Until recently, Stellenbosch University was one of the only universities in South Africa that did not provide unlimited internet access to its students. An official post on the IT department’s blog (2019-12-04) announced that the University’s budget, as approved by the SU Council (the highest governing body of the University) on 2019-12-02, makes provision for enough funds to cover that which was always collected through Inetkey billing. This internet cost, which has been the scorn of many students’ campus lives especially during the Fees Must Fall and Open Stellenbosch movements, will officially be dropped in January. Reportedly, however, the change has already taken effect.
For any student who has friends at other academic institutions, it has always been puzzling that SU has not yet joined the international eduroam network. eduroam is an internet service protocol that enables anyone affiliated with a federated member institution to log in to eduroam connections in over 100 countries using the username and password from their home institution. Member institutions can provide one or both of two services: identity provision, and service provision. Identity providers issue usernames and passwords, while service providers provide the actual internet connection. Stellenbosch University has been part of the eduroam network for several years, but usage of eduroam on Stellenbosch University campuses has always been blocked for SU-issued usernames and passwords. Visitors from other institutions, while free to log in and have unlimited internet access at SU, are subject to bandwidth throttling (meaning that their connections are slowed down significantly, reportedly down to about 1MB/s). According to Joe Smit, director of IT Infrastructure at SU, this is done to prioritise users from Stellenbosch University (who have had to pay for their access), as well as to discourage misuse of credentials. The fear is supposedly that SU students might obtain eduroam credentials from friends and thus circumvent the Inetkey billing system.
A common misunderstanding is that eduroam, as an organisation, provides internet access to institutions. The internet service must be provided by the federated institution itself — eduroam effectively only standardises and lays out protocols for international academic cooperation. As such, coffee shops and other organisations can also become members of the eduroam network, allowing students and academics to use the login details as issued by their home institution to access the internet at that organisation’s premises.
Across the world, education and research institutions’ internet access is provided by National Research Networks, or NReNs. The South African National Research Network (SANReN) comprises of the Tertiary Education and Research Network (TENET) and SANReN’s Competency Area, which is part of the CSIR. As from the TENET website:
TENET operates the SANReN Network under the terms of a Collaboration Agreement with the CSIR. In addition, TENET provides a growing number of services specifically tailored to the needs of the South African higher education and research communities. Together these components make up the South African National Research and Education Network (NREN).
This is all very confusing, so I reached out to TENET’s Director of Trust & Identity Services, Guy Halse, to help explain the different concepts and organisations. He provided the following:
An NREN is a National Research and Education Network, which is really a specialised IT company that offers niche services in support of higher education and research. It differs from a traditional Internet service provider in a number of ways, not least of which is in its relationship with its beneficiaries. The networks provided by NReNs are generally optimised for the transport of research data rather than providing commodity Internet access — in fact, providing Internet access is not a primary goal of an NReN, and some do not do it at all.
The South African NREN is a little complicated because it currently consists of two different parts: TENET and the SANReN Competency Area (which is part of the CSIR).
TENET is a non-profit company that was established by the Committee of University Principals (which later became HESA, and is now USAf). Its members are South African universities and statutory research councils, including Stellenbosch University. These member institutions appoint our board of directors, and we are directly accountable to them.
The SANReN Competency area is funded by the National Treasury via the (former) Department of Science and Technology, which has made significant investments in research infrastructure in South Africa. The SCA is accountable to the CSIR and DST.
There are historical reasons for this split, but for the most part we now operate as a single entity with a common goal. Certainly from an end-user perspective, there’s only one SA NReN.
[… T]he high-speed national network that connects universities and research organisations […] was originally built by the SANReN Competency Area with DST funding. That network has since grown and been upgraded and enhanced with funding from a variety of sources (including the Department of Higher Education and Training and other institutions), and is still often referred to as SANReN. TENET provides Internet connectivity to universities over this network, but it also services the specialist requirements of big research projects like the Square Kilometre Array and national cyber-infrastructure like the Centre for High Performance Computing.
NReNs typically evolve to have an elaborated service offering including a number of niche services unique to higher education, and the SA NREN is no different. eduroam is one of those services, but there are several others: the South African Identity Federation (SAFIRE), an ORCID consortium, videoconferencing, DNS, security, etc.
The nature of this network service further differs from commercial services in that it uses a separate physical infrastructure. This infrastructure is comprised of, from the SANReN website, "core national backbone, backbone extensions (regional links), back-hauling from the submarine cable landing stations at Yzerfontein and Mtunzini to Cape Town and eThekewini respectively, several metropolitan rings, and link extensions." A feature of this network is not only the speeds and bandwidth it can achieve, but that institutions are charged at cost for its use, that is, not per-megabyte usage, but for the physical connection (see the Connection Policy and Service Agreement at the TENET documents page).
Prompted by the question of whether per-megabyte charging of students is fair, considering the "uncapped" nature of the service SU receives, the University’s IT department rationalised the cost by arguing that it would be unfair for students who use the service at a minimum, if at all, to pay a flat fee at the same rate as those who use the majority of the bandwidth. According to IT, the highest usage is (understandable) in on-campus residences.
The IT announcement blog post claims that charging for internet access has been a common practice since the 90s. There are, however, notable exceptions, such as UCT and Rhodes, who have never charged for internet access. The TENET Connection Policy, Service Agreement, and Acceptable Use Policy makes no mention of whether or not institutions may charge individuals for the service.
In my conversation with Joe Smit and others at IT, it was clear that they had wanted to discontinue per-megabyte billing for a while, but have been prevented from reaching this goal by budget constraints. According to a post on the University website, "student internet costs will be recovered from the institutional block of the main budget [from January 2020]". Whether this is the result of a change of heart, or lightening of the budget in other areas is still to be determined.
Inetkey as such will however not disappear completely, at least for now. According to the IT announcement blog post, the Inetkey system serves as the primary mechanism for user identification and usage monitoring, as well as for "security and auditing requirements". Inetkey is expected to be finally discontinued later in 2020, after its functionality has been supplanted by other services, such as a new firewall which is to be "procured" in the first semester. Users will thus still have to "open" their Inetkey to access websites that were once non-free.
