SURFnet Middleware Services

1
SURFnet Middleware Services

• Klaas.Wierenga_at_SURFnet.nl
• SUNET delegation
• 25 May 2004
• Utrecht

2
Content

• Introduction
• Services
• Innovation

3
Introduction

• The department exists since September 2004
• 9 persons
• Responsible for exploitation and innovation (ca.
  50/50) of external and internal services in the
  middleware area and helpdesk coordination
• Cooperation with outlets for scaling up phase
• Cooperation with Network Services and Advanced
  (Application) Services in interdisciplinary
  projects
• Innovation projects concentrating on network or
  application access (and the combination of the
  two) and end2end performance

4
Services

• PKI
• RADIUS
• DNS
• NTP
• Access Networks
• FttD
• ADSL
• GPRS
• WLAN
• Cable
• UMTS
• Operating System Maintenance
• IPv6
• SURFnet CERT

5
Projects

• SURFworks Next Generation (SURF)
• GigaPort Next Generation RoN (Min. Economic
  Affairs)
• Freeband Impulse (Min. Economic Affairs)
• 6net (EU)
• Géant2 JRA5 (EU)
• Focus
• Network Access
• Application Access
• End2end performance

6
EduRoam
Supplicant
RADIUS server Institution B
RADIUS server Institution A
Authenticator (AP or switch)
User DB
User DB
Guest piet_at_institution_b.nl
Internet
Guest VLAN
Employee VLAN
Central RADIUS Proxy server
Student VLAN

• Simple, scalable and robust mechanism for
  forwarding user credentials to the home
  institution based on 802.1X and RADIUS

signalling
data
7
Radius proxy hierarchie
UNI-C
FUNET
DFN
SURFnet
UKERNA
CEZnet
FCCN
CARnet
RADIUS Proxy servers connecting to a European
level RADIUS proxy server
RedIRIS
8
A-Select

• Black Box between application and
  authentication
• Web login system
• One interface to applications
• Various authN methods (AuthSPs)
• Single sign-on
• Various authN levels
• Portable modular (JAVA)
• Basic access control (id, authN-institute-id)
• Basic cross-domain communication
• License free for non-profit world-wide, soon
  open source
• Batteries included (see applications)

9
Supported AuthN-methods

• Authentication-methods/AuthSP

10
A-Select enabled applications
(actual overview http//a-select.surfnet.nl/appli
cations/applications.html)
11
Demo A-Select
12
NREN Detective End User Perspective

• end user targeted network information gathering
  tool
• Simple GUI, targeted at none-technical users
• GUI around standard/common tools like iperf,
  ping, traceroute
• User selectable set of tests out of an available
  set
• Highly configurable localisation of all
  interface/GUI parameters, responses and
  URI/information (currently 4 languages available)
• Background information using (http-based)
  knowledge base
• Secured auto update of features/test-modules
  using signed updates
• Logging for possible remote help/debugging

13
NREN Detective Administrative Perspective

• network operator debugging and/or helpdesk
  support tool
• Web based configuration (servers, tests)
• Services and tests tailored for institute/NREN
• Logging to database with all information
  submitted by user three levels of privacy
  anonymous/basic, anonymous/details,
  username/details
• All test modules scriptable for use in extended
  tests, create own tests with dependencies (if
  then else etcetera)
• Cross-platform client and server (Windows, Linux,
  FreeBSD, Solaris) with client-based (de-)install
  shield
• Open source based on GNU GPL

14
Demo SURFnet-Detective
15
More Information

• SURFnet Services
• http//www.surfnet.nl/en/surfnet-services/
• SURFnet Innovation
• http//www.surfnet.nl/en/surfnet-innovation/
• SURFnet and 802.1X
• http//www.surfnet.nl/innovatie/wlan/
• A-Select
• http//a-select.surfnet.nl/
• NRENdetective
• http//detective.surfnet.nl/