Also, there was a little time for networking with fellow techies at other schools around here about some of the challenges we face. The IT division at local university, Rhodes, used to organise "techie chats" - they were always rather valuable as getting together most of the Clue in town teaches you a lot, very quickly - and particularly the Rhodes people, by virtue of their membership of various management boards knew what was coming from the Internet (through the NREN, TENET, who is basically our ISP via the Albany Schools Network) some time in advance - and would share that info, when it wasn't embargoed. Perhaps someone ought to carry on that tradition...
 |
| Apple Classroom app icon |
Teachers may find Apple's "Getting Started with Classroom" useful - but bear in mind not all features are necessarily available to you.
Here are most of the features of relevance to education in IOS 9.3 that were discussed in the presentation....
Night Shift
One of the things that IOS 9.3 introduces is a "Night Shift" mode that modifies the typically blue-shifted light spectrum of devices to a more "yellow" light. There are some concerns that such blue-shifted light - particularly in the evenings and at night - may affect sleeping patterns, so this might help late night/in bed users of these products. We can have that here, and it might help learners (and adults!) who spend a lot of time on IOS devices in the evening, particularly in-bed users.Apple School Manager
Apple School Manager is not available in South Africa - it is, for people like me, precisely the sort of thing we want, and I talk about the problems of this not being available at length in a previous post.
My next thought was "wait, there is a range limit on Bluetooth". I have no idea which Bluetooth mode Apple's devices support (the chipset doesn't necessarily tell you the full story) - there are radio power variants (classes) which define the distance over which pairing etc. should work - in large lecture theatres, I suspect this won't work well; none of the variants support more than 100m distance.
What we also don't yet know is whether the teacher and pupils have to be on the same L2 network or not - far too much Apple kit assumes this is the case (I've not tested, and the presenter did not know). So yes, if you teachers have exceptionally large and roomy classrooms, fun times may ensue. Generally, most consumer bluetooth implementations are in the ~10m range. Rather few are the >10m away classrooms I've been in, particularly in primary schools (so this may not be a concern) - but plenty of lecture theatres are like that, though (sucks to be you, Higher Education).
Assign Students to iPad - not available
Organise your Class - Available. Allows teachers to organise display of class members; currently active app icon is superimposed on user profile picture. Dynamic groups by currently active app is pretty nifty, allowing teachers to address groups of users by what they're doing. Very handy in concert with things like Lock Screen - tap on all the kids messing around in Angry Birds, and lock their device!
Launch & Lock Apps - Available. allows teachers to launch and lock apps across the classroom. Handy! Locking to a specific app may also help turn devices into platforms suitable for e.g. tests/quizzes/exams.
Navigate to specific content - Available. Allows teachers to send the class to a specific web resource from their "favourites".
Push Content - Not in ZA; requires MDM.
"Screen view" - available. Can see what students have open on device. Handy for discipline issues in concert with Organise your Class.
"Lock Screen" - Available. Allows teachers to lock device screens. Cannot be bypassed without factory resetting the device. Can only be unlocked by the teacher that set it, whilst in range (as per Privacy, above).
In general, having the device in "supervised" mode is a good idea. Pending the introduction of DEP, this will require that each one is factory reset (or, if brand new out-of-the-box), connected to an Apple device with Configurator 2 on it and "adopted" to that configuration.
If you have an mac mini as a server (or own some MacBooks), this might do "double duty"with device provisioning using Configurator if you have fairly small deployments. If you have a lot of Apple devices to support, a dedicated machine in your helpdesk is probably warranted; it might serve as a secondary Apple cache in its spare time.
Krypted.com has a number of useful posts on using Configurator:
http://krypted.com/iphone/enable-device-supervision-on-ios-devices-using-apple-configurator-2/
http://krypted.com/mac-security/managing-ios-devices-with-apple-configurator/
You can also see a list of all the things they've written about under the topic of "supervision:
http://krypted.com/tag/supervision/
Really?
Sadly, Apple apparently views secrecy around things like planned roll outs as a "feature" that is "good marketing" - I think it's deeply anti-consumer and anti-planning. There's a vast difference between telling me that in, say 6 months time, they'll have an existing platform become available in my region, and a "fun" unveiling of the latest toy. People that sell Apple products must just love the embargoes and "Surprise! In three days, this goes live. Have fun" messages from Cupertino. As they move towards trying to be more "enterprise-y", they really need to carefully revisit such "strategies" - at least in parts of their portfolios. Corporate IT hates surprises. The only kinds of surprises I like are unexpected free cake and presents. I really don't like surprises that get me out of bed in the middle of the night, or force me to find even more space in my already full schedule because someone else's idea of "planning" doesn't have a lead time. I really hate being strung along on empty promises with no definitive timeline. I'm probably going to pick a product that is available (and testable) now if I have to choose, vs. something that might materialise one day (recall a recent Apple flavoured rant about vapourware).
Whatever tech you're reliant on, if being able to proxy L2 mDNS/DNS-SD records across L3 boundaries is useful, take a look at it; it does other things besides that, but the mDNS/DNS-SD proxy solves a lot of problems, fast; it's a few simple lines of config to turn the reflector function on, and add the requisite VLANs (which obviously your Avahi server needs to have access to; easy work with a VLAN trunk and an Ubuntu server).
I distinctly recall one of the universities in South Africa ran a flat /16 in production across their campus (most universities here have a /16 IPv4 allocation). It didn't end well, so there's definitely an upper limit on the size of a subnet which is sane; /24 is often too small for big WiFi deployments - I use several /22s - (I bet you have a few more than 252 student devices), but you may be able to break those down by user group and use RADIUS assigned VLANs (assuming your wireless vendor supports that - hint: use a vendor that does) to get them into the right, more sensibly sized, subnet. And leverage that in your firewalling and other access control systems.
Shared iPads
Shared iPads look like a handy feature for a fleet of "loaner" devices, but is not available in South Africa. You also need to have fairly large storage models if you want multiple users on each device - the basic 16 Gb models only support two, for example (urgh). This feature apparently leverages Profile Manager and may apparently be turned on before Apple School Manager - but is not here yet.Purchase Dashboard
The Purchase Dashboard, which requires VPP to work, and is not available here, but would likely form part of the launch/announcement of Apple School Manager. This may be fairly irrelevant if you don't intend to, or need to, site license software.Apple Classroom
The main part of the presentation discussed the "Classroom" app and its features (and noted which were and which were not available). In a pure iPad 1:1 or BYOD classroom, it presents some very compelling features for teachers. |
| An Apple Classroom teacher screen |
Privacy
It's interesting (and good, IMO) that Apple have taken a "privacy" stance on this feature - screen viewing and the other features of Classroom require that the teacher/presenter/instructor, who has pretty much full control over the device (read on in subsequent paragraphs), has to be in the same general vicinity as the teacher. This requires the use of Bluetooth to "verify" that the devices are "in the same classroom" - and of course "good WiFi". (I immediately thought "hey, I have a friend that has code to put Bluetooth over WiFi from his Masters project, that could be fun").My next thought was "wait, there is a range limit on Bluetooth". I have no idea which Bluetooth mode Apple's devices support (the chipset doesn't necessarily tell you the full story) - there are radio power variants (classes) which define the distance over which pairing etc. should work - in large lecture theatres, I suspect this won't work well; none of the variants support more than 100m distance.
What we also don't yet know is whether the teacher and pupils have to be on the same L2 network or not - far too much Apple kit assumes this is the case (I've not tested, and the presenter did not know). So yes, if you teachers have exceptionally large and roomy classrooms, fun times may ensue. Generally, most consumer bluetooth implementations are in the ~10m range. Rather few are the >10m away classrooms I've been in, particularly in primary schools (so this may not be a concern) - but plenty of lecture theatres are like that, though (sucks to be you, Higher Education).
Classroom features
Here is a list of the key features of Classroom from a device/classroom management perspective:
Organise your Class - Available. Allows teachers to organise display of class members; currently active app icon is superimposed on user profile picture. Dynamic groups by currently active app is pretty nifty, allowing teachers to address groups of users by what they're doing. Very handy in concert with things like Lock Screen - tap on all the kids messing around in Angry Birds, and lock their device!
Launch & Lock Apps - Available. allows teachers to launch and lock apps across the classroom. Handy! Locking to a specific app may also help turn devices into platforms suitable for e.g. tests/quizzes/exams.
Navigate to specific content - Available. Allows teachers to send the class to a specific web resource from their "favourites".
Push Content - Not in ZA; requires MDM.
"Screen view" - available. Can see what students have open on device. Handy for discipline issues in concert with Organise your Class.
"Lock Screen" - Available. Allows teachers to lock device screens. Cannot be bypassed without factory resetting the device. Can only be unlocked by the teacher that set it, whilst in range (as per Privacy, above).
Requirements
You're almost certainly going to want to see if your iPads meet the requirements for Classroom.In general, having the device in "supervised" mode is a good idea. Pending the introduction of DEP, this will require that each one is factory reset (or, if brand new out-of-the-box), connected to an Apple device with Configurator 2 on it and "adopted" to that configuration.
If you have an mac mini as a server (or own some MacBooks), this might do "double duty"with device provisioning using Configurator if you have fairly small deployments. If you have a lot of Apple devices to support, a dedicated machine in your helpdesk is probably warranted; it might serve as a secondary Apple cache in its spare time.
Krypted.com has a number of useful posts on using Configurator:
http://krypted.com/iphone/enable-device-supervision-on-ios-devices-using-apple-configurator-2/
http://krypted.com/mac-security/managing-ios-devices-with-apple-configurator/
You can also see a list of all the things they've written about under the topic of "supervision:
http://krypted.com/tag/supervision/
Good News, everybody! Apple now has control over the distribution channel in ZA.
The good news? Apple have taken over distribution of their own products in South Africa. This means they control the distribution channel, which is a pre-requisite for DEP and similar "let's do corporate IT right" features. Whispering on the ground suggests that we may see the official launch of DEP platforms and related tools as part of a "real soon now" batch of "four more countries" receiving some love from Apple on this. In September. Or March. Or September (or March ... or September... or March ... or September... *fade out echo*.... in line with typical Apple release cadence).Really?
Sadly, Apple apparently views secrecy around things like planned roll outs as a "feature" that is "good marketing" - I think it's deeply anti-consumer and anti-planning. There's a vast difference between telling me that in, say 6 months time, they'll have an existing platform become available in my region, and a "fun" unveiling of the latest toy. People that sell Apple products must just love the embargoes and "Surprise! In three days, this goes live. Have fun" messages from Cupertino. As they move towards trying to be more "enterprise-y", they really need to carefully revisit such "strategies" - at least in parts of their portfolios. Corporate IT hates surprises. The only kinds of surprises I like are unexpected free cake and presents. I really don't like surprises that get me out of bed in the middle of the night, or force me to find even more space in my already full schedule because someone else's idea of "planning" doesn't have a lead time. I really hate being strung along on empty promises with no definitive timeline. I'm probably going to pick a product that is available (and testable) now if I have to choose, vs. something that might materialise one day (recall a recent Apple flavoured rant about vapourware).
Healthy Paranoia
My advice as a result of that? Don't buy a single new iPad for corporate use until they formally announce the programme and the availability of DEP enrolled products in your country. In the US, you can retrospectively enroll iPads into DEP (as long as they're new enough) - but I don't know if this applies in countries where DEP has not been available historically (see third topic on https://support.apple.com/en-za/HT204142). I sincerely hope the general DEP enrollment switch was "thrown" into the "on" position of the production of all devices sold everywhere since the date mentioned in that article, but it's not necessarily so. But until you hear otherwise, it's healthy to assume that things are broken until proven otherwise. Hold off on that iPad purchase, if you can. And tell Apple you're waiting on their School Manager deployment - and in the meantime, considering other options...The Better News for us Right Now.
The better news? It looks like you might be able to persuade the features that are "kind of available" to work in ZA without buying a 3rd party MDM solution by cunning use of Profile Manager in OSX Server. I'm sure you already have one for caching...? One day realsoonnow I may get a chance to play around with this. You will of course need to put devices into "supervised" mode, which typically requires a "nuke and pave" and use of Apple Configurator in countries like ours which lack access to School Manager (again, your Mac Mini OSX server is an option if you haven't got other compatible Apple devices lying about the place). And there is even some Active Directory user provisioning that might just work out (yay).You'll basically need to set up your students and classes in Profile Manager and push those out to your managed iPads, and the features "available" in ZA ought to start working. At the moment, if you install the App, it will probably complain about not being configured; an MDM solution (or Profile Manager) is required to push this (enrollment in DEP would also let you do so "over the air", but no joy around these parts on that, yet).If you've not yet heard, AirDrop is broken right now
Apparently, many people are reporting that AirDrop is fairly broken in current IOS - apparently Apple have acknowledged this and ought to be fixing it RealSoonNow. I don't use AirDrop, but there were many knowing nods around the room when this was discussed.
Wait, you don't know about Avahi?
One thing I was surprised to learn is that relatively few people (including some offering iPad solutions consulting) knew about workarounds (dirty hacks IMO) to Apple's weird reliance on L2 network connectivity for things like AirPlay and AppleTV - namely Avahi. This means, for example, that one of our fellow schools in town has a flat Layer 2 network for all their wireless clients and Apple devices (both staff and students - across far more staff and students than we have). This post from another blogger discusses it quite nicely. I've not had to deal with it yet (we don't have any relevant devices), but I've long known about this solution to that rather significant challenge to "enterprise" deployment of Apple's all too often very "home-y/SOHO-y" tech.Whatever tech you're reliant on, if being able to proxy L2 mDNS/DNS-SD records across L3 boundaries is useful, take a look at it; it does other things besides that, but the mDNS/DNS-SD proxy solves a lot of problems, fast; it's a few simple lines of config to turn the reflector function on, and add the requisite VLANs (which obviously your Avahi server needs to have access to; easy work with a VLAN trunk and an Ubuntu server).
I distinctly recall one of the universities in South Africa ran a flat /16 in production across their campus (most universities here have a /16 IPv4 allocation). It didn't end well, so there's definitely an upper limit on the size of a subnet which is sane; /24 is often too small for big WiFi deployments - I use several /22s - (I bet you have a few more than 252 student devices), but you may be able to break those down by user group and use RADIUS assigned VLANs (assuming your wireless vendor supports that - hint: use a vendor that does) to get them into the right, more sensibly sized, subnet. And leverage that in your firewalling and other access control systems.
No comments:
Post a Comment