The following are the activities required of an institution to join eduroam AU:
An initial request for information, and expression of interest in participating in eduroam AU, should be sent to email@example.com.
An AARNet Service Desk ticket will be created, and a Service Desk staff member will confirm customer status, eligibility of the institution seeking participation in the identified role.
AARNet will evaluate and confirm the eduroam participation pre-requisites with the institution prior to providing standard information on joining eduroam AU. Those pre-requisites are:
For an IdP:
For an SP:
Following AARNet’s investigation and any further clarifications regarding eligibility, AARNet will send the institution the standard information package for institutional on-boarding.
Generic templates of the standard information packages are available for each participation role (IdP+SP, SP-only, IdP-only).
Attachments to those information packs include:
The institution will be invited to submit the eduroam AU application form appropriate to the role sought (IdP+SP, IdP-only, SP-only).
The standard information package provides a link to the appropriate eduroam AU Application Form.
The eduroam AU Application Form ensures the required information is conveyed and made available to eduroam AU administrators.
Preparation of the Application Form will required gaining an understanding of implications of authentication protocol (for IdPs) and network service (for SPs) choices.
The institution will be invited to discuss items required in the application form with AARNet eduroam specialists.
The Application Form should be exported as an MS Word document, and required fields completed, and returned to AARNet via email to firstname.lastname@example.org. A separate ticket will be created which will be used for information exchange during operational deployment.
Based on information provided in the application form, AARNet will add basic institutional data to the eduroam AU AdminTool. The institutional eduroam admin will be invited to commence maintaining institutional data in the AdminTool.
Following the review of the institution’s application form, an invitation will be extended to the institution to commence deployment and undertake all activities required in readiness for eduroam operability.
For SP’s establish the required network infrastructure and configuration of the IEEE 802.1X “eduroam” network.
Deploy RADIUS Server(s) to perform proxying of visitor authentication requests (SP role) to, and receive authentication requests for local users from, the eduroam AU National RADIUS Servers. AARNet will configure National RADIUS Servers accordingly, and perform collaborative testing to ensure institutional networking and RADIUS infrastructure is operating correctly.
During on-boarding, prior to the final audit stage, institutions should create an initial draft of the institution’s eduroam participation webpage, with operability status clearly indicated as “staging”.
Deploy institutional infrastructure, create website, and build support capability, as described in the eduroam AU Technical Specification.
The final audit will be undertaken collaboratively by AARNet and the institution.
AARNet will provide an audit report, and advise success or otherwise.
If not successful, the institution will be provided with a list of issues to be resolved prior to the audit being undertaken again.
At the appropriate stage of Final Audit, the institutional status will be changed to “Pre-Production”, which will trigger readiness to upload institutional data to the Global Database for the purpose of populating the eduroam Configuration Assistant Tool (CAT).
For IdP participants, following invitation from AARNet, institutional admins are required to access and complete data entry into the CAT, and access and test scripts generated for end-user device configuration.
Following passing the final audit, AARNet will update the AdminTool status for the institution to “Production”.
The deployment data for the institution will be uploaded to the Global Database, and the institution will appear on maps generated both by the eduroam AU AdminTool, and Global Maps.
Institutional information will be available to NRO’s globally via the Global Database web interface.
AARNet will make an announcement to the eduroam AU institutional community regarding a new participant via the eduroam AU administrator mail-list.
When an institution has moved to full-production participation, it is appropriate to advise students and staff accordingly.
Any restrictions on the use of eduroam should be conveyed.
The realm(s) to be used should be described, with an explanation that the eduroam username contains the realm part to enable global roaming via remote authentication, with AARNet providing national and global infrastructure to route authentication requests.
It is recommended that an invitation to use eduroam, with a link to the institution’s eduroam service webpage, be sent to all users at the institution.
This information should be marked with appropriate priority in an email sent from institutional IT management.