Introduction

What is eduroam?

eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community.  eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.

How does it work?

eduroam is a worldwide federation of RADIUS servers that facilitates network access for roaming academic affiliates using IEEE 802.1x as the vehicle. eduroam's use of 802.1x in concert with RADIUS means the network is built around well understood, established, and easy to manage standards which are often already deployed within the network infrastructure of educational institutions.

Routing Diagram

User credentials are not revealed to the institution at which an eduroamer joins, but instead are only revealed to their home institution, providing an extra measure of comfort for visiting users.  The eduroam network thusly also provides a simple and automatic guest provisioning system.  Instead of providing a separate visitor network with the added administrative overhead of maintaining user lists, potentially with manual expiration dates, a participating institution may rely on a visitor's home institution to authenticate them for the duration of their stay.

Today's common operating systems including Microsoft Windows (XP and beyond), Apple OSX, many smartphone OSs, and most current Linux distributions are all shipped with 802.1x supplicants, making joining eduroam simple for users, and simple to support for educational institutions.  For those without built-in supplicants there are alternative tools including Open1x, SecureW2, and tools being developed by the OpenSEA Alliance.

What does eduroam do for you?  What do you do for eduroam?

With hundreds of thousands of wireless access-points sharing a common SSID, eduroam acts as one large, world-wide, wireless hotspot.

Eduroam facilitates travelers from academic institutions by allowing them to gain network access with minimal configuration and no need for the visited institution to grant them the access explicitly.  This benefits visiting faculty, academics traveling for conferences and collaborative work, study abroad students, visitors attending NCAA activities, and even regional academic exchange.

By joining eduroam you extend the network to visitors at your institution without adding any additional maintenance responsibilities to your IT staff.  Moreover, by extending the network, you help to guarantee access to your own students and faculty while they are abroad.

How can the eduroam-US team help you?

Planning and implementing an eduroam deployment:  The eduroam-US team can help determine your institution's requirements for an eduroam deployment.  Moreover, we can provide you with sample configurations for common RADIUS servers, if you plan on running your own, and help you integrate that RADIUS server with your institution's directory-service and the eduroam confederation as a whole.

Support for your institution's eduroam deployment and a supported top-level infrastructure: After eduroam is deployed at a given institution, we can provide support in the event of any incidents or interruptions of service.  As the service matures the eduroam-US team intends to develop monitoring and support tools to aid eduroam administrators in analyzing the performance and stability of the network as a whole.  These tools will be available to the community as a whole and made open-source in an effort to allow community contribution and enhancement to adapt to the needs of the users.

In the future: eduroam-US would like to provide value-added services to institutions without the resources or expertise to do so for themselves, such as provide RADIUS integration with existing directory services.

How does my institution join eduroam?

  1. Contact eduroam-US team
    • Visit the eduroam-US website and submit the peering form
    • Contact eduroam-US support at support [at] anyroam [dot] net
  2. The eduroam-US team will verify the identity of requester.
  3. Exchange Credentials
    • Since RADIUS is based around a shared-secret infrastructure for integrity, it is required that a secret is conveyed between the RADIUS administrators at eduroam-US and a peering institution.  At this time we prefer to exchange the shared secret via GPG/PGP over email, or failing that, a phone or Skype call.
    • In the near future, we plan to develop online tools for infrastructure management, allowing eduroam-US institutions to change RADIUS information (IP-addresses of servers, RADIUS secrets, etc.) online with no oversight from the eduroam-US team.
  4. Implement necessary RADIUS infrastructure to peer with the eduroam-US top-level, which in turn peers with the international community.  One peering relationship means full membership within the confederation.
  5. Deploy eduroam SSID on your campus with WPA2 and 802.1x configured to authenticate against the deployed RADIUS server.
  6. Test with the help of the eduroam-US team.

For more information please see our FAQ.