Hi, I've been asked to look into a managed wireless network complete with BYOD for staff, visitors and probably pupils.
I've been asked to sort this by the end of the week!
We're a small school using AD running on server 2008.
Few questions if I may which may have been covered across various other threads but I'm on a really short deadline here.
Not that I'm expecting to get an order in by Friday.
Ok, we're looking at Meru but Ruckus also looks good. I've not the time to trial them obviously!
We use a proxy for connection. Currently we run a PAC file to determine if a users laptop is in or out of school - will a managed wireless system add the proxy to the device for me?
I'm a little lost for BYOD, how are the proxy settings applied to the various bits of kit that might come in?
Our proxy has four ports for differing filters and use at least three of them. We are a SEN school with pupils aged from 5 to 16. How do I implement the correct port in the proxy given for suitable filtering? All our filtering is through the ISP (LEA)
If a member of staff brings in their own tablet or laptop can I give them access to their home folder and any network shares?
Same with a pupil?
Is there anything else we should be thinking about when setting this up?
I've seen a lot of mention of using smoothwall with BYOD, is this a must have? Not sure we can afford that as well as the BYOD
We currently have an old 3com setup which works but the switch does crash from time to time. Currently we've very few clients accessing it - but there's talk of more mobile devices being purchased so that number should grow.
I've had a good quote for a Meru solution but that will pretty much max out the budget.
Quote includes controller, APs and installation.
Bit concerned we may purchase all this just to find there are problems and more kit / software we need to be running?
I was in a course yesterday about this, and in a nut shell, Don't do it.
I'm gonna rush and write this out, I'm a bit busy today, so sorry in advance for miss spelling or bad grammar.
Its way too much work for BYOD,
Things to think about:
Software compatibly. you might be all running windows 7 and office 2010/13 but someone might be running windows xp and office 2003 or Apple or Android
I don't think PAC files wont work on apple or Android
Proxy settings don't always work with android, you can use the browser but cant use certain apps.
you need a transparent proxy, which I'm yet to figure it out.
how do you know that a laptop/ devices has the a good anti-virus, or is the laptop already infected.
how do you insure highly confidential documents are kept on the school network and not stored on a non encrypted laptop/ device
3. products. Some children are going to bring in a cheap device from Argos.
4. Network. How many devices can your network handle? as a teacher could be using up to 3 devices, Phone, table and laptop.
Your network will need be able to support a ever growing of wireless devices
5. Work load. You are going to be configuring everyone devices!
6. Its going massively change a lessons. its could be a good thing or a nightmare as there no "Standardization"
the only thing to keep everything Standardization is the application or program, has to be a Web base application as nearly all devices can support it via web-browser
Oh for your wireless I would suggest getting a quote from @Net-Ctrl for Ruckus Wireless, simply amazing pricing and top quality product.
Cant think of anything else.
Last edited by stevenlong1985; 27th February 2013 at 12:04 PM.
I believe the ruckus system (I dont have one) can handle loads of wireless clients and the network controller hosts the pac file and can dhcp (NAT) guest clients. The APs cost more but have a better range.
I was thinking of creating a totally un-routed VLAN for BYOD that connected to a domestic NAT router with its own dhcp etc using a home BB solution and maybe opendns configed.
The technical challenges are not insumountable. You probably ought to substantially rebuild your network and your operations (T+L as well as technical) for the new BYOD world if your leadership team are serious.
Do the SLT understand that which can be done on a managed devices is not necessarily possible on a BYOD device? The point of BYOD is that your employees/students pay for the software and hardware that they use. If you want to insist on a particular package being used, it has to be delivered over HTTP. Depending on how much time/money they want to throw at the problem the previous statement becomes less true by degrees.
BYOD done properly is MUCH LESS work on a day to day basis than supporting a fraction of the number of managed devices. How much tech support does joe public need to get onto the wifi in starbucks, or on the tube? NONE.
That said, as a school you will need to address the safeguarding issues. It may be that your current firewall arangement is not suitable for a BYOD arrangement. You need an AD linked captive portal which logs who what and when a client attaches to your network and segregates traffic with a VLAN design/Firewall arrangement that filters by subnet (different classes of users go into different subnets). Reporting on a per user basis becomes a little more involved as you have to look up their IP at the time (should be recorded in NPS logs) and then cross reference with the firewall logs. You do loose simple per user/group filtering... however nothing to stop you still having an authenticating proxy server available for people who choose to opt into finer grained control.
What would be nice is a solution where the firewall can find out who the user is from the NPS/RADIUS server. <-Does this exist? Smoothwall implied that they can do this with Meru and Identity Manager, but I didn't have time to follow this up at BETT.