More than 500 attendees joined our webinar with Tech & Learning last month. The webinar featured Scott Knuckles of Paso Robles discussing their BYOD program and Patrick Larkin of Burlington High School discussing their iPad roll-out. Rob Chambers, Lightspeed Systems CTO, was also on hand to answer technical questions about the Lightspeed mobile filtering solution.
You can watch a replay of the webinar here.
During the webinar, we received more questions than we could answer in the allotted time. But our speakers were kind enough to answer additional questions. Read on for their responses!
More information from Patrick Larkin
1. How do you manage the school use apps on your iPads?
We use Casper from Jamf software for mobile device management. For apps that we want to purchase for students or staff we use the Apple Volume Purchasing Program.
2. How do you handle the purchase of apps? Installation of apps?
Students and teachers upload their own apps. We can push out apps using a self-service option through the Casper mobile device management solution.
3. Do students bring these devices home and if so what is your policy for these devices if they are broken by a student?
Students do bring the devices home and the parents signed off on a responsibility form when the students received the iPads. We also provided a third-party insurance option from Worth Avenue Group which covers loss, theft, and damage for $39 annually. It was up to the parents whether or not they purchased the insurance.
4. Who trained the student tech team? Who manages them?
The students tech team is managed by two teachers who also assist staff members with tech issues. The students have a variety of activities that they take part in, including writing app reviews for students and staff.
5. What MDM solution are you using?
Casper from Jamf, mentioned earlier.
6. How are you handling sustainability, and how long are the iPads in production? When you phase iPads out, what do you do with them?
We are hoping that these devices will be viable for students to keep for their four years of high school. We are not sure where we will go from here or what the best choice will be for device in the future. We will also discuss a switch to BYOD.
7. How do students connect to the Internet on iPads at home and other locations than the school?
We have internet access throughout the high school and the majority of students have wifi at home as well. Students who do not have wireless at home do have internet.
8. We did a similar thing however our legal department said we cannot ask for insurance. The best we could do is treat it like a text book and only require the parent to pay $100. What does your legal department say about the insurance?
We did not mandate insurance. We just said that students and parents were responsible for the iPad if it was lost, damaged or stolen. They did not have to take an iPad and they did not have to buy the insurance.
9. Did you have any parents opt out of the iPad? If so, what are you doing for those students?
Yes, we had one students opt out and teachers are making accommodations with work that is in digital format.
11. How do you encourage teachers that were not excited about the transition?
We have support every period for staff which is also available to go into the classroom as they try new tools. In addition, we offer a PD opportunities constantly for teachers to learn about different tools they can integrate in their classrooms
12. Is your plan available somewhere Patrick
All of the resources are available on my blog patrickmlarkin.com. Check out the tabs at the top of the page. If you do not find something that you are looking for please email me at larkin@bpsk12.org
More information from Scott Knuckles
1. How is Lightspeed being used in this BYOD program?
Lightspeed Systems is used for authentication to access the Internet on personal devices. It also provides the content filtering policies to protect students and provide override capability for teachers.
2. How do you ensure your PED policies are being followed?
Our new PED polices are monitored by all of the stakeholders; teachers, site administrators, and I.T. staff. Proper authentication is needed to access the network. Once access is gained, Lightspeed monitors and sets content policy.
3. How exactly do you handle authentication and name resolution on devices on your wireless network to enforce Lightspeed policies and to provide user reporting? If students manage their own device – then how do know if they’ve even loaded the Lightspeed mobile browser and are not using safari when off-campus?
We do not load the Lightspeed mobile browser onto personal devices. Access is gained to the wireless equipment by using their student login and password. This is passed through our radius server to our directory services via LDAP. Once the device is on the secure and separate personal device network, Internet access is only gained through authentication, with the same login and password, with Lightspeed and policies are set.
4. Can you talk about how important it is to build a secure wireless network in advance of rolling out BYOD? Do you restrict who can get on the wireless network? Do you have a guest wireless network for internet only access?
CIPA dictates that schools monitor student access on our networks. Accessing the separate and dedicated personal device VLAN needs proper authentication with the district provided UserID and password. We do have some guest accounts for district guests but they are very limited and seldom used. In general, the Paso School wireless network is only available to the students and staff of the district.
5. With BYOD these are not “district” devices… how do you handle a situation where you need to look at the device for inappropriate use?
Good question. Just as before the BYOD initiative. Site administrators can examine the personal device if needed, just like they would look through a backpack.
6. How much bandwidth is allocated per user on the BYOD network?
Currently, the personal device wireless network bandwidth is not governed. All of our sites have either a 1 GB or 10 GB network infrastructure. We are monitoring the network and will be looking at ways to govern the wireless traffic.
7. How do you measure learning off-campus or account for homes that don’t have broadband connectivity? How to you account for low-income students that cannot afford their own equipment in BYOD situations?
There is a digital divide. Williams Act dictates that we provide a shared equity of services and facilities. BYOD is not mandatory for students. We do anticipate that students will share and work in grouping collaborations with those that might have a device. Similar to what we have done in the past with limited school site equipment. Wi-Fi devices are dropping in price. eBooks, such as the Nook or Kindle, iPods, and cell phones with Wi-Fi are the most prevalent devices being used. We do believe once parents feel more comfortable with this new initiative, parents will provide inexpensive Wi-Fi devices to their kids. We do understand that not all families can afford such devices. We are working with local foundations to develop grants for students to obtain Wi-Fi devices to enhance their education.
8. Has the issue of equity of access come up with your BYOD implementation?
The issue has not come up with parents or students as of yet. We do have many teachers jealous of student personal devices. There have been a lot of questions from teachers asking which device they should buy for themselves.
More information from Rob Chambers
1. How are you supporting legacy applications that depend on a particular OS platform?
I am guessing this is not a Lightspeed related question. From our perspective we will support any OS/Browser that accesses the internet through our filter. From a school application perspective I would answer this by using some sort of application virtiualization such as Citrix.
2. Would really like to see Lightspeed work on earlier versions of Android OS. Is this going to happen?
Although the Mobile Browser filter is limited to Android 3+ due to limitations in the OS, we do have a solution that operates at the Kernel level and is supported on all versions of Android.
3. We have Lightspeed, what is the best practice to filter student personal devices without a client?
As a best practice we recommend one of two approaches. A – Set the default filtering policy to allow access to a limited set of internet resources mainly the true education resources. This would allow quick and easy access to these sites but access would be anonymous. For access to additional resources the end user can web authenticate on the device and then be applied an appropriate policy for student or staff use. From this point all access will be tracked. B – Force web authentication on all unknown sessions. With this approach all district owned devices with user resolution agents will be transparently authenticated and allowed appropriate access for their policy. Personally owned devices will have to authenticate and then be applied the appropriate policy and all access will be tracked.
4. Does this software allow you to push our OS updates to the iPads?
Not at this time but we are investigating this option.
5. Can you load vmware fusion and run a Windows environment?
I am not sure the context of this question. But technically on a mac (VMWare Fusion is a mac only product) you can load Vmware Fusion and run Windows.
6. We are deploying ipads that are shared between students. How do you handle the issue with TTC being unable to logout student accounts between sessions of different students?
This is true for TTC but does not apply to our next gen web filter.
7. Followup on authentication. How are you authenticating a mobile device with a username and password to the Lightspeed rocket?
This is a setting in the Web Filter options.
8. How do devices authenticate to network? (Active Directory)
For BYOD devices typically you accomplish this by forcing web authentication when the device attempts to access the internet.
9. Do you force authentication using Lightspeed within the district when they user goes to the internet. Basically, do you have Authenticate All Clients checked in your Content Filter properties?
Rather than choosing Authenticate All we would recommend Authenticate Unknown. With this configuration district owned devices with a user resolution agent will not be asked to authenticate and personally owned devices will. Authenticate All requires every device to web authenticate even if their user information is already known.
Have more questions or comments? Just post them below!
