In these back school times, deploying tablets for educative purposes is a hot topic. Don’t be mistaken, some IT service providers will find this innovative, but this is a classic, already mastered by the more serious of them.
Too often, IT actors lacks expertise and experience. Today, « Big IT Service Providers » and local one leads to unacceptable situation. Schools spends hundreds of thousands euros, ending up with a non functional setup, the first day of school.
Talking about big companies, the fault is on their own: looking for the more profitable sell, no considerations for operational aspects etc… Talking about smaller ones, they generally lack skills and are afraid requesting help to another company, thinking they would loose this particular market doing so.
Abelionni has delivered its customers on time for this back to school, we have time to explain how an education network should work regarding digital school bag purposes. All advice exposed in this article will focus on iPad, which remains the best tool for education. Teachers and students loves its ergonomics and rich app store. It is still easy to manage by schools, teachers. This can be applied to Android or Windows tablets too.
Whatever brand or system you choose, management challenges and mass connectivity are the same. The objective of this article is twofold:
allow local IT providers understand all imperatives for the upcoming tasks;
allow schools realise that big companies are incompetent.
And of course, we remain available to help you achieve your goals. Abelionni is not willing to dominate the education support market. Instead we would like to work with local It providers to build a resilient and evolutive system. We are known to build these systems, and then transfer their daily management to internal teams and school’s IT providers.
What is a digital tablet?
We are planning to deploy a tablet per student, teacher, and supervising staff, but what really is a tablet?
This question is central. As hundreds or hundreds of thousands devices are going to be deployed, an advanced knowledge is required: How does it work? How does it communicate?
A tablet is a connected equipment that communicates via WiFi (and cellular we are not going to take into account, as it is only useful to sport teachers and school direction, but the reflexion is the same). A numeric tablet is a dedicated education tool used during courses, eventually during evaluations. It is also an equipment going back and forth between the student’s place and the school. Parents and school will share its liability. Finally it never powers off and don’t require a power source for the day.
Accordingly, the specifications are the following:
the tablets must last the whole day without the need to be plugged until the end of standard leases formulas ( 3 years with purchase option);
tablets should be able to be accessible and controlled by:
the school, in case of problem or if a student forgets the code;
the teacher during a course, only if the students is present;
the parents, outside school time;
the tablets should be able to be showed to the classroom’s video projector;
the WiFi network must be able to handle 40 simultaneous connections including teachers and students, without disruption;
internet access must support the whole school equipment at the same time (teachers, students, all staff members etc).
How teachers and students exchange?
A tablet only becomes more interesting than a book if it allows advanced interaction between a teacher and his students. A solution must be proposed to provide teachers and students a personal storage adapted to the tablet. From home or school they must be able to access data they stored to prepare or revise a course. Another solution has to be deployed in order to facilitate and enhance communication. A teacher and a group of students must be able to exchange informations that remains managed, controlled.
A good starting point would be to use Google Apps for Education. It is free, without ads, and it guarantees the ownership of data to its creator. For education, all available services are activated for free. The offer includes:
an unlimited email address for each teacher and student;
unlimited google drive storage;
Google Classroom, for digital course management by teachers.
When you deploy an iPad fleet, ITunes University is made available to manage digital courses and evaluations. Using iTunes U or Google Classroom is about the same, it just depends on formation teachers followed.
Building a WiFi network
As you already understood, tablets are going to exchange informations via WiFi, a lot and continuously. So, it is necessary to understand what is the WiFi to think about the required investment.
WiFi is a shared communication technology. Using radio frequency, only one person at a time can speak on one channel. If two persons speak at the same time, none of them will be heard. They will have to repeat, one after another. It’s almost like a classroom: one student at a time, otherwise no one will understand.
There is a difference though: People uses sound waves to speak in a classroom, walls isolate different speaking groups by blocking these waves out. Whereas, WiFi is capable of going through walls and isolate the different groups using different channels.
Regarding WiFi, there are two different bands available 2.4 GHz and 5 GHz. Taking a shortcut, here are the main differences between them:
2.4 GHz is more capable of passing though walls;
5 GHz provides more usable channels at the same time;
5 GHz offers noticeably faster data transmission.
Taking these into account, 5 GHz band is the most interesting one. Tablets must be compatible with this technology.
As WiFi is a shared media half-duplex technology (one person at a time, transmit or receive, not both), it would be wise to increase the available number of channels. This would allow more people to talk at the same time. There is a speaking time notion here, called AirTime that determines the perceived quality of a network. This can be calculated by dividing the total necessary bandwidth for one case of use, by the device maximum throughput.
For instance, we are looking at a video requiring 1Mb/s using an iPad 2 that max throughput is 30Mb/s. We have a theoretical AirTime of 3.33%. In another words, we are going to occupy 3.33% of the total speaking time. All these remain theoretical, as it can be affected by the distance between the access point and the tablet, and other kind of interferences. For the same video, an iPad mini 2 that maximum throughput is 65 MB/s would only use 1.54% of available AirtTime.
This underlines two important points:
WiFi performance depends on its worst client;
the Access Point capacity is not linked to the speaking time.
This brings the question of sizing the wireless infrastructure. It directly depends on your work environment, but a good starting point would be one 5 GHz access point per classroom. As your investment should last over years, we would recommend to always buy the latest high end technology if you can, or at least mid-range products. You will avoid buying new access points too soon.
Who should you connect to the WiFi?
It’s not because you spent thousands of euros on your wireless network that you can connect everything. In fact, it’s the exact opposite.
WiFi costs and has technical limitations. It is mandatory that you connect devices that are wireless only, others have to be plugged in.
For instance, Apple Tv should not be connected via WiFi. Using WiFi instead of ethernet cable does not improve anything but over consume the available AIrTime (For each communication between iPad and Apple Tv, speaking time is consumed between the iPad and the access point, then between the access point and Apple TV).
Moreover, it is mandatory that all connected clients use the latest WiFi standard, in order not to penalise tablets.
WiFi, what’s next?
WiFi relies on standard network, composed of cables and switches. Chosen architecture and technologies employed by the wired network are important, just like their integration with wireless lan.
The network must be capable of latest virtualisation technology, which enables broadcasting to a specific geographic zone. For instance, we have 2 iPad, one in building A another in building B. The two must be in different networks while using the exact same WiFi connection informations.
You also have to pay attention when wiring all equipments: each classroom equipped with an Apple TV and an access point has to be wired on the same switch, and the same VLAN to allow maximum performance.
Finally, chose a unified but secured network design. Keeping a separate network for administration would only lead to a waste of time and money. Network limiting and virtualisation technologies, have to be used in order to allow the coexistence of pedagogic and administrative network, while using the same hardware investment. Though, talking about IP communication, each network will be isolated one from another.
Internet Access Now that you have a functional wired and wireless network, you still have to be connected to internet. Before, realise this is a mass scenario. You are not going to link one device to internet, but all the people in your school.
USA has more experience when it comes to education mass deployment. As an interesting fact, the American government recommends a 1Mb/s connection per student to any school offering internet (source ConectED – US Government)
Moreover, an enterprise grade internet connection is mandatory. Apart from being more expensive, there is a difference between a 100 Mb/s fiber offer built on enterprise grade and a consumer one. The cheapest one is up to 100 Mb/s, whereas the second one guarantees 100 Mb/s.
The vast majority of « pro » internet connections at reasonable cost are disguised consumer offer, providing more or less services. We are talking about mass equipment, these offers are not appropriate to connect them to internet.
Hundred maybe hundred of thousand tablets and computers are going to be connected to internet, all working at the same time. To evaluate an offer and determine if it is reasonable or not, divide the cost of the internet access by all the people connected: students, teachers, administrative staff.
Good thing having a fleet of tablets. But, what is the point is you can’t apply rules to associated people? Useless.
Now we have the tablets, before starting managing them, we have to know each associated identity.
For this step, you need a directory, generally it’s best to go with Active Directory from Microsoft. Other directory services are available such as Open Directory from Apple ou eDirectory from NetIQ. For schools, a correct setup of Active Directory brings significant benefits: well documented knowledge available, ease of management, advanced services as certification authority, network access control, and commercial offers to schools. It’s probably the only relevant solution today.
This directory should include one identity for each student, teacher and administrative staff of the school. It should also contain the list of all necessary groups: primary, secondary teachers, all students of the fifth grade (A,B,C), all fifth grade foreign language students, group 1 from third class C, etc. Several well known tools allow imports from administrative database to active directory. They could be appealing at first sight, but they are generally maintained by enlightened enthusiast lacking real mass management knowledge. Back in the days, they were helpful, today they are slowing down the adoption of new practices.
As a result, to import your users from your administrative database to your Active Directory, i would recommend using CSV exports and PowerShell scripts. You will be able to clean available fields and correctly manage the associated informations to your identities.
Here are some good practices allowing a stable directory service for years:
using a domain like edu.exemple.org ( eventually, you use alternate names like student.example.org or teacher.exemple.org)
education mails like @exemple.org ( to be distinguished from exemple.com representing the public website. Or student.example.org and teacher.example.org)
SAM name before windows 2000 limited to 20 characters, must be an internal number linked to the person extracted from original administrative database. It’s unique and stable through the years. ( Be aware that badge numbers from the school kitchen can change if the card is lost)
long name after Windows 2000 like @edu.example.org and the mail must have the same user identifier.
user identifier must be built by the same algorithm for everyone ( lastname.firstname, no ponctuation but hyphen, no stress)
academic user identifier must be entered as an employee number whenever it’s available.
hierarchy informations must be entered depending on classes and school subjects
each grade has its own organisation cell
in each school grade, one cell organisation is created by class
over the years, accounts are not recreated but moved from one cell to another
all the groups exist within the meaning of Active Directory term, in a dedicated organisation cell.
The more information you have in your active directory the more you will be able of managing your fleet in a secure way.
Binding PC and Mac computers to Active Directory should follow the same rules, using organisation cell by room and kind of room ( CDI, technical rooms, administrative rooms, then CDI of secondary school and high school, physique and chemistry labs, then lab 1, 2, 3, etc). This is required for an effective use of GPO to restrict students, automatically configure their mails and install required software based on the hardware model.
When wired and wireless network are set and internet access is dimensioned properly to serve clients. When a complete directory service is available, then we you can think about managing your fleet of iPad.
For this task, a Mobile Device Manager (MDM) always reachable (anywhere, at all times) is required. If the equipment allows it, it can be hosted in the school or at a hosting company.
The purpose of this tool is distributing necessary configurations adjustments:
automatic configuration of Google Apps Mail for everyone;
forbid access of App Store to students, but teachers;
distribute apps and books depending on school grade or school subject;
force locking code to all tablets.
It will also allow school take liabilty depending the needs, by permitting it to:
unlock an iPad which code isn’t accessible ( lost by the student, or refusal to cooperate);
prevent an iPad from being erased and used without the school’s agreement.
To work properly, the MDM requires the school to be enrolled in Apple School Manager which offers 3 essential functions:
Managed Apple IDs as part of Shared iPad;
automatic and forced enrolment of iPad to MDM when they first activate, even after complete erase;
Volume Purchase Plan for apps.
These three combined functions, allow trained IT services never touching the iPad during initial distribution, as long as the information system is properly setup.
Here is one easy deploying scenario requiring few human and technical means. Take the initial distributing as an opportunity to inform students about the equipment, present the usage rules, and have them sign the inventory and accept your charter while issuing iPads. The inventory is generally composed of:
one iPad with serial number;
one power supply and USB Cable;
one protective cover.
All equipment still in blister.
At first boot, students will have to enter their identifiers and passwords (created for the school, determined in advance or distributed the same day) to automatically configure tablets depending on their grade. Apart from language and lock code, this will be the only required setup.
This is an easy operation, it can be done while issuing the tablets, or later when students are at home.
Once iPad has been associated to a student, it receives updates and configurations gradually added to the MDM. After back to school, students will choose their optional languages and automatically receive additional books and apps.
In case of security flaw in the system or an app, MDM can be invoked to force user to update.
For some subject, printing documents remains necessary. Key points to efficiently manage printers in an iPad environment are:
one VLAN should group all printers;
administrative and educational network can reach printers;
printers can handle requests;
printers can not contact anyone inside on their own;
printers have access to internet;
printers must be Airplay compliant.
Another interesting feature would be the identification card, authorising printer’s access. The idea is to make one virtual printer available to users, and wait for them authenticate the nearest printer with a smart card. Though, not every manufacturer offer this option which may not be compatible with iPad. It is necessary you consult different service providers with you requirements specification.
Although iPad can replace most computers in educational environment,(if all users are given iPad, computer room for language labs and CDI are no longer justified) sometimes they are still required. Some environment like school life office or science labs still need computers.
Again, a well designed architecture and skilled services providers can help save time, money and offer comfort to users.
If it’s obvious that every device must be connected to an Active Directory, some points are too often forgotten. Easily doable with mac computers, and also with PC ( using open source softwares for Apple Computers, or Licensed softwares for Microsoft computers), it is good form to plan the following features:
automatic deployment of computers via the network, achieved by a standardised OS;
Apps customisations, restrictions and configurations depending of GPO and Users Groups;
automatic download of updates for installed software, that will be made available through a local server;
automatic install of system and third party updates, whenever available;
optional software catalog on demand.
The goal of such an organisation is to save time by applying rules to define standard devices. The system will handle all further modifications on its own.
In companies we work for, Mac is the only client system. Deploying a production system generally takes us 5 min of human time for one or two hours of computer work. When the process ends, the device is ready to open active directory sessions. Only few software needs to be tweaked when they don’t support automatic serial number activation.
Your information system does not look the same?
If the information system of your school establishment does not match what we described, you can request our help. We can audit your current configuration to determine the extent to which your information system can be reused. We will offer an accompanying service to improve your infrastructure. Least, we can train your IT technicians (service provider or employees) so they can maintain the new system up and running.
In any case, don’t blame those who admit they don’t know how to build these infrastructures, nor those who have never been confronted to or do not see the point. Computing becomes more advanced and complex than in many SMEs. It is normal that local service providers do not have sufficient skills. That’s why, companies like Abelionni exist. Our mission is to help schools and local IT service providers build informations systems meeting today’s needs, without pushing hardware sales or support contracts.
Apart from Xinca MDM an ZuluDesk to whom we are providing service (they don’t have any reseller in France), Abelionni does not sell software or hardware. Our only product is our expertise and knowledge. We don’t want to consume our time and customer’s money on basic technical support. We prefer having more customers and charge little for a work requiring few or no day to day monitoring. The only cases we sell support contracts is for companies willing insurance more than troubleshooting.