tag line

moving IT to the cloud with service not servers

Friday, 19 May 2017

Education gains one S but could lose three.

Recent announcements from Microsoft regarding Windows 10 S and InTune for Education has clearly identified Azure as the future support platform while at the same time discreetly drawing the veil across local server infrastructure. The fact that Microsoft is promoting a version of Windows that is entirely managed from the cloud instead of relying on a locally hosted domain is probably all you need to know about where this technology is heading.

With Windows 10 S Microsoft appears to have finally recognised the fact that the three S’s (Speed, Security and Simplicity) are winners in the education space and as long as you stay true to these goals and make your solution affordable you are likely to succeed.

So while I applaud Redmond’s initiative in this area what I don’t understand is the reasoning behind both Microsoft's (and Google’s) myopic desire to install monolithic software on your clean, slick, fast moving device. It’s like both parties understand the advantages of cloud computing but cannot make the final break from the 1990’s because of some sort of mental block or emotional attachment to the past.

If you want to load up your personal device with a locally installed applications that’s your choice but until education is awash with cash it will depend on the shared computer model which, from the first day that PC’s appeared on a school desk, has never played well with local apps.

Let's use Microsoft own example of a school in Colorado that runs 600 Windows S laptops to examine how locally installed application affects the three S’s.

The Three S's

One thing can be guaranteed, a locally installed app will not make your shared device boot quicker. A student must be able to pick up any laptop, turn it on and within 30 seconds be working productivity. How will the same test perform when the user has been allocated a copy of Office 2016 ?

Windows apps are large. Microsoft documentation states that Office 2016 requires 3GB of space for a minimum install.  Even if the Windows Store version (which doesn’t yet exist) is much smaller we are talking gigabytes of data. How that's going to be delivered to a user profile on demand when the install point is on the end of an internet connection shared with 600 other students? Answer - it won’t.

The only way round this is to preload Office 2016 on every device which in itself is a challenge bearing in mind all the data now has to come from the Windows Store.

Offline licensing may be an a option for Windows 10 users. With offline licenses schools can cache apps locally which solves the bandwidth issue although developers have to opt-in to this service and few have at present. You’ll also require a mechanism to deploy the app and for most situations this probably going to be System Center Configuration Manager (SCCM) installed on a local server which doesn’t sound very cloudy to me.

Even with SCCM and Active Directory back in the frame preloading every application is not really practical.  Looking at the information on the Windows Store some apps are of a manageable size (<100 MB) but most are just converted windows applications many hundreds of megabytes in size which are simply not optimized for mobile deployment.

What if the app is only needed for ten users, does it get downloaded to every shared device just to keep the logon speed within usable limits? If every device has every app, what happens to the internet bandwidth when new versions are released?

If this is sounding less and less like a true cloud solution remember that there’s is no guidelines from Microsoft as to the internet bandwidth requirements for Windows 10 S just a vague comment that you might consider dusting off that old proxy server that has file caching capabilities. I think that's good advice

In one respect Microsoft's model has a big advantage over Google.  Although the apps are larger they can be shared between user sessions on the same device. For good reasons the Chromebook security model prevents this from happening for Android apps.

If an Android application is required for a shared class set of thirty Chromebooks it could end up being downloaded 30X30 times unless you are willing to waste the first five minutes playing “find the device you used last time” game. The maths on 900 X 100Mb places us squarely back in the Microsoft camp of bandwidth extravagance.

Sacrificing speed for the perceived benefits of running local applications runs the risk of turning these exciting new devices into next generation netbooks.

Local apps do not improve security as every newly installed application has the potential to introduce a new vulnerability.

By running each application in a sandbox Windows 10 S goes some way towards protecting the underlying operating system. Chromebooks have a deeper security model that also uses sandboxing but also includes a verified boot process,TPM chips and encrypted user partitions.

However because locally applications represent such a large vulnerability the first layer of protection is to restrict the user to only loading applications from the Microsoft Store. Apps submitted to the Microsoft Store go through security and compliance tests as part of the app certification process which help protect against malicious activity but currently few of the applications that schools rely on day to day can be found in the store.

The short term solution for Windows S is to upgrade, or is that downgrade, to Windows Pro to allow programs to be deployed using the standard methods but of course this side steps the security and compliance tests.

In a shared device deployment how are locally installed applications going to be licensed?

Licences could be allocated to named users but does that means the application is pulled on demand from the web store during the logon process. We have already seen that this is likely to be impractical.

If the application is preinstalled how do you manage the licence allocations?

The new Windows S is supposed to be able to ‘present’ the correct application set based on the user profile but this feature has only just become available and it will still require the entire set to be installed on each device to provide a level of responsiveness acceptable in a classroom situation.

You could give the app away for free and hope to collect some revenue from a backend service but what platform do you develop for  - Android, UWP for Windows or iOS.

Do the schools with mixed deployments have to buy a licence for each platform, are the licences transferable, how do you track the allocations, how does the upgrade process work, how does this work with a BYOD program?

If all this sounds a bit complicated that’s because it is and I’m beginning to wonder if it’s really worth the effort.

What process is so critical that it justifies this complicated framework just to delivery the 10% of functionality that’s not yet available as a SaaS based application?

Is education relying too much on the familiar and expecting IT to make it happen just to save the effort of seeking out new ways of working?

Maybe I’m just not thrilled by another lump of code landing on my sleek efficient Chromebook or Windows S laptop but be honest I’m not convinced any of this will work for a shared classset model whatever the OS.

Vendors mess with the three S’s at their own risk.