Let's get radical?

[Tim Harper]

Hi all,

I get to do lots of reading (especially on this group) and do lots of thinking at the moment while I travel.

I have two radical ideas that sit in my mind as I listen to the ideas about wifi that seem to be dominating discussion right now.

1.  Hand over ALL SCHOOLS  WiFi Management to an external agency.

This was not actually my idea.  It was put to me over a year ago by a teacher in a large secondary school who has responsibility for managing IT infrastructure.

I think it has merit but what do you think?  More details about my reasons for thinking this is a good idea are below.

2.  Hand over ALL identity management to an external agency.

Doing this makes handing over WiFi management possible in ways that we are only now beginning to see real reasons for.

So why do this?  Why should we not run our own wifi and identity systems?

1.  ICTs exist in schools to support teaching and learning. 

Therefore it should be as easy as possible to access WiFi and get things done.  It should be easy for students, school staff and visitors to access WiFi and get to the resources that they need to support their tasks.

I'm not saying it isn't easy in a school now to access these things.  It is sometimes easy if you are a student or staff member at the school but it is certainly not easy if you are a visitor to the school.

2.  Visitors to schools need easy access to WiFi to support their tasks.

Think for a moment who these visitors often are.  They are often students and staff from another school.  In my travels recently I have been into many different schools and they all have unique ways of allowing WiFi access from a simple password for everybody to something incredibly complex like find the right SSID, then use two different passwords or giving out a unique 8 digit code to each visitor.  These are time consuming processes for the tech community to maintain and painful for visitors to navigate.

We simply must expect the number of visitors in a school to grow,  If you have not heard yet of "Communities of Learning" then get ready!  All schools will be expected to join a CoL (if they have not already) and people will move within the CoL to support teaching and learning.  A sensible CoL would align resources like this.  And if it is good enough for a CoL to do it then why shouldn't the same apply to the whole country.

3.  Inconsistent technical ability in different schools.

Yes many members of this group do know what they are talking about.  But even this group cannot agree on the "best way" to achieve something - just look at the "Ruckus Xclaim" thread.  There are plenty of schools that are not served by people with the skills in this group and .

So - what about it?  I'm blue-sky thinking here.  What would be wrong with handing over wifi and identity management to an external agency like N4L?  They could partner with Spark who already run a nation wide WiFi network using Ruckus off the top of phone booths.  Anyone with a valid school sector login could get access from any school or anywhere served by the wider Spark network.  You could even take an AP away to camp or on a field trip, plug it in to anyone's open network and have N4L access via that AP.

I can already imagine what some people will think.  But seriously give this some thought.  Talk about it within your schools and gather some real opinions from others.  Do respond to these ideas but please remember why we are here - it is written beside the main entrance to the Ministry of Education building in Wellington:

"Lifting aspiration and raising educational achievement for every New Zealander"

(I'm about to get on a plane and fly north.  I wonder what will be here when I reconnect later today?!)

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz 

[Mike Etheridge]

Do not get me started. N4L. You jest.

[Julian Davison]

But what about the concept? Replace 'N4L' with 'provider I have confidence in', then how do you view the plan?

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Harper]

No Mike - I do not jest.  I'm absolutely serious.

But I'm after feed back in the ideas presented.

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Mike Etheridge]

Has merit, if provider agile and responsive.

[Patrick Dunford]

:)

[SteveC]

Looks like you need Edunet - then staff and students can use their home credentials at most Australia and New Zealand unversities.  http://fibreplus.co.nz/education.html

Having said that, and tried some superficial research, there desen't seem to be much happening with Edunet at the moment.  

Steve

[Tim Harper]

I agree.  Eduroam I think is what you mean and that is world wide.

The things you can do from seat 2F while boarding happens 😀

--

[SteveC]

Just testing!

Yes https://reannz.co.nz/services/network-cloud-services/eduroam/ could be part of your radical solution.

Great idea in general, so long as politics doesn't get in the way!  :-p

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

[Andy Parker]

Hi Tim,

Off topic, but...

"Lifting aspiration and raising educational achievement for every New Zealander”

Does this apply to N4L being able to provide service to Independent Schools, albeit that these schools would likely not expect to have the service provided to them free, but to be able to access the discounted rates all New Zealanders hope that N4L has obtained compared to what schools (i.e. the Crown) had been paying previously.

Cheers,

Andy

[Mike Etheridge]

I have an idea people are treading very carefully with this one. If a price is given to “independent” schools, then some state school principals and boards will say (quite correctly), "ok, so that’s what it costs the taxpayer. Give us that money and we will spend it on a local provider who will meet our needs”. And put substantial amount of change into something else, hopefully related.

.

[Patrick Dunford]

N4L is all one package, isn't it. Under the previous system people would sign on separately to an ISP, and to Watchdog if they wanted the filtering package. Everyone gets the filtering package and N4L gets paid regardless of uptake.

[Tim Harper]

Hi Andy,

I'd prefer to leave the whole topic of independent schools to a separate thread.  We should make sure we stay on topic in these threads.

Do feel free to start one if you wish!

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Tim Harper]

Hi Patrick,

I'm going to moderate this discussion quite tightly.  One of the weaknesses of this discussion group is that it does go off topic very very quickly.  The merits or otherwise of N4L and the services that they provide are valid to discuss but in another thread.  Do feel free to initiate that discussion.

N4L was simply given as an example of what could be done - not as an expectation of what might happen.

In this thread I would like to keep to the topic - and that is to discuss the merits - or not - of centralised management of all school's WiFi and identity systems.

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Kevin Whelan]

I guess the example you give is the reason why these ideas are so hard to fly. Judging by peoples comments and suspicions of what N4L is, or does and doesn't offer. Any idea on paper sounds good but the reality is usually something compromised and doesn't suit all, which people then  become suspicious of like N4L.
On paper N4L is a good idea too but I think we are all just too suspicious of how hard it would be to make a centralized wifi work,you probably would get a similar success rate to N4L with peoples opinions of it. I admire the thinking behind N4L and snup and am pleased they have at least tackled something.Your idea definitely has merit but would be even harder to sell now because of the examples. Westernized Human nature isn't really set up to be told this is how we are going to supply your schools wifi now.

.

Hi Tim,

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

[Alistair Baird]

We would have a privacy concern. Our passwords are only kept on site, using SSO. So long as we could maintain that, then we would be happy. If handing over management means handing over passwords, than no. 

We need to be able to have instant local management that bans a user (for breaching their digital citizen agreement etc) to block them from Wifi.

Not sure how a "school managed device" gets managed, if it's still within the local AD for Group Policy, virus management etc. Printing is a big issue, users need to be able to connect to a local network as we run a print client to track printing costs. This would need to 'work' ,

Is it a form of VPN ? We can't run our SMS directly via VPN, so use a terminal server that staff use to run the SMS when away from school.

Like the idea, but security concerns are always to the fore. If someone is connecting to our local Wifi via another school's user credentials, is that giving them access to our local LAN ?

.

Hi Tim,

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alistair Baird

IT Manager

St Peters College 

p 06 354 4198

m 021 990 259

e bai...@stpeterspn.school.nz

[Tim Harper]

Thanks Kevin and Alistair,

I am keen to refocus this group towards educational pedagogy and change the paradigm that is operating here.  As technologists we all too often overlook the pedagogical reasons that should be shaping how we see the role of ICTs within schools.

The guidelines that should define us are (in no particular order of importance):

• National Administration Guidelines:  http://www.education.govt.nz/ministry-of-education/legislation/nags/ - are some NAGs more important than others?
  
• Key Competencies:  http://nzcurriculum.tki.org.nz/Key-competencies - in essence these define the behaviours that we want our learners to be able to display.
  
• The New Zealand Curriculum http://nzcurriculum.tki.org.nz/The-New-Zealand-Curriculum - this defines the content that we are required to teach.
  

There are of course many other things to consider too - teaching as inquiry, and inclusive practice etc.

You will by now all be rightly saying "But that's what teachers do isn't it?"  And you would be right.  Our job as technologists in schools is to support and enable what teachers do - ie to enable the teaching and learning process.

Simon Sinek (I'm not selling anything! - if you prefer see https://en.wikipedia.org/wiki/Simon_Sinek) developed a very simple methodology called the "Golden Circle":

This defines the process that we should look at when making a decision about a way forwards.  Start with the "Why" on the inside and then work outwards.  Too often as technologists we start at the outside and consider the "How" first (and often only that!) or even worse twist the circles inside out and consider "Why nots".

I am detecting that people think that the "Why" part is a good idea. Which is great.  But then people are immediately saying "Why not".  If we truly believe that the "Why" makes sense then we should work next towards "How".  The "What" which is what people are focusing on with discussions around N4L) is the very last part to consider.  I only put N4L up as an example.

So - my challenge:  if we think that there are good reasons "why" we should look at outsourcing WiFi management and identity management then "how" should we achieve this?  What should that process look like?

For example if WiFi was to be outsourced are there other things that should similarly follow?  Should that mean that switch management and LAN configuration also be outsourced?  Is that necessary?  Or are there other things to consider in the solution - like removing servers from schools and thus removing the need for some of the complex internal infrastructure that schools have?

Now those are JUST examples to get you all thinking.  Remember "How" and "process".

It will be interesting to see where you all take this next.

I'm looking forward to reading what this group has to say tomorrow night after I've completed another day on the road of seminars and travel.
​ 

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Mike Etheridge]

Really? I’m pretty happy with the quite broad focus we have at the moment. What do other users think? Shouldn’t we, as the users, be determining the focus?

Mike

[Alistair Baird]

I agree that if you are looking at outsourcing Wifi and Identity management, then it would seem logical that switch management and off-site servers - the whole infrastructure - should be included. What is important from the teaching perspective, is that it works, how they don;t care. But, when it goes wrong, they want someone at hand they trust and can go to.

Classic point in hand right now - Google Drive is not working, two teachers have come to me complaining "the internet is slow", however none of them had the technical expertise to refine this to only Google Drive is slow, all other internet sites seem fine (including Gmail), and for those that already have Gdrive open, it is not an issue. 

So long as Ghostbusters can be on hand in an instant, and they can have faith. Then the BOT would be looking at the cost.... it must be cost effective.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Julian Davison]

Pedagogy feels, to me, to be more the domain of the MLE list.

It's certainly relevant here, but a 'techies-for-schools' group feels more pragmatic and technical than theoretical and pedagogical.

Technology is an increasingly important aspect of schools, and it's use must be driven by actual educational outcomes. Discussions on what technology can answer which driving force are entirely appropriate here, but so is the (more common, in my view) discussion on how to make the technology actually work, and which flavour of the technology fits a given situation, with pro/con information.

Focussing individual discussions more rigidly and specifically seems sensible. Attempting to narrow the focus of the entire group seems difficult and unhelpful.

Perhaps Tim really meant his discussion, rather than the entire group?

If Tim did mean the entire group, perhaps we need an additional group that is more focussed on pedagogy (I'd certainly be keen to be part of such a group).

J,

[Mike Etheridge]

Providers/support ideally are

agile

responsive

cost effective

Pretty hard to achieve all of this if you don’t have someone on site who knows what they are doing. That doesn’t include an ok technician and some engineers in a big city a long way away who might or might not be available at short notice, in my book. Unfortunately, most schools have to compromise because they don’t have expertise on staff. They shouldn’t have to compromise on all three, however.

Having said that, there’s nothing wrong with having the expertise in house/on staff and using it. This who have to compromise (or who are involved in provision of services and want schools to compromise) shouldn’t criticise schools who are using the in house model, just because they can’t use it on their own site. If it is working for a school, fine. We don’t all have to do the same thing. That is the recipe for mediocrity. 

Mike

[J B]

Tim,

I disagree with refocusing, why can't we discuss what we want to discuss in the bounds of the forum, is this China.  Why are we always getting pulled up on dissenting views from the ruling party?

 

This forum is not about teaching and you seem to be falling into the same trap that afflicts some teachers… that no one who is not a teacher can know anything useful and that everything is teachers first.  Yes it is a school and so its roll is to teach children but to do that it needs to run, if the office staff can't access the sms to get details/numbers or the plumbing breaks or any number of things can stop the school from doing its job.  It's not JUST teachers and pedagogy despite the rather arrogant view held by many in the system.

 

Shall we sell all the schools and rent properties off a company who can do it better.  Shall we hand all school accounts over to Novopay, I'm sure the teacher's won't mind the month wait for a reimbursement.

 

Why is the prevailing answer here on this list to outsource anything possible, GAPS, O365, N4L, Watchdog.  Just because some schools can't make stuff work why do all schools need to be dragged down to their level and the people who helped them have working systems be pushed out because they do not want to be political enough to force their preferred solution on everyone.

 

If you go with wifi control centrally basically all internal networks are going to have to be run by a central service to.  Yes I'm going to bring up n4l, as a lowly chunk of non-teaching scum I have time to think of the technical aspects outside of the teaching concerns.  I get asked if our school network is secure and I can say that yes, to the best of my knowledge it is as we run our own perimeter firewall because n4l refuses to provide visibility to the endpoint device.  What are they hiding, mistakes like the one that let a loopback take down 10 schools on a different fibre loop in the past.  I'm sure they are not hiding anything but we don't know if an intern could accidently relax an access list and have a high school full of curious students with full access to another schools ip range.

 

A central IDP would be great if handled properly, the last attempt had all the partner sites link with a specific variation of it and no follow-up for other solutions. In the uk they used https://shibboleth.net/ that was an oss standard allowing big providers as well as individual schools to link.  Here there was a heavily Linux weighted solution that required major access to you directory, fine if internal but worrisome and yet another expense if outside.  The opportunity turned once again into an opportunity for another MoE funder partner to offer another pay for service as the partner sites at the time seemed unwilling to support any more providers ie individual schools.

 

This is the same kind of one size fits all thinking that has a large number of schools buying linewise to supplement the N4L filtering with a sensible solution for ssl and per user management that does not rely on complete openness to the unknowable safety level N4L edge.  It also does not require a certificate on every single device.

 

Please whoever is in charge of such things, make a FREE, sensible sso provider that is not tied to a single technology and is secure rather than just suggesting opening up a port to ad.   

 

As to wifi, if your techs can't do the job they are hired to do why are they employed to do it, provide training or hire in outside help.  Unless the MoE is going to throw out all IT support staff everywhere along with the choice of what works best for the school then that’s a bad call.  Oh and if they do they had better throw out all the other non-teachers too, it's not fair to single out IT people alone.

 

Jeffrey

 

Sent from my Windows 10 phone

.

Hi Tim,

[Andy Parker]

Hi Tim,

I would put the process of “Outsourcing Wifi-management” in the outer circle. It’s a How measure. Other How measures addressing the same challenge might be for MoE to specifically fund ICT support for schools, for MoE to operate and encourage PLD models for those in schools supporting ICT. No doubt others on this list would have other methods which would also fit in the How. It’s a How which should have its costs and time to produce weighed up against other Hows. 

The Why question is “Why do we as people exist on this list”, which should have the answer “To provide the best possible ICT experience for students and all staff in schools.” 

I strongly disagree with the statement "ICTs exist in schools to support teaching and learning”. This can position people who work with ICT (whether employed by a school, or employed by a outside agency) as only being able to respond to the requests coming from the ‘academic’ staff. The challenge for this group is to reach that state where our input is valued.

How often do we hear noises from schools about not having enough time, when we see ourselves the struggles both with the technology, and with the paper processes many teachers experience.

If we can change from “ICTs ..support teaching and learning” to “ICTs .. enhance teaching and learning” then we can make some progress.

Regards,

Andy

On 28/06/2016, at 10:26 PM, Tim Harper <t...@mtaspiring.school.nz> wrote:

Thanks Kevin and Alistair,

I am keen to refocus this group towards educational pedagogy and change the paradigm that is operating here.  As technologists we all too often overlook the pedagogical reasons that should be shaping how we see the role of ICTs within schools.

The guidelines that should define us are (in no particular order of importance):

• National Administration Guidelines:  http://www.education.govt.nz/ministry-of-education/legislation/nags/ - are some NAGs more important than others?
  
• Key Competencies:  http://nzcurriculum.tki.org.nz/Key-competencies - in essence these define the behaviours that we want our learners to be able to display.
  
• The New Zealand Curriculum http://nzcurriculum.tki.org.nz/The-New-Zealand-Curriculum - this defines the content that we are required to teach.
  

There are of course many other things to consider too - teaching as inquiry, and inclusive practice etc.

You will by now all be rightly saying "But that's what teachers do isn't it?"  And you would be right.  Our job as technologists in schools is to support and enable what teachers do - ie to enable the teaching and learning process.

Simon Sinek (I'm not selling anything! - if you prefer see https://en.wikipedia.org/wiki/Simon_Sinek) developed a very simple methodology called the "Golden Circle":

<Golden_Circle.png>

[Tim Harper]

Hi all,

thanks for the interesting comments - and many of you have been very supportive with your off-list comments too.

Julian:  Indeed I am talking about this particular thread - not the whole group.  When you start a thread I believe you have a responsibility to keep it relevant to the original intent.  (Think f me as a benevolent moderator if you like.)  Too often I see discussions diverge and not follow rigour with regard to progressing the discussion - I want to enable that rigour and keep focus on the topic.  It would be nice to apply pedagogical principles to everything that we do because that is the field in which we operate.

Andy:  Outsourcing WiFi / IAM still has a Why//how/what component - everything does - and "How" is the middle circle - not the outer one.  The "What" is on the outside and comes last.  We still need to  look at the "Why" of we should outsource WiFi and IAM before we tackle "How" and "What".  "Support" or "enable"  - I'm happy with either.  And yes the challenge is to get to the point where input is valued.  I know that input will be valued especially when teaching and learning outcomes are demonstrably enhanced by that input.  I can tell you from direct observation of what I have seen in schools that this is not always the case.

Jeffrey:  see the points to Julian.  I'm going to moderate this thread and keep us focused on the topic and steer us towards improving teaching and learning. You have missed an important point that I have made earlier about CoLs and why we need aligned systems.  We outsource specific things - eg email - because it makes sense - it is the best, most effective, cost efficient way of enabling specific effective teaching and learning practices.  I am really pleased that you see the benefits of a central IAM system - but again I urge you to look at the bigger picture with regard to CoLs.  For some background have a read of this:  http://www.education.govt.nz/ministry-of-education/specific-initiatives/investing-in-educational-success/

Mike:  "agile/responsive/cost effective" -  I disagree - schools can be all those things without an onsite person.  It is only the lucky large ones who can afford to pay for onsite support who have someone like you.  I know my school needs Nick to make it all tick.  The rest - the majority - make do - and often very well too - but I do concede that "responsiveness" can suffer.  I certainly don't want schools to be in a worse position than they are now and I'm not aiming at mediocrity either - I want the best for everyone just like we all do.  Think CoLs and what they mean to the future shape of the compulsory education space.

Alistair:  I really like your points.  You are spot on - or at least I think you are.

Next challenge:

1.  Do you agree that it is valid to look at the "how" of outsourcing WiFi and IAM in schools?  "Yes" or "no" and good "why" or "why not" reasons please.

2.  Put some "how" ideas around it if you do support it.  Alistair has added server outsourcing to switch outsourcing.  Do you have further thoughts on the how part of the process.

Do keep your ideas focused and relevant please.

I'm enjoying reading everything here.  Keep it coming and thanks for being brave enough to jump in to what is a very murky place.

It was a good day facilitating a seminar today and then it was drive to tomorrow's venue.  Repeat until the end of the week.

Chat tomorrow night (unless I get busy socialising which just might happen as I'm catching up with old friends.)

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Alistair Baird]

BTW, I put up the data projectors and screens (we are currently modernizing all our learning environments ,so this is take down/put up every class over the last couple of years as builders move through the school), look after the phone system - could be outsourced to an IP solution I guess, sit in on the building project teams, am on the [teaching staff led] ICT eLearning committee, keep SMS happy for staff over and above the two others who maintain the data therein, maintain school websites, give some assistance to robotics teams, repair and fix sound systems, unjam the photocopiers and change toners (even though they are leased and under a contract), track down lost mobile phones via the wifi (about 1 per week), transport students across town, unlock classrooms, look after the alarm system/bells, security cameras, library bar-code scanners, and have presented some classes, director of carparking at major school functions.Clean up the dishes in the staffroom....

If ICT activities were outsourced, my workload wouldn't halve, and I probably wouldn't start up my business again trying to support several schools (I had 4 Primary, one Intermediate and 1 High school with 3km of my office), I know they wouldn't get the same value for money. A lot of the potential outsourcing is automated within the school and once setup and configured, doesn't need a lot of tweaking. My experience in outsourcing is that the companies providing the service see it as an opportunity to make money, because the school "has" to have these services. One of the best reasons to outsource is to establish how much it costs - try and put a value on the activities I mentioned in the previous paragraph. But the outsourcing doesn't work in the same way, you are not there during morning tea, lunchtimes, staff meetings, to hear and get a feel for what direction teaching is taking, and being able to consider these in how the school ICT is setup and configured to support that style of learning. Staff then confide and open up to including you in their thinking, one on one.  They run ideas past you that gain traction or not. I have one older teacher who struggles with computers, plugging in her laptop to the projector and sound to show a you tube video, then unplugging and doing non-contact stuff in her shared teacher space (because another teacher is in that room) is an almost daily "problem" for her, she looses network drives and printers, I don't know how (well perhaps a lack of patience is all that is needed before clicking and banging keys), but she is thinking electronic bulletin boards/displays, menu boards for the student kitchen (in addition to the canteen, we run specials and breakfast club from there), videoing lessons via the security cameras to put up on student portal so students can review their day's learning (ie the demonstration camera can double as a security camera for after hours). None of that would occur in an outsourcing model.

Isn't the idea of self governing schools (Tomorrows Schools is so 'old school' a term) so they can all be different? Some things are worth outsourcing, and printing was probably the first and done by most schools already, but not everything. Website design is another reasonable outsource, but the larger schools have intranet, a combination of working internal operations and student sites, as well as the main window to the outside wide web world. There are plenty of schools that have failed this, look at them for newsletters and you will know what I mean there.

[Mike Etheridge]

Yes, the drive to outsourcing is not coming from with (the schools) but from the business community who see the public money being spent on essentially state servants and they want that money.

[WHS Ict Technician]

What an interesting thread.

My background is scientific computing, running enterprise class back ends and supporting researchers, with extremely valuable data. No teaching component at all.

One of the first things i noticed in NZ schools was the lack of coherence in ICT strategy. Each school was left to manage its own systems, which is a technical role, but not given the funds or technical support to do it properly. You don't get quality ict staff unless you are very lucky or have a decent budget. So lots of schools seem to have teaching staff who drifted into ict. I'm not knocking that, Im sure many of them did very good jobs. running a network isn't a casual thing, though, it is full time just keeping up with threats.

Which is odd. We have a Ministry, and ICT translates well to centrally managed systems. Where is the school.nz AD domain? why is each school managing a local domain? Why is the switching infrastructure  - as set up by snup - not meeting industry best practice? Why is none of it integrated at the local, the regional or the country wide level?

I know i'm arguing against my own role in my school. I don't want to lose my job, not in today's job market. However, there does seem to be a lot of effort, money and time wasted reproducing services at every school when a more integrated model would fit.

My main concerns are that in the neoliberal reality that we operate within, centralising would not bring the benefits it could do, since instead of providing better value for money and better responsiveness through freeing up staff from repetition of unnecessary roles, we'd end up with overly specified, overly expensive gear being put in and managed badly (ie. not best practice, cf. SNUP and WSNUP, to some extent (and i've not seen the new offering yet so can't comment there)) and overly expensive support staff providing less than stellar service. And no accountability.

Schools which are managing to provide a service within their budgets and are happy with what they are doing might be upset if they have to fork out more money to pay for a system that they don't want and that doesn't fit their needs.

Beyond service suitability, i think the most pressing issue for schools would be the availability of support. If you have to log a ticket, then wait for half and hour or an hour for a mobile support person to show up, then you've degraded the service, no matter how technically great it is. The reality of ICT is that things fail all the time. As time goes by, it seems that things fail even more often than they used to, or perhaps that is because there are now so many components in a network, so many devices, so many uses.

So, protecting my own job, I think that nothing beats having an in-house ict person who can liaise with staff, get to understand their ways of speech, their ict uses and their problems and who can resolve issues in a timely manner (in minutes, not hours). Of course, to be effective as a tech within an integrated system, those ict staff are going to need training in the deployed infrastructure, as well as local access and a fantastic head office.

[Patrick Dunford]

That depends very much on the outsourcing model. I have seen one where it is completely outside - a contractor gets one day a week on the site - and another one where someone is physically present at works at the school 5 days per week. In other words whatever they want to contract for. A 5 day a week person might only get paid $20 an hour or the school might employ them directly and leave the contractor for the big jobs.

The big companies that seem to be mopping up a lot of schools IT - aided and abetted by government initiatives such as the procurement program, SNUP and requirements for Ministry certification that all squeeze the smaller players out of the marketplace - are definitely intending to make money and schools will end up being pitched for expensive new equipment they don't actually need. For example a big national firm went to high schools and said you need a new $10k server because there is something wrong with your 1 year old current server and we can arrange finance so you can pay for it. Or you need new switches, new wireless gear, new desktop computers. Whereas the small firm could have spent the time sourcing high quality second hand equipment at a much cheaper cost. Plenty of ex lease desktops and second hand business printers for example, the only new stuff might be the server or the wireless gear.

The WSNUP programme is obviously a great entry for the big companies like Ruckus and Aerohive to get a foothold into schools as once the gear is in the BOT ends up having to maintain these systems and they have hardware lockin and advantages of incumbency already being in schools.

On 30/06/16 10:26, Alistair Baird wrote:

BTW, I put up the data projectors and screens (we are currently modernizing all our learning environments ,so this is take down/put up every class over the last couple of years as builders move through the school), look after the phone system - could be outsourced to an IP solution I guess, sit in on the building project teams, am on the [teaching staff led] ICT eLearning committee, keep SMS happy for staff over and above the two others who maintain the data therein, maintain school websites, give some assistance to robotics teams, repair and fix sound systems, unjam the photocopiers and change toners (even though they are leased and under a contract), track down lost mobile phones via the wifi (about 1 per week), transport students across town, unlock classrooms, look after the alarm system/bells, security cameras, library bar-code scanners, and have presented some classes, director of carparking at major school functions.Clean up the dishes in the staffroom....

If ICT activities were outsourced, my workload wouldn't halve, and I probably wouldn't start up my business again trying to support several schools (I had 4 Primary, one Intermediate and 1 High school with 3km of my office), I know they wouldn't get the same value for money. A lot of the potential outsourcing is automated within the school and once setup and configured, doesn't need a lot of tweaking. My experience in outsourcing is that the companies providing the service see it as an opportunity to make money, because the school "has" to have these services. One of the best reasons to outsource is to establish how much it costs - try and put a value on the activities I mentioned in the previous paragraph. But the outsourcing doesn't work in the same way, you are not there during morning tea, lunchtimes, staff meetings, to hear and get a feel for what direction teaching is taking, and being able to consider these in how the school ICT is setup and configured to support that style of learning. Staff then confide and open up to including you in their thinking, one on one.  They run ideas past you that gain traction or not. I have one older teacher who struggles with computers, plugging in her laptop to the projector and sound to show a you tube video, then unplugging and doing non-contact stuff in her shared teacher space (because another teacher is in that room) is an almost daily "problem" for her, she looses network drives and printers, I don't know how (well perhaps a lack of patience is all that is needed before clicking and banging keys), but she is thinking electronic bulletin boards/displays, menu boards for the student kitchen (in addition to the canteen, we run specials and breakfast club from there), videoing lessons via the security cameras to put up on student portal so students can review their day's learning (ie the demonstration camera can double as a security camera for after hours). None of that would occur in an outsourcing model.

Isn't the idea of self governing schools (Tomorrows Schools is so 'old school' a term) so they can all be different? Some things are worth outsourcing, and printing was probably the first and done by most schools already, but not everything. Website design is another reasonable outsource, but the larger schools have intranet, a combination of working internal operations and student sites, as well as the main window to the outside wide web world. There are plenty of schools that have failed this, look at them for newsletters and you will know what I mean there.

--

Alistair Baird

IT Manager

St Peters College 

p 06 354 4198

m 021 990 259

e bai...@stpeterspn.school.nz

[Mike Etheridge]

Telling. Outside support agency uses Microsoft term/technology, not something standards based/generic/open.

[WHS Ict Technician]

i should add that our school is still waiting for chorus to turn up and re-instate our fibre connection 6 weeks after they were due. Just as we are helpless to speed them up, also would we be held to ransom by 'partners' such as ruckus if they were our only option. It would be good to a have a few on board, offering compatible services, so that we can keep the competition going. Ruckus, Aruba, Cisco, Aerohive, Each keeps the others honest.

Same goes with filtering. N4L claim to be unable to block http VPNs without MItM, yet it is doable.

[WHS Ict Technician]

I'm not an outside support agency.

I said AD domain since NIS+ is dead,  and SMS / 365 / gafe integrates well with AD (not so easily with LDAP unless you have some skills) and schools get MS server free. I'm not a MS fan, but i think it is a bit of a no brainer. What do you use?

[Mike Etheridge]

Sorry about knee-jerk reaction. We are using OD (OpenLDAP in effect), not worried about the GAFE thing as I find I can work what I need with GAM, not GADS, but you are right about SMS integration, this has nearly driven me to AD a couple of times.

[Julian Davison]

Not always.

It's interesting to see how things progress.

I've encountered schools where there has been pressure from 'above' (usually HM/Board driven, sometimes staff) to get rid of in-house staff in favour of outsourced 'experts'. Sometimes it's triggered by a slick sales pitch from a vendor, sometimes it's a reaction to perceived failings of the current solution/staff and other times it falls into the (always troublesome) "It's what they do in business". There will always be businesses advertising/soliciting for new business. I don't think that's unique to schools or public money. In many cases I've encountered it's an ex teacher who believes they know best, and better than the other vendors, and who has an insight into the most effective argument to use on the school. Opportunism, rather than altruism.

I've also encountered schools where there's been pressure to get rid of a vendor in favour of in-house resources. This is often partially driven by cost (someone decides they can pay an individual less than the business) but usually boils down to a lack of immediacy of visible support. Having a physical person in front of you, when things are going wrong, is very reassuring. The quicker that can be made true the better. So inhouse is best, then close company, then further company, then national-company-with no local office, then...

People are often chasing the greener grass over the fence, and/or reacting to history. The school that hired their own inhouse person who gained experience and left after a couple of years to join the commercial realm, and then repeated the process several times, is keen to have an external company that provides some consistency and reliability. The school that used a local company and got their most junior tech turning up and making things worse, avoids external people with extreme prejudice.

There are benefits in out-sourcing some things.

A hybrid approach can be quite effective - ideally schools have at least one go-to person who can be instantly on-call for those trivial problems that are show-stoppers (projector doesn't go, network link fails, class can't login) and back-up external experts (company/individual) to call on when either additional hands are needed on pumps, or the issue exceeds the in-house persons knowledge. With the usual result that the in-houser learns and the external people are used less. Done properly you end up with a consistency of service, and immediacy of attention.

Things like Wifi/infrastructure are 'obvious' candidates for this sort of out-sourcing where the external people don't do anything else. They know wifi backwards. To a depth your average school shouldn't have to get into. They're also among the front-line of showstoppers that tend to require instant resolution in order not to cause chaos across the site...

J,

[Alistair Baird]

Do school's outsource their property issues? Thinking caretaker, ground staff, cleaners. Often this is a hybrid approach too.

[Arnold Santos]

Based on my job being employed by three schools, everyone of them have a unique way of doing things, based on their organization, management style and budget. Best if they can afford in-house ICT support, but once everything is in place, not much work to be done. Can't figure out what's need to be done, ask help. Have a budget to go for a consultant for a big project, go for outsource which is very seldom. Being an in-house ICT support, you can be pro-active and give them an insight of what will be the next trend without charging an expensive consultation fee. The feeling of being a minute way if there are things need to be sorted is priceless, working for the love of work, even on thee wee hour of the night (remotely) because you know it is necessary is priceless.

The irony is if some company is trying to offer you a better job to work for them but the deal is to persuade your school you are supporting  to signed to them for outsourced support.

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Support Professional 10.11

Apple Certified Technical Coordinator 10.8

e-mail : arn...@queenstown.school.nz

web : www.queenstown.school.nz

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

[flow in]

1.  Do you agree that it is valid to look at the "how" of outsourcing WiFi and IAM in schools?  "Yes" or "no" and good "why" or "why not" reasons please.

2.  Put some "how" ideas around it if you do support it.  Alistair has added server outsourcing to switch outsourcing.  Do you have further thoughts on the how part of the process.

These questions really limit and define the scope. I feel wary that responses may be used out of context to push forwards an agenda that isn't one we really all agree on. Especially given the talk about Ruckus and how not agreeing with it is in some way negative. paying an extra 40% for unused or unnecessary features does not make sense, even though the gear might be yummy. I own a toyota, not a porsche, for similar reasons.

1. yes it is valid. For the purposes of providing decent wifi for schools without the inhouse staff, and for the purposes of saving money

2. I think it is really important to break free of the 'expensive is better' mindset. My school is not rich, i believe we are in a massive budgetary hole, like many. Throwing what may seem to some, advantaged, schools, as a small amount of extra money at a system when it is not necessary is a waste, and is at the detriment of the students, who lose resources in other areas.

I believe that if we are to provide ICT to schools, it needs to be done at no cost to the schools. The schools don't own the gear, they are not responsible for maintaining the gear and they don't have to make budgetary decisions to buy the gear. It is given. For the money WSUP is providing for ruckus, supported at $50 a student by the school, those schools could have a completely paid for solution that provides amazing wifi coverage - AT NO COST to them

I really don't get the pushing of the more expensive gear. I don't understand it. It is not necessary and it is to the detriment of the students.

with a proper network infrastructure in place, (and by proper, i mean more than the awful 30/100 links that many schools have) then schools don't even need their own servers for identity management. but there's no way we are operating KAMAR over a 100 line, or asking 10,000 clients to radius auth (there's an industry standard that isn't used in one recent wsnup i just saw) to a server in wellington over a bunch of 30 links.

so it makes sense to have local servers - virtualised, with backups managed centrally for rapid re-deployment. SMS, AD, local student data.

for wifi management, i'd break it down into chunks. Just like any enterprise, treat each schools as a different department, manage the Cols as units, chains of responsibility. 

Without doubt, responsiveness will drop. It always happens that way. Any change or response requires documented requests and assignment of responsibility, and that all takes time. We all know that to get anything done you need to know the right person within an organisation who has the right level of authority, or their own contacts who can rush through a firewall change, or a vlan change, or a routing change. I've seen it take 30 minutes with the right person, and weeks with the wrong one. We'd have to accept that that would become a reality for all schools, as even the local techs would have to behave according to the plan, as you can't have mavericks breaking things.
Suddenly need wifi in a random area that didn't have it before so you can stream a lesson to a group? not going to happen with a centralised control. But that's not necessarily a bad thing.

The bit that concerns me is security, since no one seems to follow best practice. I expect N4L and the ministry to be on top of it, but it's luck rather than judgement that has left us unhurt by current trends on cybercrime. The conversations on this group show that we are woefully unprepared and lacking guidance.

Imagine the impact if a poorly implemented, poorly segregated, poorly filtered, country wide network was compromised...

[Patrick Dunford]

It works very well on MS systems which is why people use it. What are you suggesting, we should all be using OSX Server, Apple doesn't even make server hardware anymore.

[Patrick Dunford]

N4L is the free solution from the Ministry and is entirely optional. It is a matter of which company they partnered with and what product they chose to purchase, or whoever won the tender probably.

On 30/06/16 10:52, WHS Ict Technician wrote:

i should add that our school is still waiting for chorus to turn up and re-instate our fibre connection 6 weeks after they were due. Just as we are helpless to speed them up, also would we be held to ransom by 'partners' such as ruckus if they were our only option. It would be good to a have a few on board, offering compatible services, so that we can keep the competition going. Ruckus, Aruba, Cisco, Aerohive, Each keeps the others honest.

Same goes with filtering. N4L claim to be unable to block http VPNs without MItM, yet it is doable.

[Mike Etheridge]

I wasn’t suggesting anything of the sort. Not interested in that religious war. I skim read the previous post (my error, always a danger, have apologised), assumed the writer was an external provider of services, and noted with amusement that having some agreement from the list that providers needed to be agile etc, the poster I assumed was a provider was using the name of an MS product as a proxy for a broader service or class of product.

I believe an institution, organisation or body should use the products, services, packages etc that meet their needs. These differ, so the solutions will differ. Sadly not recognised by some of the larger providers, in my experience.

Mike

[Mike Etheridge]

N4L is not free.

[Patrick Dunford]

Neither is water that comes out of your tap if you want to get into that. It is free as far as schools are concerned as is all the other stuff that they get funded for by the government.

[Patrick Dunford]

Some schools are outsourcing or partly outsourcing their IT because having all of it inhouse makes it difficult to keep up with industry best practice, or be resourced at an appropriate level to deal with unexpected contingencies. Clustering of schools and IT resources is another way to address this.

The wireless debate was an interesting example because at the end of the day the Government obviously wants to ensure schools have high quality IT infrastructure and that the funding which they provide is being applied into the same. I remember dabbling with consumer grade access points at a school, then along came one of our parents with the enterprise solution that we have now, miles ahead.

On 30/06/16 11:37, Alistair Baird wrote:

Do school's outsource their property issues? Thinking caretaker, ground staff, cleaners. Often this is a hybrid approach too.

On 30 June 2016 at 11:03, Julian Davison <jul...@davison.org.nz> wrote:

Not always.

It's interesting to see how things progress.

--

Alistair Baird

IT Manager

St Peters College 

p 06 354 4198

m 021 990 259

e bai...@stpeterspn.school.nz

[Mike Etheridge]

The school can work out how to spend the operations grant, which funds most things other than teacher salaries (watch this space) themselves, within some limits. Often, local providers will be used, not just because schools are embedded in the community, but because they provide a better and cheaper service or product. The playing field was tipped when it came to N4L (and Ruckus/WSNUP vs Ubiquiti).

Mike

[Julian Davison]

It's essential to talk about the 'how' to clarify what 'outsourcing' actually means in this context. How in depth does it go, with what involvement from onsite personnel and what is it's intended scope..?

Options, which are not necessarily mutually exclusive:

Centralised? Distributed? Federated?

Wired? Wireless? File-level? System-level? Device-level?

Unified system? Discrete systems? National systems?

J,

[Patrick Dunford]

I wouldn't call Linewize a cheaper option, a school with 500 pupils will cost $3000 a year to license.

[flow in]

> N4L is the free solution from the Ministry and is entirely optional. It is a matter of which company they partnered with and what product they chose to purchase, or whoever won the tender probably.

i'm not really clear what you are trying to say here. Our supplier is n4l, chorus puts in the line, sub contracts to whoever. We sit on our hands and wait and wait and wait and wait for someone to sort it out but we don't have the right contact to get it actioned. That's the norm. 6 weeks late? who do we chase? In the meantime we manage 400+ clients through 20Mbit we are borrowing (via a ptp wireless bridge) from another school's link. good job we kept our security appliance (and traffic management)

[flow in]

On 30 June 2016 at 14:56, Patrick Dunford <kahuk...@gmail.com> wrote:

Some schools are outsourcing or partly outsourcing their IT because having all of it inhouse makes it difficult to keep up with industry best practice,

Strange, i thought industry BEST practice was a long way away from installed SNUP and WSNUPs that i've seen. A script kiddie would own them without much effort. Still using the default VLAN? 

There's been some great pdfs from Allied Telesis over the years, on how to configure secure school networks. The latest one is easy to follow: https://www.alliedtelesis.com/sites/default/files/howto_secure_switches.pdf

Not seen that in a SNUP, have you? What about with other school providers?

So i reject completely the concept that ministry outsourcing enhances 'best practice' (unless best practice means put in the most expensive gear, which i suspect it might do for some of us)

There's a lot of best practice with WLAN use too, especially with networks used for both secure / confidential and student / guest traffic. Is that being implemented either? Shouldn't SNUP and WSNUP be installed with best practices in place?

The Ministry _should_ be on top of this, but i think, perhaps, they don't have the right people on their committees. I'm not knocking teaching staff, but I've been a network engineer for 20 odd years and i find it difficult to keep up, sometimes.

--

Flow In, MA hons Cantab, MSc | ICT Technician | WESTLAND HIGH SCHOOL

Phone: 03 755 6054 | Cell: 022 027 5107 | Fax: 03 755 6269 | i...@westlandhigh.school.nz
PO Box 154, 140 Hampden Street, Hokitika 7842
http://www.westlandhigh.school.nz/

WHAKATERE I Ā TĀTOU HAERENGA - NAVIGATING OUR JOURNEYS

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

[flow in]

here we go. Allied Telesis best practice, for schools.

Something that schools should have been set up with, from the get go, when they were SNUP'd, with AT switches.

http://www.alliedtelesis.com/sites/default/files/howto_config_8021x_secure_schools1.pdf

How many of us implement these methodologies?

[Patrick Dunford]

Do you use the N4L free web filtering solution or another provider, as many schools seem to actually be doing.

On 30/06/16 19:11, flow in wrote:

> N4L is the free solution from the Ministry and is entirely optional. It is a matter of which company they partnered with and what product they chose to purchase, or whoever won the tender probably.

i'm not really clear what you are trying to say here. Our supplier is n4l, chorus puts in the line, sub contracts to whoever. We sit on our hands and wait and wait and wait and wait for someone to sort it out but we don't have the right contact to get it actioned. That's the norm. 6 weeks late? who do we chase? In the meantime we manage 400+ clients through 20Mbit we are borrowing (via a ptp wireless bridge) from another school's link. good job we kept our security appliance (and traffic management)

[Patrick Dunford]

SNUP is a hardware installation, it is up to the school IT what they want to do with the hardware when installed. For example on a school WSNUP I worked on, it was 3 SSIDs / VLANs. The spec for that was done by the existing school IT contractor working with Spark and the wireless integrator. As each school's use of the network will vary.

--

[flow in]

> Do you use the N4L free web filtering solution or another provider, as many schools seem to actually be doing.

Do we use N4L web filtering? No, we went onto fibre before N4L was available to us, so we invested in a cisco meraki mx100 security appliance to keep our traffic legal and our students safe. The MX is very flexible and reasonably good (although i have to process logs to spot the http VPN users, quite irritating that N4L can't catch them either) so we've stayed with it. I can instantly adjust the filtering if required, too. The traffic management is a godsend in our current situation, and the security aspect is getting better (it has blocked the teamviewer exploit, ransomwares and a whole bunch of exploits so far)

[Julian Davison]

No, it isn't. Gear provided configured. In consultation, but under guidelines.

[flow in]

On 30 June 2016 at 19:45, Patrick Dunford <kahuk...@gmail.com> wrote:

SNUP is a hardware installation, it is up to the school IT what they want to do with the hardware when installed. For example on a school WSNUP I worked on, it was 3 SSIDs / VLANs. The spec for that was done by the existing school IT contractor working with Spark and the wireless integrator. As each school's use of the network will vary.

That's a get out. The schools need the Ministry to set them up with industry best practice configurations. Simply giving hardware and asking "what do you want to do with it", then expecting the SCHOOL to know what the industry best practice is is nonsense.

There is no way the ministry should be putting gear in that is inherently insecure. There should be a configuration baseline that is expected. it isn't rocket science, and this kind of security issue is best led from the top. 

I've seen WSNUP with fixed passwords for staff networks, and the staff and student and guest traffic on the same vlan, in the same subnet. How is that even allowed to be installed? Does no one take responsibility for data integrity? Or did my time on NHS network security committees spoil me for how it is done in education?

> No, it isn't. Gear provided configured. In consultation, but under guidelines.

Those guidelines don't appear to be Best Practice.

[Craig Knights]

I got so fed up with the http vpn stuff especially the ultrasurf chrome extension that I blocked direct IP and all .info domains on linewize.  Their category block and n4l's didn't do it. Seems to have clobbered it without any side effects yet.

Craig.

--

[Julian Davison]

While still trying to avoid hijacking Tim's thread...

My experience would suggest that the SNUP program doesn't necessarily involve what I would consider best practice. This has particularly been true historically, but has improved somewhat. I enjoyed the SNUP process which resulted in an overall slower network as switch groups were 'stacked' with single gigabit cat-6 cables rather than employing link aggregation - which had been in place prior.

I suspect an overriding factor is the individual schools desires and an effort by the SNUP scheme not to cause total chaos by drastically changing the way the system operates (Your teacher runs a minecraft server on their laptop for the students to use? Not any more, they're on separate VLANs).

It's a fine balance to be struck between existing (often dismal) practices and best practices. Enforcing secure passwords? Password expiry? Update application? Don't log students in with your staff password? Don't *give* students your staff password?

There can be intense resistance to change. Which is a huge factor in any ideas on centralised IAM or infrastructure out-sourcing.

I've also encountered IT 'experts' who simply don't grasp the advantages or functionality of things like VLANs and advise schools against the 'unnecessary complexity'.

Data integrity and security aren't high on the priority list of many schools, if it even features on the list at all. The situation isn't helped by marketing from some (often software) vendors that promote 'the cloud' as 'the answer to security'. I have believed for some time now that a major data breach in a school has not featured in the media due to luck. There has not (yet?) been a student who has decided to embarass a school, rather than prove how clever he is to his mates, or get free printing.

Ideally part of the (W)SNUP process would be an amount of PD on data security and implications for, at least, senior management (and possibly boards) in an effort to get them to take it seriously and invest in the relatively simple protections (such as VLANs and a touch of user-education!)

Centralising how some of this works would help, but will, as mentioned above meet no end of resistance from people at least in part due to them simply not wanting to be told what to do.

It's a tricky environment to nationally improve.

J,

--

[Patrick Dunford]

As Julian has written often the school doesn't want to change their practices, even if they put all the stuff in the school can decide they won't use it.

For example you refer to RADIUS, which requires extra setup work. I've worked at smaller schools where RADIUS isn't used for the wireless authentication.

[flow in]

On 1 July 2016 at 10:27, Patrick Dunford <kahuk...@gmail.com> wrote:

As Julian has written often the school doesn't want to change their practices, even if they put all the stuff in the school can decide they won't use it.

For example you refer to RADIUS, which requires extra setup work. I've worked at smaller schools where RADIUS isn't used for the wireless authentication.

Which is exactly why change and best practice needs to be ministry led. The radius issue ties in with recent moves on SMS integrations, which then ties in to centrally managed WiFi roll outs, which then demands that the Ministry has a team that discusses best practice, devises methods to implement it and monitors the results.

Without technical, non-partisan oversight, centralising is going to lead to disaster. Of the scale that we see in the 'states. I can see the headlines - "NZ governments pays $500,000 to hackers to recover confidential student data." or "School X pays $10,000 to recover encrypted student grades"

btw. Radius requires so _little_ extra work, that not having it is simply lazy.

[Patrick Dunford]

So then you'll agree that the Ministry also has the right to dictate the grade of wireless hardware in your school, I take it?

[Patrick Dunford]

Here is the spec

http://www.education.govt.nz/assets/Documents/School/Running-a-school/Technology-in-schools/technical-info/MoE-WLAN-Recommended-System-Specifications-May-2015-v2.2.pdf

I have not heard anything about any particular process followed by Ubiquiti to have their gear put through the Ministry certification process. Can you elaborate further?

On 30/06/16 15:04, Mike Etheridge wrote:

[Mike Etheridge]

I was talking about the process/funding. If you go WSNUP/Ruckus (or whatever), you pay 20%. If you want Ubiquiti you pay 100%. Playing field tipped.

Mike

[Patrick Dunford]

If schools are mandated to use the Ministry's approved wireless integrators and only one of them (as at February 2016) is offering Ubiquiti wireless equipment, is that because Ubiquiti hasn't met a specification and is that the fault of Ubiquiti or the Ministry of Education's process? The same comment could easily apply to any brand of equipment that the ministry hasn't certified.

[Mike Etheridge]

I suppose we could go around that bit of circular logic a few more times.

Sent from Samsung Mobile

[flow in]

Patrick, i'm finding it hard to keep up with your logic.

Are you happy to ignore all problems, but then use them to push Ruckus? Do they employ you? You've skipped over pretty much every issue i've brought up, then grabbed onto one small thing to let us know you like ruckus, again.

Tell me, are YOUR switches set up to industry standards? Do you use Best Practice in your school, with your wifi?

I'm happy for a fully funded solution to be out of the school's hands. If the ministry is requiring us all to drive porsches, but only paying for toyotas, then fails to make sure we've had driving lessons, then i'm not ok with that.

[Patrick Dunford]

Ruckus was mentioned as a brand of equipment someone wanted to know more
about. My preferred brand of equipment is Ubiquiti. A range of different
brands are supported by the approved wireless integrators.

The much-maligned MOE process of certifying Wifi hardware is part of a
process for ensuring there is a high grade of wireless equipment in
schools, obviously in the same league as all the other stuff mentioned
previously. The Ministry has the right to mandate this as it is in the
same league as all the other regulations State schools have to comply
with to ensure the schools provide a high standard of education.

[Julian Davison]

The MoE doesn't certify wifi equipment. Still.

On Fri, Jul 1, 2016 at 2:59 PM, Patrick Dunford <kahuk...@gmail.com> wrote:

Ruckus was mentioned as a brand of equipment someone wanted to know more about. My preferred brand of equipment is Ubiquiti. A range of different brands are supported by the approved wireless integrators.

The much-maligned MOE process of certifying Wifi hardware is part of a process for ensuring there is a high grade of wireless equipment in schools, obviously in the same league as all the other stuff mentioned previously. The Ministry has the right to mandate this as it is in the same league as all the other regulations State schools have to comply with to ensure the schools provide a high standard of education.

[Patrick Dunford]

If you mean "they don't write out certificates" or "they don't do the certification themselves" then you may be correct.

If you mean to imply that they don't specify the requirements for what wireless equipment must be capable of and don't limit approved wireless integrators to supplying equipment that meets those requirements - well that would be wrong.

http://www.education.govt.nz/assets/Documents/School/Running-a-school/Technology-in-schools/technical-info/MoE-WLAN-Recommended-System-Specifications-May-2015-v2.2.pdf - lists the mandatory and optional requirements for wireless hardware.

The above document is linked from this web page http://www.education.govt.nz/school/running-a-school/technology-in-schools/technical-information/responsibilities-of-an-ict-contractor/meet-ministry-standards/ which states clearly these standards must be applied for State schools.

Furthermore the same page also mandates the requirement for approved ICT contractors. On the page linked from that is an application form to become an approved wireless integrator. The form states that the applicant must provide the names of the type of equipment as the Ministry will only allow its approved range of gear to be installed in (State) schools.

The various requirements for the contractors are obviously designed to ensure that all equipment and installation standards meet a pre approved list of specifications. That must mean someone in the MOE office does have a list of gear that meets the standards.

[Julian Davison]

I'm not going to attempt to go through this with you again, Patrick.

The ministry is requiring installers be certified to install the gear they supply. The supplied gear must meet the list of requirements (in other documents). A supplier is free to install any equipment that meets the list and for which they are certified by the manufacturer to install. The list of specifications will have been created based on equipment that exists. Someone in the ministry will have a list of gear that meets the standards. It almost certainly isn't an exhaustive list, and gear installed isn't required to be on that list.

I believe "MoE process of certifying wifi hardware" is an exceptionally misleading phrase, given what is actually the case. It is, however, your phrase.

[flow in]

hardware, hardware, yet the configuration of that hardware is not specified. When that is actually the most important bit.

[Julian Davison]

Agreed. The way the features specified are used to achieve the intention.

On 1/07/2016 6:47 pm, "flow in" <i...@westlandhigh.school.nz> wrote:

hardware, hardware, yet the configuration of that hardware is not specified. When that is actually the most important bit.

--