Skip to content
Tags

iPads Everywhere – Managing iPads in an Education Enterprise Environment

June 25, 2012

William Morrison
Rapides Parish School District
52 schools
600 iPads in first year
A few classrooms are 1:1 with iPads

Note: Session to start at 8:30, but room was full at 8:10, so we started. People were here by 7:45 AM!

Policy & Faculty BYOD

  • All district owned are managed
  • Greatest risk is lost or stolen devices
  • Unmanaged BYOD devices are only allowed to access the guest network
  • To access district network, device must be managed
  • Important to have a written policy for faculty BYOD

How can we manage mobile devices?
Non-enterprise

  • Apple sync cart
  • Sync with single iTunes account OTA
  • Both have disadvantages

Enterprise

  • Apple Configurator
  • Mobile Device Management

Apple Configurator – Lion Server
Prepare Devices
Apple a one-time, standard configuration
Good for faculty/staff one-time configuration
Supervise Devices
Apply a configuration and then reapply after use
Good for shared devices, checkout, labs, etc.
Assign Devices
Configure devices for a specific user and keep backup of the user’s data
Good for one user using multiple devices
Disadvantages of AC
Prepared devices are easily reconfigured by users
Apps are tied to the computer from which they were installed, not an iTunes account

Mobile Device Management (MDM)
Brings enterprise management to iOS for managing configuration, security and apps
Apples supports third-party MDM servers
Absolute Software <;- Used by the presenter costs around $20 for three years per device
Meraki (free)
JAMF Casper Suite

Mobile Device Management

  • MDM Server
  • Over the Air Enrollment (OTA)
    • Install management app OTA that establishes connection to the MDM server
  • Apple Push Notification (APN)
  • MDM server send background signal to iOS device through the APN
    Maintains contact with device
    Configuration Profiles
    Push your configuration out to multiple devices

Configuration Profiles

  • Accounts
    Email, Wi-Fi, VPN, calendar systems
  • Passcode policies
    Require, complexity, age, failed attempts
    Security/Privacy
    Encryption based on passcode
    Restrictions
    Installing apps, Siri, Facetime, camera, screen capture

More Configurable Options
Application Restrictions
Disable YouTube, Safari, iTunes store, allow/deny specific apps
Set ratings for music, content, podcasts
Allow/restrict iCloud

Asset Management

  • MDM allows querying of devices
  • Device information such as iOS version, warranty, serial number, capacities
    • Some MDM systems allow custom fields such as asset tag number, group, organization, etc.

    Network Information
    Applications installed
    Volume Purchase Plan codes
    Plan your volume purchas/iTunes account structure

App & Data Management

  • Deploy in-house apps directly
  • Send suggested apps for users to opt-in
  • Manage Apple Volume Purchase Program codes and distribute them based on various criteria
  • Managed apps and data can be removed protecting personal data
    • Prevent backups of managed app data
  • Send web clips and documents to users

Lost or Stolen Devices
Issue remote lock
Send message to device
Remove configuration profiles
Reset lost/forgotten passcodes
Locate device on map*
Remote wipe

Other Management

  • Assign devices to groups for management
  • Monitor network access by IP
  • Smart reports – if device has not touched network in two weeks, flag it. Warranties expiring in the next 8 months

Side note – Network security guy takes care of this system. Presenter knows overview.

Security Considerations
For faculty/staff devices, require complex passwords
Enable erase data
Do not store open passcodes – use an app like Keypass or others to store passwords
Enable Safari security
Limit location services
Enable encryption where possible

Bandwidth
Restrict bandwidth on guest networks
All unmanaged devices connect only through guest
All student-owned devices connect only through guest
BYOD and mobile have not had a huge impact
Large high school with 800+ BYOD connections resulted in a +4mb bandwidth use

Recommendations
Deploy with Apple Configurator
Manage with MDM

During Q&A a “Sr. Apple Engineer” piped up, and indicated that a personal iTunes account is limited to 10 devices. But an Enterprise iTunes account can put the app on thousands of devices. <- When will this become available in Canada???

Advertisements

From → ATLE

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: