Saturday 10 December 2016

But what if the Internet stops working?

The reliance on an internet connection is perhaps the most common objection to the adoption of SaaS education services such as Googles GSuite for Education and Microsoft Office365.

There is no doubt that should the internet connection drop or be disrupted in any way the service to the school will be  reduced and this creates a risk that needs to be addressed.

However the situation is no different to an on-premise installation where services are hosted on a single server or the network is routed through a single switch. Should any of these elements fail then access to data and service is disrupted in the same way to the internet connection being down.

For local installations these concerns are addressed by duplicating systems to provide redundancy and resilience and therefore same approach should apply to the internet connection.

In a SaaS based deployment the expense of the internet connection should be viewed as the major IT investment for the school. In the same way that much larger amounts of money were expended on on-premise hardware, the money should be reallocated to support a resilient high bandwidth connection to serve the same purpose.

If the expense can be justified for tape backup devices, NAS storage and servers and all the hardware duplication required to provide network resiliency then why not apply the same approach to the internet connection.

At a technical level a level of redundancy can be provided in number of ways, each with an associated cost and service profile and will be location dependent.

Information has always been been at the end of a wire. Local data is an illusion created by the magic of networking.

With SaaS that wire has just got a little bit longer but the solution is the same.
Serverless School

Saturday 19 November 2016

Using Google G Suite to manage BYOD in Schools

One problem that schools often face when they introduce a Bring Your Own Device (BYOD) strategy is that it can be too successful.

Students have a lot of personal devices and discovering that the senior year groups have just dumped several hundred devices on your wireless network only days after posting the key code on the staff notice board can come as a bit of surprise.

The normal response is to try and impose some order on the chaos by employing Mobile Device Management  (MDM) software.  Unfortunately most MDM’s come with a price that matches the feature set and while a school can justify an annual licence fee to manage it’s own devices it’s more difficult to make that argument when the devices are personally owned.

The cost justification is made even more difficult by the fact that you don’t really need all the extra features of a ‘full fat’ MDM to manage BYOD, just a version with a few key components that doesn't attract a licence  - MDM ‘lite’ in fact.

Other than the ability to protect your valuable wireless resource and being free  - what other features of MDM ‘lite’ would be useful in managing personal devices in school?
  • A method of connecting or on-boarding devices to the wireless network that doesn't involve standing in a queue outside the IT support office.
  • A system that matches the device with a user account for tracking purposes along with the ability to restrict access to users and devices that are misbehaving in some way.
  • Protection of school data on the device with the ability to delete it if the device is lost or compromised
Fortunately these elements are part of the Mobile Management section in Google's G Suite for Education. The basic features are licence free and capable of managing personal Android tablets, iPhones and Microsoft devices - MDM 'lite'.

So what exactly do you get for nothing? Quite a lot as it turns out.
  • The ability to install a management profile on the device that will allow an administrator to wipe the device if compromised.
  • Password and pincode controls.
  • The ability to remotely configure and install a wireless profile.
  • Collect basic inventory information.
  • An approval mechanism with an ability to bar devices.
  • Reporting of the user to device relationships.
  • Ability to identify and block compromised devices
  • Disable camera function
  • The ability to require device encryption.
There’s no application control but of course since we’re all using SaaS that‘s not an issue !

The onboarding process is fairly simple. The user is required to accept a management profile to access any resource that requires a Google organisational logon. The installed profile also contains the information to join the school's wireless network.

The user has the ability to remove the profile at any time but this also removes rights to the network and organisational resources.  An administrator has the rights to deny or revoke access at any stage.

The profile can be very minimal and still deliver the key element of access control and just because a particular policy is available that doesn't mean it has to be turned on.

Supervising a personal device is an process that must be agreed and understood by all parties especially in an EDU environment. It can mistrusted so it’s best to keep things simple.

The operational and technical considerations are outlined in a separate post which should be fully understood before proceeding.

So in addition to Chromebook control, G Suite for Education can provide a method for managing BYOD devices with a tub of MDM 'lite’.

Spread it thickly.

Thursday 17 November 2016

Can SaaS solve the IT problems in your school?

Unlike some other ‘fads’, Software as a Service (SaaS)  is not a solution in search of a problem. It has real benefits that address a wide range of issues that schools face supporting IT on a day to day basis.

Many schools are already committed users of SaaS through Office365 for Education, G Suite for Education or some other externally hosted web based service.

In the early days SaaS was seen as a ‘cut down’ option that solved specific issues with local infrastructure but was essentially limited in function. This is no longer true and it can be argued that given the choice adopting SaaS is the best strategy for the reasons below.

 Scalability and Accessibility.
For the first time smaller schools can access the same sophisticated software that was once only available to schools that had an IT budget to run the local infrastructure to support it.  This is because a SaaS solution is inherently scalable in both directions. A design that is suitable for ten students can scale up to hundreds without any consideration of hardware or software upgrades.

Compare this with a traditional on-premise solution which has limitations at every level including storage, memory, processing and software licensing blocks. Seamless expansion is normally allowed for by over-specifying the solution during the initial purchase on the grounds that subsequent upgrades are ‘expensive’ which leads to inefficiencies and waste.

SaaS also avoids the financial time bomb that is the hardware upgrade cycle.

This point hardly needs stressing to anybody who has visited a school that that has installed  local infrastructure in the last ten years but still runs the same set of servers because they could never afford to replace them.  A solution that eliminates the need for servers altogether is more likely to be successful in the long term than one that simply replaces one set of servers for another.

Local infrastructure has become far too complicated for most schools to manage.

When schools operated a single file and print server with staff mailboxes the situation was manageable but the pressure on establishments to provide ever more sophisticated IT services along with the adoption of the internet as a teaching tool has meant that facility members rarely have the broad breadth of knowledge or the time to support IT.

The basic skills required to operate a small to medium sized school now requires an understanding of Layer 3 switching, server virtualisation, the basic principles of shared storage, secure wireless protocols, Microsoft Group Policy management, imaging techniques, patch management, antivirus software, backup packages, tape media devices, application deployment, edge security, remote access, content filtering and a whole range of disparate software packages all of which claim to reduce the “management overhead” but in reality only adds to it.

All this is before a new wave of requirements around iPad integration, mobile device management, ‘everywhere learning’, ‘flipped classrooms’, BYOD, 1:1 programs and the windows desktop replacement program hits the shore.

Surely what any school requires is a system that's easy to understand and can administrated and maintained by the facility team without any specialised skills. This is what SaaS can deliver.

At the moment I predict two possible scenarios for the future.

In the first schools follow a traditional route and initiate a server replacement program combined with a support contract supported by the onsite IT team.  After five years the hardware will be so expensive to replace and upgrade that the issue will be ignored and they will end up with the same problem they had before, only it’ll be much larger and cost more to fix.

A more likely scenario is that the teachers will become disillusioned and start independent initiatives to make use of an increasing number of cheap, easy to use SaaS services that bypass the school infrastructure altogether. At some point in the future the school will not be able to understand how so much money was invested in  an energy hungry, air conditioned on-premise server farm that doesn't even run the software and services the school now depends on.

Serverless School

Tuesday 25 October 2016

Want Windows - get Chrome.

Schools are using Google’s ChromeOS as a platform for delivering Windows applications, which of course makes no sense whatsoever because you can't run Windows applications directly on ChromeOS. So what's going on ?

The Windows applications in question are those packaged up using either Microsoft Remote App or (if the budget allows) Citrix XenApp. Both schools and business have been using the thin client approach for years now in an attempt to meet the demands of mobility and platform independence for Microsoft applications, so from this point of view nothing's really changed.

What is new is that ChromeOS is now being used as the thin client terminal. So whats the benefit of this?

One of the problems of the traditional thin client approach was the fact that the user device was never really that thin.

In most schools the client is a fully featured Windows PC which requires the same level of management as a device running the application set locally.  Windows workstations acting as thin clients still have to be patched, updated and virus protected. The benefit to the school lies in the ease of application deployment not device management.

For a time the answer appeared to lie with dedicated thin client terminals from companies such as Wyse and iGel which had some success replacing PC’s in the business world but never found widespread adoption in education.

Given the choice schools were understandably reluctant to swap-out functional Windows workstations, licenced under Microsoft's generous terms for proprietary hardware that wasn’t much cheaper than the workstations they were replacing.

Education also threw up another problem - inconsiderate users.

When students logged onto the thin client terminals the first thing they did was open a remote browser session and hit a website full of video content, a situation guaranteed to provide the worse possible user experience.  Why couldn’t they just run Excel and Outlook all day long like your average business user.

The Windows PC client had some drawbacks but it’s ability to run a local browser was proving an increasingly important advantage to schools. So the PC kept the job but each year it got older and slower.

So what aspects of a ChromeOS device make it a particularly effective thin client terminal?
  • Cost effective and robust.
  • Able to support a local browser and remote client software as required.
  • Modern specification for video and graphics support.
  • Easily configurable through a simple policy set.
  • Preferential licensing terms for education with no ongoing costs.
  • Support for both public kiosk mode and user authenticated sessions.
  • Very secure. No additional licensing required for virus protection or state management.
  • No hardware vendor lock-in.
  • Self managing with respect to OS updates and patches.
  • Support for standard peripherals including built-in camera and USB.
There are other advantages that are not so immediately obvious.

As well as full desktops ChromeOS devices come in a number of form factors including ultra small VESA mount devices, Chromebooks, and pen drives. all running the same software and managed in the same way which means you have the option to reuse monitors and other peripherals.
Be aware that these are modern devices which support HDMI not VGA so converters maybe required to connect to existing displays.
It's even possible to reuse the workstation itself.

CloudReady is an operating system based on Chromium OS, the same open-source architecture as ChromeOS.  which has the ability to install onto many of the common PC and Mac hardware models used in education. Once loaded with the CloudReady image and assigned a Google licence the workstation can be managed from the same console as other ChromeOS devices and present an almost identical user experience. It's a great way of  breathing a new lease of life into an aging IT suite especially if you've largely replaced locally installed apps with SaaS eqivalents.

Disadvantages of adopting ChromeOS and CloudReady include having to master an additional management console and the fact that the platform can’t actually run windows apps.

But in all other respects if you want a Windows thin client, Chrome.makes a great option.

Monday 19 September 2016

Active Directory - it’s death was exaggerated.

An earlier post examined the ‘dilemma of on-premise servers’ and the role of Microsoft Active Directory might play in a school that adopts a SaaS approach.

The basic proposal was that maintaining on-premise Active Directory carried a significant overhead which could be reduced or even replaced by a new model that manages devices though an MDM suite using a cloud based directory driven from the the school's MIS system.

“The problem with Active Directory is not with the directory service itself but with the tendency to expand the solution to embrace the whole suite of Microsoft services as soon as AD becomes available.  Even at a very basic level Active Directory requires at least two servers that have to be be backed up, patched and virus protected. You can try and keep it simple but you are soon back with same complex system you had before. This the Dilemma of On-Premise Servers.”

That was over a year ago and in the intervening period Microsoft has made some movements towards the cloud based approach described on the original blog. For this reason the future of Active directory is looking less like a funeral and more like a grand resurrection. Let's see how this might work.

A Microsoft cloud based directory has been around for a long while. It’s called Windows Azure Active Directory (WAAD) and every user of Office365 already runs an instance of this service. It provides a simple account database for organizations that don’t need the complexity of AD and are happy to run everything in the cloud.

Unfortunately Windows Azure Active Directory is a misleading name for this service because although it runs as part of Azure (the Microsoft cloud platform) it doesn’t provide an Active Directory service to users nor does manage Windows devices. In fact it's not the Active Directory we all know and love at all.  Confused, well you're not alone. We’ll get back to this later.

Until the recently the only way of delivering a true active directory cloud service has been to create a domain controller running as virtual machine on the Azure platform.  You could link this back to onsite services using a VPN but the end result is architecturally the same as  the old on-premise solution with the difference that at least one controller runs on Azure.

Last month a new service moved out of preview Azure Active Directory Domain Services (AADDS). What this offers is essentially “Active Directory as a Service”.  In the same way that Office365 gives you a mailbox without having to manage Exchange, AADDS delivers Active Directory with running any domain controllers.
Can you see a pattern emerging here  - the servers are disappearing. 
But probably the most interesting development is the ability of Windows10 clients to be managed without a traditional domain join at all. In this case the device enrolls directly with Windows Azure Active Directory. Remember that cloud directory that wasn’t quite AD and could only hold users accounts well now it can hold computer accounts as well. This process is called an Azure domain join. Devices are managed not through GPO’s but policies delivered through the Microsoft MDM InTune into which your Windows10 laptop can be automatically enrolled during the Azure domain join process. Of course in the future everything is mobile so your Microsoft platform will also be capable of managing Android and Apple through the same InTune interface.

Well that’s fine but how do I deploy and manage my local Windows applications without SCCM and all the layers of software that surround that
Haven’t you been following this blog!
The future for applications is SaaS backed up by an app store deployment model. Your school doesn’t deploy applications directly to iPads you get them from the Apple Store managed through an MDM. In the future the same model will apply to Windows devices with patched delivered directly though the new model.

The user experience will simplified by a Single Sign-On system that's already in place as part of WAAD with the user account management for all these different SaaS service handled by the emerging SCIM standard. Create a user account in WAAD and an account will be automatically provisioned in the relevant SaaS service.

Just like your Android phone the whole solution will be location independent, your Windows device will operate in exactly the same way and have access to all the same resources so long as it has an internet connection.

If you think this a bit far fetched all the constituent parts are active and running as of now. Also remember that Microsoft about to update it's EDU licencing model to increase the cost of running on-premise services so you really don't need a crystal ball to see where things are going.

It’s all a bit new and shaky at the moment but you can be sure that Microsoft are betting the business on this model and WAAS and not AD will be the senior Microsoft directory service for the future.

So resurrecting AD for a brief period I seem to have buried it again. Oh well !
Serverless School

Wednesday 31 August 2016

Android Apps in EDU could create Angry Admins.

Opening up the Google Play Store to education will create a few challenges for schools especially with respect to application licencing.

The now abandoned Google Play for Education (GPfE) faced the same issues without fully overcoming them which at times made Android app management seem unwieldy compared with the ease of managing Chromebooks through Google Apps for Education (GAfE).

These issues included;
  • A separate management console.
  • A limited hardware list that didn't include many of the popular consumer tablets that schools already owned. This was imposed partly to support the ‘bump’ rollout method which although astonishingly cute was never more than a gimmick.
  • The limitation of managing the application to user relationships as a simple one-to- one relationship. This made the solution look great as a demo but proved impractical when deployed at scale.
  • The purchasing sub-system which although released in the US never made it to other areas such as the UK therefore removing a major benefit of the platform in a single stroke.
Lastly the Android tablets suffered from the same limitation that plagued the iPad, namely the inability to work effectively as a shared device and while there are many successful 1:1 iPad initiatives I never came across a 1:1 Android rollout.

By using touch capable Chromebooks as the platform for delivering Android apps you can see how some of these issues might be addressed.
  • Chromebooks have proved hugely successful as shared device for schools and although the hardware specifications are limited the list already includes models currently deployed into schools. 
  • Chromebooks already have a well established and simple enrolment procedure.
  • Indications are that the  management will be integrated as part of GAfE console rather than a separate portal.
At this stage the outlook looks more encouraging - until we look in detail at deployment and licencing.

The majority of applications running on Chromebooks today are either licence free (Google Apps and many other very useful chrome extensions) or are SaaS based such as WeVideo, Securly and GoGuardian.

For those SaaS applications that require licencing the solution is fairly simple, a time limited subscription based on the school GAfE domain with the option of a fixed number of seats or a set of named users. Since all SaaS services have monitoring and user billing baked into the platform there’s very little overhead for the user or the provider.

With a SaaS application you can't have an unlicensed copy of the software so you don't have to monitor installations.

Deployment is easy. You simply advertise the URL to all parties and they’ll either be granted access using their Google account/domain or not. With many SaaS services now supporting Google Sign-in or account federation through SAML this promised a seamless experience for both users and IT managers.

Simple and easy, until now.

Most Android apps work to the store model and not the SaaS model. In this case you go to the web store and purchase an app with a perpetual non-transferable licence which then becomes part of your user account profile. Alternatively you can download a free app and get dragged into the world of in-app purchase which is an even greater hell for management.

GPfE attempted to simplify the situation by removing in-apps payments and allowing apps to be bulk purchased from the store and then allocated to GAfE user accounts as required but the process was all but unworkable at scale.

The process also required that tablets to be allocated to specific users and not be part of an openly shared resource. After all, the idea that a complex application set could be downloaded and initialised on demand to a random tablet at the start of a lesson was never a realistic option - which is a problem because that's exactly how Chromebooks are used in most schools today.

OK, class turn on your Chromebooks and start work.  Sorry Timmy, has your Android app set still not downloaded - never mind, pretend it's a Windows laptop.
The store model works to a degree for personal and 1:1 Chromebooks but I can't see how it functions for a shared class set.

Access to the app cannot be controlled by simply installing and deinstalling the application, the process is just too inefficient in a shared device environment. The application has to be cached locally whether the user has right to use it or not and some other mechanism must act as the gatekeeper. Obviously this has implications on the amount of local storage required but Google has some fiendishly clever technology that should help with this so I’m hoping this isn't be an issue.

The gatekeeper could be as simple as allowing or denying the app to run as a GAfE policy or just hiding the icon from the user - or both.This would rely on a trust relationship or some sort of reporting API that the vendor could tap into which may or may not already exist.

Alternatively apps could fall back to the SaaS model. In this case the app is free to install but requires a backend SaaS service to be fully functional. For example a number of SaaS vendors make access to Google Drive a licenced feature. You can create a file but you can't save it.

Similarly you could licence a Google Classroom integration feature as an extension of the SaaS management console. The Android app is free but if you want to drive deployment and management using your existing classrooms (and who wouldn’t) you need a licence.

In the long term this has to be the best option. Surely the days of licensing through counting installation points and downloads has long gone. I know it worked for Angry Bird but I’m not sure you can apply that model to education without ending up with an Angry Admin.

I’m sure Google have all of this worked out so I guess we’ll just have to sit tight and wait and see.

Monday 18 July 2016

Serverless becomes a thing.

When this blog was in the planning stage it had number of working titles.

It was clear from the start that a central theme would be Software as a Service (SaaS) and how you could design or adapt a school network to integrate this technology.  For this reason options like “SaaS School”  bounced around for a while until I realised that it sounded a bit too paramilitary and might attract the wrong crowd.

In the end the serverless school seemed like a good compromise. It had a provocative edge and appealed to my interest in disruptive technologies. However after three years it’s no longer the ‘edgy’ term it once was. Serverless has moved mainstream and has taken on a life of it’s own.

The new definition covers a topic far wider than simply removing servers from schools.

It appears that Serverless is a methodology that you can use to create applications using a combination of third-party services, client-side logic, and service hosted remote procedure calls (FaaS).  At no point does the developer have to worry about servers in the traditional sense. Everything about the hosting platform and the associated problems of availability, scaling, and upgrading is taken care of by somebody else. It’s not like you run a server and it’s managed by a 3rd party, with serverless development you have no servers at all.

Of course none of this has any direct relevance to educational IT although the trend is likely to result in more high quality web services entering the market which can only be a good thing.

What is interesting however is the realisation that, from the user perspective, servers shouldn’t be used as the building block for anything.

For software developers a serverless environment frees them up to concentrate in the one thing they should be doing, writing code to solve the immediate objective rather than wasting time configuring, fixing and scaling a development platform.

For teachers it allows them to teach rather than trying to figure out why services are unavailable, resources are running low and software is unresponsive under load.

Schools shouldn't be responsible for running on-premise data centres. The setup costs and ongoing overhead creates a massive drain on resources and to be honest it’s just no longer necessary. After all does every school pump it’s own water or generate it’s own electricity ?

Maybe in a few cases but nobody works this way through choice because it’s costly and  inefficient. Like electricity, information comes down the wire so why not let the same wire deliver the services as well.

I suppose it's possible that education will buck the trend and continue to invest in dusty grey boxes for many years to come, in which case I'll be left with a blog that sits on a trendy and desirable domain. At least from that viewpoint its all been worthwhile.

Offers anyone?

Sunday 12 June 2016

Whats the future for locally installed Windows apps?

The way Microsoft plans to maintain the Windows 10 desktop OS has implications for managing the type of locally installed applications commonly found in education.

In the past updates were delivered as service packs that bundled a number of changes into one discrete package.  As a consequence students found themselves with laptops running Windows 7 SP3 with security fixes and some key application patches layered on top. The upgrade process was under the control of the IT team and was delivered as a phased deployment that guaranteed periods of stability until the next major release or service pack came along.

One advantage of this phased approach was that it gave the IT team a chance to regression test locally installed apps before making the update generally available, although whether this was an advantage or a massive PITA is debatable. Once you had a stable release it could be deployed across the entire estate sometimes as an entirely new image that remained fairly static until the process was repeated.

This has all changed.

With Windows 10 Microsoft has adopted the service approach whereby updates and pushed out far more frequently and as a consequence they are smaller and more manageable. Releases are expected to be slipstreamed quickly into into the production environment solving both the management overhead and change control issue in a single move.

This process is much closer to the experience enjoyed by mobile device users who see changes regularly pushed to their device closely followed by a corresponding set of updates from the vendor store. In general the applications and OS keep in step, although some developers are better than others at keeping pace.

Except on a school desktop PC or laptop that’s unlikely to happen.

Although Microsoft has moved to “Windows as a service” model the local applications haven't.

Most are still wedded to the major/minor release model that might provide two updates a year at the very most. These will be supplied as a download to be rolled under the control of the local  IT team.  There will be no opportunity to run a regression test because there is no longer a ‘gold’ release to test against. For installed applications there's the possibility they could run into problems as new features are introduced and older interfaces are degraded. Education is notorious for relying on software that is no longer being actively supported by the vendor.

Even if you stick with Windows 7 you're not completely out of the woods because monthly non-security updates are heading your way too.

So where does that leave us.
  • If your school runs an IT team you can invest some time in wrapping the updates back into a bundle to get back to a where you were.
  • You could remove the dependence on the OS by virtualizing your apps using MS RemoteApp or a Remote Desktop solution such as Citrix but this creates its own range of issues and just introduces another layer of complexity and cost.
  • Or you can start investigating using SaaS as replacements for locally installed apps. 
Although not completely isolated from underlying OS they use open standards such as HTML5 and are far less likely to be effected by an slipstreamed update than a seven year old graphics package that relies a 2008 Visual C++ runtime.  Add to this the fact that they carry no maintenance overhead and work cross platform and it seems like an obvious strategy.

But here's the takeaway.

If you make the move towards SaaS what's the value of a Microsoft based OS?  You only need Windows to run Windows programs locally, that's its only selling point over something like a Chromebook.

Take away the local application set and you’re left with an extremely complicated and expensive method to place a browser in front of your users.

The future for apps is SaaS and the mobile webstore model. Start planning for it and make your life easier.

Update: August 2016 
The new WaaS approach incorporates a number of different update models, termed "servicing options" that are described here. The version most suited to education would most likely be LTSB or Long Term Service Branch which sacrifices the number of product updates pushed to devices by providing an image with a reduced application set.

Examples of the apps that Windows 10 Enterprise LTSB does not include are Microsoft Edge, Windows Store Client, Cortana, Outlook Mail, Outlook Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock which on the whole is nothing but a good thing.

Microsoft has also announced two new cuts of of the OS “Windows 10 Pro Education” and “Windows 10 Education” designed specifically to meet the needs of lower and upper school (K12) education. Quite how this dovetails with the servicing options plan is a little hazy at the moment.

The only thing that is clear is that Microsoft is making few concessions as it drives relentlessly towards the subscription model.

Sunday 15 May 2016

Microsoft starts the 'race to the cloud' for EDU.

Microsoft has fired the gun on the “race to the cloud” by altering the way it licences its products to education in the UK.

The broad strategy was outlined in a policy document issued in January but the fine details are only just becoming clear.

For the last twelve years schools have been licensed through schemes as OVS-ES or EES. These heavily discounted concessions have encouraged IT administrators to install local server software such as file and print, SQL Server, Exchange, Hyper-V, SMS and Remote Desktop at a fraction of the price paid by business users. Unsurprisingly this strategy has been hugely successful and has resulted in the majority of UK schools being completely dependant on Microsoft products for both teaching and administration.

Unfortunately Microsoft has become a victim of it own success because as Redmond attempts to persuade education to adopt Office365 and Azure the on premise licencing discounts are acting as a massive disincentive.

Although schools might consider moving to the public cloud the agreements they are holding with Microsoft are currently delivering all the services they require and are already budgeted for. So as exciting as the cloud might seem most schools have decided to stay put and take advantage of Microsoft’s generosity.

Which is fine except they can’t anymore. Well not without finding a lot more money.

This is because over the next two years Microsoft are phasing out the licencing discounts for on premise software to encourage schools to look to the cloud.

The existing allowances will be withdrawn after July 1st 2018 and replaced with ‘something else’ and although Microsoft are guaranteeing a continued academic discount it will not be as generous. Some sources have hinted that the costs are likely to increase by about 20% for all on-premise licensing to bring the UK in line with other European educational schemes.

For schools starting a new agreement the increase will be phased in. From July 1st 2016 discounts will be reduced to approximately half their current level and further reduced to one quarter after July 1st 2017.

Schools renewing an agreement will be unaffected by the changes up until July 1st 2018 after which they will be presented with the new pricing structure, whatever that might be.

The idea is to place a premium on locally installed software in order to make Office365/Azure appear as a cost saving option.  It’s a classic carrot and stick approach.

The carrot is quite attractive and will include new offerings for Office365 such as Classroom, Forms, OneNote and cloud PABX.  Microsoft are also making concessions to allow the direct transfer of some existing licensing to Azure and will offer Azure AD Domain Services to reduce the dependency on local hardware.

The message from Redmond is clear.

Microsoft is encouraging schools to move to public cloud and is signalling a clear timescale for the transition. The local server option still exists but it will cost you more and going forward and if you want features such as Classroom you need to be using Office365.

For new schools the most efficient licencing strategy will be a cloud first approach. The principal platform will be Office365 backed by Azure with local servers only employed for specific roles.

The good news is that although there are many technical and governance issues to be resolved, education has been given two years to sort it out.

On your marks….

Friday 6 May 2016

Show me the money - Oh, here it is!

As education starts to make increasing use of Software as a Service (SaaS), how are schools going to meet the cost of subscription services ?

The freeium model gives teachers the power to experiment with software without any upfront fees or additional investment in server hardware and although an astonishing amount of functionality is given away for nothing not every feature is free.

Rather than starting again with SaaS wouldn't it be cheaper just to keep what you have already paid for?

Trying to run a simple budgetary comparison is difficult because so much is hidden in 'overheads'. To get a clear view of the bottom line for locally installed software you'd need to include;

  • Energy costs for running (heating) and then cooling onsite servers.
  • Costs for storing and securing onside servers.
  • Costs for offsite backup services.
  • Money reserved for the hardware and software refresh cycle.
  • Money spent on maintenance contracts and site insurance.
So as schools move towards cloud services you might expect to see savings on a utility bill or the cancelling of a server maintenance contract but let's not pretend this is going to make a big difference.

Lets get straight to the main event.

Exactly how much money does your school spend each year to print paper?

The results of this question can be frightening. It’s not uncommon for a medium sized school in the UK to spend £40 - 50K every year on printers and print consumables. This level of annual revenue could lease a high-bandwidth internet connection, a set of  modern mobile devices and a huge amount of subscription services.

Crikey - never mind the kids, it could give me a down-payment for a Telsa S!

But students have to print so where’s the saving? Actually it might come as a surprise to learn that they don’t.

The reason why the requirement to print is so entrenched in schools is because there has never been a fully functional collaborative tool that could be used to replace it. The promise of the Virtual Learning Environment (VLE) came close but it didn’t replace the desktop productivity suite that has proved so efficient at converting electonic data to sheets of paper.

In other situations printing has been used to solve the remote access problem. The annual cost of printed documents taken home and then disposed off (very securely of course) could probably fund a classroom device set on it’s own.

That’s why the educational offerings from the big SaaS players such as Google and Microsoft are so important. For the first time all the bases are covered.

Adopting Google G Suite for Education (GSfE) with it’s built in collaboration and workflow tool Classroom has the capability to replace the requirements for student printing. The mantra should be  -  “Don’t print - share”.

Where schools have tried this approach it does work. Many schools and districts in the US that have adopted GSfE no longer allow students to print or they provide a very restrictive service. The sky has not fallen in and the school still functions.

Think of student printing as a immature habit that needs to be broken.

Even better - show me the money.

Saturday 23 April 2016

Should your school take the SaaS Challenge?

The teaching of computing in schools has become a hot topic recently.

Its ‘phoenix’ like resurgence from the rotting corpse that was ICT Studies is part of an attempt to address the digital skills shortage that many countries face. For this reason the emphasis has moved towards practical development skills such networking and coding rather than application skills (MS Office) and GUI navigation (MS Windows).

In the past, development skills were taught using Adobe Flash, a talent which is of little use today unless you’re planning a career in banner advertising, malware, or both. In contrast, the new curriculum is more demanding and expects students to master the fundamentals of a structured language such as Python or Javascript and display practical skills in solution design and problem solving.

In the UK, coding and computational thinking are already part of the core curriculum and Australia and New Zealand are moving in the same direction.

Like all good intentions there are aspects of the plan that are problematic such as teacher training and PD and you would also expect the cost of the technical infrastructure to be a stumbling block.

After all, the last time something like this was attempted in the UK it was part of the Computer Literacy Project (1981-84) which resulted in about 80% of schools receiving a government subsidised computer (the BBC Micro).

Of course in 2016 many schools have an ICT suite that can fulfil this requirement but having a computer suite to support learning is different to it being a vital part of the core curriculum for the whole school.

Step up to the plate SaaS (Software as a Service).

It’s significant that the technical framework for this initiative has been largely met by SaaS resources that have been adopted with a minimum of fuss (and cost).

For some teachers this may be the first time they have encountered SaaS, possibly under the guise of an ‘online resource to aid learning’ and by now they're probably wondering why all software isn't delivered in this way.

After all it's secure, engaging, easy to use, always on and constantly improving and remind me again - what exactly was the alternative plan ?

Let me guess.

Blow the dust off a PC that’s linked directly to your internal network, install a suite of development and scripting tools and then place it in the hands of technically competent and naturally curious children and adolescents. Great idea, what could possibly go wrong!

After overcoming that hurdle you still have all the normal drawbacks when running local services.
  • Set a task that the students can complete at home - forget it. 
  • Waiting for VDI to solve the problem- please don't tell me you're even considering this.
  • Running out of storage space - ask the students to delete some stuff.
  • The software is throwing up an strange error or you need a new feature - log a call with the support team. They're on-site Mondays and Thursdays.
 Adopting SaaS is clearly a superior approach and one far more suited to modern computing practice.

So why not use this opportunity to take the SaaS challenge? 

Take a timeout to reassess the range of applications you are using for learning and see whether there is a SaaS alternative. You might be surprised at the capabilities of some of the offerings and the advantages they offer.

Try them with your students. There is no barrier to entry and you've got nothing to loose.

Just like the advert, I can't believe it's not better!

Thursday 24 March 2016

SaaS and Cache

Skepticism to a design that supports hundreds of users through what appears to be a very restricted bandwidth connection is understandable but it is technically possible.

Once the traffic profile is understood, its simply a question of sizing the connection correctly to meet the demands of the site. In the UK and other countries with access to a well developed broadband service the minimum connection is likely to be in the order of 50-100Mbs which commonly exceeds the average connection speeds in countries where GSfE has been widely deployed.

In the future the cost of internet access will only ever come down and once greater speeds become affordable the bandwidth objection will be irrelevant for a school of any size.

An additional aid to bandwidth control could be provided by a proxy cache, a service that was common in just about every business that used the internet in the early days when bandwidth was limited and expensive.

Over time the requirement for a local cache was made redundant by cheaper contracts and the emergence of active content but it might be time to reassess this capability particular with respect to streaming media.

Unlike most businesses, schools have a unique profile with respect to media downloads. As part of a class project or group work multiple requests for the same resource can be made within a very short timescale. This makes a school an ideal candidate for some form of local media caching service.

If a teacher pre-loads a resource prior to the lesson subsequent requests will be made from the local cache which will increase the response times, improve the perceived reliability of the service and reduce the peak loading on the internet uplink.

The service would be tightly focused on certain sites delivering multimedia curriculum resources such as YouTube and Vimeo and wouldn't provide a general caching service for other SaaS services - in fact it would need go out of its way to avoid it.

The caching of video streaming services is a specialized operation, its not as simple as writing static HTML pages to disc.

A number of solutions exist, mostly based on the open-source Squid proxy engine but nothing specifically aimed at the education market which is surprising because the traffic profile in schools is so well suited to media caching.

Monday 14 March 2016

SaaS and Video Magic

One of the criticisms levelled at the SaaS approach is that it is poorly suited to activities that involve the manipulation of large data files.

The argument goes that SaaS can accommodate simple document editing but it fails when you try and incorporate media and other subjects such as design.

There’s little doubt that the best user experience for activities like video editing and 3D modelling is gained from running the software locally on a fairly highly specified machine with a decent graphics card. Trying to use cloud storage in this situation is going to run into some obvious problems.

Using a standard 100Mbs internet connection, thirty students each editing  a 3Gb file stored on cloud storage will take about two hours to open the file and suffer the same delay writing back.

Given this limitation most schools resort to the tried and tested method of hosting both the application and the data on-site.

This approach normally results in a dedicated ICT suite populated with iMacs or high-end PC workstations loaded with Adobe Creative Suite, Photoshop or something similar. If you have an engineering lab that requires a modelling tool the requirements are the same it’s just the software that's different.

In this arrangement files are accessed using a gigabit ethernet network that links back to a high capacity storage system that’s protected by backup software archiving data to secondary media store. The workstations are normally supported by additional servers for patching and virus protection as well as providing an imaging and recovery mechanism.

If the students require remote access this requires some additional software and hardware that’s scaled to cope with the graphics requirements and the number of concurrent user sessions.

Put this all together and you’re pretty much good to go with only licensing, software upgrades, storage growth, the hardware refresh cycle and the security aspects of a room full of twenty iMac’s to concern you in the future.

The final result is an expensive but well equipped ICT suite that students can book for two sessions a week, perhaps sharing a terminal with a colleague. Students can work from home on a PC or Mac workstation assuming the right client software is installed and you have made the investment in the additional on-premise hardware.

This is a fairly common setup in schools today because in 2006 it was only option - but could it be done differently in 2016 using SaaS.

Let's be practical. If the lesson plan absolutely requires that every student uses Adobe Photoshop to manipulate an graphic image then this is the world you live in and it’s likely to continue for quite some time. SaaS is not an option for you.

The streaming version of Creative Cloud might ride to your rescue but after two years it’s still only running as a closed beta program to schools in the US.  A general release would be a huge advance for schools and colleges but there’s no timescale for this. Call me a skeptic but while schools are happy to absorb the cost and not actively considering any other alternative, what's the hurry.

So where does that leave a SaaS based solution?

At a technical level the on-premise solution provides a good user experience because both the data and the editing software are linked by a high bandwidth connection so files open and close quickly which maintains the responsiveness of the system. Place either the data or the software on the wrong end of a internet connection and everything becomes slow and unusable.

So if you want to use SaaS the solution is simple, put both the data and the editing software in the cloud.

The strange thing is that when you do this - magic starts to happen.

First, the requirement for local storage disappears in a puff of pixie dust.

Students store media files on Google Drive taking advantage of unlimited storage and while other providers have similar schemes, they may not be so generous. Media can be recorded at any time or place using a tablet or smartphone and then transferred to cloud storage using built in ‘save to’ option, a far more convenient option than trying to restore back to windows file share.

This is one situation where personal devices could be used effectively in schools.  Modern smartphones have some astonishing capabilities to record and manipulate video including slow-motion, time lapse, HD and built-in editing tools. They are almost certainly more capable than a shared five year old digital camera. Regardless of the policy students are going to use smartphones anyway - it’s a lost battle.

Uploads from mobile devices will form the building blocks of a student project. These smaller files may well absorb some bandwidth from the school internet connection but they’re equally likely to be transferred across a home broadband connection or even personal data plan because the data is stored in the cloud not local storage.  The big one-off hit on the school internet connection goes away. Shazam!

Once in the cloud editing a 3Gb video file will be just as quick as a 3Mb clip and can be achieved on any device that supports a modern browser interface, including a Chromebook or legacy PC.

In all honesty the capability of video editing software currently available as SaaS can't match a local installation of Adobe Premiere Pro (yet) but do Year 10’s really need all the advanced features or do they just need something that’s simple to use, integrates closely with cloud storage and most important of all is accessible.

After all what’s the point of having a fully featured video editing suite if it’s behind a locked door most of the time?

A SaaS package like WeVideo provides students access to an editing tool that contains all of the the common features you require to create a professional looking video that works on a range of devices both in school and out and this offering is far from unique.

A quick search will reveal any number of offerings in the video editing, graphics editing and the 3D modelling space.

As a last thought, remember all those problems around software upgrades, remote access, storage growth and security, well they disappear as well.

It’s like magic!

Thursday 18 February 2016

Is Student Email Dead?

A recent conversation with a IT manager threw up some interesting facts.

This particular school planned to migrate student mailboxes from an aging on-premise Exchange server to a Microsoft Office365 tenancy. To find out whether they had any dormant accounts the team ran a report on mailbox usage.

The results provided a bit of a surprise.

Out of a total of 818 students only 153 had accessed their mailbox within the last 60 days.  The vast majority of the mailboxes only contained about 20-30 emails. Student to student mail traffic was almost non-existent and a significant proportion of the mailboxes had never been opened.

In other words, although email was seen by the leadership team as an important channel of communication, students didn’t actually use it.

In contrast, staff were heavy users and viewed the service as critical resource for administration and for contacting class groups – which seemed odd bearing in mind that student usage was so low.

So what's going on?

Anecdotal evidence suggests that a small percentage of students diligently monitored their mailboxes and then relayed announcements through personal social media accounts. Once in that realm the information quickly disseminated to everybody.

Students who used the mail system gained kudos by having early access to the information. Others benefited through the convenience of using a modern messaging app on a personal mobile.

These youngsters are a resourceful bunch!

This raises a question:-  do student mailboxes still have role to play or should we be looking at a different approach?

After all maintaining a student email system can carry a overhead with respect to setup and configuration.
  • Do you allow external routing?
  • If so, how do you control spam and phishing?
  • Do you allow mail to route across year groups?
  • How do monitor bullying and inappropriate content?
  • Do you need to archive mail for governance purposes?
  • How do maintain the membership and control access to distribution groups?

And all this assumes you are using SaaS to host the mailboxes.

Please don’t tell me you’re still using a local mail server that consumes storage, server capacity, backup resource, requires an expensive support agreement, electricity to power the device and even more electricity cool it down. You’re reading the wrong blog. 
But whatever your situation there’s some good news.

You don’t have to worry about this for much longer because nobody under the age of eighteen uses email any more.That battle was won by Instant Messaging (IM) and social media about five years ago.
If you think this is an exaggeration, ask any teenager what their email address is and then catch their expression of pity.
So how can schools adapt to the new environment?

Perhaps by using SaaS services such as Schoology and Google Classroom that behave more like social media than traditional email. Both platforms incorporate messaging directly into the workflow between teacher and student rather than having it exist as a separate process.

With Google Classroom each class automatically creates a walled-garden for messaging called the ‘stream’ over which the teacher has direct control.

Students can share a message with the class stream as well as comment on messages, announcements, and assignments from the teacher and other students. The class organiser can control students access to the stream by setting permissions for individual students or for the whole class as well as viewing comments and messages that a student made and then deleted.

Google provides other methods of communication such as Comments that can build a discussion thread that’s tied directly to a piece of work and presented in familiar IM format.

Lastly the collaborative nature of Google docs and other similar platforms provides a vastly superior method to document distribution than the traditional game of “attachment ping-pong”.

Put it all together and effect is more like a moderated community group than a series of isolated mailboxes.

So is the student mailbox dead?

Probably not, but it should be given the last rites.

Tuesday 26 January 2016

Creating Custom Bookmark Apps for Chrome.

Google G Suite makes it easy for administrators to provide web links for staff and students by publishing applications from the Chrome Web Store into the app launcher.

But what happens if you want to pin a shortcut to a site that doesn't have an app in the Chrome Web Store ?

The common solution is to use a bookmark, which is also the fallback option for advertising internal web resources and custom URL’s.

However, rather than searching for links in two locations it wouldn't it be better to handle all the applications in the same way in order to deliver a consistent experience for staff and students

Fortunately Google provides you with an option to do just that and although it involves a little bit of work I think the end result is worth the effort.

The process involves updating a few settings in the admin console to create a private collection in the Chrome Web Store and placing the URL in an “app wrapper”. Once this is achieved the link can be managed like any other app rather than a bookmark.

In this example we’ll walk through the steps required to publish this blog as an app for the fictitious MiddleTown Academy using the Google domain

Creating the Private Chrome Web Store.

In the admin console for  <your school domain>  navigate to

Device management > Chrome > User Settings

and search for the Chrome Web Store section.

You can set these options at any sub-organisation level but for a unified site you’ll probably apply the settings to the root organisation.

At this stage it’s advisable to keep the Chrome Web Store Homepage to the default to avoid confusing the users.

Give the collection a user friendly name and check in the two permission options.

The second setting allows users to create bookmark apps pointing to websites that they do not administer.

Once this is done the Chrome Web Store should show the new collection thats just waiting for your new app.

Creating the the App.

A Chrome Web Store app is nothing more than a set of editable files called a manifest which can be created manually if you are fully conversant with JSON and fancy a challenge. Fortunately there is an easier way.

Install the Chrome App Builder app from the webstore.

Once launched the inputs are fairly self explanatory and include the URL of the site you wish to embed as well as various presentation options.  As you select each option the top half of the screen gives you some idea what the resulting app will look like.

Finally the  Export button creates a set of files that can be found in the local Downloads area within the /Export folder.

Once loaded Select Launch.
You can test the app out before publishing by going to chrome://extensions/, checking in Developer Mode and selecting Load Unpacked Extension. Point the dialog at the unzipped Export folder

Publishing the App.

Your new app is almost ready to publish, you just need a few more graphics files and some information for the Chrome Web Store page.

Sign in to the Chrome developer dashboard  (above) . Add a new item and upload your app as a zip file.

Since you’ll be using a Chromebook just highlight the Export folder in the right hand pane, right mouse click and select zip selection. This will create an archive called at the same level.

Select this to upload.

At this stage you’ll be presented with a dialog that has been populated with information from the app manifest.  Just a few fields need updating and some of these are mandatory so don’t try skipping this bit.

Detailed description - Focus on explaining what the item does and why users should install it.

Icon - You’ll want to replace the default icon with something more appropriate. It needs to be a 128 X 128 pixel graphics files. I used .png for this example.

Screenshots - up to five screen shots to give users some idea of the function of the app.
Provide at least one at either 1,280 x 800 or 640 x 400 pixels.

Promotional Tile Image - Another Chrome Store image. Only the small tile at 440 x 280 pixels is mandatory.

There are plenty of other options but Visibility is only one thats important in this situation.

Select Unlisted to publish your app to the <your school domain> private collection.

There’s nothing stopping you publishing your apps to the main Chrome Store. You just need to pay Google a one-off developer registration fee of $5.00 for the privilege.

OK we are now good to go. Press the Publish Changes button and you should see banner to the effect that your apps has been published.

At this point go and make a coffee and when you get back you should see the new app in the collection.

You’ll now be able to manage the link from the console like any other app including pinning to the shelf.

Have a go. It's a lot easier than it sounds.