MSCLC – Managing Identities to Enable Creative Learning
Update: Managing Identities to Enable Creative Learning in the 21st Century
Speakers: Michael Morgan, CIO, Blue Water District School Board and Riyaz Lalani, Senior Account Manager – Education Sector, Microsoft v-TS, Itergy. Moderator: Greg Milligan, National Technology Strategist, Microsoft
Presentation Synopsis: How do you manage identities in the public or private cloud while keeping your infrastructure efficiently maintained and secure? Join Michael Morgan, CIO of Bluewater DSB as he shares his Board’s journey over the past year. You’ll hear how they now provision and de-provision users in a hybrid cloud environment. Mr. Morgan will also share the recent steps that Bluewater took to be able to offer automated password reset to their end users and what this change has meant to their IT team.
Riyaz introduced the session
ICT must be viewed as strategic asset to the board, viewed as Technology enablers
Opportunity for ICT to step forward in making an impact with putting in the necessary platforms, frameworks and applications to enable 21st Century Learning – driving down cost, improving business processes and efficiencies.
New projects need to meet one or more criteria’s.
Michael Morgan – CIO
Identity Management Journey
Self Service – Provide Self-Service Password Reset
Phase 2 IdM Automation
Phase 1 – 2002 Help Desk Tickets & Teacher password reset tool tickets per month, cost of about $45.00 for each password reset. Goal was to have 2/3 of passwords self-serve
How does it work? They use Forefront Identity Manager. Kids and staff can reset through a portal.
IdM Automation – Phase 2
Need Authoritative data sources (SIS & HR / Payroll) to drive automation into other systems.
Updates made to SIS & HR / Payroll drives updates to:
Active Directory – Stays Current (Automated)
Provisioning and de-provisioning
Student Account Lifecycle
- Provision – when the student registers at the school.
- Access Resource: Cloud Services, Group Management, Class Resources
- Password management: Forgot password, password expires
- Routine User Management – Demographic info update, Grade change, Suspensions
- De-provision: Relationship Ends – Retire the accounts, or put into a different state
Staff Account Lifecycle
– Very similar to the student account lifecycle
BWDSB saved over 900 man days when they automated staff and student account management.
BWDSB created a number of use cases (items that required a change) that can be shared.
Key Reasons for Identity Management
- User empowerment – self serve
- Preparing for the onslaught of one-to-one computing (BYOD)
- Consumerization (CoIT)
- Readiness for Cloud Services
Move to Panel Discussion
Moderator: Greg Milligan – National Technology Strategist, Microsoft
Michael Morgan, CIO, Blue Water District School Board
Phil Hicks, Supervisor, Infrastructure and Operations, Thames Valley DBS
Ron Plaizier, CIO, Kawartha Pine Ridge DSB
Phil – imaging, SmartBoard updates, consuming a huge amount of technician time, 1/3 to 1/2 of time. Implemented SCCM 2012 to automate and optimize application deployment. Using App-V to deploy applications. Now have only 1 person who deploys apps. Re-deployed how staff worked, instead of 30+ techs loading apps, OS, only 1 person.
Ron – Need to allow teachers to engage students in a world the students are familiar with. Planned a roll-out of 2700 teacher laptops in 18 months. However lots of pressure to do it faster. Had the schools take care of professional development, and using SCCM 2012, were able to deploy them in 2 months.
Michael – Moving to Office 365 allowed them to eliminate school-based servers. And especially since Office 365 was free.
Ron – implemented wi-fi in schools two years ago, opened up for student owned devices. 30,000 students, had 20,000 unique MAC addresses on the network within a few hours.
Michael – wireless culture, didn’t think about security right away, and this was a good decision. Everyone uses their wireless. Why build a corporate vs. guest network? Told the story about American Airlines employees using the guest network, instead of the corporate network. What is the good reason for having two separate networks?
Greg: What story would you like to be able to tell a year from now?
Ron: I’d like to be able to talk about how a year of Office 365 went for us.
Michael: Cloud service should enable our teachers, and how much have we optimized our organization. It’s easy to say “cut cut cut” but there are so many details in order to get there.
Do your students authenticate to the wireless network?
Ron: Our students authenticate to the wireless, yes.
Phil: Students authenticate yes, huge pressure to provide printing
Michael: Using NAC, page authenticates the student. Places them on the network based on their authentication provided. Created multiple networks, as they want to ensure the best service. ie. Guest has stronger filtering requirements. Principals and teachers might need something different. Can provision bandwidth appropriately.
Very interesting panel, got so intrigued, didn’t take nearly as many notes as I thought. Lots of great wisdom in their experiences!