JRS Home | About JRS - How JRS Works | Participating Organisations Map |
Documentation | Technology/FAQs | Technical Support | How to Join
On this page:
The JANET Roaming Service has developed from the Location Independent Networking (LIN) trial managed by JANET(UK)'s Network Development Location Independent Networking programme. It is now in full service and is open to new participants wishing to join the scheme.
JANET Roaming is part of the eduroam federation (www.eduroam.org) in which the UK, 22 other European countries, Australia and Taiwan have collaborated to provide international RADIUS proxy authentication facilities.
http://www.terena.nl/activities/tf-mobility/deliverables/delD/DelD_v1.2-f.pdf
Web Redirect
http://www.terena.nl/activities/tf-mobility/deliverables/delF/DelF-f.pdf
The JANET Roaming Service (JRS) allows visitors from any participating organisation to use credentials provided by their Home organisation to gain network access at a Visited organisation. The JRS facilitates a range of network access scenarios, ranging from casual visits and meetings to large conferences and classroom sharing. This document provides an overview of the most important participation requirements.
A participating organisation may act as either a Home organisation or as a Visited organisation or both, at their discretion.
Each participant must deploy an ORPS. The ORPS is a RADIUS server that provides the interface between participants' RADIUS systems and the National RADIUS proxy servers (NRPS) operated by JANET(UK). Two or more ORPS may be deployed to improve service resilience.
Home organisations must deploy a RADIUS server to authenticate their own users using PAP and any suitable EAP method (such as TLS, TTLS or PEAP). The RADIUS authentication server may also act as the ORPS.
The JRS specifies three service tiers: JRS1, JRS2 and JRS3. Participants that choose to be a Visited organisations must implement one of these tiers, at their discretion. The differences between the tiers are shown in Table 1 below.
| Service tier |
Authentication method |
NAT |
IPv6 |
WEP |
WPA |
WPA2 |
SSIDs |
|---|---|---|---|---|---|---|---|
JRS1 |
Web redirect |
May |
May |
Not applicable |
eduroam |
||
JRS2 |
IEEE 802.1x |
May |
May |
Must (either WEP or WPA) |
May |
eduroam or eduroam-wep |
|
JRS3 |
IEEE 802.1x |
Must not |
Must |
Must not |
May |
Must |
eduroam |
Table 1 - Tier requirements for Visited organisations
Visited organisations must permit egress and established forwarding of the protocols listed in Table 2 below.
| Description |
Protocols |
Description |
Protocols |
Description |
Protocols |
|---|---|---|---|---|---|
IPv6 tunnel broker |
UDP/3653 & TCP/3653 |
HTTPS |
TCP/443 |
POP3S |
TCP/993 |
IPSec NAT traversal |
UDP/4500 |
LDAP |
TCP/389 |
Passive (S)FTP |
TCP/21 |
Cisco IPSec NAT traversal |
TCP/10000 |
IMSP |
TCP/406 |
SMTPS |
TCP/465 |
PPTP |
IP 47 & TCP/1723 |
IMAP4 |
TCP/143 |
Submit |
TCP/587 |
OpenVPN |
TCP/5000 |
IMAP3 |
TCP/220 |
RDP |
TCP/3389 |
SSH |
TCP/22 |
IMAPS |
TCP/993 |
VNC |
TCP/5000 |
HTTP |
TCP/80 |
POP |
TCP/110 |
Citrix |
TCP/1495 |
Table 2 - Minimum requirements for egress and established forwarding of protocols
JRS can be used from users' own laptops over wireless networks or via hardwired desktop PCs and MACs (for example in IT suites or libraries) that have been suitably configured. JRS can be used at Visited organisations and in many cases at Home organisations too.
End-users at customer organisations which have deployed JANET Roaming should consult their IT Support dept. for one-off setup of their laptops prior to travelling to Visited sites providing the JANET Roaming service. They will also be able to learn what facilities at the Home Organisation site are offered for remote access from Visited Organisations, (eg. e-mail, VPN). This information should be available on the JRS pages of the Home Organisation web site, which can be found on the Participating Organisations Map by hovering over your city blob.
Users MUST also check the Participating Organisations Map to check that their laptop setup is compatible with the authentication method offered by the Visited Organisation and to learn the SSID which they must input into their laptop.
Once at Visited JRS sites, end-users will be able to log on to the guest network by using their unique credentials (the same for all sites they might visit) - these are their own home organisation username and the organisation realm name in the form: username@foo.ac.uk. (Nb. this is NOT necessarily the user's e-mail address). Users will be able to do this at JRS enabled hotspots at the Visited sites, which should be marked "JANET Roaming", "JRS" or "eduroam".
Users experiencing any technical problems with the Roaming service or with remote access facilities provided by their Home Organisation, should in the first instance consult their Home Organisation IT Support dept.
Also see JANET Roaming Service User Guide and JANET Roaming Service Connection Guide.
Follow link for a step-by-step guide to implementing JANET Roaming - Implementing JANET Roaming Roadmap.
For further historical information about JRS and LIN see:
Network Development Location Independent Networking
Any problems, comments or suggestions regarding this page, please e-mail the JRS service manager jrs@ja.net
