issue 16 JANET news October 2011

1

JANET pushes the boundaries with 100Gbit/s network for UK research and education www.ja.net

Changes to Interception Law page 18 JANET(UK) recognised for Training Excellence page 27 JANET News 16 | October 2011 welcome Contents Editorial

NEWS Supporting eduroam deployment 3 Harnessing JANET JANET pushes the boundaries with 100Gbit/s 4 for business network for UK research and education

Cost savings & enhanced security as the JANET 6 JANET’s proud boast is Certificate Service develops its services to serve the research and JANET(UK) welcomes review 8 education community in the Clouds on the horizon 10 United Kingdom. Instinctively COMMUNITY one might not think of JANET Outstanding for students 12 as serving businesses – but Customer Engagement profile: 14 that is exactly what it does. Robert Prabucki, Customer Engagement Manager Any organisation in our community today must for Eastern & East Midlands run itself as a business; therefore, to serve your FEATURES organisation, that is how JANET must regard you. JANET resilience across the north-south divide 16 Changes to Interception Law 18 At the same time, of course, you are not simply a 2 business: you are probably an organisation with Profile: Paul Harness, Director of IT Services, 20 University of Manchester sector-specific requirements that commercial TECHNICAL suppliers can’t match, simply because they are commercial and you are not. DNSSec – a .uk first for JANET and cam.ac.uk 23 Advanced Persistent Threats 24 Some examples of how JANET can help. Starting RADSEC & IF-MAP: double the solution 26 in this issue, JANET News will feature a series of SERVICES interviews that share the expertise and experience JANET(UK) recognised for Training Excellence 27 of key figures in our industry: people who are all too eduroam on the phone 28 accustomed to treating their academic departments JANET and Skype 29 as businesses. This issue also gives the latest news A week in the life of eduroam 29 from JANET Brokerage, a service set up to serve the Instant collaboration for JANET users 30 community by aggregating JANET’s expertise and EVENTS buying power to help businesses make the most Forthcoming events 31 of the cloud. A fast and secure internet connection Networkshop present and future 32 is the least JANET could bring you. Its value lies in TRAINING what else it delivers to your organisation. Commercial Forthcoming JANET Training courses 34 suppliers alone cannot effectively serve a community EXTERNAL NEWS 36 & 39 as diverse as ours. It is when they work with JANET that together we can serve a small community TELL US WHAT YOU THINK college and a research organisation sharing terabytes Questionnaire 37 & 38 of data, at the same time and with no knock-on PUBLICATIONS effect for its other users. To harness the power of Recent publications 40 JANET, simply join us, look around, and be amazed.

JANET News 16 | October 2011 news Supporting eduroam deployment

Over the summer the consultancy Mutually convenient days for the requirements of the eduroam service that supports eduroam work are agreed, usually preceded Technical Specification and deployment has been in great by remote analysis of existing conformed to best current demand. This is a reliable service confi guration and a written report practice, particularly with regard to for on-site problem solving, of fi ndings, recommendations the effi ciency and effectiveness of post-deployment auditing and and work carried out is usually their RADIUS server confi guration. quality assurance work, eduroam requested to conclude the job. installation and setup or on-site The full story is available on the training. This is very useful in One project undertaken in July OUCS Network Team blog: situations where an organisation‘s was for the University of Oxford. http://blogs.oucs.ox.ac. IT Support staff do not have the The University already had a uk/networks/2011/09/01/ time or expert knowledge to working eduroam service that maintenance-work-on-eduroam/ effectively and effi ciently carry out had been extensive deployed the work. throughout the University More information on consultancy departments, local hospitals services supporting eduroam is Engaging with the service is simple: and local authority locations in available at: the scope of the work and number and around Oxford. However http://www.ja.net/services/ of days required are agreed and a the Oxford University Computing authentication-and-authorisation/ 3 simple purchase order mechanism Service wanted assurance that janet-roaming/enquiries. is used to purchase the service. the deployment met all html#eduroam_consultancy

Christ Church College, Oxford University

JANET News 16 | October 2011 news JANET pushes the boundaries with 100Gbit/s network for UK research and education

4

UK research and education benefi t is vital that the technical infrastructure greatest scientifi c endeavours and from a network running at an enables rather than restricts new and this latest advance ensures that the outstanding 100Gbit/s – that is, innovative ways of responding to the UK can collaborate and compete over 16,000 times the size of the challenges ahead. The international with the best there is. However, it average home broadband. With reputation of British education and is not just high-end research that its ultra fast 100Gbit/s network research is fundamental to the future benefi ts. The JANET user base capability, JANET continues to lead economic recovery and prosperity is vast: every user ranging from a the way for research and education of the country and, in a global primary school student learning networks worldwide. marketplace, it can only achieve about the Victorians, through this with the right tools. The JANET to a postgrad researching their As UK education and research is network is designed to handle vast dissertation benefi ts from a single being asked to do more with less, it quantities of data from the world’s unifying network.

JANET News 16 | October 2011 news

The JANET network is designed to handle vast quantities of data from the world’s greatest scientifi c endeavours and this latest advance ensures that the UK can collaborate and compete with the best there is.

5

Bandwidth demand doubles every education, and to embrace The upgrade has been performed 18 months, and the upgrade is modern technologies in delivering with a 100Gbit/s router-to-router the latest stage of the consistent a distinctive student experience. connection, in contrast to the evolution of the network in line I welcome the development of more usual 100G optical with the growth plan drawn up in JANET’s higher capability network deployment with a 10x10Gbit/s 2006. It is also the best strategic to support and enable the presentation at the router. The and economic response to ever- ever-increasing expectations of use of 100Gbit/s router-to-router increasing user need, as more and students and researchers technology uses advanced more organisations move towards throughout UK education.” encoding techniques that makes cloud services and outsourcing more effi cient use of the underlying of suppliers and as research Jeremy Sharp, Head, Strategic fi bre to provide better capacity projects generate ever-larger Technologies at JANET(UK) scaling capability. amounts of data. commented: “This technical advance is the latest example JANET(UK) will continue to work “A resilient and robust data network of JANET(UK)’s commitment to with its established industry is vital to research-led universities ensuring that UK research and partners: Verizon and Ciena on the like Cardiff,” says Martyn Harrow, education is underpinned by transmission technology involved Director of Cardiff University’s a ‘world-class’ infrastructure. in the upgrade; and Juniper Information Services Directorate. At a time when research and Networks, which is providing “The data network enables the education is being asked to do high-performance, scalable core university to respond to the more with less it is vital that we routing capability at the heart of increasingly ambitious (and data- identify and implement appropriate the JANET infrastructure with heavy) requirements of researchers, technologies that deliver real the Juniper Networks® T Series to provide world-competitive benefits to our customers.” Core Router.

JANET News 16 | October 2011 news

Cost savings & enhanced security as££’s the JANET Certificate Service develops its services 6

The benefi ts of the JANET of providing JANET certifi cates The JANET Certificate Service Certifi cate Service now extend and processing the orders are remains hugely successful, having to customers in local and unitary absorbed by JANET at no cost to issued over 14,000 certificates – authorities. The new offering the organisation. an increase of over 5,000 since enables these authorities to the start of the year – to over request certifi cates on behalf of JANET(UK) has also acted quickly 500 organisations. Very positive schools under their authority. One to help customers implement feedback from users suggests of the participants in a successful additional security procedures, that this rate of take-up is pilot of the new offering, following a recent security alert expected to continue as more Staffordshire County Council relating to certifi cates. The most organisations begin to use this estimates it will make savings signifi cant impact of the new free service. of almost £50,000 by obtaining security measures is that all server certifi cates on behalf of applications for certifi cates are As well as cost savings, security schools under their authority over now subject to additional checks. is improved and good user the next three years. The savings However, a certifi cate only takes a practice is encouraged, as there come from the fact that the costs matter of hours to be issued. is no bypassing browser security

JANET News 16 | October 2011 news messages; relationships The difference for schools It also provides the user with some between the local authority, While local authorities often assurance of the authenticity of the RBC and schools are improved manage web servers on behalf web site they are visiting. The service and the authority has a better of schools, they cannot directly has been available to universities and knowledge of the certificates acquire server certificates for colleges since late 2009. currently being used within its domains owned by the school. area of control. Dave Ernest, The enhanced system now By acting as a certifi cate Registration Business Strategy Manager allows a local authority to request Authority, JANET(UK) is able to take of Staffordshire Learning certificates on behalf of schools advantage of economies of scale, Technologies backs the service: under their authority. Simply by passing signifi cant savings on to “We started using the JANET sending an email through the JANET customers. Certificate Service last year and I system to a member of the school would recommend it to any local management – who signs up to the Eligibility authority. The online portal makes Terms and Conditions, permission As well as educational for easy management with the can be granted for the local organisations, any Local or advantage that they are authority to obtain the certificate Unitary Authorities connected to completely free of charge.” on their behalf. At this point, the National Education Network the certificate signing request is in England (either directly or via a To use the service, a local validated and forwarded to the Regional Broadband Consortium); authority must first register at Certifi cate Authority for processing. or to the Scottish Schools Digital www.ja.net/jcs. Registering is Network in Scotland; or to the 7 a manual but swift process, after A server certifi cate is used to Lifelong Learning Network in which the procedure for requesting enhance the confi dentiality of Wales; or to Classroom 2000 in a certificate through the portal sensitive data such as passwords Northern Ireland are eligible to is automated. being entered into a web browser. join the service.

Certifi cate types

SSL certifi cate The basic certifi cate offered by the JANET Certifi cate Service: safeguards confi dential data but cannot be used for fi nancial transactions at present.

Multi-domain SSL certifi cate Consolidates the SSL management process and maintains SSL encryption for all of your domains.

Wildcard certifi cate Supports the deployment of EZProxy servers, a type of server commonly used to give users access from outside their computer network to restricted- access websites that authenticate users by IP address. A saving of over £1,500 per certifi cate.

Unifi ed Communications Designed for securing multiple unique domains, for use with Microsoft (UC) certifi cate Exchange 2007 and 2010, or Offi ce Communications Server, where both external and internal domains are required.

Extended Validation (EV) This certifi cate can be used for all fi nancial transactions. They are available SSL certifi cate at a cost of $150, a signifi cant saving over the normal price.

JANET News 16 | October 2011 news

JANET(UK) welcomes review

8

This new report will give JANET(UK) a fresh opportunity to demonstrate the network’s ongoing value to research and education through both its technical expertise and role of trusted partner to the community.

JANET News 16 | October 2011 news

JANET(UK) has welcomed a new by JISC, meriting 43.5% of its core across research, higher education, review that will ensure JANET funding, it is therefore appropriate further education and schools/local continues to meet the current that a review is now conducted. authorities, as well as stakeholder and future network-related groups.1 Wilson’s report did indicate needs of its users. This new The review will build on earlier that in the future there could be report will give JANET(UK) a work undertaken by PWC in a shift in the balance of network fresh opportunity to demonstrate 2009, which evaluated customer funding from the centre to the the network’s ongoing value to perception of JANET’s service institution, however, JANET(UK) research and education through provision. Customers recognised maintains that it is important to both its technical expertise and the signifi cant added value that preserve the concept of universality, role of trusted partner to the JANET delivers against commercial ensuring that all institutions are able community. providers: the provision of a to access the network, regardless world-class network dedicated of geographical location. The new review, which is one of to powering UK research and three commissioned by JISC, is an education; a bespoke sector- As organisations increasingly come outcome of Sir Alan Wilson’s earlier focused provision model; cost under pressure to differentiate review of JISC on behalf of HEFCE. savings through economies of themselves in a nationally and The review will be conducted by scale; a trusted partnership; and a internationally competitive Capita. Sir Alan’s report recognised community that is underpinned by a environment, the need for a reliable JANET as ‘a major source of not-for-profi t company dedicated to robust research and education competitive advantage to the UK,’ meeting their needs. network is vital; and as institutions 9 receiving ‘universal praise, both face the fi nancial and business nationally and internationally’. Despite the potential changes pressures of the current economic Recommendations from the Wilson with JISC activities continue to model, the ability to adopt new report focussed on reshaping JISC procure the new JANET backbone network-enabled technologies such to provide a simpler governance upgrade, due in 2013. Requirement as cloud computing is imperative. model and enhance its focus on gathering activities for this have The JANET network and the new sector priorities. As JANET is the already taken place during 2010 brokerage service will underpin this largest of the 60 services funded to establish future network needs opportunity in our community.

As organisations increasingly come under pressure to differentiate themselves in a nationally and internationally competitive environment, the need for a reliable robust research and education network is vital.

1 An outline of and report on the requirements gathering process is provided at www.ja.net./six.

JANET News 16 | October 2011 news Clouds on the horizon

10

The JANET Brokerage is helping to address the big questions associated with the adoption of cloud services. They are currently procuring storage and investigating the sector’s uptake of cloud based email systems.

JANET News 16 | October 2011 news

To ease the process of moving Recent discussions to off-campus data centres with potential suppliers and cloud services, JANET are helping the JANET has a new brokerage team Brokerage identify data in place, devoted to working centres and providers with education and research that could meet the institutions to meet their varying needs of specific requirements. the community.

The recent survey to assess The Brokerage is chief information officers’ current helping to address the appetite for virtualised computing questions and issues shows that 64% of respondents associated with the are considering cloud services, and adoption of cloud many are taking the first steps by services. The team are co-locating data centres. particularly interested in reviewing cloud JANET Brokerage is currently based corporate email working with a major London systems. While cloud university to investigate the ability student email is widely used, to store and manage data off site. corporate email is less so due These initiatives will assist in the to issues with data governance, surrounding the adoption of creation of supplier frameworks, management and functionality. In this service and provide 11 which can be used within the the next few weeks, the Brokerage reference material, which will sector for co-location facility will be producing a white paper, aid the decision making process procurement. which will investigate the issues for institutions, and inform discussions with suppliers. The Brokerage team: Ged Powell, Brokerage Manager (lower left), Shan Rahulan, Technical Lead (lower right); Alex Gibson, Project Manager (upper left); Olivia Bucknall, Communications Officer (upper right); and Amy Campbell, Team Administrator (middle). Both the requirements and the technology offerings are constantly changing. The Brokerage team welcome any feedback on specific issues you are facing as part of ongoing requirements analysis and ensuring work is focused on actual needs and services.

To find out more about the progress of the cloud and data centre work, follow the Brokerage team on Twitter @JANET_Cloud

If you would like an informal chat about how the Brokerage could help you move to a co-located data centre or the cloud, please contact the team by emailing [email protected] or calling 01235 822337.

JANET News 16 | October 2011 community

The students of Lincoln College celebrating their ‘Outstanding’ grade

12 Outstanding for students

IT staff who may feel undervalued Grade 1 under the new Ofsted curriculum and how many learners within their organisation can take inspection framework. will benefi t from the investment. heart from the experience of Capital bids are ranked based on Lincoln College, a large FE college Targeted investment for learners these criteria and the rankings based in the East Midlands with A part of the Ofsted inspection reviewed with the curriculum a Primary connection to JANET process was to look at the IT areas. Budgets are then allocated through EMMAN. The college resources, processes and support to the unit. was recently awarded a grade 1 – provided for learners, which were ‘Outstanding’ from Ofsted, due in regarded as better than outstanding Allocation of capital across sites is large part to the IT resources and and refl ect the value placed on IT proportionate to the learner numbers processes that are in place. services by learners, staff and the at those sites, with a strong emphasis organisation. The IT department at on deployment of IT to ensure that To put this into context, there at the college, were able to provide all students receive a consistent are 300+ FE colleges in England positive evidence of the relationship experience regardless of location and only two general and further between investing in IT resources through provision of fast networking education category colleges were and learners’ achievements and and centralised servers. The IT Capital awarded a grade 1 for the 2009/10 retention, and are justifi ably proud of Budget for 2010/11 is £450,000. period. (Source: Ofsted annual the team’s achievements. Requests for IT expenditure are report.) Lincoln College is offi cially done online and part of that process the largest ‘Outstanding’ general IT Services works with the school requires a response to identify how and further education college directors to ensure that bids for many learners will receive improved currently in England and one of ILT capital are evaluated based on services because of the expenditure. only fi ve awarded the overall whether they are essential to the Rob Prabucki, JANET’s Customer

JANET News 16 | October 2011 community

The college also makes use of The IT Services’ vision is for the unit to maintain many in-house technologies such as the PCShutdown software, and develop the provision of industry-standard which turns computers off at night, computing to students by leveraging current and saving £40k per year. emerging technologies, whilst always maintaining Operating on three main sites a student focus. in Lincoln, Gainsborough and Newark, Lincoln College has over 2,500 computers for learners; 92% Engagement Manager for the East effi ciency and value for money by of learners use a computer to help Midlands, comments, “I’ve not exploiting new models in cloud them learn; 89% can access a come across anything quite so computing. The college makes computer when they need to; 79% rigorous and learner centred.” use of the Moodle Virtual of classrooms have an interactive Learning Environment, which whiteboard and 100% have Bringing the cloud in-house takes advantage of cloud hosting. projection facilities; and the ratio The IT Services’ vision is for the There are a minimum set of of computers to learners is 1:2.7. unit to maintain and develop the requirements for each course The students of Lincoln College celebrating their ‘Outstanding’ grade Students receive a printing quota provision of industry-standard across the college in terms of for over 650 pages of printed computing to students by VLE standards and content, and output as well as 10GB for e-mails leveraging current and emerging students currently access VLE and 25GB of cloud-based fi le 13 technologies, whilst always course content over 18,000 storage which may be accessed maintaining a student focus. The IT times a week. The IT department remotely or at college. department also wants to position provides Moodle training, Lincoln College (www.lincoln.ac.uk) the information technology so that delivering over 220 hours of training IT Services can deliver ongoing last academic year.

Historic Lincoln

JANET News 16 | October 2011 community Customer Engagement profi le: Robert Prabucki, Customer Engagement Manager for Eastern & East Midlands

How long have you worked for a generalised composite picture. • at JANET Lumen House for a JANET(UK) and what were you The common thread throughout all number of meetings with the rest doing before? of my work has several strands – of the customer engagement I’ve worked for JANET(UK) for supporting and working with JANET team or service delivery teams nearly ten years, initially as an customers; working with the internal • meeting with senior IT managers FE Account Manager when the JANET teams to make sure that from individual HE and FE company was known as UKERNA. we deliver excellence and engaging organisations to discuss their I was one of two Account Managers with the many educational partners current and future requirements with responsibility for FE Colleges and agencies across HE, FE, Local and ensure that they are kept up in England and my role evolved Authorities and the cultural sectors. to date on JANET services and into introducing the Adult Learning I’m home-based in the East Midlands developments Sector to JANET, which led me but I typically spend three or more • attending relevant regional 14 into working with many of the days in the region, meeting with events looking at IT and local authorities. customers and potential customers. specifi cally networking Typical activities in a week may be: • attending JISC RSC regional Before JANET, I worked in the FE sector, progressing from lecturer to Head of IT Department in several colleges in the East Midlands. I managed the IT infrastructure and support teams as well as the IT One of the great

and business computing curriculum aspects of working areas. Previously, I worked in for JANET is the

manufacturing as works manager “ for a furniture company, systems ever changing development and operations variety of work, management in the aircraft industry, “ and also started up a computer and hence a typical reseller and software development week could only company in the late ’70s. ever be a generalised How would you describe a typical composite picture. week? One of the great aspects of working for JANET is the ever changing variety of work, and hence a typical week could only ever be

JANET News 16 | October 2011 community

technical meetings with FE IT across to Milton Keynes and to spread best practice across Managers then northwards along the M1. the communities and regions, to • meeting with IT staff at Like other regions the variety ensure that everyone is able to organisations such as the of customer organisations take advantage of the technologies Imperial War Museum or British ranges from large Russell group and services being deployed on Library to ensure they are kept universities to the small adult JANET. That means continuing to up-to-date and dealing with community learning organisation. be aware of how the community queries All these organsations are facing is developing and implementing significant challenges due to technologies. The new JANET Brokerage is attracting signifi cant

The Imperial War Museum interest and I think will continue to present some interesting means of deployment, enabling organisations to better reach out to their learners, wherever they are. One key aspect of customer engagement is to raise awareness of the possibilities for using such technologies and that will continue to be both a challenge and an opportunity to help customers to offer great learning or research to their students.

15 I’d expect a much richer and more comprehensive set of online learning, support and self-managed services to become available. Online, on-demand briefi ngs will • representing JANET(UK) at LSIS the current financial situation. It become more common, given Excellence Gateway strategy is important that JANET(UK) is the pressure on travel, time board meetings aware of the regional requirements • meeting with the regional specific to networking so that it is The British Library Association of Colleges Director able to deliver new services to the • attending conferences as a customers when they are required. delegate or staffi ng a JANET(UK) stand How would you like to see your • preparing presentations and region develop? Where do you see it regular update reports being in fi ve years time? • responding to customers’ I’ve been surprised by the queries passed on by the JANET regional variances in approach Service Desk and the differences in each of • calculating indicative quotes for the communities that connect to planning purposes. JANET. I can envisage a much greater blurring of the boundaries What are the particular challenges or between the different communities opportunities of your region? on JANET, brought about by a The Eastern and East Midlands number of factors in the education area is bounded by a line that environment, not least the current and costs. Going forward, I’m stretches from just south of and no doubt future pressures hoping to get involved and to see Manchester to the Humber, on institutional funding. It will be increased customer input to both down to the Thames estuary ever more important to be able development and self support. JANET News 16 | October 2011 feature JANET resilience across the north-south divide

The JANET core has Points of two PoPs in London, Telehouse spreading the load on the network. Presence all around the country, and Telecity. London was the only Meanwhile, JANET is in the process two of which are in London. option for global connectivity: fi bres of connecting with another PoP at What would be the effect on entered the country from the south IX Leeds. As Rob Evans, Senior network traffic if, say, a power or the west but still did not split Technical Specialist at JANET(UK), brownout hit all of the capital?

From a purely JANET point of The work is being balanced by an increased number view the answer is: very little. The of domestic peerings, both public through the LINX network is already designed with and private: when we see traffic into a particular a great deal of redundancy and traffi c would reroute around the network rise above a threshold, we consider affected area. However, JANET additional connectivity. users don’t just stick to JANET: global connections let users roam 16 to the rest of the world through the until they reached a London PoP. explains, “Increasing the diversity Internet. In the event of a London JANET’s global transit is bought from of JANET’s connections outside brownout, what would happen to global providers, with JANET paying London has two benefi ts for our that connectivity? for capacity by the megabit/month customers. Firstly it increases our to have its packets on their network, reliability for all, but secondly, not A few years ago the answer would and costings for global transit via having to move all traffi c through indeed have been that JANET users alternative locations (such as Leeds or London enables more local and would be cut off from the rest of Manchester) were expensive because responsive delivery of content for the Internet. Thankfully, and without the fi bres still had to go all the way to JANET’s users further north in the downplaying the gravity of such a London and back. country.” hypothetical situation, with recent developments that is no longer This is no longer the case. Last Comparing the network schematics the case. year JANET obtained some space over the last two years (Fig 1 and in the Telecity PoP in Manchester 2) shows how much work has been For many years, JANET’s global with fi bres going directly to that done to increase resilience and transit was only available through location, avoiding London and capacity all round.

JANET News 16 | October 2011 feature

The 40G connections between London to 80G. The 10G links by an increased number of Telehouse, Telecity, Reading and that link Glasgow with Warrington domestic peerings, both public London have been increased to and Leeds have been increased to through the LINX and private: 100G (see separate story). The 40G 20G and the 20G links connecting when JANET’s monitoring cards freed up by this have been Manchester with Leeds and process picks up an increase in used to brace this up by increasing Warrington to 40G. above a threshold, they consider the 40G connections between additional connectivity. Last Reading, Warrington, Leeds and The work is being balanced year there was a total of 163G to peerings; this is now 193G and we expect it to be 261G Glasgow Fig. 1 next year. Most significant here are a 10G link to NTL and 20G Telecity - Manchester to Akamai in Manchester. A 20G connection to Google in Warrington Leeds Manchester has been arranged Telecity Telehouse as capacity in the Manchester PoP is built up. Other upgrades are being planned subject to confirmation, though bandwidth Reading London to GEANT will certainly rise from 10G to 20G. 17 Bristol

10G It is not just fear of a London brownout that prompted this JANET 2010 work. The enforced London- 20G centricity of recent years has always been at odds with the network’s vision and policy. JANET is a national resource and growing more connectivity from Glasgow Fig. 2 a north of the UK perspective Telecity - Manchester reduces pressure on the north- south parts of central core, meaning that traffic is no longer Warrington Leeds sucked down to London. The Telecity Telehouse JANET network already covers the entire country and is mission critical to millions of users. Reading London Spreading the base of its external connectivity and undertaking work Bristol to meet the need that we know 10G will arise, from simple historical trends, simply underscores what 20G we have always done. When the JANET 2011 100G need is there, JANET will have been first to meet it.

JANET News 16 | October 2011 feature

Changes to

18 Interception Law

You think one of your users may that results in the content of a specifi ed circumstances. Those most be misusing the network, but communication on a network being likely to be relevant to JANET and what exactly can you do about made available to someone other its customers are: that interception it? Are you allowed to check their than the sender or intended recipient. by, or on behalf of, a person entitled emails without their knowledge? Interception can clearly be a serious to control a network may be lawful Could you end up being sued or invasion of privacy; however it is if either: (a) it is done for a purpose prosecuted for trying to sort out a also sometimes essential to keep connected with the operation of that problem? What are your rights and networks and services running. network; or (b) it is done to detect or obligations as a network manager investigate use of the network that if you have cause to believe UK law on interception is contained is unauthorised or otherwise against something is amiss and need to in the Regulation of Investigatory policy. Thus the law does allow, for gather evidence? Powers Act 2000 (RIPA), which example, mis-directed e-mails to be starts by saying that interception read and re-directed by an authorised Interception law covers any activity is unlawful, except in a number of postmaster and the content of

JANET News 16 | October 2011 feature network traffi c to be scanned for e-mail that had been read was not. according to the Human Rights viruses or inappropriate content. In However it has now been pointed out Act 1998 – in particular not each case, however, the process for by the Director of Public Prosecutions interfering with the privacy of any doing so must be designed so as to and others, in the context of voicemail communication unless it is necessary minimise the invasion of privacy. boxes, that section 2(7) of RIPA clarifi es and proportionate to do so – access that ‘transmission’ lasts as long as to all mail folders should already be Two recent changes in this area the communication is held on the carefully controlled. However this mean that it is worth reviewing any communications equipment in a way new interpretation may mean that activities likely to involve interception “that enables the intended recipient to the grounds for accessing all mail to check that they are authorised ... have access to it”. Thus it seems folders should also be checked and conducted in accordance with that the distinction between read and against RIPA’s reasons that legitimise the law. unread mail may not be relevant and interception. that all messages still in the inbox The fi rst change is a clarifi cation should be regarded as ‘in transmission’ The second change is that while of when the law applies. Section for interception purposes. RIPA requires that an interception 2(2) of RIPA says that interception be intentional for it to be of a communication takes place This defi nition should actually be unlawful, the new Regulation of “while [it is] being transmitted”. simpler to apply, particularly where Investigatory Powers (Monetary Before and after ‘transmission’, modern mail systems allow users Penalty Notices and Consents for other laws (notably Article 8 of the to mark messages as ‘read’ or Interceptions) Regulations will also European Convention on Human ‘unread’ irrespective of whether they make unintentional interceptions Rights, which demands a respect have actually seen the contents. unlawful. The power to impose 19 for privacy of communications) This does raise the question of the monetary penalties for unintentional take over. The question of when status of received messages held interceptions applies only to public ‘transmission’ stops arose during in other folders on a central mail networks (therefore not to JANET debate of the original Bill and was store: irrespective of the technical and most of its customers’ networks) answered for the Government by implementation, the user may and the interpretation of what Lord Bassam: that transmission of perceive them all as being stored would constitute an unintentional interception remains unclear. However the change suggests that Interception law covers any activity that results JANET customer organisations should ensure that their procedures in the content of a communication on a network for authorising and performing being made available to someone other than the interceptions include any actions that might reveal the content of sender or intended recipient. communications as well as those that are intended to do so. a letter ends when it lands on the remotely on the transmission Further updates on developments doormat. It is not completely obvious equipment – and therefore still ‘in in interception law, as well as how this translates to e-mails, but transmission’. Perhaps only those information about JANET(UK)’s it has generally been considered folders that are stored locally on the other activities in the regulatory that an unread e-mail in someone’s user’s own computer have actually area, will appear on the Regulatory inbox was still in transmission (and ceased being in transmission. Since Developments blog at webmedia. therefore that examining it did public education organisations company.ja.net/edlabblogs/ constitute interception) whereas an are generally required to behave regulatory-developments/.

JANET News 16 | October 2011 feature

Paul Harness is currently Director of IT Department at The University of sets out a very ambitious vision – to be in IT Services at one of the UK’s leading Manchester and we began putting all the top 25 in the world by 2015. IT plays research universities, which has the systems back together again. an enabling role in delivering this vision. four faculties, 22 academic schools The results of the agenda can be seen and hundreds of specialist research You’ve been forced to react a lot to with Manchester moving steadily up groups pioneering multidisciplinary events around you. Have you been able the Shanghai Jiao Tong league table of teaching and research. to develop a vision for the future at all? research universities: 78th in 2004, The University, which is one of the 44th in 2010.The 2015 plan has some His post was formed when two largest in the UK, operates in a specifi c objectives, one of which was of Britain’s top universities – the Victoria University of Manchester and devolved, federated way. I’ve been around gaining fi ve Nobel Laureates or UMIST – merged in 2004 into Britain’s striving to get a more joined-up their equivalent. 21 We are now ninth largest single-site university. What approach for IT within that federated in Europe and fi fth in the UK, trying to prepared him for a position like this? structure. We’ve set out an IT Strategic break the golden triangle of Oxford- Plan which supports the University’s Cambridge-London. I did a PhD at UMIST in Electrical strategic plan, ‘‘Towards Manchester Engineering, then some post-doc in 2015’’. It’s an overarching plan for the Physics at Glasgow: fi nite element whole University and it has the support calculations on a computer. I gradually of all key stakeholders. By taking a became the research group’s IT guy; a strategic approach, we are job came up at UMIST in IT transforming the way we deliver 20 applications support and I never IT services. looked back! My academic colleagues thought I was crazy. Bringing the two universities together created a new entity The Victoria University of Manchester greater than the sum of its and UMIST were then separate parts. It was a very complex universities but academic IT was exercise and almost a shared service between them. overnight there was a step- Ironically, my fi rst managerial job as change in expectations. The Head of Systems and Networking University’s Advancing the was to set up UMIST infrastructure Manchester 2015 Agenda following an agreement to end the shared service. Meanwhile the then Director was leading a big systems replacement programme. When he left I became Acting Director of IT on a steep learning curve of how to Paul run business systems. Hence, over a relatively short career I gained very Harness broad experience of IT that is very Director of IT diffi cult to gain nowadays. Services, I was Director of Information University Systems at UMIST, when UMIST and Manchester merged. The Director of of Manchester IT Services post was created for the JANET News 16 | October 2011 feature

Our big coup this year was winning two Nobel prizes in Physics for the The University discovery of Graphene. of Manchester Goals Is there a balance to be struck 1. Continually modernised IT facilities: to provide up-to-date in the move towards shared IT Strategic Plan general purpose IT facilities, services and collaboration on which meet the aspirations of the one hand, with the need to Strategic principles • Customer-focused: to focus on our University. keep research confi dential, the customer’s needs rather 2. Consolidated infrastructure: on the other? than on the system to provide effi cient, effective and In some areas, yes. Some areas of • One IT Services: to embrace environmentally sustainable research are traditionally very an integrated, shared IT infrastructure, including an open in sharing data, for example service approach, providing end overall reduction of the physicists using data from the users with seamless provision University’s IT carbon footprint LHC. At the other extreme there of IT services across the whole by 11% (December 2013). is much more concern about data University. 3. Highly effective information confi dentiality: for example, clinical • Green: to adopt principles systems: to provide highly trials with restrictions on how we of environmental sustainability effective integrated information manage the data, or commercial throughout all our IT activities. systems which meet the needs concerns. There is defi nitely worry • Simplify: to reduce complexity of our students, academics and among some senior researchers and duplication throughout all support staff. here about putting their research 21 our activities. 4. A professional IT data into the cloud because of • Cost effective: to consider the organisation: to deliver legislation like the US Patriot Act. total cost of ownership when IT services in a professional and making strategic decisions. customer-focused manner. Our approach to the cloud has been risk based. We put undergraduate and taught-postgraduate email in the cloud on Microsoft Live, while for staff and research-postgraduates it’s kept in-house. There is a huge Manchester’s fi ve Strategies research profi le around a number amount of hype about the cloud but for Research, Advancing the of world-leading concentrations of while there are outstanding security Manchester 2015 Agenda research excellence. concerns, take-up will not be as 3. To broaden the range of research extensive as it could and should be. 1. To value research virtuosity for its funding sources, especially by own sake, placing the very placing greater emphasis on We host our learning system online highest value on outstanding European funding and funding from with Blackboard in Amsterdam, for research performance and industry sources. reasons of agility. We wanted to outstanding researchers irrespective 4. To ensure that translational research rapidly accelerate our e-learning of the discipline in which they are is given parity of esteem with basic activities: by running it in the cloud located or the scale of the research of the highest international we could get things running and off standing. the ground very quickly, and keep University’s engagement in the 5. To provide world-class postgraduate things up to date and patched particular fi eld of research in which very quickly and easily. That way they work. research and training as a vital, we could focus on adding value 2. To invest strategically in building integral part of the overall research around teaching and learning. This an internationally recognised activity of the University. strategy has defi nitely paid off for us. Obviously student personal JANET News 16 | October 2011 feature

information is kept secure but the risk smaller services that JANET offers is reliability, (b) resilience and (c) specialist with teaching content is not the same not as great – we use what we need. provisions, such as JANET Lightpath. as that for commercially sensitive For us, these are JANET’s USPs. information or very sensitive research Will that change when NNW is The JANET 3G pilot looks interesting, studies information. brought in-house? but can it compete in a commodity JANET’s challenge is to be sufficiently market? We have the same With your reservations about the customer-focused and aware of what discussions internally. We have a cloud, what is your impression of its customers think. That’s the role that University mobile phone contract and JANET’s Brokerage? the regional networks have historically a handset can appear cheaper on the I can see it being very valuable: done very well. The NNW team have high street, but you’re not necessarily doing due diligence on behalf of other close relations with different universities comparing like for like. JANET has to organisations and creating the within the region and an excellent ensure services are value for money standards. I know from being involved understanding of local needs. I have and sustain the special things that it in the detail of negotiating with concerns that this level of customer does for the sector. Microsoft for Outlook Live that vendors’ focus is difficult in a fully centralised marketing literature can gloss over legal way. JANET must ensure that local Is there more we could be doing? technicalities. The JANET brand in needs are understood – otherwise JANET could play a valuable role in networking is extremely strong, though the risk is that JANET becomes a terms of brokering. The marketing whether that automatically endorses all commodity internet service provider. approach of some big vendors is its service offerings is another matter. University IT Directors need to almost to divide and conquer. If The legal issues around the cloud understand what the new services will JANET can play that role in facilitating 22 are very complicated, and different look like at the end of the day: what brokering services then it could be organisations take different views about is the overarching strategy for JANET, very helpful. the level of risk. what are the services that JANET delivers, how are they delivered and “The student as consumer”: What has been your overall how much will they cost? Personally, nowstudents are paying more experience of JANET? I’m not that concerned about exactly personally, are they expecting We tend to work through Net North how services are delivered but if we’re more? West: the NNW team are part of changing them then we need to make The University is making significant my department and I believe they sure we get the same level of service investment in students. The flagship are regarded by JANET as a very or better. is the new Alan Gilbert Learning competent regional team. From a Commons building, opening networking point of view, it’s beyond The response of JANET’s board to September 2012 – it’s being built doubt that what JANET has delivered the recent JISC review states that around social learning spaces for research over the years has been whatever the funding mechanisms with a huge amount of IT in it. We’re world-class. of the future are, they should ensure working very closely with the library that the network is preserved without to make it very technology rich. The From a research point of view, the driving organisations to seek their network is not an issue. We want University has created a Directorate special connectivity for our physicists own provision. Would you agree? for the Student Experience, which from the LHC and the NNW team; It comes down to what service we’re helps to ensure that we focus on working with our campus-network procuring and whether it’s value for student priorities and works closely team can facilitate that. We’re involved money. A research-intensive institution with the Students’ Union. with organisations and projects like like Manchester has specialist high-end the Jodrell Bank Observatory and requirements; if I was running IT in Students are increasingly acting the Square Kilometre Array project: a another type of university I suspect like consumers, and I am sure that number of teams across the University I might think differently about my will continue. What’s important is are using the high-end services priorities. The JANET challenge is: making sure that students here that JANET offers and it just works. can the two work together? The value get the premier experience they Manchester’s interest in some of the Manchester gets from JANET is (a) are expecting.

JANET News 16 | October 2011 technical

University of Cambridge DNSSec – a .uk fi rst for King’s College JANET and cam.ac.uk

Security for the .ac.uk the website of a particular bank, domain, which is managed for example they can be sure the by JANET(UK), has been browser gets the addresses of the significantly enhanced with right web servers. the availability of DNSSec, a protocol that helps ensure This alone does not guarantee the users are connecting to security of a web transaction, but precisely the website they by ensuring that the transaction want. The .ac.uk domain starts in the right place, it is was the first second- an important technology to level domain under .uk to use in combination with others implement DNSSec. Cambridge Any sites who would like to like server certificates. Used in University’s cam.ac.uk domain publish DS records for their tandem, they can protect every has since become the first domains within .ac.uk can send step of the transaction between delegation under any of the an email containing the relevant .uk second-level domains the server at one end and the DS record(s) to [email protected], to make use of the protocol, user’s computer at the other. It with “DS record registration 23 for organisation.ac.uk” as the subject line. JANET(UK) will then DNSSec is implemented by the publication of check the DS records against the corresponding DNSKEY or public keys for a particular domain, which are DS records published in the stored as a DS record by the domain’s authority. authoritative nameservers for the domain, before adding to the .ac. uk zone. Any queries regarding DNSSec can be sent to also provides a platform for other closely followed by ic.ac.uk and [email protected]. security improvements that are imperial.ac.uk from Imperial yet to be developed. College, London. JANET community support Developed by the IETF, DNSSec DNSSec is implemented by the for DNSSec can be found provides a way of using public publication of public keys for through the JISCMail DNSSec- key cryptography to prove that a particular domain, which are DISCUSS mailing list: https:// the data received as a result stored as a DS record by the www.jiscmail.ac.uk/cgi-bin/ of a DNS query came from an domain’s authority. Thus DNSSec webadmin?A0=DNSSec- authoritative source and has DISCUSS. became available for .ac.uk when not been modified in transit. that domain’s public keys were Thus resolvers are protected Meanwhile, work is underway accepted by Nominet, the registrar from forged DNS data, such to provide a more user-friendly for the .uk top-level domain, in as that created by man-in-the- method of managing all aspects middle attacks and DNS cache March. The keys for Cambridge of DNS delegation, including poisoning. As a result, when a and Imperial College were then DS keys. user’s web browser tries to reach published by JANET(UK).

JANET News 16 | October 2011 technical

24 Advanced Persistent Threats

Every so often, after a ground- attack from a source appearing to targeted in what became known as breaking discovery or an event that originate in China. Google said that ‘Operation Aurora’ included Yahoo, has a substantial impact on the some of its intellectual property had Adobe Systems, Juniper Networks security community, a new phrase/ been stolen and that the attacks and Rackspace Hosting. term/acronym enters the lexicon of were highly sophisticated, utilising the security researcher. complex vectors and multiple levels In March this year, RSA admitted of encryption to avoid detection it had been the target of a highly Over the last few years, several and gain control of target systems. sophisticated attack that successfully high profi le compromises have hit Essentially the compromise involved penetrated its infrastructure. The the news headlines. Attacks on several layers of well hidden compromised data was specifi cally an unprecedented scale targeted encrypted traffi c that penetrated related to RSA’s SecurID two-factor a slew of companies in the deeper and deeper into their network authentication products. In an technology, fi nancial and defence over a period of time. Google also open letter to its customers, RSA’s sectors, and ‘Advanced Persistent suggested that the attack may have Executive Chairman states: ‘While Threats’ became a common topic been carried out by the Chinese state at this time we are confi dent that for discussion. to gain access to the email accounts the information extracted does not of Chinese dissidents. enable a successful direct attack on Dawn of a new threat any of our RSA SecurID customers, In 2010 Google reported on its offi cial However, the attack was not solely this information could potentially be blog that it had suffered a sustained targeting Google. Other companies used to reduce the effectiveness of

JANET News 16 | October 2011 technical a current two-factor authentication and zero day exploits – software resources should be allocated to implementation as part of a broader that uses a security hole to carry protecting that data or IP. The answer attack’. In other words, the two-part out an attack – to gain access to is not to increase the security budget authentication mechanism generally secure systems. Many would argue for software that claims to protect utilised by many as the de facto that this is what constitutes the you from ‘all known threats or your standard for authentication had been defi nition of an advanced persistent money back’, because we have seen compromised, undermining the threat: seemingly endless resources time and time again that software integrity of the RSA SecurID system. including teams of highly skilled alone is not enough. At this stage there is no confi rmation security experts, programmers and a as to who was behind this attack. large budget, possibly backed up by We suggest that you make sure operatives on the ground. Are these that staff are specially trained in It was only a matter of time before kinds of resources only available to securing and hardening systems a possible motive behind the RSA a government? Or can we expect and networks, access control compromise revealed itself. Soon to see this level of sophistication is enforced, and IDS systems after, defence contractors Lockheed emerging from high level industrial confi gured correctly. There is no Martin and L-3 were attacked by espionage? One thing is for certain: magic software that does all of this an unknown quantity. As America’s information is valuable, and a out of the box that will meet your organisation’s requirements.

JANET CSIRT handles incidents that involve compromises JANET supporting you 25 on a daily basis. Whilst many of these compromises are JANET CSIRT handles incidents that relatively minor, occasionally they are potentially very involve compromises on a daily basis. Whilst many of these compromises damaging for the organisation and need to be dealt are relatively minor, occasionally with in a swift and appropriate manner. they are potentially very damaging for the organisation and need to be dealt with in a swift and appropriate largest defence contractor, Lockheed determined organisation will (with manner. Martin is responsible for some of enough resources) eventually fi nd a America’s most advanced military way into secure systems. If you suspect that your organisation technology, including the F-22 is the target of an attack or would fi ghter aircraft and the Trident What to do? like information about how we can submarine-launched missile. Initial These examples of advanced assist you in the event of a suspected reports suggest that these security persistent threats illustrate scenarios compromise, please get in touch. breaches were in part facilitated by that any organisation could face. compromised RSA SecurID token If globally respected security seeds. It is entirely possible that companies can be compromised, is James McLoughlin the RSA seeds will be used again there any hope for the rest of us? JANET CSIRT before RSA are able to replace the With a little analysis, this can easily Email: [email protected] 40 million RSA keys that are used by be put into perspective. If your Telephone: 0300 999 2340 their customers. organisation’s data or intellectual from outside UK: +44 1235 822 340 property is valuable to another Fax: 0870 850 2341 Level of threat organisation, there is a greater risk from outside UK: +44 1235 822 398 In these high profi le incidents, the that your competitors will attempt attackers used advanced techniques to compromise it. Therefore more

JANET News 16 | October 2011 technical RADSEC & IF-MAP: double the solution

A two-part trial has paved the labour intensive to set up, and RADIUS way for organisations that is based on UDP which does not want to make running and guarantee delivery of data. administering their eduroam connections easier and more A solution that creates a problem by JANET would be replaced with a secure at the same time, without A communications option that is free, ‘self organising’ dynamic mesh. losing valuable roaming data. more secure and easier to administer However, for this to happen there is RADSEC – secure RADIUS. It is must be a time (as now) where some A problem needing a solution based on TCP, which does guarantee organisations use RADSEC, others eduroam is based on a network of delivery, and traffic is sent down an continue to use the shared secrets RADIUS servers that talk to each encrypted tunnel to a single well method, and thus the national proxy other when a user from one site known TCP port, omitting the need to must still be supported. It is not yet (A) visits another (B) and attempts set up a link with a shared secret to clear whether this technology will to log on there. Traffic over this every eduroam entity. However, one be taken up across the eduroam network confirms that the visitor is a advantage of the original method was federation to the extent that national 26 member of an eduroam organisation that traffic could be traced: it came to proxies can be dispensed with. and is therefore allowed access to the national proxy via a unique trusted connectivity provided by the visited site. link from a given server. This enabled The trial was therefore conducted, Authentication traffic is sent between A the operators of the national proxy to between Loughborough University and B via a national proxy. The required generate records that indicate both and JANET(UK), to test the trust relationship between A and B the origin and destination of every options: what are the issues in and can be established because each has roaming event (without revealing the solutions for supporting RADSEC a pre-existing trusted link with this username involved), which can be on the national proxy, and how can national proxy. This was established used for eduroam monitoring and JANET(UK) replace the monitoring when they joined eduroam by the reporting purposes. From RADSEC’s data that IT used to get automatically? exchange of shared secrets, strings of point of view, however, all traffic simply characters that uniquely identify each turns up, encrypted, at a single TCP Fine-tuning the solution site linking to the national infrastructure. port on the central proxy service, with The solution to re-establishing the To exchange authentication traffic, no indication of where it came from. monitoring data, chosen out of several the communicating parties first have While this has security benefits, it options, was to deploy IF-MAP. to prove they hold the corresponding means that JANET(UK) can no longer This standard defines a very simple shared secret. Thus each end of the track the geographical spread of database and its associated transport tunnel knows that the other party is the eduroam usage. protocols. A MAP database stores one they want to talk to. arbitrary data types, and information If every organisation used RADSEC, can be input and searched or linked However, RADIUS was originally the national proxy in the middle could to other information with metadata. designed to work with modems and be dispensed with, and instead a Thus an organisation can put a MAP some of its features are less well visited server would talk directly to database at a site that is generating suited to the modern environment. the TCP port on the home server. roaming events and modify the local For example, shared secrets can be The national infrastructure paid for RADIUS server so that whenever it

JANET News 16 | October 2011 services JANET(UK) recognised for Training Excellence Recognising the high standards of JANET(UK) as ‘entirely worthy’ of or product to the highest possible our range of training courses and the accreditation. standard. Consumers must have commitment towards continually confidence in knowing that they are developing material to meet The accreditation endorses protected by an externally recognised customer needs, the prestigious JANET(UK) as a trusted partner, Code of Practice and Complaints IITT (Institute of IT Training) has assuring customers that it uses best Procedure.” awarded JANET(UK) Learning practice. The next step is to work and Development Provider towards learner accreditation for To achieve Learning and Accreditation for IT describes individual JANET training courses. Development Provider status, This will give learners recognised JANET(UK) had to undergo a qualifications for their skills and will rigorous consultation process. authenticates a user on eduroam, it help present a stronger business Michelle Parish from the IITT writes an event into the database. case to line managers for course states that “Throughout the This database is federated with attendance, as it could form part accreditation meeting JANET another based at the national proxy, of their Continued Professional Training demonstrated a so that when data is put into the edge Development (CPD). commitment to quality and the desire to continuously improve in database, it is automatically copied to Responding to the community a commercially viable manner. It is the core one. The result is an aggregate JANET(UK) approached the IITT evident that the team work within 27 database available to JANET(UK) that after a skills review conducted an environment of quality processes reflects all the roaming events at all the earlier this year mapped the skills and procedures which, for an initial eduroam sites and therefore restores requirements of networking staff accreditation, has resulted in some the monitoring capabilities of the service. across the JANET community, very good scores against various and many respondents expressed measures in this report. Of particular As part of the trial, Loughborough the wish for accredited courses. note was the exceptionally high explored and tested every step “We know that our courses are of standard in terms of content, high quality,” says Katharine Iles, design and production of the needed in deploying RADSEC and IF- Training Manager at JANET(UK), course materials and the thorough MAP with the national proxy, including “but we wanted to endorse this nature in which new courses are all the necessary configuration through a structured process of tested and reviewed.” work and the methods for entering, external verification. As the industry visualising and federating the data, recognised body, the IITT were The IITT is the leading authority and feeding it into the monitoring and the obvious partner to provide this on Learning and Development reporting processes. This has all now accreditation. Their endorsement for IT professionals and holds an been accomplished and the results now enables us to demonstrate impressive portfolio of clients, from will soon be available via the JANET our continued commitment to Learning Tree to Rolls Royce and our customers and to benchmark Motorola Solutions Training. website. RADSEC has been shown to JANET(UK)’s provision of courses be enterprise-ready, and IF-MAP has against other providers.” The IITT is now known as the Learning been shown to meet the requirement and Performance Institute. for an out-of-band reporting system Commitment to quality See:http://www.learningand for eduroam and to be flexible enough The IITT says: performanceinstitute.com/ to handle any other data reporting or “Where learning is concerned, aggregation task. The results of this trust and confidence are essential. For further information on trial could potentially be taken and Consumers must trust that an JANET(UK)’s Training courses, applied by any organisation. organisation is able to deliver a service please visit: www.ja.net/training

JANET News 16 | October 2011 services eduroam on the iPhone

A new iPhone and iPad app to connect to the service there. A potential to update the database as for eduroam users is the result “get directions” button will then use well as be informed by it. of a project by a third year the standard iPhone / iPad mapping Southampton Masters student on tool to give directions to a chosen “The administrators of eduroam- behalf of JANET(UK), and a direct destination. Because the eduroam enabled sites enter the latitude and result of JANET’s work engaging database covers all of Europe, the longitude of their access points with its community of users. app’s coverage is also pan-European (APs) into the eduroam database,” The app, developed by student as well as UK-wide. says Mark, “which is how the app Ashley Browning working under can pinpoint their location. However, supervisor Dr Tim Chown, not only Mark O’Leary, JANET(UK)’s some sites with lots of APs tend helps users locate the nearest Identity & Access Management to ‘cut and paste’ their database eduroam availability, but also gives Development Manager, entries, which results in the same them the information they need to commented: “This initiative latitude and longitude – say, for the use it, and helps users contribute illustrates the value of JANET’s centre of the local town – being to a crowd-sourced map of engagement with its community. entered against every AP. As a result, eduroam coverage. We get code of production quality if you visit a large campus and use and the student gets valuable this app, it might show you as being The app shows the user’s location via experience of working with a a mile or more from the nearest local 28 iOS Maps, then draws on information professional IT customer. There eduroam site, when in fact you’re from the centrally maintained was a lot of interest expressed right next to a building with coverage. eduroam database to show all by delegates at May’s TERENA So this is my call to the community: eduroam-enabled sites nearby (listed conference where the app was please improve the accuracy of your by range, starting with the nearest) unveiled for the fi rst time.” location data! It will make services like and any particular information this far more useful for your users.” at each site – for example site One of the biggest strengths of name, address, type of encryption the app is that it draws on crowd- This is where the crowd-sourcing supported – that the user will need sourcing principles to give users the comes in. Users can tag a coverage location by positioning a pin on the screen to show exactly where they are on a satellite photo of the area. As tags accumulate, a cloud of points on the map will show real-world One of the biggest strengths of the app is coverage. The resulting map could be that it draws on crowd-sourcing principles used in the future to check or update the centrally held database. to give users the potential to update the database as well as be informed by it. The possibility of porting the app to the Android operating system has now been done, and the application will shortly be published to the Apple app store under the name ‘eduroam companion’.

JANET News 16 | October 2011 services JANET and Skype Over the last five years report warned of the effects of with the service’s open nature. JANET(UK) has received many supernoding, whereby an enabled We are now working hard to questions from the community, but inactive Skype account is used understand how we can make concerned about JANET as a route for other Skype calls. Skype interoperation a scalable ‘banning’ the use of Skype and Supernoding is at the heart of and sustainable feature of JANET the use of Skype breaking the Skype technology, and the failure Videoconferencing. JANET Acceptable Use Policy. of it has recently been cited for a To set the record straight, JANET number of well publicised For more information on Skype does not ban Skype and the Skype outages. and JANET, contact Roger Bolam use of Skype on JANET does or use the search field on the not break the AUP. JANET in Skype itself is a very well deployed, JANET website. fact encourages the community easy to use, free and simple to embrace collaboration tools collaboration tool. JANET(UK) uses and to make use of the powerful Skype as well as JANET Desktop network environment to increase and numerous other desktop collaboration and reduce the collaboration tools to enable staff to need to travel, and to save keep in touch with each other and money and time. the wider community. 29

The misconception is based on Future developments a report on the network impacts JANET(UK) has also been of Skype, issued over five years successful in enabling Skype ago by JANET(UK) in collaboration users to connect with JANET with Lancaster University. This Videoconferencing, in keeping

A week in the life of eduroam May’s TERENA Networking of the conference, there were will testify it made their experience Conference highlighted once 10,392 successful eduroam of the conference much smoother. A again that eduroam is an excellent authentications made from the successful eduroam facility at an event tool for supporting delegates at venue, from 880 unique devices – is a huge bonus for the reputation of conferences, events and meetings. which translates to roughly 1.7 Wi- the hosting organisation. Fi devices per delegate overall (and There were 525 delegates at TNC probably a higher ratio for eduroam If you are attending an event in and the wireless network for the account holders). future, do remember to check event saw a maximum of 537 that all is well with your personal concurrent connected devices. As can be seen, eduroam simplifies device’s eduroam configuration At peak, 304 of those concurrent running the authentication before you go: if it works at your sessions were authenticated by infrastructure of a large conference, organisation, it should work at any eduroam. Across the four days and all JANET(UK) delegates to TNC eduroam hotspot.

JANET News 16 | October 2011 services Instant collaboration for JANET users

An arrangement between regularly – for example, parents, a university can opt to purchase a JANET(UK) and US company ill students, disabled students, or site licence. A Visimeet site licence IOCOM brings the latter’s working students – can participate is being offered at departmental, video collaboration software to virtually without missing a thing. campus or institutional-wide levels educational and research facilities with tiered pricing based on student in the UK. This gives students, Today’s students are accustomed enrolment and staff headcount. faculty, and researchers at UK to using technology to complete Alternately, individual subscriptions universities the opportunity to most tasks. They can fi nd online may be purchased for academics use IOCOM’s Visimeet video classes one dimensional and feel or classrooms while students use collaboration software while that simply reading the material the Forever Free subscription, keeping down costs in a number and completing assignments does which allows students to have of ways. not always convey the material to Visimeet accounts without its fullest. Online courses can be additional costs. With Team and Research and education are not recorded and made available to Room subscriptions, the number isolated efforts: they often require the collaborative efforts of many people who are not always in the 30 Visimeet is proud to be a JANET - connected service same location at the same time. Visimeet was created with the with the chance to improve the way researchers work intention of making collaboration and educators reach students. amongst individuals at multiple locations effi cient and effective, and provides collaborative tools all students at all times, while live of transmitted videos is only and high quality, unlimited multi- classes can be held for those who limited by bandwidth and screen point video and audio. wish to participate in real time. real estate. Visimeet will be provided Offi ce hours can be held to ensure on a dedicated server located on The ability to hold instant all questions are answered and the the JANET core network for optimal conversations means that meetings material is fully understood. performance. can be held at a moment’s notice and others can join in straight away, Keeping costs low while providing a Gary Refka, Vice President of so that collaborative efforts need robust educational experiences is a Operations, IOCOM said, “Visimeet not revolve around fl ight or rail goal for most institutions. Visimeet is proud to be a JANET-connected schedules. Alternatively, researchers helps ensure this by providing service with the chance to improve can arrange meetings around travel affordable services that do not run the way researchers work and and not risk a failure to complete on proprietary equipment, keeping educators reach students.” discussions and work before a down price points, maintenance partner needs to return home. costs and the need for expensive Outside of the classroom, students additional outlay on specialised kit. IOCOM for JANET can collaborate with one another on There are a variety of subscription janet.iocom.co.uk projects, without having to schedule options that can be combined to Gary Refka a time and place to meet, and any suit the university, course, and who have diffi culty attending class student. For university wide access,

JANET News 16 | October 2011 events Instant collaboration for JANET users Forthcoming events

JANET CSIRT JANET IPv6 Conference Deployment Workshop http://www.ja.net/services/events/2011/ http://www.ja.net/services/events/2011/ipv6/index.html janet-csirt-conference/index.html Registration now open Registration now open 7th December 2011 10th November 2011 Holywell Park Campus, Loughborough University One Wimpole Street, London W1G 0AE

Networkshop 40 The University of York 31 3rd to 5th April 2012

Networkshop is the must attend technical conference of the year for staff in education and research.

• In-depth programme addressing key concerns for the sector with experts presenting and running workshops on security, network access, cloud and data services.

• Opportunity to network with over 250 peers in institutions facing the same challenges.

• Over 45 specialist IT suppliers exhibiting throughout the conference.

Find out more at www.ja.net/networkshop

JANET News 16 | October 2011 events

Networkshop continues to be a very important

“date in the calendar and an essential forum

for finding out about new developments and how other “ institutions are solving the same problems. - Networkshop 2011 delegate

Professor Di Martin, University of Hertfordshire presenting to this year’s delegates, inset Left: Tim Kidd, Operations Director, JANET(UK) ; 32 Inset Right: Jeremy Sharp, Head of Strategic Technologies. Networkshop present and future Aimed at network managers, technical impressive 98% felt that they had getting the expectations of our most specialists, and all professionals with achieved their main objectives for important customers first-hand. an interest in research and education attending the conference. The top networking, JANET(UK) has released listed reasons for attendance were: Plenary sessions each day enable the Call for Papers for Networkshop to network and explore the activities delegates to take time out to 40, to be held between 3–5 April of other organisations; to improve develop appreciation of the bigger 2012 at The University of York. or update the delegate’s technical picture, and a plethora of smaller knowledge; and to speak to staff and sessions held in parallel provide the Even in an era of budget cuts keep updated with developments at technical focus: ultra-HD network and slimming down, the annual JANET(UK). transmission experiments, digital video Networkshop remains the key streaming for the arts, virtualisation, event for the JANET community. The event continues to evolve and and a debate on insourcing versus The conference brings together identify new developments for outsourcing, to name but a few from experts from all fields of networking discussion and education, and to 2011. Informal ‘birds of a feather’ and provides a forum for technical reflect the networking world in which sessions held later in the day provide updates and discussions on we operate. For example, in 2011 the opportunities for ideas to be floated, current and developing networking details and implications of IPv6, cloud and for open debate and discussion. technologies. Despite the economic computing and shared data centres climate, JANET(UK) was pleased to all featured on the programme, and Nor are participants confined to be able to welcome 270 delegates for the first time in the history of the research and education. Third party to Networkshop 39 and a most event, delegates heard from a student, suppliers and specialists in network

JANET News 16 | October 2011 Delegates enjoying the use of the dedicated lounge at this events year’s Networkshop equipment began to attend very the key enablers early in the event’s history. This trend of this process. As continues today, not just amongst well as technical the speakers, but with a dedicated staff, delegates exhibition that is open to delegates include funders, throughout the event. There are now administrators, in excess of 40 stands at the event managers, operators, and more than 100 commercial staff developers, at the workshop. Many commercial implementers and organisations see Networkshop as researchers. the event to attend if they want to talk to the academic and research To keep up-to-date with this and from Networkshop 39 are community. other JANET events, please sign available at www.ja.net/services/ up to the JISCmail mailing events/2011/networkshop- JANET’s operation depends list JANET-EVENTS at 39/networkshop.php. The on collaboration with the entire www.jiscmail.ac.uk. The Networkshop 40 website is at community and Networkshop is one programme and presentations www.ja.net/networkshop.

JANET(UK) is seeking speakers • Network engineering JANET(UK) would like to hear from for Networkshop 40 who are - Multicast you. This event could be an ideal willing to share their experiences - IPv6 opportunity for you to share the 33 and ideas: whether from a - Quality of service results of your work with colleagues support, development or - Network resilience from the community. strategic perspective. The - Optical networking subjects below are likely to be of - Layer 2 technology developments In addition to experts and users from particular interest to delegates, - Bandwidth-on-demand research and education, JANET staff however we would also be • Provision of student services will present details on a number of interested in hearing from you on the campus JANET(UK)’s current services and if you have expertise in other • Supporting cloud computing future activities, as well as providing relevant areas. and remote services several workshops. - Data centres • Campus network management • Embracing and supporting Interested authors are invited to • Network security social media submit an abstract of their papers • Access management • Supporting mobile and with a short autobiography by 8am - Improving institution directories remote users Friday 28th October 2011 - Identity management - Mobile IP to Shirley Wood, Head of - Authentication and authorisation - Roaming Customer Engagement, - Network access control - Location awareness JANET(UK), Lumen - Server certifi cates • Supporting network research House, Library Avenue, • Network access technologies Harwell Oxford, Didcot, - Wireless If you have expertise in a particular Oxon OX11 0SG. Email: - Local loop unbundling area, or you have a networking workshop-programme@ • Network applications related project that you think may ja.net. Successful authors will • Monitoring and measurement be of interest to the education be contacted by the end of • Virtualisation and research community, then November 2011.

JANET News 16 | October 2011 training Forthcoming JANET Training Courses

October November

Managing IT Security IP Fundamentals Bristol October 11th 2011, Glasgow November 2nd 2011,

Information Security Policies Implementing a Shibboleth 2 Identity October 12th 2011, Glasgow Provider November 2nd 2011, Belfast Basic Networking October 18th 2011, Manchester Implementing a Shibboleth 2 Service Provider Basic Router Configuration November 3rd 2011, Belfast October 19th 2011, Manchester Wireless LAN Fundamentals 34 November 3rd 2011, Bristol

Introduction to DNS November 3rd 2011, Bristol

Basic Networking for Service Desk and Support Staff November 8th 2011, Manchester

IP Fundamentals November 22nd 2011, Belfast

Virtualisation Fundamentals November 30th 2011, Manchester

JANET News 16 | October 2011 training Forthcoming JANET Training Courses continued

December January 2012

Computers, Privacy and the Law IPv6 Fundamentals December 8th 2011, Cambridge January 19th 2012, London

Hands on Digital Forensics December 9th 2011, Cambridge

Basic Networking for Service Desk and Support Staff December 13th 2011, London

Implementing a Shibboleth 2 Identity and Service Provider 35 December 14th-15th 2011, Birmingham

For online booking and course overviews please go to www.ja.net/training

JANET News 16 | October 2011 external news

FINANCE AND FUNDING A look at the government’s proposed changes to higher education in England, as it publishes a White Paper setting out ministers’ vision for the HEFCE funding of £10 million to cut carbon emissions future of the sector. www.hefce.ac.uk/news/hefce/2011/rgf2.htm http://www.bbc.co.uk/news/education-13939525

University fee cuts: Offa asked for details New £2.25m fund to support imaginative adult and community learning initiatives http://www.bbc.co.uk/news/education-14836196 www.lsis.org.uk/AboutLSIS/MediaCentre/NewsArticles/Pages/New-fund- Interim Regulatory Partnership Group formed to oversee HE transition to-support-imaginative-adult-and-community-learning-initiatives.aspx http://www.hefce.ac.uk/news/hefce/2011/irpg.htm Welsh universities and colleges get go-ahead to charge higher fees UK universities contribute £3 billion to economic growth; SMEs play vital role tinyurl.com/3d6pko2 http://www.hefce.ac.uk/news/hefce/2011/hebci.htm 157 Group and partners publish interim report of colleges in their New funding call: Public Engagement with Research catalysts communities http://www.rcuk.ac.uk/media/news/2011news/Pages/110912.aspx www.157group.co.uk/news/news/157-group-and-partners-publish-interim- report-of-colleges-in-their-communities HEFCE funding of £10 million to cut carbon emissions

www.hefce.ac.uk/news/hefce/2011/rgf2.htm £2m venture capital fund planned as Welsh universities follow lead of NYU www.timeshighereducation.co.uk/story.asp?sectioncode=26&storyco New £2.25m fund to support imaginative adult and community de=416909&c=1 learning initiatives

Putting students at the heart of the system www.lsis.org.uk/AboutLSIS/MediaCentre/NewsArticles/Pages/New-fund- to-support-imaginative-adult-and-community-learning-initiatives.aspx http://www.bis.gov.uk/news/topstories/2011/Jun/ 36 he-white-paper-students-at-the-heart-of-the-system HEFCE announces an additional £1.2m to encourage take-up of modern foreign language courses in English HE Key investments in education will ensure Scotland’s future workforce is equipped to achieve greater economic success,, says Education www.hefce.ac.uk/news/hefce/2011/lang.htm Secretary Michael Russell. £10m investment for the Daresbury Laboratory. http://www.scotland.gov.uk/News Releases/2011/09/21145843 www.stfc.ac.uk/News%20and%20Events/37248.aspx

JANET News 16 | October 2011 tell us what you think JANET News questionnaire We are currently reviewing the ways in which we communicate with our customers to ensure we continue to meet your needs. We would really value your input and would appreciate it if you could spare a few minutes of your time to complete the following questionnaire.

PERSONAL DETAILS (Please write in BLOCK CAPITALS) Your name

Job title

Daytime tel Postcode

Email address @

1. What is your opinion of JANET News? (Please circle one of the following)

Never read it Occasionally of interest Helpful & interesting Vital for keeping me up to speed on the sector

2. Please circle your preferred methods of communication for JANET News.

PDF Print Via link to website Ebook All formats Other please state: 37 ...... 3. Which element of JANET News is normally of most interest to you? (Please tick)

News and service/product updates from JANET Technology and industry updates

Articles/case studies from the JANET community Events and Training

National/International developments & collaborations Individual profiles

4. Which section of this edition did you find most valuable? Please state your reason why. (Please circle one of the following)

News Features Services

Community Technical Events and Training

Reason: ......

5. Do you share your copy of JANET News with colleagues? (Please circle)

Yes always Occasionally Rarely

If they would like to receive future editions please provide their contact details below:

......

JANET News 16 | October 2011 tell us what you think 6. Does the level of detail in JANET News fit your requirements? Please circle one of the following.

Too complicated Doesn’t add to my existing Provides a good level of Excellent insight and to understand market understanding insight in some areas factual detail

Please comment: ......

7. What additional information, or features, would you like to see in JANET News?

......

8. Would you recommend JANET News to a friend or colleague? YES (Please tick) NO Please state your reason below:

......

9. Would you like to receive more information on any of the following? Please circle preferred platform(s).

Events Social Media Post Email Training Social Media Post Email 38 News Social Media Post Email

10. From time to time, JANET(UK) runs client focus groups to gather important feedback to help shape our future service. Would you be interested in taking part in a future focus group meeting? (Please circle)

Yes No

11. Would you or your organisation like to be considered in being profiled for any case studies? (Please circle)

Yes No

If so, please outline the subject area of interest......

...... Thank you for taking the time to complete and return this form. Please return in the FREEPOST envelope supplied or complete the questionnaire online at http://www.surveymonkey.com/s/janetnews

The information you submit will only be used for the administration and reporting of responses provided for the questionnaire. Results of the questionnaire will be reported in aggregate form and will not identify any single response to a respondent. Questionnaire results may be published, but only in aggregate form. Personal data collected by us may be transferred to third parties where it is necessary to meet the purpose for which you have submitted the information (e.g. to host our survey systems, prepare reports, etc.) All such third parties employ appropriate procedures to protect the confidentiality and security of the questionnaire responses. Questionnaire responses will only be retained as long as is necessary to meet the needs of JANET(UK). You hereby consent to JANET(UK) collecting, processing, transferring, and storing the data you provide in response to this questionnaire. If you have any questions about this privacy statement or about your personal information, you can contact JANET(UK) by sending an email to [email protected]

JANET(UK), Marketing, Lumen House, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG

JANET News 16 | October 2011 external news

POLICY

The Scottish Government has launched Education Scotland, its development and improvement agency for education that brings together functions from a number of other bodies including LTS. www.scotland.gov.uk/NewsReleases/2011/07/01114648

‘Opportunity, choice and excellence in higher education’: HEFCE publishes strategy statement www.hefce.ac.uk/news/hefce/2011/strategy.htm

HEPI publishes a detailed analysis of the HE White Paper www.hepi.ac.uk/455-1987/Higher-Education--Students-at-the-Heart-of-the- System.-An-Analysis-of-the-Higher-Education-White-Paper-.html

SHARED SERVICES AND COLLABORATION New research shows universities and small firms are working together to drive innovation and growth www.universitiesuk.ac.uk/Newsroom/Media-Releases/Pages/

Scottish Funding Council supports the Scottish Colleges Energy Industry Partnership network of colleges with an investment of £300,000 to meet the skills needs of Scotland’s 39 rapidly developing energy sector. www.sfc.ac.uk/web/FILES/PressReleases_SFCPR092011/SFCPR_09_2011.pdf

New Concordat between RCUK and Department for Communities and Local Government www.rcuk.ac.uk/media/news/2011news/Pages/110308.aspx

New research shows universities and small firms are working together to drive innovation and growth www.universitiesuk.ac.uk/Newsroom/Media-Releases/Pages/

INTERNATIONAL COLLABORATION Indiana University receives $9.2 million from National Science Foundation to expand global networks and research tinyurl.com/3wvc96p

CONSULTATIONS HEFCE launches consultation on funding for teaching and student number allocation in 2012-13 www.hefce.ac.uk/news/hefce/2011/tfund.htm

Tuition Fees consultation for Northern Ireland www.delni.gov.uk/index/consultation-zone/tuition-fees.htm

BIS technical consultation to be read alongside the HE White Paper, discuss.bis.gov.uk/hereform/technical-consultation/

BIS consultation on making detailed proposals to the government in areas ranging from informal adult and community learning to data requirements on colleges. www.bis.gov.uk/Consultations/fe-and-skills-new-challenges-new-chances?cat=open

JANET News 16 | October 2011 recent publications How to contact JANET(UK) JANET Services 2011 available at JANET(UK) http://www.ja.net/documents/publications/ Lumen House general-information/janet-services Library Avenue Harwell Oxford Quarterly Report: Didcot Oxfordshire May - July OX11 0SG available at Tel: +44(0) 1235 822 200 http://www.ja.net/documents/publications/ Fax: +44(0) 1235 822 399 reports/quarterly-reports/qr-summer11.pdf

JANET Service Desk JANET Cloud and Tel: 0300 300 2212 Data Centre Brokerage - Fax: 0300 300 2213 Service Overview E-mail: [email protected] available at JANET CSIRT http://www.ja.net/documents/services/ Tel: 0300 300 2340 40 brokerage/brokerage0911.pdf Fax: 0300 300 2341 E-mail: [email protected]

JANET(UK) manages the operation and development of JANET, the United Kingdom’s research and education network, on behalf of the combined UK Higher and Further Education Funding Councils represented by JISC (Joint Information Systems Committee).

COPYRIGHT: This document is copyright the JNT Association trading as JANET(UK). Parts of it, as appropriate, may be freely copied and incorporated unaltered into another document unless produced for commercial gain, subject to the source being appropriately acknowledged and the copyright preserved. The reproduction of logos without permission is expressly forbidden. Permission should be sought from the JANET Service Desk.

TRADEMARKS JANET® is a registered trademark of the Higher Education Funding Councils for England, Scotland and Wales. The JNT Association is the registered user of this trademark. JANET(UK)®, Networkshop® and EdLab® are registered trademarks of the JNT Association.

DISCLAIMER The information contained herein is believed to be correct at the time of issue, but no liability can be accepted for any inaccuracies. The reader is reminded that changes may have taken place since issue, particularly in rapidly changing areas such as internet addressing, and consequently URLs and e-mail addresses should be used with caution. The JNT Association cannot accept any responsibility for any loss or damage resulting from the use of the material contained herein.

AVAILABILITY Further copies of this document may be obtained from the JANET Service Desk at the address above. This document is also available electronically from: http://www.ja.net/services/publications/janet-news/

© The JNT Association 2011

JANET News 16 | October 2011