Do all of your users use VPN whenever they are on a non-campus network? How do I get mine to do this? ;) We barely have luck convincing people to use VPN when they are at McDonalds with no crypto on the wireless connection. With eduroam, their traffic over the air is encrypted, with no action on their part.
Some services are unavailable off-campus, in which case the users would need to use VPN to access that service - whether at McDonalds, or at your institution using eduroam. On Fri, Jul 14, 2017 at 12:30 PM Jeffrey D. Sessler <[email protected]> wrote: > I fundamentally disagree with this. > > > > I’d argue that by using eduroam as your default, users are put at risk > because they no longer have a key determiner for trusting/not trusting the > SSID they’ve connected to. There is no guarantee that eduroam operates the > same at each campus, nor is there any guarantee that the user’s > connection/data is safe when away from your home campus i.e. it’s no > different that Starbucks. > > > > While you can setup eduroam at your home campus to be the same as your > “MyCollege” SSID, can you attest to that when they are at another > participating EDU? You simply can’t, and from the user’s perspective, > they’ve now been lured into trusting eduroam no matter where they go – to > me that’s a bad design. You now have to tell your users two stories i.e. > When on campus trust eduroam, when off campus, best use a VPN or else. > That’s simply poor user implementation since the user will likely forget > the “or else” part. > > > > In keeping eduroam as a “guest” network, you tell users one story. When on > campus, use the “MyCollege” SSID, and when traveling, use eduroam and a VPN > client. The user now has a clear understanding of how to trust eduroam. > > > > Jeff > > > > *From: *"[email protected]" < > [email protected]> on behalf of "Davis, Kevin" < > [email protected]> > *Reply-To: *"[email protected]" < > [email protected]> > *Date: *Friday, July 14, 2017 at 10:15 AM > > > *To: *"[email protected]" < > [email protected]> > *Subject: *Re: [WIRELESS-LAN] eduroam AUP question > > > > With modern network architecture, it’s fairly easy and I would argue a > preferred design to use “eduroam” as the SSID for everything, while on the > back end segmenting your students/faculty/staff to access levels and > experience identical to whatever “MyCollege” SSID you had before. > > > > No impact to them functionally; easy to implement; reduces SSIDs for you; > helps users recognize and trust eduroam when they travel; and their devices > roam automatically in the future. > > > > Kevin > > > > > > > > *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > [email protected]> on behalf of Elizabeth Shannon < > [email protected]> > *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > [email protected]> > *Date: *Friday, July 14, 2017 at 12:54 PM > *To: *"[email protected]" < > [email protected]> > *Subject: *Re: [WIRELESS-LAN] eduroam AUP question > > > > Not that I am disagreeing with Jeff, but is the intent of the eduroam > network simply as a guest network. I see many benefits of eduroam, but I > would like to understand the intent of eduroam, so that our constituents > have a more consistent experience as they utilize eduroam. We have guests > on our campus, but we have no way of easily finding a guest and having a > conversion with them if necessary. With eduroam, I can contact the host > institution and they can decide if they are going to allow their user to > continuing the use of eduroam. If we truly need to speak with the user, > they can facilitate our interaction with the user. Perhaps, I am in the > minority. Thanks. > > > > -- > > Elizabeth Shannon, CIPT > > Kansas State University > > Information Security and Compliance > > 785.532.2540 <(785)%20532-2540> > > > > > > *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > [email protected]> on behalf of "Jeffrey D. Sessler" < > [email protected]> > *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > [email protected]> > *Date: *Friday, July 14, 2017 at 11:29 AM > *To: *"[email protected]" < > [email protected]> > *Subject: *Re: [WIRELESS-LAN] eduroam AUP question > > > > As eduroam is really a guest network, I would never make it the primary > network for my users. Best to treat/deploy it is as a slightly better > version of the WiFi you can get at Starbucks or McDonalds. > > > > Jeff > > > > *From: *"[email protected]" < > [email protected]> on behalf of Michael Davis < > [email protected]> > *Reply-To: *"[email protected]" < > [email protected]> > *Date: *Friday, July 14, 2017 at 8:14 AM > *To: *"[email protected]" < > [email protected]> > *Subject: *Re: [WIRELESS-LAN] eduroam AUP question > > > > Seems to me that it's much easier now to just forget eduroam, remove it > from campus, and go back to our > branded Wifi. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > -- -- Hunter Fuller Network Engineer VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
