+ Post New Thread
Page 2 of 6 FirstFirst 123456 LastLast
Results 16 to 30 of 85
How do you do....it? Thread, Bring your own device the future? in Technical; Originally Posted by zag Fantastic, finally found someone whos done it Tell me more please: How well does it work? ...
  1. #16


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by zag View Post
    Fantastic, finally found someone whos done it Tell me more please:

    How well does it work?
    Pretty good. We put in a lot of effort and had been directing things this way for the last 3-4 yrs.
    It needs a lot of support from SLT and there (as always) are people against it. You really need to work on the infrastructure before contemplating BYOD,.
    Biggest issue is out of date drivers on student machines
    Quote Originally Posted by zag View Post
    How do you monitor the devices?
    They aren't our devices - so we are not entitled to monitor what people do on them. We do monitor authentication requests against the proxy of course, and with WiFi system (Meru) has a very good diagnostic capability.
    [quote]

    Quote Originally Posted by zag View Post
    Does it cause any strain on your normal network
    Inevitably there is some additional network usage - we planned for this and upgraded our broadband, internal servers, wireless and network to cope with additional demand.

    Quote Originally Posted by zag View Post
    What do you do about legal requests, file sharing ect
    Don't really understand the question. The whole network is blocked from bittorrent and the like. Kids can exchange files between their laptops if they want.

    Quote Originally Posted by zag View Post
    How does the filter work?
    THey authenticate to it using username and password - its specified wpad.dat
    Last edited by CyberNerd; 10th October 2012 at 10:59 AM.

  2. #17
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    947
    Thank Post
    257
    Thanked 135 Times in 108 Posts
    Rep Power
    80
    We're about to launch it in our 6 Form - but in a restricted form at the moment. No access to network, so Internet only. I suspect they'll bounce between ours and their own 3G or whatever simply because through ours they are filtered, so no Facebook, etc. However, it's currently seen as an addition to our facilities rather than the baseline, which is ideal. We were initially asked to provide a cluster of i-Pads, so once the infrastructure went in there was no good reason not to also try BYOD. My only concern at the moment is the impact on our broadband bandwidth, as we're already hitting our existing cap several times a day, but with us moving from 60mbps to 100 in December, we see BYOD as a bit of an experiment.

  3. #18

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,828 Times in 1,135 Posts
    Blog Entries
    19
    Rep Power
    602
    Quote Originally Posted by CyberNerd View Post
    They aren't our devices - so we are not entitled to monitor what people do on them. We do monitor authentication requests against the proxy of course, and with WiFi system (Meru) has a very good diagnostic capability.
    How do you complete your statutory Duty of Care to ensure that devices are not used, whilst in school, for bullying, sharing illegal materials, sexting, or other activities which may cause harm to children?

  4. #19


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by GrumbleDook View Post
    How do you complete your statutory Duty of Care to ensure that devices are not used, whilst in school, for bullying, sharing illegal materials, sexting, or other activities which may cause harm to children?
    They only connect to the internet, Through a filtered proxy. We advise students about using a firewall, AV and password security. Everything else is done by the teachers following non-ict policies.

  5. #20

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,828 Times in 1,135 Posts
    Blog Entries
    19
    Rep Power
    602
    Quote Originally Posted by CyberNerd View Post
    They only connect to the internet, Through a filtered proxy. We advise students about using a firewall, AV and password security. Everything else is done by the teachers following non-ict policies.
    You mentioned that they can share files directly with one another though (but not via bittorrent, etc) ... how are the students protected from malicious or offensive actions of others?

  6. #21


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by GrumbleDook View Post
    You mentioned that they can share files directly with one another though (but not via bittorrent, etc) ... how are the students protected from malicious or offensive actions of others?
    education.

  7. #22
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,909
    Thank Post
    954
    Thanked 451 Times in 380 Posts
    Blog Entries
    12
    Rep Power
    93
    Quote Originally Posted by CyberNerd View Post
    education.
    Love it

  8. #23
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Quote Originally Posted by Achandler View Post
    Surely the licensing issue would depend entirely on how the user is connecting? If I were going to offer BYOD i think i would be tempted to actually really offer RDS Session based, which would make the licensing less complicated.

    If the BYOD are connecting fully, they the CALs are different again. If the BYOD are using VDI pools then you need different licensing again, but this is a strangely grey area again and you will probably get different answers from different specialists.
    What do yuo mean RDS session based?

    Microsofts licencing when it comes to terminal clients is strange. For instance VDi.

    If you have 500 users in your 6th form, and you want them to be able to connect to VDi using your school owned laptops. Its legal to use your Software Assurance to 'upgrade' to VDA licences for your physical laptops so that they can connect to the virtual clients.

    If your users are using their OWN laptops to connect to your VDi, it is no longer legal. As the OS on thelaptops is not owned by the school, our software assurance no longer covers the 'upgrade' to VDA licencing which means that you have to individually purchase VDA licences per DEVICE for each 6th former. As usual licences cannot be transferred between devices for 3 months (standard MS stuff)

  9. #24
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    853
    Thank Post
    99
    Thanked 197 Times in 161 Posts
    Rep Power
    70
    We are on the verge of launching a second attempt at BYOD. Our first attempt with our sixth form failed mainly because many users found the LEA proxy server a struggle to deal with. Entering details, constantly authenticating, blocked services slowing down devices etc.

    Our second (yet to be launched) system will utilise a non-authenticating transparent proxy. Users connect to a SSID for their year group, which is in it's own VLAN. Our captive portal authenticates them onto the network and logs the device MAC and user details. Each device is given it's own unique pre-shared key. These subnets are filtered at the standard LEA filtering level for their age. Devices are isolated using access lists, and can only communicate with our DHCP, DNS and Moodle servers, and of cause the gateway.

    I will be happy for users to use phones, tablets, laptops or anything else. If it's got a browser in it, it's all right with me. If they are using devices in the wrong place or time; It is a behaviour issue, rather than a technology issue. If the technology is causing an otherwise compliant student to become disruptive, we could obviously revoke keys and disable further access.

    @GrumbleDook Students are already bringing these devices into schools. Banning them, just puts them under the desk rather than on top of it. Devices still in use but the educational potential lost. Bullying, sexting and all the other online activities which do harm children could already be happening within the school fence. Education is key to stopping these activities, however monitoring internet use will also identify when students go off the rails. Schools can not monitor 3G connections. So to my mind, allowing BYOD should help reduce these risks rather than increase them.

    Before launch I hope to get various members of the school community together to write a suitable user policy. It is my belief that if we involve students in the decision making, they will more likely stick to its outcomes.

  10. Thanks to IrritableTech from:

    zag (11th October 2012)

  11. #25
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    947
    Thank Post
    257
    Thanked 135 Times in 108 Posts
    Rep Power
    80
    Quote Originally Posted by IrritableTech View Post
    We are on the verge of launching a second attempt at BYOD. Our first attempt with our sixth form failed mainly because many users found the LEA proxy server a struggle to deal with. Entering details, constantly authenticating, blocked services slowing down devices etc.

    Our second (yet to be launched) system will utilise a non-authenticating transparent proxy. Users connect to a SSID for their year group, which is in it's own VLAN. Our captive portal authenticates them onto the network and logs the device MAC and user details. Each device is given it's own unique pre-shared key. These subnets are filtered at the standard LEA filtering level for their age. Devices are isolated using access lists, and can only communicate with our DHCP, DNS and Moodle servers, and of cause the gateway.

    I will be happy for users to use phones, tablets, laptops or anything else. If it's got a browser in it, it's all right with me. If they are using devices in the wrong place or time; It is a behaviour issue, rather than a technology issue. If the technology is causing an otherwise compliant student to become disruptive, we could obviously revoke keys and disable further access.

    @GrumbleDook Students are already bringing these devices into schools. Banning them, just puts them under the desk rather than on top of it. Devices still in use but the educational potential lost. Bullying, sexting and all the other online activities which do harm children could already be happening within the school fence. Education is key to stopping these activities, however monitoring internet use will also identify when students go off the rails. Schools can not monitor 3G connections. So to my mind, allowing BYOD should help reduce these risks rather than increase them.

    Before launch I hope to get various members of the school community together to write a suitable user policy. It is my belief that if we involve students in the decision making, they will more likely stick to its outcomes.
    We have a similar setup, with transparent proxy, so once the user connects to the signal they enter their usual username and password to then gain access to the wireless network itself.

    Regards the Duty of Care issue, we took the view that, whilst we acknowledge they will use their own devices on their own connections, if we provide the facility we are obliged to provide the care.

  12. Thanks to Gibson335 from:

    zag (11th October 2012)

  13. #26
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,909
    Thank Post
    954
    Thanked 451 Times in 380 Posts
    Blog Entries
    12
    Rep Power
    93
    Now that's a good idea!

    We are using a transparent proxy as well. I didn't think about setting them all up as individual users. Isn't that a huge amount of admin for you?

  14. #27
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    947
    Thank Post
    257
    Thanked 135 Times in 108 Posts
    Rep Power
    80
    Quote Originally Posted by zag View Post
    Now that's a good idea!

    We are using a transparent proxy as well. I didn't think about setting them all up as individual users. Isn't that a huge amount of admin for you?
    Was that Q for me? If so, sorry for the confusion...the wireless network is integrated with their Curric AD and so they enter their usual network passwords.

  15. #28
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    853
    Thank Post
    99
    Thanked 197 Times in 161 Posts
    Rep Power
    70
    If it was directed at me, our controller too links to AD and generates a unique PSK on the fly. It's the Ruckus Dynamic PSK feature.

  16. #29
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,909
    Thank Post
    954
    Thanked 451 Times in 380 Posts
    Blog Entries
    12
    Rep Power
    93
    Thanks for both your answers, seems our aruba system doesn't have that functionality.

    We have the captive portal but there isnt any option to connect it to AD

  17. #30
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Quote Originally Posted by zag View Post
    Thanks for both your answers, seems our aruba system doesn't have that functionality.
    You can use radius with an IAS server, using PEAP MS-CHAPv2 you can authenticate with usernames and passwords and push them to different VLANS.

SHARE:
+ Post New Thread
Page 2 of 6 FirstFirst 123456 LastLast

Similar Threads

  1. Bring Your Own Device - Accessing Documents
    By MyBrainHurts in forum Wired Networks
    Replies: 7
    Last Post: 30th May 2012, 02:02 PM
  2. Bit of help with setting up Bring Your own devices
    By alfatec in forum Internet Related/Filtering/Firewall
    Replies: 5
    Last Post: 1st February 2012, 12:03 PM
  3. Bring your own device? Do you log which sites are visited?
    By kennysarmy in forum Internet Related/Filtering/Firewall
    Replies: 12
    Last Post: 24th January 2012, 08:05 PM
  4. Students bringing their own devices in
    By stevenr in forum How do you do....it?
    Replies: 3
    Last Post: 23rd August 2010, 09:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •