Technical Requirements

Here are the high-level technical requirements needed to support eVA service:

Network Infrastructure Requirements

eduroam-Enabled Network

• The institution must already be part of the eduroam federation with a functioning RADIUS server.

• eVA works alongside the existing eduroam setup.

Visitor VLAN or SSID (Optional)

• Some institutions may configure a separate VLAN or SSID for visitor traffic to keep it distinct from internal networks.

• However, visitors still authenticate via eduroam’s RADIUS infrastructure.

Authentication & Security

• Uses RADIUS Server

• RADIUS ServerMust support 802.1X authentication.

• Integration with eduroam’s national federation-level RADIUS proxy.

EAP Authentication Methods

• eVA supports authentication using EAP-PEAP (MSCHAPv2) and EAP-TTLS.

• Visitors receive credentials via email or SMS with a validity period.

User Identity Protection

• Temporary visitor accounts are issued using an eVA portal to ensure secure access.

• Credentials are valid only for a limited duration (e.g., 24 hours, 7 days, etc.).

Portal Integration

• Authentication to eVA portal is via Tuakiri (Identity Access and Management).

Device Compatibility

eVA support most Wi-Fi capable devices, including:

• Windows, macOS, Linux laptops.

• iOS and Android smartphones/tablets.

NOTE: Devices must support WPA2-Enterprise or WPA3-Enterprise with 802.1X. This rules out some devices like gaming ones that only connect to a “home” Wi-Fi network (single shared password) but cannot do Enterprise Wi-Fi authentication.

Logging & Compliance

• Institutions must log authentication attempts for security and compliance.

• Logs should be stored for a defined period to comply with local regulations (e.g., GDPR in Europe).

Usage Policies

• It is recommended to enforce Acceptable Use Policies (AUP) for visitors.

• Rate limiting and bandwidth restrictions can be applied if needed.