Professor Heisenberg arrives at the University of Milan, the first stop on his worldwide speaking tour that includes visits to Hof University in Germany, Instituto Politécnico de Santarém in Portugal, the Russian Academy of Sciences in Moscow, and two universities in Japan, before returning to the US to present at University of Kentucky and his home campus in Albuquerque. As he opens his laptop he realizes he has forgotten to arrange for a local guest Wi-Fi account which he needs to show his demonstration running in the cloud. Yet, when Heisenberg, on a whim, enters his home username and password, the system logs him in! Although he had not been aware of it, UNIMI and in fact all the schools on his itinerary are part of eduroam and he will be able to log onto Wi-Fi at each campus simply by using his home credentials.
Back in 2003, five European institutional members of the National Research and Education Network (NREN) got together to provide a common roaming access throughout their networks. They were soon joined by universities across Europe, later extending to Australia, Canada and, with the help of the National Science Foundation (NSF), the US. The name given to this initiative was eduroam, short for education roaming.
What is eduroam?
Eduroam enables any student or faculty member to log onto Wi-Fi and access the Internet at any participating eduroam site. You simply open your laptop or turn on your mobile device and you are automatically authenticated and securely connected. Depending on local policies at the visited institutions, eduroam participants may also have access to additional resources like printers. Without eduroam, this process can often require local IT to set up a temporary account, give you the login and password, and then delete the temporary account when you leave.
The eduroam technology is based on the 802.1X standard and a hierarchy of Remote Authentication Dial-In User Service (RADIUS) proxy servers. The Extensible Authentication Protocol (EAP) framework protects the user credentials. RADIUS proxying routes the authentication requests to the user’s home institution. End users can then be provided with unfiltered Internet access.
Through eduroam, universities worldwide enable Bring-Your-Own-Device (BYOD) across their campuses, while providing secure network access for both their own domain users and visiting eduroam users by means of a single service set identifier (SSID).
Where is eduroam available?
Universities in over 60 countries participate in eduroam. Here is an interactive map showing all the locations.
How can you bring eduroam to your campus?
Implementation requires a special configuration of RADIUS servers and integration with local network management software. You can get started with eduroam at your site by visiting the How to deploy, promote and support eduroam wiki. The Security Assertion Markup Language (SAML) and the Shibboleth SAML extension are often used to securely integrate with eduroam. Setting up eduroam access can take from several hours to several weeks depending on your level of expertise, especially in regard to RADIUS. For help with RADIUS and Extreme Networks gear, you will find discussions at THE HUB, the Extreme Networks’ online community.
We provide an eduroam configuration guide to help integrate Extreme Networks Mobile IAM (NAC) software into an eduroam solution.