University of Alberta

Login Sign up

DevNet Endpoint Reservation and Expiry

Modified on: Fri, 3 Jan 2025 12:01 PM

Introduction

This article explains the current process for creation, maintenance and expiry of Devnet endpoints.

Devnet is a system that allows infrastructure and research equipment that is unable to connect to UWS to utilize the university's wireless network by using a pre shared key (PSK).

This is only for approved devices that cannot connect to UWS normally. 

 

 

Applicability

This article is relevant to anyone responsible for managing devices that connect to devnet using pre shared keys (PSK)s.

 

 

General summary

There are 5 main screens that users will interact with in the ipsk system. The Home page, endpoint/endpoint group list and endpoint/endpoint group details.

The home screen will present you with three options:

  • Endpoints
    • This option allows you to view and delete endpoints associated with your user group, as well as add endpoints.
    • You can also refresh individual Pre Shared Keys (PSK's) from this option
  • Endpoint Groups
    • This option allows you to view, refresh the psk or delete endpoint groups associated with your user group, as well as add endpoint groups or associate endpoints to an endpoint group.
    • With endpoint groups, endpoints can use the same PSK. This does mean all those endpoints will need to be updated when the group PSK expires however.
  • Alerts
    • This option allows you to see all endpoints and endpoint groups that are associated with your user group that will be expiring soon.

Home Page example

Endpoint List Page

The endpoint page allows you to view your current endpoints. From this view, you can delete and refresh psks. 

Endpoint Detail Page

This page shows details about the endpoint, and allows you to modify some fields.

Endpoint Group List Page

The endpoint group page allows you to view your current endpoint groups. From this view, you can add or delete groups and refresh psks. 

Endpoint Group Detail Page

This page shows details about the endpoint group, and allows you to modify some fields.

Alarm Endpoint Page

This page shows endpoints that will be expiring or removed soon. Pressing the mac or the edit button will take you to the details page.

 

Alarm Endpoint Group Page

This page shows endpoint groups that will be expiring or removed soon. Pressing the edit button will take you to the details page.

 

 

Endpoint Actions

Endpoint Creation

Adding endpoint from endpoint list page

Step Example
From the endpoint list page, select 'new endpoint' 

Fill in required fields. 

  • Mac address: the mac address of the device you are going to connect using the pre-shared key
  • description: a helpful identifier for the endpoint
  • usergroup: this will be the group that you are a member of. endpoints and endpoint groups will be attached to this group.
  • endpoint group: endpoints can be part of an endpoint group to allow members to use the same key
  • PSK: when created, this will be the PSK assigned to the endpoint. It will be valid for 1 year
  • Use endpoint group PSK : if this is checked, the endpoint group psk will be used rather than the individual psk

Press 'Save' to create the endpoint. Press 'cancel' to go back without creating the endpoint.

 

Endpoint PSK renewal

Refreshing endpoints from the endpoint list screen

Step Example
Select the checkbox for the required endpoint(s)

Press the 'Update individual PSK for endpoints' button

 Verify the mac address is correct for your endpoint, and select 'Update endpoint'

The new PSK will be listed for the endpoint. The expiry date will now be 1 year from the date of refresh

 

Refreshing endpoints from the endpoint detail screen

Step Example
From the detail screen of the endpoint to refresh, press the 'Update PSK' button

 Verify the mac address is correct for your endpoint, and select 'Update endpoint'.

Changes will take place upon pressing the 'Update endpoint' button, no additional confirmation will be required.

The new PSK will be shown in the details screen.

You do not need to press save if there are no further changes to the psk. Pressing cancel will go back to the list as well

Endpoint Group Association

Associating endpoints to endpoint groups from the endpoint detail screen

Step Example

From the endpoint detail page, select the required endpoint group.

 

 

 

If using the group PSK, select the 'Use endpoint group PSK' checkbox.

Note that PSK will change to 'Effective PSK' and display what the group PSK is.

The individual PSK will remain the same.

Press the 'Save' button to apply changes.

 

 

Endpoint Deletion

Deleting endpoints from the endpoint list screen

Step Example
Select the checkbox for the required endpoint(s)

Press the 'Delete endpoints' button

 Verify the mac address is correct for your endpoint, and select 'Delete endpoint'

 

Deleting endpoints from the endpoint detail screen

Step Example
From the detail screen of the endpoint to delete, press the 'Delete' button

 Verify the mac address is correct for your endpoint, and select 'Delete endpoint'

 

 

Endpoint Group Actions

Endpoint Group Creation

Adding endpoint group from endpoint group list page

Step Example
from the endpoint group list, select 'new endpoint group'

Fill in required fields. 

  • Name: the name for this endpoint group
  • description: a helpful identifier for the endpoint group
  • PSK: when created, this will be the PSK assigned to the endpoint. It will be valid for 1 year
  • usergroup: the user group that this endpoint group will be a part of. This will be the same user group as what you are a part of.
  • vlan. If there are any special vlans associated with this user group, they may be selected here

Press 'Save' to create the endpoint group. Press 'Back' to go back without creating the endpoint group.

 

Endpoint Group PSK Renewal

Refreshing endpoint group psks from the endpoint group list screen

Step Example
Select the checkbox for the required endpoint group(s)

Press the 'Update group PSK for endpoint groups' button

 Verify the name of your endpoint group is correct, and select 'Update '

The new PSK will be listed for the endpoint group, and the expiry date should

 

Refreshing endpoints from the endpoint detail screen

Step Example

From the detail screen of the endpoint group to refresh, press the 'Update PSK' button.

Pay attention to the associated endpoints, as those associated endpoints that are using the group psk will no longer be able to use the old psk after updating the group psk.

 Verify the name is correct for your endpoint, and select 'Update endpoint'.

Changes will take place upon pressing the 'Update endpoint' button, no additional confirmation will be required.

The new PSK will be shown in the details screen.

You do not need to press save if there are no further changes to the psk. Pressing cancel will go back to the list as well

 

Endpoint Group Deletion

Deleting endpoint groups from the endpoint group list screen

Endpoint groups with associated endpoints cannot be deleted. disassociate or delete endpoints first

Step Example
Select the checkbox for the required endpoint(s)

Press the 'Delete endpoints' button

 Verify the name is correct for your endpoint, and select 'Delete endpoint group'

 

Deleting endpoints from the endpoint detail screen

Step Example

Endpoint groups with associated endpoints cannot be deleted. disassociate or delete endpoints first

*Example of endpoint group that cannot be deleted ->

From the detail screen of the endpoint group to delete, press the 'Delete' button

 Verify the name is correct for your endpoint group, and select 'Delete endpoint'

 

 

 

 

Expiry Policy

Endpoints and Endpoint Groups added to the University of Alberta's DevNet system will have their Pre Shared Keys (PSKs) expire by default when 365 days have passed.

On expiry, the PSK assigned to the expired endpoint or endpoint group will be cleared from the system so that it can no longer be used to authenticate to DevNet. 

Updating PSKs for endpoints and endpoint groups will generate a new PSK and reset the expiry date to 365 days from the time that the PSK is updated.

If a PSK is not updated 30 days since expiry, the endpoint or endpoint group may be deleted entirely from the system.

 

Specific deletion rules:

Endpoints

  • If an endpoint is not attached to an active endpoint group, it will be deleted from the system 30 days from the the day that it expired.
  • If an endpoint is attached to an active endpoint group, the endpoint will not be deleted if its individual PSK expires or is stale. It can continue to use the group psk as long as that is valid.
    • WARNING. If attached endpoint group is deleted, the attached endpoints risk being deleted from the system if they are expired.

Endpoint Groups

  • If an endpoint group expires, any endpoints attached to that group that are using the group PSK will not be able to authenticate to DevNet as the PSK will be cleared.
  • If an endpoint group is deleted, any endpoints attached to it will be disassociated with it and set to use their individual PSK.
    • WARNING. If attached endpoints have expired individual PSKs, they risk being deleted from the system if their endpoint group is deleted.

 

Notification policy

All members of a user group will be notified through email when any endpoints or endpoint groups are expiring or deleted. These notifications will come from no_reply@nos.corenet.ualberta.ca

Notification Details

Users will receive notifications at these points:

  • 14 days to expiry
  • 7 days to expiry
  • 2 days to expiry
  • on expiry
  • 14 days to deletion
  • 7 days to deletion
  • on deletion

Related Articles

Related articles should be listed and linked here


Keywords: DevNet,IPSK
Was this answer helpful?