Estimated reading time: 10 minutes
By Saira Hasnain – Associate Vice President & Deputy CIO, University of Florida
FROM THE DESK OF THE eAC
Note from the eAC Chair: This article is the first of a series from members of the eduroam-US Advisory Committee (eAC). The eAC discusses a wide range of topics within the wireless and mobility space, and many of these don’t have clear answers, but pathways we need to explore or an uncertain future, which will require community input to chart our path forward. This series, “From the Desk of the eAC,” highlights current topics within the wireless and mobility space to share the current thoughts from eAC on a particular subject or to encourage community discussion and input. Thank you for reading, and we look forward to continuing to share these topics with the InCommon community.
—Brett Bieber, University of Nebraska and eAC Chair
Introduction: Options for Offering Dependable Wireless Access and Enhancing Connectivity
Universities and colleges are increasingly looking for flexible and budget friendly solutions to offer dependable wireless access throughout expansive campuses especially in older structures and spots with weak external cellular and wireless signals. Distributed antenna systems (DAS), eduroam, and OpenRoaming are all avenues for providing seamless wireless connectivity, yet differ in their approach, target audience, scope, and security components. Colleges and universities can pursue any one of these three viable options. There are benefits and challenges with each of the approaches. This article provides a primer on how to use cellular off-loading to enhance the connectivity experience of customers in places with poor cellular coverage on college and university campuses. It covers the mechanics, benefits, and challenges involved in these approaches.
Definition Primer: Understanding DAS, eduroam, and OpenRoaming
Let’s begin by establishing common definitions for these approaches.
Distributed antenna systems (DAS) consist of strategically, spatially separated antenna nodes within a geographic area or structure connected to a common source designed to bolster existing cellular or wireless networks. Primarily, they make up a physical infrastructure designed to enhance cellular and radio frequency (RF) signal strength in dead zones. DAS were implemented in the early days of wireless communication. The concept of DAS transformed itself through the decades from a large macro tower that covers a broad area with repeaters and amplifies and re-transmits a signal. This methodology was ineffective for hard-to-reach spaces inside buildings, such as underground basement offices and classrooms, areas with dense user activity, or complex architectural structures. To overcome these constraints, DAS has evolved its architecture.
In the current architecture, the signal is split across multiple antennas that communicate with a central hub, which then communicates with the main cell tower or base station. This architecture is scalable and ensures better performance. The DAS journey through the years has gone from passive analog systems to active digital systems, supporting the demand of high-speed data services and the proliferation of smartphones. With the advancement in cellular technologies from 3G to 5G, DAS has adapted to support the new standards across multiple carriers and frequencies. Traditionally, DAS solutions were considered for large spaces like stadiums and airports. As demand for seamless connectivity grew, the use of DAS expanded to campuses and buildings across various industry verticals. The quality of service is based on the spectrum version of the DAS head end and the antennas. Upgrades to the latest spectrum are managed by the DAS equipment owner.
eduroam is a secure global Wi-Fi roaming service designed for the academic community that stands for education roaming. The academic community includes faculty, staff, students, and researchers from participating institutions. eduroam originated from the Dutch higher education RoamNode. With the support of GEANT (the European research network), it expanded into Europe and then to hundreds of locations across all the continents. The technical basis of eduroam is founded on IEEE 802.1X and the RADIUS/Hierarchical RADIUS protocol. eduroam security has evolved over time using WPA2 wireless security and underlying security improvements to the RADIUS protocol. eduroam scalability depends upon regional federations established to manage participation, and user authentication is handled locally.
Once an institution enables eduroam at its location, any user whose devices are configured for eduroam can connect to the internet at any eduroam enabled participant location. eduroam provides end-end encrypted connections for authentication and then wireless encryption from the user to the access point. The credentials are managed by the user’s home institution. The quality of service is usually consistent across all eduroam hotspots and managed by the owning institution. Large public research universities often have strong research networks supporting their installations. eduroam accessibility has evolved beyond university campuses. It is found in public places like libraries, museums, public transport, and airports where institutions of higher education have pushed for seamless wireless access for their community members beyond campus boundaries.
OpenRoaming is a connectivity framework and like eduroam deals exclusively with Wi-Fi connectivity. However, it is different from eduroam in certain aspects. OpenRoaming identity providers go beyond the scope of the research and education community and allow users to automatically roam across public and private Wi-Fi networks without the need to authenticate to their parent institutions. The identity providers in this space include a wide variety of wireless, cellular, cloud service providers, and device manufacturers. Credentials are not limited to your home institution and can vary from mobile phone numbers to social logins. From a purely technical lens, OpenRoaming facilitates the seamless transition between cellular and Wi-Fi networks using established protocols like Hotspot 2.0, also known as HS2 and W-Fi Certified Passpoint.
This standard aims to streamline network access in Wi-Fi hotspots and to enable seamless roaming for cellular consumers across Wi-Fi networks. Cisco and Aruba (HPE) technology is commonly used in universities and colleges for wireless connectivity, and both vendors support and implement HS2 and Passpoint in their products. The success of OpenRoaming depends on more identity and Wi-Fi access providers joining the OpenRoaming federation. The power of OpenRoaming integrating with 5G can offer improved connectivity experiences for users. The Wireless Broadband Alliance provides a forum for providers and vendors and work together to enhance interoperability standards.
Discussion: Offloading Cellular Traffic through OpenRoaming Solutions
In the past couple of decades, cellular providers like AT&T, Verizon and T-Mobile made strategic DAS investments at various universities. These include both indoor and outdoor installations. Such installations came at a cost of millions of dollars. There are different models where either universities fund a vendor neutral DAS themselves and allow the provider to ride the setup for a cost or no cost, or one of the providers makes the investment and then hopes that the other providers will join its setup and share in the cost. This type of setup requires various considerations of space available at the campus and the ability to provide right of access for installation and creative camouflaging so that the façade of the institutions can hide the large antennas from becoming an eye sore.
With the sprawl of Wi-Fi networks on campus, the desire to offload cellular traffic onto the wireless network has taken root. There are two apparent drivers behind this desire. From the providers perspective, it offloads congestion from their cell towers onto the universities wireless network and gets them access to the universities infrastructure without having to make the massive DAS and cellular network investment. From the university’s perspective, they do not have to give special space to the providers if the provider is willing to foot the bill for the DAS or invest themselves in buying the equipment for a vendor neutral DAS. Both roads lead to the goal of improved user experience for faculty, staff, students, visitors, and guests who are in weak signal spots on campus.
As noted, in the primer DAS works at the physical layer. OpenRoaming works at the network layer and enables users to switch between different Wi-Fi networks without changing their IP address or losing their connection. DAS focuses on ensuring users receive stronger and more consistent wireless signals from the same network. OpenRoaming ensures that the session continues without a disconnect as a user moves from location to location while maintaining the quality of the connection. In the OpenRoaming scenario, when an OpenRoaming hotspot is available, the device automatically detects, authenticates, and switches from cellular to Wi-Fi for data transmission and session continuity. For the end user, this results in a perceived improved cellular connectivity experience, reduces data consumption on the cellular plan, and preserves mobile device battery life.
As universities and colleges consider OpenRoaming solutions to offload cellular traffic in areas with weak cellular signals, one of the biggest challenges they will encounter is device and provider compatibility. OpenRoaming expects the device to automatically discover and authenticate. Devices are not created as vendor agnostic. There is no unified vendor agnostic federated authentication service or identity provider in the space. If a university or college sets up HS2/Passpoint infrastructure, it must negotiate with the cellular provider to consider its hot spots as trusted hot spots for the provider. This is a tenuous long journey and not precisely scalable across the wide variety of mobile devices that can appear on campus as well as service providers in the region.
University of Florida is an example where a provider entered into the agreement to invest in both indoor (27) and outdoor (10) vendor neutral DAS across the campus and strengthen cell coverage in hard-to-reach areas. Other vendors agreed to join this vendor neutral DAS in certain specific locations. This arrangement has been in place for a decade. The university also has an arrangement where a provider offloads cellular traffic to the university’s Wi-Fi environment at a specific location. This setup has been in place for approximately five years. The setup for offloading cellular over Wi-Fi is specific to the provider, and the provider’s secret SSID on its customer mobile devices trusts the universities’ access points as their hotspot when faculty, staff, students, visitors, and guests are present in specific locations. In both situations, the university has been able to provide an improved connectivity experience for its users while realizing cost savings and revenue recovery as part of the contract terms with the providers.
Conclusion: What’s Needed for OpenRoaming to Succeed?
Whenever evaluating these options, we consider how scalability, security, costs, device, and standard turnover will impact the choices that we make. As colleges and universities vary in size, so do their budgets and their leverage with services providers. Institutions, like the University of Florida, that are among the larger business entities in a college town can take advantage of their size to push providers to make investments in their institutions. Not all colleges and universities hold the size and volume advantage over providers. For OpenRoaming to succeed, we need an entity to champion the idea of vendor agnostic discovery and authentication services across major device manufacturers and wireless service providers. The OpenRoaming federation, through WBA, envisions being such an entity. It is unclear if the providers are totally on board with participating in the WBA federation, which leaves institutions with the option of trying to connect directly with carriers using Passpoint. DAS is a straightforward proposition. The carriers carry the cost of deployment. With Passpoint the university or college ends up doing the bulk of the work and investment. How do we attain balance between providing a great wireless user connectivity experience and subsidizing the carriers? Does the answer lie in the combined power of the Internet2 community playing a role in this arena?
About the eduroam-US Advisory Committee
To facilitate stronger and more responsive engagement with the eduroam community, Internet2 sought out knowledgeable, motivated volunteers to form the eduroam Advisory Committee. The eduroam-US Advisory Committee (“eAC”) is intended to be an advisory body to the Internet2 Community Architecture Committee for Trust and Identity (CACTI). Its role is to help formulate strategies and practices for US and global research and education roaming networks, report any findings, and make recommendations to CACTI and Internet2. The eAC meets regularly as well as creating working groups as needed. You can view the committee’s charter, learn more about its mission, and view publicly available meeting minutes on its wiki page.