Simple question really, we have setup all our systems ready for BYOD "bring your own device".
- Guest wireless network
- 100mbit Internet line
- Transparent Proxy filtering (coming soon)
- VLAN
I'm happy enough with the technical side of things now.
But how do schools do it in real life? Does anyone actually allow this in school?
How do you manage and monitor it?
Its such a huge change I'm struggling to get my head around the implications.
We had a look at virtual desktop for this as it would be perfect, own device, but managed system. But unfortunately the licencing is a nightmare, requiring each device, which isn't yours, to have a VDA licence purchased for it even if you have EES or equivalent. Has been parked for now!
We do this, though we run a netbook scheme which they can be purchased though the school. Access to their user area, VLE is done through the school website. To monitor this when they open IE etc they have to sign in to the proxy using their AD creds, this means that what they can browse is filtered as would be on any PC in the school.Originally Posted by zag
I'm still trying to get my head around this at the moment.
Do I run 3 wireless SSID's
Main School Wireless - School owned and controlled devices only, full access to domain etc....
BYOD - Staff/Student owned devices, Smoothwall SSL login page to get customised filtering level, possible access to school resources file servers etc...
Guest - Unknown "dirty" guest devices, Internet access only, draconian web filtering
Or do I run the school one and the guest one to make it simpler?
To support the guest wireless on the current infrastructure but seperate it using vlans is this what I need to do:
Core switch HP 4108GL - At the moment the test WAP plugs into this but to support the guest wireless around the site all the switches would need to be setup to support the guest vlan.
Wireless Access Point - Main wireless SSID for school devices, Guest SSID, vlan set to 3 (guest), switch port that WAP is connected to tagged with vlan 3
DHCP Server for guest devices - Virtual machine running a dhcp server to give ip addresses etc... to guest devices, virtual nic tagged with vlan 3, switch port that virtual host connects to tagged with vlan 3.
Smoothwall SWG-1200 - different nic port from main school network configured with vlan 3, switch port tagged with vlan 3, transparent proxy running.
Ben
Yep we've gone down the route of only offering 1 guest network that anyone can access. My problem is how do I manage it?
As soon as I give out the user and password for the web guest page, it will spread like wildfire around the school.
As plexer says best way is probably something like Smoothwall SWG-1200 with transparent proxy for the guest Vlan - you can have open access but force them to login with active directory username and password via smoothwall settings.
Will be setting it up here soon.
Am I to take it from the responses that no one here is doing BYOD in their school yet?
I've noticed in Australia and New Zealand this is quite common, any ideas what it hasn't become popular over here?
We're kinda sorta looking at it, but only in the context of allowing 6th Form students to use their laptops in the Common Room.
Yeah we wanted to do the same, we don't have any access for students to their files on the network at the moment, virtual desktop was our stab at it but MS and their licencing soon stopped that one!!
This is exactly our plan as well.
Problem is stopping all the other students connecting their mobile devices!!
Yeah our IAS server was getting loads of weird requests from peoples mobile phones! We stopped using PEAP-MS-Chap a while back as we moved to certificate auth. Since then we now get loads of denied access requests which made me think that some policies had failed somewhere along the line! Turns out some crafty students had worked out you could connect with their username and passwords
We are also in the first steps of looking at this but are wondering were schools will stand with regards to PAT Testing.
Last edited by Kenny_G; 10th October 2012 at 10:11 AM.
We have a BYOD program. 500+ user owned devices. It is mandatory for 6th formers to bring in their own device.
Fantastic, finally found someone whos done itTell me more please:
How well does it work?
How do you monitor the devices?
Does it cause any strain on your normal network
What do you do about legal requests, file sharing ect
How does the filter work?
Surely the licensing issue would depend entirely on how the user is connecting? If I were going to offer BYOD i think i would be tempted to actually really offer RDS Session based, which would make the licensing less complicated.
If the BYOD are connecting fully, they the CALs are different again. If the BYOD are using VDI pools then you need different licensing again, but this is a strangely grey area again and you will probably get different answers from different specialists.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks