Serverless 2026

[Sean]

With MOE stopping fiunding for Server software in 2026, I'm interested in what people are doing. We currently have a hybrid setup using AD sync, and also GADS. Although we use 365 licensing, we are predominantly a Google school. wE Use N4L with the cloud controller. Considering papercut hive for printing. All students are fully BYOD

1. NPS alternative for WiFi authentication & VLAN allocation ?

2. DHCP / DNS ?

3. GADS alternative ?

[Pete Mundy]

Hi Sean

What I'm usually seeing now days (at the predominantly Google schools) is:

1 - N4L's secure access project (their engineers call it 'SA')

2 - N4L's equipment replacement project (their engineers call it 'ER')

3 - Migrate the primary directory to Google then auto-provision users into MS Entra from Google if the school also uses 365.

Pete

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/techies-for-schools/188ff789-4f03-4679-893e-c5459c8aa9dcn%40googlegroups.com.

[Simon Wright]

What Pete said...with some variation...

1. We are on Secure Access now (done two weeks ago). We were using NPS, but a few years ago we switched to a single PSK (one for staff and one for students) [don't ask why].

2. DHCP is done on the fortigate (We went through ER at the start of last year). DNS is currently still handled by the DC, though that will get moved somewhere later this year, hoping to the new Palo Alto box. (have a number of internal DNS entries i want to preserve without running some form of 'server' just for DNS.

3. We are a Google school (with a bit of O365), but use AD Sync and then from there we have the google connector to provision users into Google, we also use Microsoft/Entra for SSO.

Are you using Kamar, Helix/Edge, or? Both can sync directly to Entra, then all you need is to set up the Google connector to provision from Entra to Google. No GCDS required.

Printing, still looking into, we currently have Canon machines with PaperCut, but Canon also have their own solution UniFlow which is fully cloud based. So going to have a play with that and also look at PaperCut Hive.

Regards,

Simon Wright

To view this discussion visit https://groups.google.com/d/msgid/techies-for-schools/CAJtKfy7bdV70fUCFT%3DKvDAKqWwkT0ZTKJxCVkON_iDkvM93HQQ%40mail.gmail.com.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

[Sean]

Thanks Simon and Pete. We have the SA. Not sure when the ER will be. My thinking is on the same lines. I',ll miss the great job Usync does.

[Micheal Stoodley]

Simon.. "  but a few years ago we switched to a single PSK (one for staff and one for students) [don't ask why]."

Boy did I chuckle when I read this, like... three times.

Thanks 🤣

On Wednesday, April 9, 2025 at 3:25:58 PM UTC+12 Simon - OBHS wrote:

[te...@whs.ac.nz]

secure access... single psk.... single point of failure dhcp/dns..... black box security system with no visibility from the school running in the cloud (MAC Auth).....

Even though we are progressing down this route im still very sceptical of the whole thing being "better".

[Willem Lombard]

Great question! Just started wrestling with this now , so many things to consider.. 

[Matt Strickland]

Of course keep another future limitation in mind....

"Choose Microsoft or Google software"
To manage costs effectively and avoid unnecessary costs to the education sector:

• only order the Microsoft or Google licences you need – you can order more licences quickly and easily if your requirements change
• we encourage you to use either Microsoft or Google software, not both.

We are exploring ways to collect data on licence use. This may include an application and/or authorisation from kura and schools to collect anonymised, non-personal data.

I've engaged with Cyclone re server licencing as we are not ER or SA yet, plus we don't have a firewall upgrade either, all this more than a year away.

I've migrated some of our services off Windows server, with Windows 11 Enterprise / IoT now supporting those applications.

Depending on how good our MFC driver integration is, probably Universal Print with Mobility demoted to 11 Enterprise also.

We are then left with Kamar self-hosted, ideally if this could be linux that would be the last piece in the puzzle (as long as Azure sync works nicely too)

Matt

[Jeffrey Burke]

Interesting idea Matt, are you running each app on a standalone box or virtualized, if virtual are you buying the liscences individually?

Are you talking about the Office365 universal print? Last time I looked at the the costs were very high.

Jeffrey.

Get Outlook for Android

---

From: 'Matt Strickland' via Techies for schools <techies-f...@googlegroups.com>
Sent: Friday, April 11, 2025 1:53:11 PM
To: Techies for schools <techies-f...@googlegroups.com>
Subject: Re: [techies-for-schools] Serverless 2026

 

To view this discussion visit https://groups.google.com/d/msgid/techies-for-schools/1c9b9ebe-7fc2-46e0-bac4-f38845bc0f10n%40googlegroups.com.

[Matt Strickland]

Hi Jeffery, 

Still virtualized, currently VMware but may shift to proxmox depending on what is left to host on-prem, after ER/SA.

11 Enterprise/IoT VM's are using current volume license keys, still part of the Ministry Windows OS offering (so long term this is fine for a print server, veeam, cctv etc) leaving Kamar, and DC's/Entra Connect Sync on Windows Server. DC's possibly also to go if both Kamar > Entra sync works (users/groups etc) and SA/Firewall takes over NPS/DNS/DHCP etc

Basically if anything supports 11 Enterprise or a Linux distro ill migrate it from Windows Server, and still virtualize under VMWare/proxmox.

My discussion with Cyclone is that the number of Windows Server VM's wont be the issue but the number of cores on the host/hypervisor will (no matter what the hypervisor is). But still waiting on further clarification as I've haven't been on top of server licensing for a long time. It does mean collapsing / removing VM's pointless if you still plan to keep only 1 server OS running for whatever purpose.

As for Universal Print, yes M365's Universal Print which is included with A3/A5 but has recently increased from 5 to 100 print jobs per license, per month, shared across the tenant. I assume that includes 'unassigned licences', but that's roughly ~1186 A5 licences for our 920 student school, or 118,860 print jobs per month. I need to see our total number of print jobs but I do know we have 100's of students that don't print a single job for the entire year. This really depends on device integration, can users still access trays, booklet creation etc. Different brands have differing support but I do plan to test this with our devices.

Regards,

Matt

[Jeffrey B]

Thanks Matt, great to hear about the universal print upgrade to having a useful number of jobs now, will look at that rather than Papercuts great but intermittently glitchy Print Deploy client.   Not sure if the VL licencing will be continued as I think they are moving to the per user o365 deployed ones for Windows which may pose an issue.  I'm looking at it thinking if that's the case then however many enterprise liscences purchased separately may work out to be the cost of a Datacenter license anyway which handles virtualization server and unlimited virtualization rights on a single capable host.  

Its a shame MoEs blind cloud only push is leading to the exact issues the original software agreements were meant to fix by forcing people to find alternate, less common ways of doing stuff to comply. Like calling a NUC "not a server" despite running Windows Server 24/7 in the server room to patch over the gaps.

Jeffrey.

Get Outlook for Android

---

From: 'Matt Strickland' via Techies for schools <techies-f...@googlegroups.com>

Sent: Friday, April 11, 2025 8:20:44 PM

To view this discussion visit https://groups.google.com/d/msgid/techies-for-schools/aa5de763-9220-4f1f-95f2-f5c1ef25d297n%40googlegroups.com.

[Matt Strickland]

Hi Jeffery,

Might still have to stick to Papercuts implementation - in the fine print "Users with Student Use Benefit licenses can print with Universal Print, but these licenses do not contribute print jobs to the pool."

So its only staff licences that qualify, not students :(

Read the fine print!

Matt

[Marlon Yu]

 

1. I was looking at FreeRADIUS and asked the engineers at N4L if there was any concern. From what I hear, they *might* be coming up with authentication solutions to offer to schools. We are not on SA yet so don’t really know how auth works there and how we can populate/de-populate it with data from our SMS.

 

2. ISC KEA and ISC BIND works. If you wait a bit longer, around 2^nd half of this year, ISC is slated to release all their KEA hooks as open source and you can then use ISC Stork to manage ISC KEA. Currently, the hooks you need are subscription-only and unless you are willing to fork over huge $$$ then Stork is nothing more than just a dashboard at the moment.

 

3. Have you looked at GAM?

 

Marlon

 

From: techies-f...@googlegroups.com <techies-f...@googlegroups.com> On Behalf Of Sean

Sent: Wednesday, April 9, 2025 2:23 PM
To: Techies for schools <techies-f...@googlegroups.com>

Subject: [techies-for-schools] Serverless 2026

 

CAUTION: This email originated from outside of Rangitoto College. Be careful about clicking on links or opening attachments. If in doubt, ask IT.

 

--