+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
How do you do....it? Thread, How do you allow student owned devices access to the network? in Technical; I've been asked to investigate the possibility of allowing student owned laptops access to the network for internet and possibly ...
  1. #1
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12

    How do you allow student owned devices access to the network?

    I've been asked to investigate the possibility of allowing student owned laptops access to the network for internet and possibly file access.

    I'm aware of the security, PAT and insurance issues, but not sure on the best technical method

    As a background we already have in place Ruckus wireless and smoothwall NG. Email is the only service currently available externally. This would be for sixth form students to start with.

    I can see two possibilities to this:

    Divide the network with VLANs and create a guest area that has internet access. - Proxy settings would be a problem, as would file access.

    Setup a Remote desktop server - allow student devices access to this server only using ruckus restrictions. - cost prohibitive? Is citrix a better solution?

    I think RDS has more advantages because the enviroment is controllable and there would be less compatibility issues, but I've never had to set one up before - how does the licensing work? what spec server is needed? etc

    Has anyone already set up a student laptop access system? or is it more hastle than it's worth?

  2. #2

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144
    I was looking at this product.

    BWireless, Wi-Fi hotspot solution, managing a system of hotspots, ideal for schools, colleges and universities, wireless internet access

    Which will authenticate against Active directory via a web form, simelar to the way BT-Openzone works. This means you won't need to give out encrypton keys etc, but can still keep your wireless system safe from outside users using it. From here, you can allow them access to whatever you see fit as the whole system works within its own V-Lan. My idea was to have them having internet access only - I've been told you can route the whole lot through a proxy so no need for individual proxy settings, and then serve students remote desktops via a web based interface - no direct connections to server to stop the virus risk. As I understand it devices connected via this system cannot see each other either, they can only get out to whatever service you specify. Seems the ideal solution to me.

    Unfortunitely budget contraints have stoped the purchase of this in the school I work in, but I did a fair bit of research into how it worked.

    Mike.
    Last edited by maniac; 16th June 2010 at 11:13 PM.

  3. #3
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    Manic: The ruckus wireless system we already have in place can do this - wireless isolation, guest pass, access control. but there are issues with proxy settings, and multi login (one for ruckus then for smoothwall etc.)
    If we went down the remote desktop route I would rather they used the internet through the session so we control the browser, and can use AD authentication.

  4. #4

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144
    Quote Originally Posted by HCC View Post
    Manic: The ruckus wireless system we already have in place can do this - wireless isolation, guest pass, access control. but there are issues with proxy settings, and multi login (one for ruckus then for smoothwall etc.)
    If we went down the remote desktop route I would rather they used the internet through the session so we control the browser, and can use AD authentication.
    I'm not familiar with Ruckus, apologies - didn't realise it had this functionality built in - our current wireless system is some what more antiquated. I've been told that that B-wireless system will pass authentication details up the line to a proxy, and it can be set to route all the traffic through the proxy so no settings to program in on the end user devices, but I've not actually seen it in action, only spoken to a technical advisor about it and read a bit.

    Edit: As I understand it, the device works as a gateway and DHCP server in its own V-LAN, so traffic is automatically routed to it once they connect. Once they authenticate to it, it acts as a proxy in its own right routing the traffic wherever you want, so you can point it at your filter and from there out to the internet as usual, or you could point it at an internal server for them to establish a remote desktop session through.
    Last edited by maniac; 16th June 2010 at 11:32 PM.

  5. #5

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,004
    Thank Post
    237
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    We're planning this in our new campus, we're having a 'guest' VLAN for students and staff who wish to bring in their own laptops. Web access only, and connection to the LAN via terminal server only.

  6. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by HCC View Post
    Divide the network with VLANs and create a guest area that has internet access. - Proxy settings would be a problem, as would file access.
    Why? Can't you get Smoothwall to act as a transparent proxy and simply have DHCP dish out the gateway address? Could you have a router pass traffic for your file servers on?

    --
    David Hicks

  7. #7
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    VLAN for security and to split all the DNS and DHCP records so as not to pollute the main system. I tried transparent on smoothwall a while ago. I seem to remember AD auth didn't work with it and I don't want normal users to have to login, not tried since the new auth update.

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Also consider PacketFence

  9. Thanks to Geoff from:

    joe90bass (18th June 2010)

  10. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by HCC View Post
    I tried transparent on smoothwall a while ago. I seem to remember AD auth didn't work with it and I don't want normal users to have to login, not tried since the new auth update.
    By "AD auth" do you mean NTLM authentication, or could you not get Smoothwall set up to ask users for their AD username and password when they first accessed the web? Assuming your pupil-owned laptops aren't joined to your domain, their users are going to have to log in to something at some point to prove who they are. I had some issues getting Smoothwall to talk to Active Directory, but Smoothwall support got the problem sorted pretty quickly.

    --
    David Hicks

  11. #10
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    Quote Originally Posted by dhicks View Post
    By "AD auth" do you mean NTLM authentication, or could you not get Smoothwall set up to ask users for their AD username and password when they first accessed the web?
    yep NTLM. - I don't like the idea of having normal users, on school network machines having to logon again to use the internet - I have yet to experiment with smoothwall's multi auth. Can I combine NTLM for domain computers with web login if not on the domain?

  12. #11

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by HCC View Post
    Can I combine NTLM for domain computers with web login if not on the domain?
    Yes, I think you can - I've not tried myself as our filtering policy is to require someone to log in if they want to see a page limited to only certain users, otherwise we have open access for all.

    --
    David Hicks

  13. #12

    Join Date
    Oct 2009
    Location
    The Netherlands
    Posts
    83
    Thank Post
    1
    Thanked 16 Times in 13 Posts
    Rep Power
    12
    Atm we are looking at this appliance: Quarantainenet
    It provides secure guest network access, it can put devices which are not secure (virus, outdated virusscanner, outdated windows updates etc.) in quarantaine and a lot more.

  14. #13
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    Quote Originally Posted by Geoff View Post
    Also consider PacketFence
    How difficult/time consuming was this to implement? As with the OP this is something on my 'to investigate' list, and looking at the Packetfence site this looks like a good (free!) solution.

    Cheers

  15. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by joe90bass View Post
    How difficult/time consuming was this to implement? As with the OP this is something on my 'to investigate' list, and looking at the Packetfence site this looks like a good (free!) solution.

    Cheers
    If you download the 'ZEN' version, you'll get a preinstalled and preconfigured VMWare image to play with straight away.

  16. Thanks to Geoff from:

    joe90bass (18th June 2010)

  17. #15

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    As an idea, what we do is this:
    1. License sixth form pupils on a per user basis for Windows CALs and Microsoft Office (this is a special addition to our schools agreement and has the advantage that our sixth form pupils get to have a copy of Office)
    2. BlueSocket wireless captures them when they use the wifi and sends them to a login page to authenticate
    3. If authentication is successful, they are automagically redirected to our Citrix Secure Gateway server
    4. Student then authenticates on the Secure Gateway server where they can access a remote desktop via XenApp

    The way it's licensed also allows remote access from home via Secure Gateway. Those that use it seem to like it.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. A Definitive Guide ... to guest / student devices on a wireless network.
    By GrumbleDook in forum Netbooks, PDA and Phones
    Replies: 8
    Last Post: 19th April 2010, 02:07 PM
  2. How do you handle student owned laptops?
    By mctnguy in forum How do you do....it?
    Replies: 19
    Last Post: 3rd March 2010, 11:49 AM
  3. Wireless authentication for non-owned laptops VLAN/network
    By amfony in forum Wireless Networks
    Replies: 4
    Last Post: 29th January 2009, 08:46 AM
  4. Student Devices
    By russdev in forum Blue Skies
    Replies: 20
    Last Post: 20th January 2009, 10:15 PM
  5. Licenses & Student Owned Laptops
    By byron67 in forum Educational Software
    Replies: 5
    Last Post: 15th January 2008, 09:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •