This post aims to give a bit more background and detail around the announcement to IT Support Staff regarding the forthcoming refresh to the OWL Visitor service.
What are we doing?
We’re replacing the captive portal component of the service. This is the part that shows the visitor login page as well handling things like the firewall rules and NAT.
The images below show the current (l) and new (r) portal login pages.
We are not changing anything else about the service so the account management system, administration of account administrators and visitor RADIUS servers all remain the same.
When are we doing it?
The main roll out is scheduled to take place on 3rd March 2020.
IT Services has been running the new OWL since 14th January, so pop along to 13 Banbury Road if you want to take an early look.
We are inviting ITSS to help us test the new system from early February so please let us know if you’d like to take part. (The networks team has no access to test clients and so has only been able to test with what its staff members happen to use).
Why are we doing it?
- The current OWL portal has been running for 15 years. That’s over 100 in dog years and it has a number of limitations commensurate with its age.
- The University rejected JISC’s eduroam Visitor Access service as an OWL replacement on Information Security grounds.
- The OWL portal doesn’t support TLS versions above 1.0 (see point 1). This will become an issue in March when the major browser vendors start dropping support for TLS 1.0.
How are we doing it?
A new VRF has been deployed across Odin (campus backbone) with its gateway being a new pair of servers running pfSense. On changeover day, your OWL FroDo port is simply associated with the new VRF. This allows us to easily roll out on a FroDo by FroDo basis and revert if necessary.