About JRS - How JRS Works | Participating Organisations Map |
Documentation | Technology/FAQs | Technical Support | How to Join
The JANET Roaming service (JRS) now comprises 76 actively participating organisations offering service at locations across the whole of the UK. It provides the solution for JANET sites wanting to provide visitor access logon without IT Support workload and for visitors to JANET sites wanting quick and simple authenticated secure access to full network services - home networks, Internet and permitted areas of host site network.
JANET Roaming enables network logon anywhere using own username and password regardless of location (in supported areas or from designated guest terminals at JRS participating organisations).
| 
|  |
| 
|  |
- Inter-NREN Roaming Infrastructure & Service Support Cookbook (pdf)
Produced and published by GEANT2
- Roaming - what does it really mean and how can you use it?Proceedings of the one day event held at Trinity House 15/11/20006
Recommended reading:
- JANET Roaming Deployment Guide 
(pdf)
- A Case Study in Complying with the JRS Technical
Specification at Bristol University (pdf)
- JRS Management Briefing and Business Case (pdf)
- JRS User Guide (Word)
- JRS Technical Specification (Word)
For further documents see Documentation page
Customer reviews:
- www.ja.net/review/html/reviews.php?x=3&pn=JANET%20Roaming
19/10/2007:
Web redirect - JRS Tier1
At present, JANET Roaming permits two types of network access technology: the simple to use, yet inherently insecure, web redirect; and IEEE 802.1x, widely acknowledged as the current best practice secure solution but requiring a software ‘supplicant’ to run on all connected nodes. IEEE 802.1x has recently been mandated by eduroam as the only technology that should be used by members of the eduroam federation. JANET(UK) has however asserted that web redirect will be permitted within JANET Roaming until October 2008.
Update on the 802.1x GUI supplicant development
Development of the OpenSEA 802.1x supplicant is well underway with a number of development releases having been made already. Progress can be followed on the DOT1X jiscmail list.
The motivation for this programme is the so-called ‘supplicant problem’ resulting from the fact that the Microsoft Windows XP and Vista 802.1x client (or “supplicant”) has some significant limitations which are impeding adoption of 802.1x within the community both in the context of the JRS and network admission applications in general.
To address this problem, JANET(UK) joined the OpenSEA Alliance (Open Secure Edge Access) as a contributory board member (see press release). The Alliance was formed specifically to develop, promote and distribute an open source 802.1x supplicant based upon the existing Xsupplicant, a cross-platform open-source 802.1x client originally developed within the University of Maryland.
To ensure the software meets the requirements of organisations within the education sector, JANET(UK) issued a call for participation to the JANET community. Organisations were invited to participate in testing, fault reporting and bug fixing and producing documentation. The closing date for the call was 20th July 2007. Development of the supplicant is progressing rapidly with a number of development releases having been made already. To be kept up to date with this project, please subscribe to the project mailing list.
Presentation - Update on OpenSEA 802.1x Supplicant Development Oct 2007 (pdf)
15/05/2007:
JANET(UK) will be collaborating on a new initiative to deliver an open-source IEEE 802.1x supplicant. The initiative builds on JANET(UK)'s technology partnership with the OpenSEA Alliance, recently formed by leading networking and security companies including Extreme Networks, Identity Engines, Infoblox, Symantec Corporation, TippingPoint, and Trapeze Networks. For details, please see the full press release:
http://www.webarchive.ja.net/latest/news/documents/OpenSEAFinalUK_000.doc
This initiative follows the debate that took place at Networkshop34. The bof session at Networkshop34 proved to be very popular - JANET(UK) has been considering an open source approach to resolving the problem which relates particularly to the lack of a comprehensive supplicant for Windows operating systems.
For those who did not attend, the three options were: to develop wpa_supplicant, enhance secureW2, or go with an Open Source option with the OpenSEA foundation formed by a US company, idEngines, who are porting the xsupplicant code base to a Windows platform. At present the latter is the best of the three options and we are awaiting feedback from Andy Pearce the chief architect for idEngines who attended the bof session. A demo release should be available by May/June time.
There was also a call for volunteers to trial the supplicant once this is available in the beta phase. Presently, Loughborough and Bristol have shown interest. Interst from further organisations wishing to participate is welcomed, please contact the JRS service manager jrs@ja.net.
All the development requests for the GUI have been recorded and will be considered.Up to date info on the progress and development of the GUI will be available through the DOT1X jiscmail list and any input is greatly valued. For further information see: www.ja.net/development/aa/802.1x
General enquires about the service - features and benefits, service details; please contact JANET Service Desk e-mail:service@ja.net or e-mail the service manager directly:jrs@ja.net
The Solution
regardless of location
As demand for visitor network access at JANET connected organisations has increased and will continue to do so, the need has grown for an infrastructure to reduce the administrative burden faced by local IT staff in setting up guest accounts and to provide hassle free guest access for visitors. The solution is the JANET Roaming Service which provides this facility and which will in turn help effective collaboration on research and academic projects.
Why authenticate guest users onto the network
http://www.webarchive.ja.net/services/publications/factsheets/041-user-authentication.pdf
JANET Roaming Service (JRS) has developed from Location Independent Networking (LIN) which is a concept that provides an infrastructure for guest users to use their own home network registered user credentials eg. username@foo.ac.uk and home password to gain authenticated independent network access at visited JANET connected organisations, without any administrative burden or added complexities - both for the user and the local IT staff. The guest user can then use whatever remote access facilities are provided by their own organisation and whatever facilities are offered by the visited organisation.
The difference between JANET Roaming and Shibboleth
JANET Roaming and Shibboleth are complementary technologies that provide solutions to two different objectives. Roaming provides network access via single username and password. Once network access has been achieved, Shibboleth provides controlled access to restricted online resources (such as journals and media content) through a central authentication and authorisation infrastructure.
The service is free at the point of use; participating organisations have to provide and set up a RADIUS server which references the JRS National RADIUS Proxy Server network.Visitor user setup involves a one-off configuration of their laptop and input of host network SSID in order to achieve independent JANET network access from the visited organisation and (depending upon home network remote access systems) access to their home networks. All this is achieved without any administrative burden or added complexities for either the guest user or the local host network IT staff, once the system has been implemented.
JANET Roaming is available for any JANET customer organisation and their registered users - universities and colleges as well as research organisations and other academic bodies. The organisations which will benefit the most are those with a large base of users who roam to other academic locations or those organisations which are frequently engaged in providing guest network access to large numbers of visitors. The range of organisations to which the service can be provided is not technically limited to academia/research and may be extended in the future.
JANET Roaming is part of the eduroam federation (www.eduroam.org) in which the UK, 22 other European countries, Australia and Taiwan have collaborated to provide international RADIUS proxy authentication facilities.
UK organisations currently participating in the extended trial:
Use browser backspace to return to this page
JRS Management Briefing and Business Case (pdf) - an overview of the JANET Roaming Service for IT managers at JANET connected organisations together with the business case for implementation..
To underpin the service and to support organisations joining and participating in the scheme, a comprehensive, fully resourced support structure has been put in place which provides:
Promotional material is available to help with the following:
Organisation Apply to Join JRS
For further information see:
Network Development Location Independent Networking
Announcements and general JRS discussion e-mail list
How do individuals get to use JRS
Registered network logon account users at participating organisations should visit the JRS service web pages at their home organisation - which can be found by hovering over the city blobs on the Participating Organisations Map. Users should also consult their home IT Support dept. for one-off setup of their laptops prior to travelling to Visited sites supporting the JANET Roaming service. They will also be able to learn what facilities at the Home Organisation site are offered for remote access from Visited Organisations, (eg. e-mail, VPN). Using JRS more..
Any problems, comments or suggestions regarding this page, please e-mail the JRS service manager jrs@ja.net
