Universal access to computers

[zag]

Our head has a vision for universal access for our Year 12/13's to computers around the school and in lessons.

He would like to see all A-Level students have their own laptop/PDA and with the price of these coming down he is asking me to investigate it.

Has anyone actually done this in a school? It seems a little premature to me but I if someone has actually tried this I would be very interested in their experience. Seems like a logistical and security nightmare to me but I'm just a cynical network manager

[broc]

You will find the universal access requirement is increasingly becoming part of the BSF strategy being pursued by a number of LAs. It remains to be seen what technology will be available to make this happen, my money is on a thin-client based solution, perhaps using something like an Asus Eee PC linked to a server farm. I cannot see it happening using full-function laptops, at least not at my school/LA on the grounds of cost & support if nothing else.

I agree with you that the security & logistics of deploying and managing this sort of environment will be challenging!

[rrichmond]

Perhaps you can use VM's? Something like VMwares ACE might be worth while. That way you can have your PC with your network settings..Secure as you want, and the student can do what they like on their own laptop.....

We may be going down this path in the future....

[Domino]

what about a NAC (network access control) box?

I believe a few people on here use them to great effect (I think geoff uses packetfence....maybe?)

been looking into it myself

[sahmeepee]

... my money is on a thin-client based solution, perhaps using something like an Asus Eee PC linked to a server farm. I cannot see it happening using full-function laptops, at least not at my school/LA on the grounds of cost & support if nothing else...

I can see Health and Safety kicking off about that idea. Laptops are only suitable as a temporary desktop replacement, and when you're looking at "universal" access it does imply that pupils might well be using the laptop for most of their day, which would make them DSE Users in the h&s parlance.

The eeePCs are probably worse than normal laptops for overall ergonomics with their diddy screen.

[dhicks]

Has anyone actually done this in a school?

Sure, anyone who wants to can bring whatever machine they want in from home and plug it in to our network, no problem. Our sixth formers have a provided networked desktop machine (or two) in their shared study rooms, a shared colour laser printer and wired/wireless network/Internet access throughout the sixth form centre.

If the school is buying laptops for the sixth formers then it might be an idea to get ones that can be tracked somehow - I'm not sure quite how practical those GPS tracking systems that came out a couple of years ago are, anyone used them?

Depending on your exact location and student's personal circumstances, you might want to get machines that are relatively discreet and don't look too snazzy - don't want to make your students a target for robbers. Might want to get smaller machines that can be carried in something that doesn't look like a computer bag.

We had a demo from Sanako the other week, showing us the Nokia N810 "Internet tablet" - a small touch-pad (but with small keyboard) mobile-phone-like computer. Can't really see it being practical to type long essays on it, which is what sixth formers are going to need to do. The Eee might be just the thing - you can attach full-size screens and keyboards, so you could provide simple docking stations around the school for them to plug in to.

--
David Hicks

[flyinghaggis]

Sure, anyone who wants to can bring whatever machine they want in from home and plug it in to our network, no problem.

David Hicks

Seriously How can you gaurauntee any kind of security on the network if you let pupils wonder about with their own laptops with god only knows what viruses and hacking utilities/programs loaded onto them!

[ZeroHour]

Without IPsec etc then all clear text data can be sniffed by them including staff logins to website etc and thats just the start of the holes.
They should be completely firewalled of your central network to ensure they cant do anything nasty.

[dhicks]

How can you gaurauntee any kind of security on the network if you let pupils wonder about with their own laptops with god only knows what viruses and hacking utilities/programs loaded onto them!

I don't know, what are they going to hack into?

Without IPsec etc then all clear text data can be sniffed by them including staff logins to website etc and thats just the start of the holes. They should be completely firewalled of your central network to ensure they cant do anything nasty.

They probably should, but we can afford £2000 at the very most for server/network equipment next budget year (August for us), so I doubt we'll be upgrading our security anytime soon. Anyway, I'd assume that any decent website login would be encrypted.

--
David Hicks

[ZeroHour]

They probably should, but we can afford £2000 at the very most for server/network equipment next budget year (August for us), so I doubt we'll be upgrading our security anytime soon. Anyway, I'd assume that any decent website login would be encrypted.

You would hope but in reality most sites are not. Even gmail is only secure for the login only by default. If they sniff your session id then they can read your mail and its scary how many sites only have secure login. All potentially could have the session id's sniffed and then they take over your session.
There are a huge amount of other possibles but you can probably guess that. Just tell you SMT that its all possible in a email and then its up to them to pony up with some cash or risk the data protection officer calling along after confidential details have been nabbed. At least then they cant say its your fault as you informed them of the issue.

[dhicks]

You would hope but in reality most sites are not.

Ah, good reason for having our email on an internal server protected by SSL encryption. Will get around to this Real Soon Now :-)

There are a huge amount of other possibles but you can probably guess that.

Everyone seems a little vague on what, exactly, we need all these expensive switches and such for. I figure it's better to make sure each server is secure, then the network can be treated like the Internet in general.

--
David Hicks