We do it for our sixth form... it is not mandatory and is at no cost to the pupils. Unless I am feeling incredibly generous I won't even allow their laptops in my office! For the students, it works as follows:
1. Turn on laptop
2. Connect to wifi network
3. Automatic redirect to authentication portal on BlueSocket wifi network
4. Assuming valid sixth form logon credentials are enterred, the user is directed to Citrix Secure Gateway (BlueSecure controller limits access to only the DNS servers and port 443 on the Secure Desktop VM)
5. Authenticate on Secure Gateway
6. Launch Citrix XenApp desktop
Tbh, it's one more authentication step than I would like but it works. We run XenApp anyway so it's just a little extra capacity required and we license our sixth form students for Office too to allow them access under this scheme and so that they can use Secure Gateway from home. It works well as a PR exercise when recruiting to
One thing to note... I don't agree that you should use a similar scheme to replace your desktops.
Edit: I forgot to mention too... when it comes to playing games, sharing porn, etc. That is a school policy issue - you don't ban magazines in school in case someone brings in a pornographic one after all!
Last edited by Ric_; 30th March 2011 at 08:01 PM.
The best implementation of this type of scheme in my opinion is rather than a 'bring your own laptop' the school partners with a company and offers laptops or other mobile devices to parents/students on a buy in scheme, that way you get to control the types of machines in use and students get their own laptop to use in school and at home. There's lots of companies who will administer these types of schemes for you. Yes there are lots of issues to over come, but if the school wants to achieve a 1 to 1 pupil to device ratio, it's virtually impossible for the school to supply them and foot the bill. Of course you still have to maintain a stock of machines for some students to use in school, and provide a decent back end to the network for the devices to use whether than be citrix type systems, cloud based systems or something else.
There are organisations like the e-learning foundation who will help schools setup a 'buy in' scheme and help you chose the right approach for your school, offer advice on the best ways to implement the scheme etc. e-Learning Foundation - About Us well worth investigating if this might be a better approach rather than a free for all bring in what you like approach.
Last edited by maniac; 30th March 2011 at 08:47 PM.
OP appears to be from Australia, so UK schemes may not be applicable.
Thank you for so many suggestions, as to answer a few questions that have been raised.
Our current IT staff consists of
*1 Database Administrator (specialises in Oracle)
*3 Information Technology Support Officers (1 specialises in Citrix)
*1 Network Administrator (Linux Expert)
*1 Team Leader/systems & help desk administrator
The laptops would be using a Citrix client to access a virtual desktop & hosted applications if they need to do work on the internal network, other then this there machine is completely separate from the rest of the network. the only things that are allowed through our firewall is Internet and Citrix so as for installing 3rd party software we are not worried, all network usage is monitored and programs can be monitored using Citrix.
If you have any more queries please let me know, and I will try to answer them the best I can.
Last edited by Grimley; 31st March 2011 at 04:07 AM.
Or, having a porn stash on their laptop as another example. Or having a 3g wireless dongle and therefore being able to access unfiltered internet access in school etc...
The issues aren't all going to be technical, but mostly behaviour and child protection related.
We have a system in place for the sixth form only - Similar to Ric_ it is not forced upon them, but offered as a "perk" of being in the sixth form, however our system is purely access to the internet via our web proxy and authenticated through the wireless system against their usual AD account nothing more.
Many of the problems identified are covered within our AUP which is very detailed to say the least, also the usual school policies that are in place.
Through the wireless they can accees, their email, mydocuments, shared area, VLE and of course the filtered internet. Bringing in your laptop with a dongle is as someone has stated the same as them using their mobile phone to look at the net, no difference and therefore the school is limited in what it can do, although there are various safeguarding policies in place etc.
We dont actually touch the laptops, or offer support on the matter and it works well - we havent TOUCH WOOD had any misuse or problems, parents actually welcomed the idea along with the sixth form.
I couldn't believe it when this came up in strategy meeting at my school this morning! I think I've sunk it, but it was a heart-stopping few minutes!
@Grimley, what age are the students you have?
No problem with that answer! So many of us are in schools we tend to assume that anyone posting has hoardes of teenagers trying to get on facebook when they should be studying!
When you post, mention your business type so we can give you a better-taylored answer!
Schools and government depts are similar, BUT employees are mindful of their pay packets and are usually more careful!
Ignore all the stuff about safeguarding... the bit about using their own wifi might be a problem to you and potentially data protection. With school staff, and potentially yours, hardware that goes off site has to be encrypted. You really couldn't enforce this with home computers.
Enforcing a minimum standard for anti virus is big headache too.
Last edited by elsiegee40; 1st April 2011 at 08:20 AM.
Ok, as this isn't for kids, I'd be looking at using some form of NAP. That way, the machines have to follow a policy to ensure they are secure and up to date with things like anti-virus and the like.
So, to use the system, the staff connect to your system via the network their machines are checked against policies and then if they pass they can then access the citrix system.
There are currently 1 users browsing this thread. (0 members and 1 guests)