In the midst of a pandemic, when in-person events have been indefinitely postponed, might seem like a strange time to be planning the IT logistics for large-crowd events. But this is also the perfect time for organizations — particularly ones that normally host several in-person conferences a year — to rethink their IT procedures, in anticipation of future masses once again descending on their campuses.
A common headache for many large institutions when hosting large groups of visitors is the process of granting them internet access. For individual faculty or students visiting the campus for a few days or weeks, it’s simply a matter of setting up a personalized login account. But for large groups of short-duration visitors — such as attendees of a conference being held on campus — organizations have traditionally used open Wi-Fi accounts that are accessible by anyone with the group password. This is not an ideal setup for a secure network.
In our various posts on eduroam (the secure Wi-Fi roaming service used by thousands of research and education institutions around the globe), Cybera has talked about the benefits of this seamless internet access service for individual staff and students at participating institutions (as well as their network administrators).
In this post, we’ll talk about eduroam Visitor Access (eVA), which provides secure, temporary access to Wi-Fi for large or small groups.
How it works
Using eVA, internet access can be granted to visitors in four ways:
- Per individual visitor – e.g. a visiting speaker
- Batch accounts – uploading a batch file containing account information for a group of visitors, e.g. a delegation visiting campus or a team of temporary staff
- Group accounts – creating eduroam credentials for a group of unknown users: for cases in which the visitor does not have SMS capabilities on their device and therefore cannot self-provision their account
- SMS event – generation of a code word that can be sent via SMS by a visitor for a temporary eVA account), e.g. attendees of a conference hosted on campus
eVA not only simplifies network security, it also allows the institution to have more control over visitor accounts, including:
- Which staff members can create eVA accounts
- The ability to eliminate individual accounts
- Limit the number of accounts granted at a time
- Set time limits for accounts
- View statistics on eVA usage
The MacEwan University Experience
“We heard about eVA during a presentation from CANARIE [which manages and operates eduroam in Canada],” explains Darren Fankhanel, Director of IT Infrastructure and Operations at MacEwan University. “We were definitely looking for a better public access network for our visitors.”
Previously, MacEwan used shared accounts for visitors, with rolling credentials. This created a very manual process of changing passwords every week and writing out those new passwords on meeting room whiteboards. “We had many people sharing a single account, and it was very insecure,” says Fankhanel. MacEwan was also making use of Wi-Fi Protected Access-Enterprise (WPA Enterprise), which offers enhanced authentication and encryption, but proved problematic for many visitors to use.
In the last two years, a handful of education institutions across Canada had begun piloting eVA. MacEwan became the first in Alberta to set up eVA and completed this work during the 2020 lockdown.
“If you’re already participating in the Canadian Access Federation (CAF), the key thing before you start is to make sure your institution has implemented the Federated Identity Management service (as an Identity Provider). This is critical to access eVA’s management portal,” says Charles Smith, Senior Information Security and Compliance Officer for MacEwan. “Once that’s in place, it’s dead simple to set up.”
MacEwan had previously signed on as a participant in CAF (operated by CANARIE and supported by Cybera), and implemented Federated Identity Management and eduroam, which are the main prerequisites to setting up eVA.
Both Smith and Fankhanel say the implementation of eVA was pretty easy, and hope to trial it among library users when the university campus opens again.
Advice for others wanting to implement eVA
“Make sure you’re a participant in the Canadian Access Federation, that’s the biggest thing,” says Fankhanel. “Being a CAF participant will also make it easier to give your students and researchers access to other resources, including research collaboration services.”
“You’ll also want to figure out early on how you’re going to manage access, and who’s allowed on the network,” adds Smith. “eVA does give you the ability to delegate.”
“You’ll also want to plan for how to replace your current public-access accounts.”
Now, the team at MacEwan are just awaiting the day when they can publicly test out the new internet access setup!
If you are interested in learning more about eduroam and how it can benefit your organizations, please contact projects@cybera.ca.