the NRPS there is no need to have your configuration in place before or on the Go-Live date. Any time after that would be acceptable.
-====Plan====
-It is expected that the connected sites add th new configuration on, or before the Go-Live date. Depending on the site, their software and their policy each site will decide whether to configure the new NRPS in advance of the date or on the date i.e. if it's not feasible to add the configuration in such a way that it's resident but inactive then configuring on the day is the alternative.
-====Method====
 Jisc will communicate with each connected site (RFO or individually connected organisation) and supply them with the appropriate details (additional shared secrets and the address of the fourth NRPS) to be added to their RRPS or ORPS.
 Sites can then choose to
@@ Line 27: / Line 22: @@
 b) to wait until the Go-Live date and time and do it then.
-The Fourth NRPS will be live for the duration so that sites can test their configuration, set up any monitoring etc. but, and this point can not be over-stressed, any live authentication requests to that NRPS before the Go-Live date are likely to return a Reject, rendering the user unable to connect.
+The Fourth NRPS will be live for the duration so that sites can test their configuration, set up any monitoring etc. but, and this point can not be over-stressed, **any live authentication requests to that NRPS before the Go-Live date are likely to return a Reject**, rendering the user unable to connect.
+Testing of your local accounts can be done through [[https://utilities.govroam.uk/cgi-bin/radius_test.pl|RADIUS EAP Tester]]
+==== Visited Only sites:====
+Because Visited Only sites are only sending authentication requests to the NRPS you should wait until after the Go-Live date, when all the receiving (Home) sites are live, before applying your new configuration.
+====Questions?====
+Please contact <govroam@jisc.ac.uk> if you have any questions.