Queen Mary, University of London

JANET Roaming Service

Introduction

Queen Mary is a member of the JANET Roaming Service (JRS), which in turn is a member of eduroam. The service allows all QM staff and students to use the JRS using their Teaching Service or central staff accounts. Members of EECS can also use their School accounts (keep reading). Members of the School of Mathematics can use their Maths accounts. If you're not a member of EECS, please refer to the College Eduroam Documentation.

Since June 2007 we have offered tier JRS2. With College network support we are (May 2010) experimenting with IPv6 connectivity. This will eventually make our service comply with the requirements of JRS3 (possibly later in 2010).

All EECS, Maths and centrally managed WiFi hotspots at QM now carry the eduroam SSID. They all permit login using the same central (@qmul.ac.uk) and delegated (e.g. @eecs.qmul.ac.uk) realms.

The JRS allows members of participating institutions to access the Internet at any other organisation taking part in the scheme, by using the username and password issued by their home institution. For a list of participating JANET sites, please see the JRS map or, beyond the UK, the international eduroam site.

When you visit a participating institution, you will be able to access the Internet including the usual services your own institution provides.

Visiting another participating institution

Visitors to any participating institution must obey the local IT Regulations.

Members of EECS at Queen Mary should consult the Remote Access documentation on our Intranet pages. When visiting another institution, you should log in to their eduroam network using "WPA2 Enterprise" authentication specifying a user name of the form "keith@eecs.qmul.ac.uk" and your normal EECS (OpenLDAP) password. If WPA2 doesn't work, use "WPA Enterprise". When out of the UK you it's possible that you will need to resort to the less secure WEP (with 802.1X).

If you can get it to work at Queen Mary (with your user name in the above long form), it will work at other JRS2 and JRS3 sites without modification.

Using EECS credentials

The security certificate our authentication service offers has been signed by the EECS Root Certificate Authority. Note that teaching Firefox about our CA isn't enough on Mac OS X; use "Keychain Access" to import it. If you can, please choose not to trust any other CA for eduroam 802.1X access, because only services whose certificates have been signed by EECS should be offered EECS passwords.

Visiting Queen Mary

Visitors to Queen Mary can expect to connect to all services outlined in the JRS Technical Specification.

Outgoing SMTP (port 25) traffic may be blocked or throttled; visitors are advised to use port 587 to send mail via their home institution's mail service.

The eduroam network currently covers all of the EECS buildings (wired access is also available) and many other locations across the College. Please contact the EECS systems team if you're visiting EECS, or the College's Help Desk (Queens Building) if you're visiting anyone else.

All users of computing facilities, including eduroam, at Queen Mary are required to obey the IT Regulations.

EECS SSL Certificates

What is the EECS Certifying Authority (CA)?

We run our own SSL "Certifying Authority": all this means is that we issue our own SSL certificates which we use to prove the identity of servers ( and sometimes clients). So that you can tell that these certificates are genuine and valid each certificate we issue is signed by a chain of special, trusted EECS signing certificates.

Why do I need to install the EECS Certificates?

If you install our certifying authority certificates then your applications will be able to use them to automatically verify that the SSL certificate offered when you connect to, say, our mail server is genuine, and therefore that you are talking securely to the correct server with no-one intercepting the connection. Your application can do this because it can see that the SSL certificate offered by the server has been signed by our special, trusted signing certificates.

The practical effect of all this is that once our certificates are installed you should no longer be asked to tell your application whether to accept our SSL certificates, and should anyone try to interpose something between you and us you'll be warned about it.

Where can I get these EECS Certificates?

The current chain of EECS Certifying Authority certificates and their purposes are as follows:

Topgo to top of page