close

eduroam AU Audit Process

CONTACT US

eduroam AU Institutional Audit

It is important for a reliable eduroam AU service that institutions have completed their deployment responsibilities correctly, specifically:

  • the institutional RADIUS Servers are configured correctly
  • the institutional eduroam webpage has required information
  • the institution has capable eduroam support
  • the institution has updated its deployment information in the eduroam AU AdminTool
  • the institution makes CAT scripts available to its users
  • the institution is aware of ancillary services provided by AARNet

eduroam AU Audit Checklist

The eduroam AU audit checklist is available in a separate document, and institutions are encouraged to periodically review and conduct desk audits.

Types of Audit

On-Boarding Final Audit

AARNet will coordinate with the institution to perform the final audit, as some aspects of eduroam functionality can only be confirmed on the institutional campus.

The steps involved in the final audit process for eduroam-AU institutional on-boarding are:

 Ad-Hoc Audit

Institution Initiated

Institutions may ask AARNet to perform an ad-hoc audit to assist in confirming the health of their eduroam deployment. 

AARNet Initiated

AARNet may request to perform an ad-hoc audit’ during institutional operation in eduroam AU.

It is an operational goal of AARNet to ensure that institutions operability remains compliant with policy. If there is any non-compliance observed for example from RADIUS logs, or any report from another institution (or national roaming operator) of an institution’s eduroam national (or global) policy non-compliance, AARNet may request that the institution undertake an ad-hoc audit to gain a complete view of the institution’s compliance rather than just seeking to rectify the specific issue.

eduroam AU Institutional On-Boarding Audit Process

The eduroam AU Audit Process is the final stage of on-boarding for institutions.

Overview

The institutional eduroam deployment audit plan described below is intended to achieve comprehensive best-practices deployment of eduroam.

The goal of auditing is to ensure operability objectives stated below are achieved, with intent of delivering consistently good user experience, and achieving effective and efficient institutional eduroam administration.

Assumptions for Readiness to Audit

Prior to the audit being undertaken, the institution will have

  • Provided the completed application to join eduroam AU to AARNet after being approved to operate in a particular role (IdP+SP, IdP-Only, SP-Only)
  • Published the institutional network Acceptable Use Policy
  • Provided institutional eduroam contacts to AARNet
  • Exchanged test account details with AARNet (for an IdP, institutional test account; for an SP, obtaining an eduroam AU TMS test account)
  • Configured the institutional RADIUS server and collaboratively (with AARNet) tested & confirmed operability of the institutional RADIUS server in each of the roles, using test accounts
  • Arranged required eduroam user activity logging and retention of logs for 3 months. For SPs, including logs generated by network infrastructure, for IdPs, including authenticaiton logs generated by the identity store.
  • Accessed the eduroam AU AdminTool via SAML authentication (potentially involving creation of a SAML account in AAF VHO), and entered all required data into the AdminTool
  • Created the institutional eduroam participation webpage with required content, clearly indicating the operational status of the institution
  • For SPs, broadcast the eduroam SSID at all intended locations and confirmed that the network service intended and described on the eduroam webpage is available to eduroam users
  • Been included in AARNet’s institutional eduroam usage metrics, with access enabled and tested to the institutional metrics pages
  • Established an eduroam support capability
  • Moved the status of the institution to Pre-Production in AdminTool, and confirming data uploaded to the Global Database (from which Configuration Assistant Tool (CAT) is populated)
  • For IdPs, accessed the CAT, configured an IdP Profile for each of the institution’s realms, and tested the generated CAT scripts.

Conduct of Audits

Timing of Audit

AARNet will coordinate with institutions the appropriate timing of the final audit.

The time required for AARNet to undertake the final audit will be approximately 1day.

Audit items

AARNet will conduct the audit based on the published audit checklists.

Institutions are encouraged to perform a self-audit prior to AARNet performing the audit.

Follow-Up from Audit

Non-Compliance Observed

Any non-compliance items will be informed to the institution, and the institution requested to resolve those issues and confirm with AARNet when resolved.

AARNet will determine which aspects of the audit process to repeat in the follow-up audit step.

Confirmation of Successful Audit Outcome

Following successful completion of the final audit, AARNet will update the institutional status in AdminTool to “production”, at which time the institutional data will be provided to the Global Database.