Brief technical description

Govroam = Public Services Roaming

Govroam  provides easy Internet access for visiting users from other public sector organisations, without the need to individually register or reconfigure your device when you arrive at the visited site.

Following on from eduroam’s worldwide success in delivering savings and efficiencies in education collaboration, govroam replicates this proven design pattern. The new service is available to all Public Sector organisations.

Participation means that an employee with either a laptop, mobile and/or tablet when visiting another affiliated organisation, will be able to connect to the internet seamlessly, by authenticating using their own home organisation credentials.  This single login will allow you to connect wherever there is a govroam network available, and once the profile is installed on your device, this connection will happen automatically.

All you need is a RADIUS server, a repository fo idnetities and a network to share.

Fig. 1: The building blocks required for govroam

Govroam uses robust end-to-end encryption (AES as part of 802.1X tunneling) so that your private user credentials are only available to your home organisation for authentication, and never exposed over the air or accessible by the visited site’s infrastructure – even fake networks set up with the aim of stealing your credentials can’t gain access to them through govroam.

If you already have the basics required (see fig. 1), all you need to do is create the govroam SSID on your WLAN and configure your RADIUS server to proxy any non-local authentication requests received against that SSID up the hierarchy of RADIUS servers that make up the govroam fabric. One of those servers will recognise the domain that the request is coming from and ensure the proxied request is forwarded to its home site for authentication. Fig. 2 sketches the service in action.

Hierarchical RADIUS servers in a trust relationship that allows proxying permit users to roam and their authentication requests to be routed back to their home organisation.

Fig. 2: the govroam infrastructure

Print Friendly

Leave a Reply

The following information is needed for us to identify you and display your comment. We’ll use it, as described in our standard privacy notice, to provide the service you’ve requested, as well as to identify problems or ways to make the service better. We’ll keep the information until we are told that you no longer want us to hold it.
Your email address will not be published. Required fields are marked *