Wireless Networks Thread, One to one - authentication and file storage? in Technical; Right now, our network consists almost entirely of desktop computers and netbooks that never leave campus (mobile computer labs). To ...
30th March 2011, 05:27 AM #1
- Rep Power
One to one - authentication and file storage?
Right now, our network consists almost entirely of desktop computers and netbooks that never leave campus (mobile computer labs). To handle everything, we use Active Directory to authenticate users, and folder redirection to allow them to share their documents.
However, our school is considering going one-to-one. One thing I'm trying to figure out is how do we allow students and staff to log into school-issued devices outside the network? Obviously our domain controllers and file servers are only available within our schools. I'm wondering what everyone else is doing:
- If you do one-to-one computing and allow students to take computers home, do you have any form of authentication, or does each device just have a single local account?
- How do you have students save files? Syncronization? Web upload? Just save to the HD and have them be responsible for backups?
- If you don't use AD, how do you deploy and manage rules and polices on the devices?
30th March 2011, 07:58 AM #2
It really depends on what infrastructure your have in place and your budget. To make things easier, why not have a remote access solution which allows users to connect to your school network securely from anywhere where there a internet connection. You can further restrict access to only school issued laptops and they can work as if they are connected to the network.
30th March 2011, 08:24 AM #3
Someone else has just started a similar thread:
Originally Posted by JoeyH
Bring Your Own Computer (BYOC)
You could offer remote desktop capabilities - a couple (or however many is appropriate for the size of your school and how many simultanious users you expect) of servers running Remote Desktop Services that people log in to from outside. You'll need to check what happens by way of licensing. You'll need a Client Access License for each person or device that authenticates against your AD server (this includes things like printers, which people tend to forget), or you can obtain a Remote Connector license to blanket cover external logins for your pupils. MS Office certainly always used to be different - you only used to be able to buy device CALs, so each device that connected to your system and ran MS Office needed to be licensed for MS Office itself. That might have changed by now, you might be able to cover MS Office usage with the Remote Connector license - talk to an MS licensing expert / reseller for exact details.
Instead of using MS Office running on remote desktop sessions you could use a web-based solution - that's what your VLE is for. Microsoft now offer an online version of MS Office, and Microsoft and Google seem to be squaring up for an all-in online office suite showdown. A decent VLE will integrate with Google or Microsoft's online office suite.
You could, of course, skip relying on anything Microsoft-made or externaly-created and simply run your own web-based VLE, office suite and other services. Your only issue is going to be AD authentication - if you want to integrate web-based services with AD you'll still need CALs for each user or device that connects, or an external connector license. You could ditch AD and use an LDAP server instead, but then you have two separate authentication servers and, potentially, people have to remember two password - one for external services and one for internal. The way to solve that problem is to remove all of your internal machines from AD and have them simply boot in to a local account, probably just running a web browser and remote desktop software.
I'd go for the local-web-browser-with-remote-desktop-software and have all your Windows applications (MS Office, etc) run via Remote Desktop Services. I'd still go for the External Connector license, though, so you could use AD as a single authentication server. There might not be a way around the external licensing for running MS Office, the best option is probably to only let internal users use it and use either the MS or Google online suite for external office facilities.
Check your VLE's capabilities again - a decent one should have some kind of file-area integration / upload plugin. If you don't have a VLE, your best bet is probably to simply install a Moodle server and set up the home directories plugin.
How do you have students save files? Syncronization? Web upload? Just save to the HD and have them be responsible for backups?
Several people on this forum have used Faronics Deep Freeze - I think there's been a couple of recent threads, or you could start a thread to ask for people's speicific experiences. My preference would be for a small Linux distribution that runs a web browser, plugins like Flash, RDesktop and nothing else - just boots, loads web pages, connects to a Windows server to run your legacy oftware and that's it. Nothing to break or fiddle with. We've also had a coupel of discussions on here about setting up a Windows machine in much the same way by replacing Windows Explorer with a web browser, so the machine doesn't have any facilities to run / save local files, probably has better browser plugin support and has a client capable of using a newer version of RDP for remote connections. If you're buying machines licensed for Windows anyway, even if it's a home version, that might be your best option.
If you don't use AD, how do you deploy and manage rules and polices on the devices?
By burgemaster in forum Scripts
Last Post: 23rd March 2011, 01:55 PM
By gshaw in forum Hardware
Last Post: 25th February 2011, 01:10 PM
By MrBitey in forum General Chat
Last Post: 20th February 2011, 08:51 PM
By Trapper in forum Windows Server 2000/2003
Last Post: 2nd September 2010, 10:22 PM
By pete in forum Office Software
Last Post: 29th April 2010, 10:03 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)