As soon as Sarasota County (Fla.) Schools began experimenting with a bring-your-own-device (BYOD) program, students, faculty and administrators could finally connect to the district’s guest network.
But not everyone’s problems were solved.
“Students and staff bringing their personal devices onto the network aren’t really guests,” says Joe Binswanger, the district’s director of information technology. “The guest network was just a straight tunnel out to the Internet. It was very vanilla: very locked-down, very filtered.”
Binswanger and his staff sought a solution that would allow the district to grant network access to student- and staff-owned devices, but in a way that allowed for high visibility, helping district IT staff to monitor activity and respond immediately if they identified a problem.
The district ultimately opted for the Cisco Identity Services Engine (ISE) security policy management platform, which IT implemented in the spring of 2014. Since that time, students and faculty have enjoyed access to their files and folders, as well as district resources such as instructional tools and a learning management system, all through their personal devices. At the same time, the system provides the district with increased visibility, showing the precise devices on the network at any given time and just what they’re doing there.
As more school districts clamor for larger and faster wireless networks to accommodate the myriad devices now in use in the classroom and beyond, the next must-haves include single-pane-of-glass management consoles. Such systems not only simplify network access management, but also allow administrators to see everything happening on their networks, in real time.
“We can analyze use at the building level and proactively look at whether we need to adjust capacity,” Binswanger says. “We can begin to address performance before a school even realizes they’re having any type of performance issues.”
The impact goes beyond making life easier for IT: Because students and teachers log on to the network instantly and can access applications or stored files with a single sign-on, the business of teaching and learning also happens with little to no lag time, Binswanger says.
“A high school science teacher told me that it used to take several days to get through student presentations with a class” because network access was so complicated, he says. “Now they’re able to do it in one class period. They’re able to spend more time on instruction and learning, and less time on trying to get access to the resources they need.”
Cisco ISE’s high level of visibility allows for both real-time monitoring and historical accounting. Shortly after implementing the system, district officials used ISE’s alerts and management console to catch a student in the act of running port scans on the network and trying to steal user credentials.
“We were able to identify the user, the devices he was using, and the AP that the user was connected to, and we didn’t alert him to the fact that we were on to him,” Binswanger says. “When we walked in, he kind of had that deer-in-the-headlights look.”
Before the district implemented ISE, Binswanger says, officials would have had a much tougher time identifying the culprit. “It would have taken significantly longer,” he says. “It would have involved tracking down IP addresses, finding the machine, then determining who was logged in at the time. It was incredibly laborious, and we still would have had the difficulty of proving that this person was in front of the computer at the time.”
How did schools keep track of what was happening on their networks before such solutions became available?
“In many cases they didn’t,” says Nolan Greene, a research analyst in IDC’s Network Infrastructure group. “Ubiquitous wireless access is really a fairly recent phenomenon.”
“Network management tools have been around for a while,” Greene says. “It was just a more tedious process to track down the offending device or AP. You had to go through different logs and trace all the different packets. It wasn’t as easy to detect.”
Union County Public Schools in North Carolina deployed the ClearPass Access Management System from Aruba Networks to administer access policies for different types of network users. The district doesn’t have a BYOD program and allows only district-owned devices on its main network, but ClearPass enables IT to grant certain users access to its guest network.
“We needed something that was going to prohibit people from just jumping on the network,” says Tony Burrus, the district’s chief technology officer. Before ClearPass, anyone could get on the guest network, which slowed performance dramatically.
“It was the Wild, Wild West,” Burrus says.
Consumerized I.T. Experiences
The Henry Ford Learning Institute, a Dearborn, Mich., nonprofit organization that manages four charter schools in three states, tapped Aerohive’s HiveManager system to manage wireless networks at three of its schools. The institute still hosts an older wireless network at the fourth school.
The difference between the older and the newer is dramatic, says Jeff Mesch, associate director of technology.
“It’s much more difficult to manage the older network,” he says. “I don’t have real-time statistics on what’s going on there.”
Where HiveManager was deployed, by contrast, Mesch can monitor network use, gain insights from the most popular instructional applications and centrally manage policies for each school.
IDC’s Greene says such highly usable systems are now the expectation among IT customers in education, in part because users generally are accustomed to the intuitive interfaces of consumer tech products, and in part because harried IT staffers require simplified solutions in order to perform all facets of their jobs.
“It’s a story of shifting expectations,” Greene says. “Everything has to be attractive and intuitive and usable, in just a few steps. There are ever more things to manage in IT. It’s more practical to have something that’s easy to use and quick to fix problems with a few clicks of a mouse.”