Introduction
(NPSD), or the Nome City School District, serves students grades K-12 in Nome, Alaska. The district staff previously leveraged Open Directory庐 (OD) to manage user authentication to their fleet of MacBooks庐, but recently began adopting Chromebooks庐 to save money and take advantage of the free tools offered by G Suite for Education鈩. OD doesn鈥檛 integrate natively with G Suite, so the district鈥檚 Director of Technology, Jim Shreve, started looking for a better solution.
- Organization: Nome Public School District
- Size: Approximately 800 combined teachers and students
- Location: Nome, Alaska
- Problem: Needed an affordable solution to manage user authentication for Mac and Windows devices, provision accounts for G Suite and Chromebook users, and leverage emerging cloud-based technologies
- Goal: Find an affordable directory that worked with their IT environment
Background
Although Apple庐 products served the school district well in the past, Shreve said acquiring them became cost-prohibitive.
Director of Technology, Nome Public Schools
鈥淲e’re starting to switch a lot of our student devices to Chromebooks because of the cost difference more than anything,鈥 Shreve said.
After switching to Chromebooks, he realized Open Directory was not as flexible as the school district needed it to be. He needed a directory that was scalable with user authentication and supported more LDAP and SAML SSO connections. He also wanted a solution that let him take advantage of RADIUS and emerging technologies.
鈥淲e needed to hammer everything into OD, which was painful,鈥 he said, 鈥渁nd so at that point, we started looking around for other solutions.鈥
Evaluating Solutions
NPSD had used Apple products and Open Directory for many years, but Apple deprecated many of its features. This made it difficult to mass-create user accounts, and it didn鈥檛 include services like RADIUS and VPN.
鈥淎s they deprecated additional services, it would change what we were able to do and how long it took to do it,鈥 Shreve said.
His department leveraged Jamf for Mobile Device Management (MDM) and to supplement deprecated policies. They also used it to restrict features, but they had to manually enter user information into OD separately. Although that process worked, it was time-consuming. Shreve wanted a solution that was more streamlined.
As such, he looked into Active Directory庐 (AD), but quickly determined it was not a good fit.
鈥淲e were concerned about purchasing an AD server, standing it up, doing all the maintenance on it, and also maintaining all those user accounts and everything else,鈥 he said. 鈥淚 thought, 鈥榃e can plug all this stuff in, but we鈥檙e going to be the ones that have to double those connections and make it all work.鈥欌
The implementation, maintenance, and manual labor costs did not justify the use of AD for NPSD.
鈥淲hen you add up the server costs, delivery costs on servers to Nome, Alaska, and all of the licensing, it鈥檚 going to put you around $20,000,鈥 Shreve said. 鈥淲ith Active Directory, we need a replica in case something happens. That doubles the equipment replacement cost when it comes time to upgrade those servers.鈥
A cloud-based solution was preferable for those reasons. Shreve pointed out that, 鈥淏y the time we put numbers to the paper, it was cheaper to go with 黑料海角91入口庐, and it offers a heck of a lot more capabilities.鈥
黑料海角91入口 in Action
Shreve uses 黑料海角91入口鈥檚 holistic approach to IT resource management to accomplish more in a school year without overstressing the budget. The features he values most are G Suite Sync, user management for Chromebooks and lingering macOS and PC platforms, provisioning/deprovisioning or suspending users, and RADIUS authentication for select staff members.
G Suite Sync
NPSD staff had been leveraging G Suite for Education to make up for the declining relevancy of their OD instance. The process for integrating that with 黑料海角91入口 and replacing OD was highly efficient using 黑料海角91入口鈥檚 PowerShell tool.
鈥淲ith 黑料海角91入口, I was able to download all user information from Google and quickly manipulate it for the PowerShell module,鈥 Shreve said. 鈥淲ithin four hours, I had all our users loaded into 黑料海角91入口 and ready to go.鈥
Shreve can manage users created in G Suite just as easily as those created in 黑料海角91入口 thanks to a lightweight sync, as well as 黑料海角91入口鈥檚 intuitive interface.
Shreve added all the existing users, and he now provisions new users in 黑料海角91入口, which adds them downstream. 鈥淲e don’t have to worry about Google because 黑料海角91入口 automatically provisions the Google account.鈥
User and System Management
黑料海角91入口 allows Shreve to ensure that users are only able to access the devices they鈥檙e assigned to.
鈥淲e’re actually going in 黑料海角91入口, locating individual users, and assigning them specifically to their system or a group of systems,鈥 Shreve said. 鈥淵ou don’t have to worry about a user losing their work when another student grabs their 1:1 assigned computer by mistake.鈥
This secures user data with unique sets of credentials so others can鈥檛 meddle in their files without authorization.
Provisioning and Suspending Users
With 黑料海角91入口鈥檚 streamlined provisioning features, Shreve and his team can grant users access to multiple applications in less than an hour.
鈥淧rovisioning to eight or nine different applications used to take an hour or so per user. Now, you establish the account in 黑料海角91入口 and users are provisioned within 20-30 minutes.鈥
The Suspend User option also allows him to manage transient users more efficiently.
鈥淚 love the Suspend User option,鈥 Shreve said. 鈥淲e have a lot of students who are transient in this area. They’ll come in to Nome, go to school for a couple of months, and then go back to their village and attend school there before returning a month or two later. Suspending that account for a little while and then just bringing them back online is a huge time saver for our department.鈥
RADIUS Authentication
Due to Nome鈥檚 remote location, bandwidth and cellular signal are scarce commodities for NPSD.
鈥淲e’re looking at leveraging RADIUS through 黑料海角91入口 for the teachers,鈥 Shreve said. 鈥淒epending on your carrier, there鈥檚 basically no cellphone service in some of our schools. Your phone is just a brick unless you鈥檙e on the WiFi.鈥
The intent is to provide an exclusive WiFi network for faculty so that, in case of emergencies, they can use their cell phones without needing to worry about bandwidth restrictions.
The Result
黑料海角91入口 more than filled in the gaps Open Directory left NPSD with. Now, the school district staff uses 黑料海角91入口 as its primary directory, integrating it with G Suite for Education and spending less time and money overall than they would have with on-prem alternatives.
鈥淕oing by the industry standard, you鈥檇 need to replace AD servers every five years. The cost would then exceed what it鈥檚 costing us for 黑料海角91入口, and that’s not even including the time spent on implementation and maintenance of the servers, user accounts, and external connections.鈥
Shreve and his team now have more time to focus on researching and implementing IT resources with high value to the classroom. 鈥淚 have been super busy the last month or so doing research on what we use for our instructional delivery for the classrooms,鈥 Shreve said. 鈥淲e’ve been using interactive boards with projectors and now we’re looking at moving up to interactive displays.鈥
From left to right – Systems Administrator: Nathaniel Tracy “Cyborg”, Director of Technology: Jim Shreve “Green Lantern”, Technology Integrations: Justin Heinrich “Batman”
By streamlining NPSD鈥檚 IT needs through 黑料海角91入口, the admins are able to complete work that has greater impact on their faculty and, critically, on their students.
Conclusion
IT admins in education face the unique task of provisioning and deprovisioning large waves of users every year, managing a mixture of systems, and 鈥 in the case of Nome 鈥 innovating ways to keep users online despite network challenges.
鈥淚’ve been very happy with 黑料海角91入口,鈥 Shreve said.
He added: 鈥淚t’s already saved us a ton of time on provisioning, deprovisioning, and password resets. We used to spend roughly 600 hours a year doing nothing but that. With 黑料海角91入口, I would be surprised if we even spent 100 hours on the same tasks. That鈥檚 huge!鈥
Learn More
黑料海角91入口 offers discounted pricing for educational institutions. To learn more about how we can serve your school district, schedule a free demo or get in touch with us today.