Govroam = Public Services Roaming

Govroam  provides easy Internet access for visiting users from other public sector organisations, without the need to individually register or reconfigure your device when you arrive at the visited site.

Following on from eduroam’s worldwide success in delivering savings and efficiencies in education collaboration, govroam replicates this proven design pattern. The new service is available to all Public Sector organisations.

Participation means that an employee with either a laptop, mobile and/or tablet when visiting another affiliated organisation, will be able to connect to the internet seamlessly, by authenticating using their own home organisation credentials.  This single login will allow you to connect wherever there is a govroam network available, and once the profile is installed on your device, this connection will happen automatically.

Fig. 1: The building blocks required for govroam

Govroam uses robust end-to-end encryption (AES as part of 802.1X tunneling) so that your private user credentials are only available to your home organisation for authentication, and never exposed over the air or accessible by the visited site’s infrastructure – even fake networks set up with the aim of stealing your credentials can’t gain access to them through govroam.

If you already have the basics required (see fig. 1), all you need to do is create the govroam SSID on your WLAN and configure your RADIUS server to proxy any non-local authentication requests received against that SSID up the hierarchy of RADIUS servers that make up the govroam fabric. One of those servers will recognise the domain that the request is coming from and ensure the proxied request is forwarded to its home site for authentication. Fig. 2 sketches the service in action.

Fig. 2: the govroam infrastructure