tag line

moving school IT to the cloud with service not servers

Sunday, 19 March 2017

Should education learn to love hybrid IT?

Hosting local servers and running a serverless school might sound like a contradiction but it isn't because every site needs local compute to provide edge security, wireless access and move data packets around the network.

It’s not the tin-box itself that’s the problem but the way it’s managed and maintained.

Take for instance your firewall, content filter or core switch. You turn it on and it just works. It has a web-interface that’s easy to access and update. It’s possible that the device is taking software updates directly from the internet and sending status updates back to base to be proactively managed.  An annual subscription fee ensures that if it goes wrong the supplier will replace it with the same or improved model.

At this point it’s no longer a server but an appliance. It’s simple to manage and not your problem if it goes wrong.

What if your remaining on-premise server estate could work in the same way and could be managed and financed the same way as your cloud resources.  What would a Hybrid IT  appliance actually look like?


First, like all SaaS subscription services there is little or no up front costs. The school doesn’t own the hardware, that would remain the property of the supplier and the school just pays for the service. Basic functions such as Active Directory and file and print  are built in, along with network services such as DNS and DHCP.  It also has extended facilities such as edge security and content filtering, all managed through a simple to use web console without any visibility of an underlying operating system.

The school has the ability to configure each service but the management of the device remains solely the responsibility of the supplier. They have control of resource allocation, security, OS patching, backup and recovery. Backup images and configurations are streamed to the cloud as a background process without any user interaction. Loss of the device due to a local disaster simply triggers a replacement device and a recovery from cloud storage under an SLA agreement.

This new type of hybrid device is designed to work alongside SaaS and to complement its function. The school is likely to be running Microsoft Office365 or Google G Suite for Education so most of the heavy lifting of email and shared storage is already in the cloud.  The appliance will take advantage of this and be pre-configured to link the onsite and cloud directories and use cloud storage as a backup repository.

The school never has to invest in underutilised capacity because the cloud service absorbs any immediate growth and since the school doesn’t own the device there is no replacement cycle to plan for.  Over time the the role of the device many change, requiring smaller or larger capacities. In this case it’s a simple case of arranging a swap out and an update to the subscription terms.

The appliance has enough spare capacity to host a dedicated virtual server if you need to run a print management system, SIS or VLE making it adaptable to specific requirements.

In this case the responsibility for patching and maintaining the image returns to the local IT support team who really should be planning for SaaS alternatives rather messing about with local operating systems !

Is any of this realistic ?

The Linux Schools Project has a well established offering that covers some of these areas. The server distribution is known as Karoshi and can be installed on most hardware platforms but it’s still locally managed.

Recently a fully featured commercial offering has emerged from Zynstra that embraces the subscription model. At a technical level the offering works pretty much as described above.

While the device itself delivers an comparable service to local server farm the school does not own the hardware and has no visibility of the underlying operating system - delivering an on premise service without the hassle of maintaining on-premise hardware.

In this way schools can remove the roadblocks that often stand in the way of full cloud migrations by keeping some workloads local while funding and managing the service in same way as SaaS, with many of the same advantages.

A marriage made in the clouds in fact.

Friday, 17 February 2017

Microsoft as a Service

Is it possible to run a school with Microsoft technologies without managing any servers at all ?

We're not just talking about on-premise servers but ANY servers, including those concealed in offsite datacenters or running on an IaaS platform like Microsoft Azure.  A true Microsoft ‘serverless school’ has no domain controllers, no Hyper-V farms, no Remote Desktop, no SCCM, no ADFS, no servers for imaging, patching, antivirus or backup. In fact no servers at all. 

Can it be done ?



Last year the answer was ‘maybe’ but it’s clear that the message now coming out of Redmond is ‘definitely’ and reading between the lines it might be the template for the future.

In terms of the functions mentioned above everything can now be replaced by a “Software as a Service” solution provided by Microsoft and of course with SaaS there are no servers to manage.

Active Directory (AD) is the easiest one to replace because Microsoft has been running a cloud service for years now. It’s called Azure Active Directory (AAD) and every tenant of Office365 already runs an instance of this service. Extending ADD using Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy any domain controllers at all.

At the moment this strategy has a licencing cost that few schools could absorb but that's easily solved because all new Windows 10 devices have the ability to link to AAD directly rather than to traditional AD using a process called Azure AD join. Once enrolled the management of these devices is through  InTune rather than group policy or SCCM as Microsoft moved to adopt an MDM approach in order to capture a wider range of platform types.

Patching and the security of the Windows10 devices will be managed directly by Microsoft through the new feature update service while the servers… of course there are no servers. Microsoft Office client apps will use a new facility ominously called “modern authentication” which uses the SAML federation service in AAD to provide a Single-Sign-On experience.

None of this is very new but two announcements have raised the stakes.

Microsoft recently launched Intune for Education, a version of the device management service that’s specifically aimed for schools. The emphasis is on ease of use and contains a policy set tailored for education which defines some useful predefined functions such as online testing. Apps are drawn directly from the Windows Store and admins will be able to control which apps students and teachers can see and install. Included in the bundle is School Data Sync a tool that channels data from a selection of common Student Information System into WAAD to provision online classrooms and teacher/student accounts.

When placed alongside Office365 for Education, which features all the standard Microsoft productivity tools as well as OneNote and Microsoft Classroom it’s clear that this strategy is pitched directly at countering the cloud centric approach of Google's G Suite for Education.

The second move was the announcement of a simplified version of Windows 10 that's designed to run Microsoft’s Universal apps from the Windows Store and is rumoured to be free for vendors to install. This is pitched to challenge the success that Chromebooks have enjoyed in the education space and clearly validates the cloud first approach.


The Roadmap for Education,
As a complete solution you are unlikely to see this setup running a school in the near future and it might be that Microsoft is just throwing sand around to buy enough time to reorganise the delivery model and licencing plans.

Whatever the situation the point is this;

The future for IT does not require servers and now both Microsoft and Google are painting the same picture.

From the Microsoft viewpoint this strategy is a difficult sell to education. The model is so radically different from the one they have been licensing, supporting and deploying in schools for over thirty years, the pitch could easily be coming from another company. Just sorting out the licensing will be a massive chore although they have have already made a start on that.

How much of the current on-premise investment can be carried forward into the brave new world of “Microsoft as a Service” is debatable and while the IT team are heaving servers and Windows 7 clients into the dumpster they just might just decide to look at G Suite for Education rather than wait for Microsoft's offering to mature because it's now clear that both are offering the same vision of the future.

From Google's perspective having Microsoft challenging them in so many areas is a move that shouldn't be underestimated.  Redmond may not be the first to the party but they always seem to leave with the girl!

Monday, 6 February 2017

The Serverless School - Hall of Fame.

Talking to educationists in my day job and at meet-ups and shows it's clear that, without any fanfare or fuss or even much technical assistance, quite a few schools have already made the move to 'go serverless' .

In some cases the move was prompted by financial pressures but most often it was just the realisation that the incumbent system wasn't delivering on the early promise and was now just a drag on innovation and change.

Going forward I plan to feature some of the stories with a view explaining how it was achieved from a technical point of view but also the motivation behind the change.

Most of these sites are in the UK but if you have a story you'd like to share regarding your school please drop me a line from the contact panel and I'll feature it on the blog.

The first of these is a school in the north of England that's taking a whole new approach right across the board.


XP School - Doncaster - UK