Transcript LGfLSinglesign on and sophos

LGfL Update
Stewart Duncan
LGfL Technical Manager
Ian Lehmann
LGfL Operations Manager
Sophos
Sophos anti-virus via the LGfL is available for all schools within an LEA
who has bought into the scheme.
The licence agreement includes Sophos Enterprise Manager and Sophos
Remote Update
Remote update can be used at home for any teacher working in a LGfL
connected school.
The current version of Sophos will be no longer supported in February
2006
Version 5.05 is now available via LGfL
The old version of Sophos Remote Update and Enterprise Manager will
be switched off 1st March 2007
To upgrade your version of Sophos visit:
http://sophos4.lgfl.org.uk
Sophos
Timeline
September 2005 – Migration and New Install documentation available
September 2005 – Additional Sophos servers go live
October 2005 – Letters to all LEAs reminding of upgrade
February 2006 – Sophos ends support for current version
March 2007 – Old Sophos servers removed from service
User documentation and installation guides are available at:
http://sophos4.lgfl.org.uk
Telephone and email support are available
for Sophos Remote Update and Enterprise
Manager:
08700 636465 option 3
[email protected]
LGfL Authentication and Single Sign On
During July the way you log into the LGfL resources changed.
The most noticeable change to end-users is the additional screen you see
when you log in. This is called the WAYF screen
Note: Some users use a
lgfl.net username and others
use an USO username. It
really doesn’t matter which
one you use
LGfL Authentication and Single Sign On
Some of the problems LGfL faced:
• Users have to manage multiple usernames and
passwords for different resources
• More and more online resources becoming available
requiring yet more usernames and passwords
• We need the ability for teachers and pupils to
access LGfL resources from home
• We need a secure online authentication system that
will not expose any personal information.
Implementing a Shibboleth solution will:
• Ensure no personal information is exposed unless
necessary
• Minimise the number of IDs and passwords a user needs
to remember
• Minimise the administrative burden imposed on
institutions and on the content provider
• Enable user tracking only for services that specifically
require it, such as for e-assessment and e-portfolios
• Be transparent to the user (excluding the WAYF screen)
• Enable access from any location at anytime.
Shibboleth AA Process
OK, I redirect your
request now to
the Handle Service
of your home org.
Please tell me
where are you from?
I don’t know you.
Not even which home
org you are from.
I redirect your request
to the WAYF
WAYF
I don’t know you.
Please authenticate
Using WEBLOGIN
2
4 3
5
6
Identity Provider
1
Service Provider
Web Site
7
Credentials
HS
8
ACS
9
Handle
AA
Attributes
AR
Resource
Handle
User DB
OK, I know you now.
I redirect your request
to the target, together
with a handle
Resource
Manager
Handle
10
Attributes
Let’s pass over the
attributes the user
has allowed me to
release
I don’t know the
attributes of this user.
Let’s ask the Attribute
Authority
OK, based on the
attributes, I grant
access to the
resource
LGfL Support
LGfL services are developing more and more and the need for a central area for
technical support has become very apparent.
How can you get support for your LGfL services:
1.. Telephone – 08700 63 64 65 (Option 1 – Equinox, Option 2 – Digitalbrain,
Option 3 – Atomwide)
2.. Via the web – www.talk2equinox.com for Equinox support,
http://support.lgfl.org.uk for FAQ about other services not provides by Equinox
3.. By email – [email protected] or [email protected] or
[email protected]
How do you know where to go or who to talk to:
We are centralising all the support procedures, help sheets, guides and FAQ at:
http://tech.lgfl.net
LVCNet and London Live 2005
•Video Conferencing within London’s Schools has been going well since October
2003 when LGfL introduced Click-to-Meet
•Click-to-Meet is used extensively to video conference all over the world every day
by schools. This service is completely free for all LGfL connected schools
•Many schools and CLCs have purchased H323 video conferencing equipment.
• For some time users have been unable to use H323 VC end-points over the
LGfL due to firewall restrictions.
To resolve these problems LGfL along with Equinox have introduced a new
service called ‘London Video Conferencing Network’ (LVCNet).
So how does LVCNet work……
UKERNA
LVCNet
WWW
On Demand VC Bandwidth Allocation
Connection
Internet Peers (INET0)
ASN 20762
212.85.0.0/19
212.85.X.X
Cisco
Proxy
Gatekeeper
Core FW
London Grid
MPLS Network
Queue Size*
Private
addressing
1M
5M
2.5M
1 x 1.92M or 2 x
768k or 5 x 384k
10M
5M
2 x 1.92M or 5 x
768k or 10 x 384k
100M
20M
8 x 1.92M or 20 x
768k or 40 x 384k
LEA L3 VPN
VC L3 VPN
Private addressing
1 x 768k or 2 x
384k
2M
Private
Address
Click2meet
Servers
Typical Call Matrix
* Bandwidth queue size includes 25% IP overhead.
VC
VPN
LEAV
PN
PE Router
LEAV
PN
AP
Layer 2
Aggregation
switches
CPE
Private
address
Curriculum
Network
VC Network
10.X.X.X
Admin
Network
Polycom
School
VC Client
Schools Data
Network
LGfL Update
Ian Lehmann
LGfL Operations Manager
Stewart Duncan
LGfL Technical Manager