Last updated: 
4 months 1 week ago
Group Manager
New: Presentations from NHS-HE Forum on 11th June 2020; NHS-HE IG WG meeting 7th July 2020 NHS-Higher Education Connectivity Project: about NHS-HE Forum: about+archive, last meeting, next - November 2020 tba Scotland NHS-HE Forum:archive, next - currently on hold NHS & eduroam, List of hospitals providing eduroam Govroam  - roaming federation for the public services NHS-HE Information Governance Working Group - particularly for those involved in applying for health data for research, especially where this involves an NHS Digital Data Security and Protection Toolkit submission Please join this group and comment, also the parallel NHS-HE Forum JISCMAIL group for email updates.

Group administrators:

NHS and eduroam/shared use of wireless/govroam

22 November 2019 at 5:09pm

eduroam has been widely extended in to the NHS and is a successful and popular support for students on clinical placement in the NHS and the academic staff supporting them, plus clinical researchers working with the NHS.

See here for a list of UK hospitals where eduroam is available

Mechanisms that can be used to offer eduroam in the NHS are described below. Jisc also provides a "public services version of eduroam" called govroam  which has proved valuable for Local Authorities and NHS Trusts for the integration of social care and public healt as well as other public sector organisations. Govroam uses the same technology as eduroam but it is a different federation. The idea is that organisations deploy both govroam and eduroam SSIDs where this is relevant. The govroam service went live in July 2017 after an early adopter year and current locations advertising govroam can most easily be seen from the govroam map or the govroam companion app.

How can NHS Healthcare Trusts participate in eduroam?

There are two routes for NHS Trust participation in eduroam listed below:

1. Extension of a local university's eduroam service

direct connection between the NHS organisation and partner University

NHS Trusts can participate and provide a Visited service by acting as an extension of a local university's eduroam service. This approach has been adopted at a number of teaching hospitals across the country through the use of a direct connection between the NHS Trust and a partner University e.g.

It is likely that eduroam has been extended to many other NHS Trusts, it is not possible to detect this from eduroam usage statistics because the activity will be incorporated in to those for the University.

An association between NHS and local academic institutions enables beneficial sharing of network and communication infrastructure. The Trust and the local university connect their networks via a local wide area network link and the eduroam service managed by the university is extended across the Trust’s (Wi-Fi) network. The eduroam network is securely tunnelled to the university’s network. Basically the eduroam network provided by the Trust APs would point to the university’s RADIUS server (just for the eduroam SSID) for handling of authentications. User network traffic from authenticated and connected users is piped to the university’s network. This is a simple and secure way for an NHS Trust to offer an eduroam ‘Visited’ service; this avoids the overhead of running an eduroam RADIUS server (since it would be managed by the university), but of course Home (ID provider services for the Trust's own staff) is not available with this solution.

Reciprocal wifi access is often offered by the University to NHS staff by broadcasting the NHS Trust's SSID e.g. Aberdeen and Dundee

2. Full service member with an independent Internet feed

In this option the NHS Trust becomes a full member of eduroam(UK) and implements eduroam itself using a non-N3 Internet feed. This requires the deployment of a RADIUS server and connection to the Janet national proxies and connection of the Trust’s eduroam network to either an independent Internet feed or to the university’s network (this latter option would require use of the university's IP address space since the RADIUS server must be reachable via DNS... we require a FQDN for the RADIUS server).

South London and Maudsley NHS Foundation Trust, part of Kings Health Partners, implemented this. Ricky Mackennon, Deputy Director of ICT at SLaM presented to the November 2013 NHS-HE Forum on this approach. This has also more recently been the preferred approach for the YHMAN project that is extending eduroam to 8 further NHS Trusts in West Yorkshire, see presentation at the June 2015 NHS-HE Forum.

Participation as a full member is a great way to provide the "visited" eduroam service.

As a potential addition it does open the way for the Trust to have a "home" service so its own staff can benefit from eduroam services, e.g. consultants teaching at the hospital would be able to gain eduroam connection at local universities (and at any of the hundreds of eduroam providers elsewhere in the UK and abroad). N.b. at present we must limit this to NHS staff involved in teaching, research or the support of these activities. Whilst Janet eligibility now extends quite broadly to include education, health and public sector organisations, eduroam is an international federated service with members drawn from many different countries where access to national education and research networks is in some cases more restrictive than in the UK. As the UK eduroam provider (and participant in the European confederation) we have to be sensitive to these concerns.

[An independent internet feed is needed for the Trust because the network address translation at the N3 Janet gateway would prevent a Trust-sited RADIUS server from being looked up via DNS by the Janet national RADIUS proxy servers. Whilst this could be solved via fixed NAT translation of a national N3 RADIUS proxy, this is not in place. N3 is currently being replaced by HSCN so this will become less of an issue]

CISCO white papers

A member of the Working Group facilitated the sharing of the following white papers in this area from CISCO:

Free wifi for all visitors

Most NHS Trusts also offer free wifi to all visitors, including patients as well as visiting staff and students. In England the NHS WiFi Programme is extending this to all GP practices and secondary care organisations.

NB Thank you to the NHS-HE Connectivity Best Practice Working Group for many of the case studies on this page.

Comments

Great news that an NHS Trust is now actively engaged in joining the eduroam federation in their own right to provide both visited site and host site services as soon as possible. More news will be posted here when it is available.

Also an interesting new model has been developed by Bristol University where Weston Area Health NHS Trust in Somerset is now providing eduroam as a visited site with the authentication messages being supported through the N3 Janet Gateway to Bristol University which brokers the rest of the authentication process. The internet access is provided by the NHS Trust. A bit more detail here but it is planned to issue something further on this through the NHS-HE Connectivity Best Practice Working Group.

University Hospitals Leicester NHS Trust (3 main hospitals) is the latest to have the local partner University eduroam footprint extended to them.

eduroam is now available across the Cardiff and Vale University Hospital Board sites - link here.

Martin Van Eker is presenting on the Weston Area Health NHS Trust case study at the NHS-HE Forum on 28th November.

And if you happen to be at E-Health Insider Live on Wednesday 6th November at the NEC, I will be speaking briefly 10.30-11.00 in the Open source Skunkworks programme on the eduroam opportunity in the NHS.  I am delighted to announce that Ricky Mackennon, Deputy Director of ICT at South London & Maudsley NHS Foundation Trust, is going to join me in this to explain how they are the first to implement eduroam by joining the eduroam federation in their own right as an NHS Trust, in support of research & education.

With thanks to Malcolm Newbury, of Guildfoss and Forum member for this opportunity.