Govroam provides public servants with ubiquitous wireless network access (Govroam)

Published on: 05/05/2016
Document

Govroam is a technical solution to provide public servants with ubiquitous access to WiFi networks, wherever the service has been made available by participating organisations.

To that purpose, govroam users are provided with a single WiFi profile and a set of credentials by their home organisation. Authentication at other organisations is performed via their home organisation, using the same credentials as when they access the home network locally. Authorisation to access the Internet and possibly other resources is handled by the visited organisation.

Policy Context

Eduroam

Govroam is based on eduroam, a world-wide roaming access service developed for the international research and education community. Eduroam was initiated in 2002 by SURFnet, the organisation responsible for the Dutch ICT infrastructure for education and research. It started as a project of the Trans-European Research and Education Networking Association (TERENA), which still oversees its operation worldwide.

The eduroam project originated from the Netherlands and was first adopted in Germany, Finland, Portugal, Croatia and the United Kingdom. The European Union has been a co-funder since 2004, backing various GÉANT projects under the Framework Programmes for Research and Technological Development. Since then, eduroam has spread to almost seventy countries, now covering most of Europe and including around two dozen nations in the Asia-Pacific region, the Americas and Africa.

Even though govroam — like eduroam — was initiated in the Netherlands, similar projects have been started in Austria, Belgium, Slovenia and the UK. The Dutch and Belgian initiatives are already working together. Further options for cooperation and internationalisation are being discussed with interested organisations.

Inception

The very first govroam project was a joint initiative of three Dutch municipalities participating in the 'Digitale Steden Agenda' (DSA; Digital Cities Agenda, a consultation body for CIOs and policymakers responsible for digital innovation in larger cities), SURFnet, and consultancy firms Envolve and Stratix. We started in 2014 with the cities of Deventer, The Hague and Arnhem, after which Tilburg and Heerlen joined in, says Paul Francissen, founder of Envolve and coordinator of the Dutch govroam foundation. Through Heerlen, about a dozen neighbouring cities and the regional fire department were connected to govroam. That was a lucky consequence of the existing ICT partnership between these cities, in which the City of Heerlen runs a Shared Service Centre (SSC).

Tilburg is also worth mentioning in this regard: they already had a lot of eduroam locations in their public libraries, train stations and other places. So they had a lot of experience in this matter, which made it very easy for them to implement govroam as well.

Other participants include the Dutch Tax and Customs Administration, Rijkswaterstaat, the Ministry of Education, Culture and Science, and the Ministry of Economic Affairs. They are all currently in various stages of getting connected. Over the next months all the customers of the SSC-ICT Haaglanden interdepartmental service centre will become also part of the govroam network.

Description of the way to implement the initiative

The minimal service level that govroam networks should provide to external users is access to the Internet, basically making govroam an instant-access guest network. Laptops and mobile phones use the wireless network automatically as soon as they are within reach, says Francissen. Immediately after I open my laptop here, I'm on the network. It's easy, fast and secure. There is no need to search for a wireless network, ask around for the WiFi password, or obtain guest access at a desk.

According to Francissen, govroam is quickly becoming the de facto standard for government wireless network access. All regional municipal Shared Service Centres have or are implementing ubiquitous wireless network access for their users. So there is no doubt about the value of such a service. Govroam currently is the best way to go. For example, the Dutch central government is currently migrating its inter-departmental 'Rijk-to-air' service to govroam. They quickly learned that limiting network access to other departments excludes visitors from provincial government, water boards and municipalities.

Technology solution

Govroam — just like eduroam — is based on a network of RADIUS servers. RADIUS provides a network protocol for the Authentication, Authorization, and Accounting (AAA) of users connecting to a network service. It is widely used by telecom and internet providers.

Organisations willing to become part of the govroam network have to implement a minimum set of standards to guarantee interoperability and security. With regard to the latter, all locations use WPA2 Enterprise encryption, which earlier this year appeared on the Dutch government 'use-or-explain' list mandatory open standards.

Other than the use of WPA2, govroam has very few technical requirements. In particular, it does not require massive changes to the existing infrastructure. The organisations involved can continue using their existing systems and procedures to register and authorise their users, says Francissen. That's inherent to the federated architecture of RADIUS: Each participant keeps its independence and maintains its own RADIUS system. To become part of the network, they only need to connect their system to the national govroam node. That requires just a single configuration option to be added to refer (i.e. relay) visiting users from other realms to the central node for authentication.

Technology choice: Mainly (or only) open standards

Main results, benefits and impacts

The govroam network currently consists of thirty participating organisations, who maintain around fifty realms covering about 200 locations spread all over the Netherlands. We currently see about 5000 roaming days per month (the number of days that an individual user opened a session), says Francissen. Last November this number was at 3000, so we are growing quickly. Of course, this bears no comparison yet to the volume of eduroam, which for the Netherlands alone is measured in hundreds of thousands per day. So there is plenty of room for govroam to grow, and we already know that the technology scales up.

Ready to go

Over the last months, several people have asked Alexander Wisse, CTO at the Dutch govroam foundation, whether govroam is ready for the growth to come. We have made sure that all the internal processes are in order, he says. The govroam foundation has a twofold mission. First, we organise the technical infrastructure. Second, we are responsible for organising the trust between the participating organisations. We secure the latter by having each organisation sign an agreement in which they agree to our service policy. That mutual trust ensures that every participant can open up its networks to users from other organisations. Both parts are now in place.

This spring, in cooperation with the Dutch Association of Municipalities (VNG) and its ICT branche KING, we will launch a campaign for govroam among municipalities. We hope for another one hundred municipalities to participate before the end of this year. Furthermore, we are working with with central government to make govroam a standard part of the RijksWerkOmgeving (RWO), the desktop environment for all their public servants. That will make it a lot easier to share facilities and workplaces between departments.

Focus

To maximise the return on our efforts, we will initially focus on larger municipalities and municipal partnerships, Wisse says. We will be looking for the hubs at first. Smaller, independent municipalities will hopefully follow suit.

The main issue we face is that mobile and wireless access have been basic requirements for years. So most organisations already have these services up and running, and are glad to have that piece of infrastructure already done. However, we now have to convince them of these organisations of the individual and collective added value of the govroam network. Note that implementing it is not an ICT project in itself. An experienced system manager can do the whole job in less than half a day. In our experience, ICT departments that have leaders with a strong vision for their infrastructures are more willing to set up govroam than others where this is yet another (low-priority) project.

Return on investment

At the moment, the central govroam node for the Netherlands is still being hosted and managed for free by SURFnet. If, in the future, our members want us to change that and host our own infrastructure, we will do that, Francissen says.

Although we currently don't have to spend money on infrastructure, the govroam foundation has a solid financial base. Our billing model is pretty straightforward: we ask for a one-time fee to connect new users to the govroam network, and then a recurring annual fee from all of our participants. Both prices are based on the size of the organisation, i.e. the number of users.

level accounts connection (Euro) annually (Euro)
1 < 50 2,500 500
2 < 500 2,500 1,500
3 < 3,000 4,500 2,500
4 < 20,000 12,500 4,500

During the initial phase we have spent a lot of money to organise the project, develop policies and so on. To cover the initial investment, four partners from central government have agreed to pay their fees for five years in advance. So, all in all, we had about 200,000 Euro to invest in govroam. These launch customers have allowed us to get the show on the road. In addition, the Dutch Ministry of the Interior and Kingdom Relations helped us with the introduction of govroam.

Restructuring

According to Wisse, the Dutch central government provides a good example of how govroam fits into a restructuring of facilities. Central government has set itself the objective of reducing the number of square metres of office space by 30 percent by 2020. Govroam makes it easier to move units and divisions from one building to another. It unlinks departments and offices from each other. That greatly reduces the complexity and cost of ICT projects. As soon as a govroam network is available, everybody is online instantly.

Track record of sharing

According to Wisse, the Dutch govroam foundation does not provide services in other countries. Other countries are organising their own govroam nodes — based on the same blueprint and service policy — and they then connect theirs to ours. We already work in this way with Belnet, responsible which is responsible for the Belgian govroam network. Other national nodes are welcome to join. We are currently discussing with various international organisations what would be the best way to make govroam international. While eduroam quickly became an international initiative, we expect govroam to develop nationally in first the instance. Eventually, there will probably be an international govroam node and organisation too.

Wisse emphasises that national govroam initiatives in other countries may be organised in different ways. We have different organisations responsible for the Dutch government infrastructure on the one hand, and for the research and education network on the other. In most countries the organisation running the National Research and Education Network (NREN) also has a role in government infrastructure.

Lessons learnt

Scope: International, National

Categorisation

Type of document
General case study

Attachment