Home » Identity and Access Management: CAF » Case Studies » New Brunswick / PEI Educational Computer Network (ECN)

New Brunswick / PEI Educational Computer Network (ECN)

Breaking Boundaries and Creating Collaboration

city of mississauga

Canadian universities have long been great factories of talent, ideas, and innovation, giving rise to important discoveries like insulin, digital cameras, and the electron microscope. But the process to achieve such breakthroughs decades ago by local, isolated teams of researchers was often inefficient.


To continue making important advances, today’s researchers are increasingly working with large disparate teams of researchers from multiple universities and labs throughout the world – witness the coordinated hunt for an Ebola vaccine. Such a combined effort will hopefully reduce the time required for making important discoveries but will undoubtedly increase the need for more efficient cooperation.

For their part, innovative institutions like the University of New Brunswick (UNB) are turning to sophisticated technology to improve the ease and speed of collaboration.

Sharing services

UNB is spread across New Brunswick with 10,000 students and 2,100 staff. They are the largest university in a unique inter-provincial consortium, the NB/PEI Educational Computer Network (ECN), which also includes a number of smaller universities and colleges.

“Cross-provincial authentication
is a tremendous advantage.
It brings down barriers
and lets us move beyond
traditional boundaries.”

– Terry Nikkel, Associate VP of IT Service, University of New Brunswick

In the spirit of collaboration, UNB is leading deployment of Microsoft SharePoint, including servers, software, and support staff.  Given that other ECN member institutions didn’t have capacity for such a project, UNB was happy to open their computing services to them but knew a complex and dynamic user environment would be a challenge to manage.

Home-grown challenges

UNB needed to not only control access for their own users but to extend this access to a dynamic pool of users that they did not directly manage. A solution could have been pieced together by using a combination of Active Directory, Kerberos, RADIUS, and Shibboleth servers but it would have been time consuming to implement and complicated to maintain. It required highly specialized expertise to architect, as well as a tightly coordinated plan to avoid disrupting existing services during the implementation phase.

As if this wasn’t formidable enough, there was additional risk. Adding new channels for user authentication meant a security hole or privacy leak would not only affect existing UNB users but thousands of new external users as well.

Simplified identity management

The realization that user identity management was the project’s Achilles heel prompted Terry Nikkel, UNB’s associate VP of IT Services, to contact CANARIE, a non-profit

organization that designs and delivers digital infrastructure components for research, education and innovation.

CANARIE was already providing UNB and the other ECN members with single-sign-on services as part of their Canadian Access Federation (CAF), a trusted environment that facilitates identity and access management across institutional boundaries.

What once looked like a difficult technical challenge quickly became a relatively painless transition with CANARIE’s infrastructure and expertise. Instead of a battery of complex changes to the UNB infrastructure, CANARIE built a solution on top of their CAF framework, effectively making UNB a private cloud service provider for the other ECN members.

Secure, simple, cross-provincial authentication

Instead of a battery of complex
changes to the UNB infrastructure,
CANARIE built a solution on top of
their CAF framework, effectively making
UNB a private cloud service provider
for the other ECN members.

The UNB-hosted SharePoint service uses CANARIE’s Federated Single Sign-On (FSSO) service to manage user access.  On a scheduled basis, UNB’s servers query CANARIE’s trusted servers for the most current, trusted addresses in the federation.

When a user logs in, their request is redirected to the user’s home institution for authentication. Following successful authentication, UNB’s SharePoint server determines the user’s access privileges.  Because account information is managed privately by each home institution, user information is kept secure.

And because this model distributes user identity management across all organizations using existing authentication infrastructure, it greatly simplifies the task for all involved. It also allows institutions to readily modify their network configuration with no intervention on UNB’s part and for new institutions to readily and dynamically join the federation.

What’s more, the UNB service uniquely supports shared services across provinces.

“Cross-provincial authentication is a tremendous advantage,” explains Terry. “It brings down barriers and lets us move beyond traditional boundaries.”

International possibilities

The really good news is that there’s considerable potential for this service beyond these immediate benefits. There is the likely growth of the user community to create a vibrant link between institutions and a net overall increase in skills and knowledge. There’s the opportunity for cost savings from centrally hosted applications and services. And, most important perhaps, there’s strong potential for collaborative opportunities on large international research projects.

Terry couldn’t be more pleased with the results.

“The CANARIE people have been absolutely phenomenal,” he explains. “They’ve helped us through the whole project, made sure we have everything we need, that we understand all the issues, and patiently worked through everything with us.”

In the end, the CANARIE solution provides a foundation for the collaborative nature of modern research. Terry sees a great future for what they can now achieve.

“There are extraordinary possibilities here, and I’m sure we haven’t thought of them all yet.”

Download: New Brunswick/PEI ECN Case Study