Manage episode 275293567 series 2543486
How would you feel telling your grandkids that back in your time you had to select a WiFi network you wanted to connect to from the list, use unencrypted connection in public spaces or povide your personal info on the splashpage? See how @Cisco @WBA OpenRoaming fixes it all!
Here is what we have discussed:
Why do we need OR?
· User on cellular = business can’t engage
· Painful or broken WiFi Onboarding
· Lack of security
· Indoor coverage/capacity (Cellular offload)
What is Open Roaming?
· Open Roaming leverages all the features of pass point
· Federation of Access Providers (places like public venues, retail, hospitality, enterprises) and Identity Providers (carriers, device OEM, providers) that runs in the cloud – fully distributed solution
· Access Provider (place)
o Apply policy
· Identity Provider (user auth)
o Used for user authentication
o Can be a google ID, Apple ID or sim, eSim, MSO – certificate.
o How can I sign up on my iPhone or on my Android
· Used to have to visit a specific website to get the profile on the phone – how to make it transparent for users?
· OR was quite complicated to configure – plans to simplify? Integrate DNAS Connector functionality into WLC?
· Embedded functionality: Samsung, Android 11
· App SDK
· Service Provider using SIM
· Enterprise using cert
· OEM – Samsung good example
· Cloud ID – sign with Google, Apple, etc.
§ Application soon available for iOS and Android?
How does it work?
· Secure auto onboarding for any access network really in a nutshell .
· Automatic, secure transparent onboarding wherever you go – handoff from 4/5G to WiFi
· Your phone doesn’t need to come out of your pocket.
· Roaming agreements when travelling – business relationship with different access networks with different credentials.
· How does it work technically with information in the beacon.
o Access Provider:
o Device gets into coverage range
o Device <- EAP -> AP/WLC
o AP/WLC <- RADIUS -> DNAS Connector
o Identity Provider:
o DNAS Connector <- IDP Discovery -> IDP DNS
o DNAS Connector <- TLS up -> IDP AAA
What level of encryption does Open Roaming provide us with
· WPA2 Enterprise level / 802.1X EAP-TLS.
· What about with WPA3 coming and 6GHz: yes!
What are the benefits?
· Why would we implement OR on my network?
· Why would I setup OR on my mobile device?
· Benefits for the infrastructure provider
· Benefits for the client
o Sign up once, get connected automatically
o No portals, SSID name guessing
o More meaningful experience
Who created it & who has ownership of it now?
· WBA have taken over ownership of Open Roaming. The industry is picking up a lot of momentum now.
· How are other vendors integrating Open Roaming – since it was originally Cisco how are companies like Aruba/ Mist/ Ruckus etc implementing OR.
· Bart – can we mention Canary Wharf Group?
Can we still have a splash page?
· Is splash page dead with option to always use MAC randomisation?
· You can still have a splash page if you want to – once authenticated, identified by the network you can have a personal welcome splash page specific to you. -> We would like to leverage things like venue information to make it more contextual (HS2.0 v3)
What about my privacy?
· Privacy concerns – it does allow for anonymous connectivity – but you may lose some loyalty benefits – but the user may want to provide that info to get the loyalty bonus etc. -> Anonymous by default, privacy built-in
OR Architectures with Cisco
· Currently 3 scenarios
o AireOS 8.3+, DNAS (with connector)
o C9800 16.12+, DNAS (with connector)
o Meraki, DNAS (with connector)
· DNAS Connector
o What does it do?
o Why do we need both DNAS and DNAS Connector?
Tons of love,
WiFi Ninjas xxx
The post WN Podcast 053 – OpenRoaming with Jerome Henry and Bart Brinckman appeared first on WiFi Ninjas - Podcasts & Blogs.