Friday 17 February 2017

Microsoft as a Service

Note: Microsoft outlined exactly this strategy in a update to the educational website in May 2017.

Is it possible to run a school with Microsoft technologies without managing any servers at all ?

We're not just talking about on-premise servers but ANY servers, including those concealed in offsite datacenters or running on an IaaS platform like Microsoft Azure.  A true Microsoft ‘serverless school’ has no domain controllers, no Hyper-V farms, no Remote Desktop, no SCCM, no ADFS, no servers for imaging, patching, antivirus or backup. In fact no servers at all. 

Can it be done ?

Last year the answer was ‘maybe’ but it’s clear that the message now coming out of Redmond is ‘definitely’ and reading between the lines it seems be the template for the future.

In terms of the functions mentioned above everything can now be replaced by a “Software as a Service” solution provided by Microsoft and of course with SaaS there are no servers to manage.

Active Directory (AD) is the easiest one to replace because Microsoft has been running a cloud service for years now. It’s called Azure Active Directory (AAD) and every tenant of Office365 already runs an instance of this service. Extending ADD using Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy any domain controllers at all.

At the moment this strategy has a licencing cost that few schools could absorb but that's easily solved because all new Windows 10 devices have the ability to link to AAD directly rather than to traditional AD using a process called Azure AD join. Once enrolled the management of these devices is through  InTune rather than group policy or SCCM as Microsoft moved to adopt an MDM approach in order to capture a wider range of platform types.

Patching and the security of the Windows10 devices will be managed directly by Microsoft through the new feature update service while the servers… of course there are no servers. Microsoft Office client apps will use a new facility ominously called “modern authentication” which uses the SAML federation service in AAD to provide a Single-Sign-On experience.

None of this is very new but two announcements have raised the stakes.

Microsoft recently launched Intune for Education, a version of the device management service that’s specifically aimed for schools. The emphasis is on ease of use and contains a policy set tailored for education which defines some useful predefined functions such as online testing. Apps are drawn directly from the Windows Store and admins will be able to control which apps students and teachers can see and install. Included in the bundle is School Data Sync a tool that channels data from a selection of common Student Information System into WAAD to provision online classrooms and teacher/student accounts.

When placed alongside Office365 for Education, which features all the standard Microsoft productivity tools as well as OneNote and Microsoft Classroom it’s clear that this strategy is pitched directly at countering the cloud centric approach of Google's G Suite for Education.

The second move was the announcement of a simplified version of Windows 10 that's designed to run Microsoft’s Universal apps from the Windows Store and is rumoured to be free for vendors to install. This is pitched to challenge the success that Chromebooks have enjoyed in the education space and clearly validates the cloud first approach.

The Roadmap for Education,
As a complete solution you are unlikely to see this setup running a school in the near future and it might be that Microsoft is just throwing sand around to buy enough time to reorganise the delivery model and licencing plans.

Whatever the situation the point is this;

The future for IT does not require servers and now both Microsoft and Google are painting the same picture.

From the Microsoft viewpoint this strategy is a difficult sell to education. The model is so radically different from the one they have been licensing, supporting and deploying in schools for over thirty years, the pitch could easily be coming from another company. Just sorting out the licensing will be a massive chore although they have have already made a start on that.

How much of the current on-premise investment can be carried forward into the brave new world of “Microsoft as a Service” is debatable and while the IT team are heaving servers and Windows 7 clients into the dumpster they just might just decide to look at G Suite for Education rather than wait for Microsoft's offering to mature because it's now clear that both are offering the same vision of the future.

From Google's perspective having Microsoft challenging them in so many areas is a move that shouldn't be underestimated.  Redmond may not be the first to the party but they always seem to leave with the girl!

Monday 6 February 2017

The Serverless School - Hall of Fame.

Talking to educationists in my day job and at meet-ups and shows it's clear that, without any fanfare or fuss or even much technical assistance, quite a few schools have already made the move to 'go serverless' .

In some cases the move was prompted by financial pressures but most often it was just the realisation that the incumbent system wasn't delivering on the early promise and was now just a drag on innovation and change.

Going forward I plan to feature some of the stories with a view explaining how it was achieved from a technical point of view but also the motivation behind the change.

Most of these sites are in the UK but if you have a story you'd like to share regarding your school please drop me a line from the contact panel and I'll feature it on the blog.

The first of these is a school in the north of England that's taking a whole new approach right across the board.

XP School - Doncaster - UK

Wednesday 1 February 2017

Wire, wire everywhere..

If you are planning a school network with a view to supporting mobility and a SaaS resource like G Suite for Education then one of the technical aspects that's often overlooked is the physical wiring. In this respect we are referring to the sockets on the wall that you plug your network cable into.

How many do you need, how are they connected and where are they best located?

At this point the thought might hit you: “What’s a network cable? I haven’t used one of them for years.”  You might also reflect that although everyone around you seems to be consuming the internet at a furious pace, your home and your favourite coffee shop doesn't come with any network sockets at all. So why does your school need hundreds and sometimes thousands of them ?

The fact is that most modern client devices are wireless based and the technology has progressed to the point where Chromebooks, iPads, Android tablets MS Surface devices don’t even have a standard RJ45 network port. Without purchasing an adapter you couldn’t plug them into the wall even if you wanted too.

When you consider that the cost of providing each of those sockets (after you have taken into account the cable, terminations, installation, testing and switching) is around £100 you get some idea of how much money was wasted by the ‘just in case’ approach that was common in the pre-wireless days but which is still around today.

It wouldn't be so bad if this was the limit of the wasted resources but it's not. In the UK guidelines require that all network points installed into a new build are active. This results in the bank of unused ports being matched by an even more expensive rack of unused switches all linked by underutilised but costly high bandwidth interconnects.

The irony of the situation is that most of the traffic is only heading towards the web anyway so after zipping across a 10Gbs backbone it’s then forced down a low bandwidth pipe because, after purchasing all the switching and redundant network sockets, the school doesn't have the budget for a decent internet link.   Crazy doesn't even come close.

While it’s clear that a new build school could save a significant amount of money by adopting a design with far fewer outlets that’s optimised for wireless, this strategy also has some lessons for schools looking to upgrade their internal infrastructure.

The normal approach is to launch an expensive hardware replacement program in the hope that bigger and faster will deliver the required change.

But how does this help when all the exciting, and transformative learning resources are no longer on the internal network?  You're just going nowhere quicker!

The aim should be to get clients onto the wireless network and then out onto the internet as fast as possible and this simple objective doesn’t require a mass of cabling and switching hardware.

So what's the plan ?

Invest in a good managed wireless network. For the features on offer there are some great deals around at the moment using the new IEEE 802.11ac standard. Check out vendors other than the established names. Don't pay for features unless you plan to use them.

Make sure you have quality cables running to high level locations. If necessary lay new cable to those sites pulling it back to a PoE capable switch at the core rather than spending money on maintaining low level ports that nobody will be using. Incorporate IP CCTV into this plan if you have it.

Look at the rest of the network. What else could be moved to wireless? Digital signage is a good candidate along with softphones on personal mobiles instead of fixed desk IP phones.

Where are the areas that still need fixed ethernet?  Administration offices, front desk, the teacher walls and maybe specialised technology and media devices. However your plan should be focusing on providing a solid wireless signal across the school before looking at areas that would benefit from a fixed network port.

If you have printers liberally scattered about you won’t have any money to fix the network anyway because the budgets already allocated to paper, laser cartridges, leasing contracts  and print management licences.

If you are still left with hundreds of devices still requiring an RJ45 socket (really!) there is a cheap solution - reuse some of the switches you already have. When your fixed clients are consuming SaaS resources, a 10/100 switch will be just as fast as a 1Gbs model because in a serverless school the internet connection becomes the constraining factor not the speed any particular switch or interconnect. Just don’t plug any wireless access points into them.

Now while some of these suggestions may not be practical or directly applicable to your situation the fact remains that one of the main reasons why networking is so expensive is because we are still patching like it’s 1999.

Just don’t do it.