Connecting iOS to eduroam

eduroam (EDUcation ROAMing) is a global initiative, forming an agreement between educational and research institutions to share wireless access enabling inter-institutional roaming.

Having been offsite this week, but located at one of the teaching hospitals, I found myself needing to access eduroam from my iPhone and iPad. This shouldn’t be too hard, the iPhone is one of the standard/supported University phones so this should be well documented – as it turns out this is *not* the case.

The ITS – The University of Melbourne pages do not give details for configuring iOS devices for using eduroam and the ‘just the settings’ does not produce a connection that will allow you to access the network.

Initial connection

* Go to Settings
* Choose Wi-fi > Wi-Fi switch On
* Choose a network: eduroam

* Enter your username@unimelb.edu.au
* Enter your password

When you select the eduroam network you will be asked to authenticate, you authenticate using your home University credentials; in this case username@unimelb.edu.au and your central/email password.

* Review & Accept certificate

You may see an eduroam.unimelb.edu.au certificate that requests to be verified, try as hard as you can this cannot be authorised at this step in the connection and the connection will fail producing an “Unable to join the network” error message.

What are we missing?

eduroam mobile config file for iOS mobile devices
Users connecting iOS mobile devices to eduroam for the first time will need to install and run an eduroam mobile config file (via UTS).
Please note: users will need to accept a security certificate during the initial connection process.

Having accepted and installed the eduroam mobile config file, everything then proceeds as expected and we can connect to the wireless network.

To access sites external to the unimelb.edu.au domain, the proxy configuration will need to be set for the eduroam network. Use the ‘auto’ setting and http://www.unimelb.edu.au/cgi-bin/proxy.pac

iOS4 & UniMelb Staff VPN

How to set up Cisco VPN for iPhone iOS4 for the UNIMELB Staff VPN. The Cisco VPN is a built-in component of iOS4′s networking preferences, you just need to plug in the correct settings.

Continue reading ‘iOS4 & UniMelb Staff VPN’

OSX.6 & UniMelb Staff VPN

How to set up Cisco VPN for Macintosh OS X 10.6 for the UNIMELB Staff VPN. For OS X 10.6 there is no requirement to download a Cisco client as the Cisco VPN is a built-in component of 10.6′s networking preferences, you just need to plug in the correct settings.
Continue reading ‘OSX.6 & UniMelb Staff VPN’

[Seminar] A 21st century infrastructure?: Broadband, daily life and an Australian digital economy

A 21st century infrastructure?: Broadband, daily life and an Australian digital economy
Type: Seminar
Venue: Brown Theatre, Electrical Engineering (Building 193), University of Melbourne
When: 5-6 pm, Tuesday 16th March

ABSTRACT: When the Commonwealth Government announced the National Broadband Network in April 2009, in addition to being confronted by a massive civil engineering program, they were confronted by the challenge to make high speed broadband relevant to all Australians. Remaking the internet into an essential service for our homes, offices and school and also into a meaningful part of our daily lives and rituals is going to take a lot of work. This work must be grounded in a strong understanding of Australian every day practices, as well as the possibilities and problematic of new technologies. It will also need new forms of policy, regulation and stakeholder management, as well as new metrics and analytics for measuring progress and success. This talk examines current Australian socio-technical practices, and the prospects for a digital economy.

BIOGRAPHY: Named one of the top 50 most creative people in Business (Fast Company,) Genevieve Bell is an Intel Fellow and director of the User Experience Group within the Intel Digital Home Group. Bell joined Intel in 1998 and has come to lead an R&D team of social scientists, interaction designers and human factors engineers to drive human-centric product innovation in Intel’s consumer electronics business. Prior to joining Intel, Bell was a lecturer in the Department of Anthropology at Stanford University. In 2009, she was South Australia’s 15th Thinker-in-Residence and her work investigated the barriers and drivers for broadband adoption. Born and raised in Australia, Bell received her bachelor’s degree in anthropology from Bryn Mawr College in 1990. She received her Masters and Doctorate degrees in anthropology from Stanford University in 1993 and 1998, respectively.

– CCI

My notes and thoughts from this seminar …
(The time codes relate to my recording of the seminar)
Continue reading ‘[Seminar] A 21st century infrastructure?: Broadband, daily life and an Australian digital economy’

Wake-On-LAN for iMacs?

Last week I completed the “Mac OS X Deployment v10.4″ training in Sydney where the trainer told me that Wake-On-LAN will only work if the Mac in question is in sleep mode -i.e., you can’t wake up a Mac that has been shut down.
– Topic : No Wake-On-LAN for powered-down Macs? (2007-APR-26) [Apple:Support]

Mac hardware (OS X)
Modern Mac hardware features integrated WoL functionality, controlled via the OS X System Preferences Energy Saver panel, in the Options tab. Marking the “Wake for Ethernet network administrator access” checkbox enables WoL.
Apple’s Apple Remote Desktop client management system can be used to send WoL packets, but there are also freeware and shareware Mac OS X applications available.
– Wake-on-LAN [wikipedia]

It would appear that the Mac doesn’t have a “true” WOL functionality as it will only wake from sleep mode. This is surprising as the Intel NIC’s have had this functionality for a very long time

(Need a crash course on WOL? Try Introduction to Wake-On-LAN [activeXperts])

The man from ICANN (ABC: Future Tense)

From ABC’s Radio National Future Tense program this morning;

The man from ICANN
ICANN stands for the Internet Corporation for Assisted Names and Numbers. It’s the organisation responsible for regulating internet domain names. ICANN is on the verge of significant change. It’s relaxing restrictions on the number of top-level domain names available, including a move to include different languages and scripts. It’s also looking at severing its remaining ties with the US government. We’ll speak with ICANN’s CEO and president, Dr Paul Twomey, about the significance of these changes for the future of the net and the way we use it.
– The man from ICANN

There is also a podcast available of an extended interview with Dr Paul Twomey.

Cisco Systems Security Advisories (Mar 2009)

Cisco Security Advisories and Notices [1]
Cisco is announcing program changes for the publication schedule for Cisco Internetwork Operating System (IOS) Security Advisories.
Starting on March 26, 2008, Cisco will release bundles of IOS Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
This schedule change will not restrict us from promptly publishing an individual IOS Security Advisory for a serious vulnerability which is publicly disclosed or for which we are aware of active exploitation.
Cisco is adopting this approach in response to extensive feedback from customers, who seek further predictability for support planning and deployment cycles. …

Cisco Security Advisory:
There are eight Security Advisories for the March 2009 set.

Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability [Update] (25-Mar-2009 16:00 GMT)
Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability [New] (25-Mar-2009 16:00 GMT)
Cisco IOS Software Multiple Features IP Sockets Vulnerability [New] (25-Mar-2009 16:00 GMT)
Cisco IOS Software WebVPN and SSLVPN Vulnerabilities [New] (25-Mar-2009 16:00 GMT)
Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities [New] (25-Mar-2009 16:00 GMT)
Cisco IOS Software Secure Copy Privilege Escalation Vulnerability [New] (25-Mar-2009 16:00 GMT)
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability [New] (25-Mar-2009 16:00 GMT)
Cisco IOS cTCP Denial of Service Vulnerability [New] (25-Mar-2009 16:00 GMT)

[1] Products & Services Security Advisories (2009-Mar-25) [Cisco Systems]
[2] Cisco Releases IOS Bundle of Vulnerabilities (2009-Mar-25) [SANS]

Ethernet Temperature Monitors

After dealing with a failed air conditioner fan in our new building it seems that we have the unhealthy combination of;

1. a move to a new building and no longer having the servers physically close to us (across the hallway)
2. a run of very hot weather (43°C) it was the city’s third-hottest day on record (the hottest was Black Friday — January 13, 1939 — with 45.6).

To ensure we don’t fry our infrastructure we need to investigate a TCP/IP Temperature Monitor for our server room to ensure that things remains at a suitably cool temperature.

Some items that seem to fit the requirements are;
* TempTrax
* Australian Ethernet Temperature Monitors + Server Room temperature monitoring. Especially the Ethernet Thermometer with Metal Probe which seems reasonable value at AU$350.00. {a good web based interface for this one}
* APC Symmetra SmartSlot – ENVIRONMENTAL MONITORING CARD AP9612TH (temperature & humidity)

Now for some testing and evaluation. Anyone running anything else that they think is a better solution?

Server Room – Gaseous fire extinguishing system

AS 4214-2002 Gaseous fire extinguishing systems
Specifies requirements for the design, installation, commissioning, testing, and safety of gaseous fire extinguishing systems in building, plant or other structures, and the characteristics of the various extinguishing agents and types of fire for which they are suitable.

DuPont™ FM-200® waterless fire suppression systems
FM-200 is classified as suitable for use in occupied areas and are considered to have no ozone depleting potential (ODP).
These systems, designed in accordance with AS4214 parts 1 and 2 , are readily suited to the protection of high value assets, where space and weight of system hardware is a consideration, such as computers, communications equipment, medical equipment and people.

FM200 Bottles

FM200 spray head

VESDA® (Very Early Smoke Detection Alert)
Aspirating Smoke Detection Systems
VESDA Laser PLUS is a highly sensitive aspirator smoke detector system designed to provide the earliest warning of a potential fire.
Early warning of a fire buys time to investigate and intervene, potentially avoiding the damage, downtime and cost of releasing a suppression agent.
The VESDA system is a capable of detecting fires from , 0.0015 – 30.0% Obs/m. and can provide solutions for a diverse group of applications, ranging from small areas, or cabinets to large open spaces.

VESDA LaserFOCUS

VESDA Tube
Aspirated Fire Detection System – Do Not Paint or Obstruct Holes

Warnings!
Unnecessary exposure to all gaseous extinguishing agents and their decomposition products shall be avoided because of their potential toxicity. – AS4214-2002

This area is fitted with a FM-200 fire suppression system. Evacuate area on sounding of alarm. Do not enter after extinguishant discharge until area has been thoroughly ventilated.

eduroam status

eduroam is a federated authentication solution that allows users from participating institutions to gain secure access to wireless network access using their standard username/password credentials as they do at their home institution for wireless access. eduroam can enable access without the user having to enter any details, simply open your laptop and if its wireless enabled it will connect to eduroam, authenticate and authorise network access. – aarnet

Some eduroam status updates following QUESTnet 2008

With a more detail in the AARNET eduroam Quality Assurance Status. I think it’s time to start playing with an end-user perspective

1. WLAN
Choose a wireless network with SSID = eduroam

2. AUTH
You log into eduroam using your home University details. This is how your home organisation (domain/realm) for authentication would be determined.

username@yourinstitution.edu.au

(NOTE: this is not necessarily your email address.)

eduroam is only available to users over 18 years of age or those users that have acquired parental consent to use the “non-filtered” Internet access

[1] http://www.eduroam.edu.au [aarnet]
[2] eduroam services factsheet (PDF) [aarnet]
[3] Australian Eduroam Policy (PDF) [aarnet]

eduroam is a TERENA trademark