The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

as I've (repeatedly ;-) ) told you, eduroam CAT keeps making many
eduroam admins happy.

For a while now, I was musing about this and realised that it's a pity
to restrict the CAT to eduroam only. There are only very few pieces in
it which are eduroam-specific - most of it can benefit Enterprise
Network admins all over the planet. Difficult end user system setup is a
problem that's plaguing everyone who does IEEE 802.1X. With the CAT, we
have a solution - but don't release to anyone outside our closed eduroam
club. That's sad.

The CAT software is open-source (GEANT Standard Open Source Software
Outbound License), and as such can be re-used by everyone to build their
own CAT instance. We know of a couple of those instances; besides the
big eduroam CAT from OT, DFN has a Germany-specific eduroam CAT, and the
SENSE project has another instance for EAP implementation validation.
When I wrote "everyone" can re-use it - that includes me. :-)

Since earlier this week, there is a fourth instance out there for
production use. The instance's name is "Enterprise Network Configuration
Assistant Tool" and it is run by a start-up company who has set out to
bring the power of CAT installers to the world at large. Its name is its
mission: "NSP Network Security Proliferation Unternehmergesellschaft
(haftungsbeschränkt)".

I have founded this company to spread the work about IEEE 802.1X, EAP,
RADIUS; with the CAT software deployment being its first flagship
product. For personal financial safety, it is a limited liability
(that's those two words of German legalese at the end of the name). And
it better should be if you read the GEANT license closely enough - that
license is not your default BSD ;-)

If you check out the Enterprise Network CAT at https://802.1x-config.org
, then you'll notice some differences to the eduroam CAT instance (Take
the Tour!): not everything is for free. The reason for this is simple:
this is a company. It needs to maintain bilance sheets, run a web
server, buy code signing certificates, hire a lawyer for watertight
Terms&Conditions and so on. It is simply not possible to run such a
service for free in a sustainable manner. I was happy to finance it
upstart, but don't want to subsidise it forever. Needless to say: this
little adventure of mine is totally unrelated to RESTENA Foundation.

The basic service, secure deployment of IEEE 802.1X - installation of
CA, server names, EAP types - is free though; to make enterprise
networks proliferate, I definitely do not want to put high barriers of
entry in front of it. One only needs to pay (very modestly) for "fancy
extras" - such as a custom logo in installers, multiple SSIDs, more than
one user profile, including helpdesk details etc. Folks will have to pay
a bit more for digitally signed installers; after all, I need to recover
the costs of those certs and need to maintain an extra secure
environment to avoid compromise.

So, if you think about deploying IEEE 802.1X in a non-eduroam context,
and want to enjoy easy client-side installation - please remember that
this new service exists. The pricing makes it cheaper to subscribe to
the service than to spend hours or days of work time getting your own
CAT instance running.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's 
key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature