Infrastructure as a Service

The Server-less School

With an open standards integration Platform as a Service (iPaaS) available, could we see the dawn of a server-less school?  What’s needed?

– An Identity Management (IdM) service with automated Systems Interoperability Framework (SIF) integration with a school’s Management Information System (MIS);

– A Shibboleth federated Single Sign-on (SSo) Identity Provider (IdP) service;

– A Zone Integration Server (ZIS) service.

The extent of ‘Cloud’ application services compatible with the iPaaS summarised above could negate the need for Local Area Network (LAN) hosted directory, file and application servers..?  If we can show that proxy and caching servers are also redundant, then we are well on the way to a server-less school.  What does this mean?  In short, this means less infrastructure and related hard, soft and management costs overhead, together with fewer things to go wrong when relying upon Internet access for teaching & learning. This approach also lends itself to a device agnostic Bring Your Own Device (BYOD) strategy.  The following image visualises this idea…

 

Future School

What is Shibboleth and the UK Access Management Federation (UKAMF)?

Shibboleth is an open source and standards based software package for web Single Sign-on (SSo). It allows software services and applications to make informed authorisation decisions for individual access of online resources in a privacy-preserving manner.

http://shibboleth.internet2.edu/about.html

In the United Kingdom, the UK Access Management Federation (UKAMF) provides a single solution to accessing online resources and services for education and research using the Shibboleth software.  Identity Providers (IdP) and Service Providers (SP) can register with the UKAMF by following a set of procedures and implementing agreed to policies.

http://www.ukfederation.org.uk/

The best explanation I have found so far about how Shibboleth and the UKAMF works is in the following video…

Reaching for the Cloud

BETT Show Michael PickettOn Thursday 12th January 2012 I had the nerve-racking pleasure of presenting Norfolk’s deployment of Google Apps for Education and Chromebook pilot from the Google stand at the BETT Show 2012.

This was Google’s first presence at the BETT Show and wow were they continuously packed! The stand was brilliant – an outdoor classroom theme with an awesome Google Science Fair smoothie bar – drinks served in test tubes!

Despite my nerves, enhanced by the packed audience and pointed video camera, I think that my presentation was well received – judging by the staying put of the crowd and queue of questioners afterwards. Well, the video evidence will either confirm or dispel this notion!

The expressions of intensified interest when I talked about Norfolk having the largest single domain UK public sector implementation of Google Apps – 148,000 registered users – were welcomed. Further err Googling suggests that this may well be the largest single domain deployment in the World!  More on this to come (hopefully) courtesy of a write-up by http://www.computerworlduk.com/.

Interest seemed to further swell as I talked about how Google’s open standards enabled us to sit Apps for Education over our standards based Cloud infrastructure with its core components including Identity Management, Shibboleth for Single Sign-on (SSo) and the Systems Interoperability Framework (SIF) for the secure and automated movement of data around the system.

If you are still interested then the following slides accompanied my presentation…

The quiet Google Apps and Chromebooks revolution

Over the past few weeks I have been assessing how best we can deploy and manage a set of Google Chromebooks to be piloted across a group of schools.  We already have an enterprise deployment of Google Apps for Education with approximately 130,000 users grouped into around 450 Organisational Units.  The entire user and organisational management is efficiently streamlined using the Systems Interoperability Framework (SIF); new users, transient users and leavers are all near-time captured through SIF making account management a breeze!

How does this work?  (1) The school Management Information System (MIS) is updated – pupils and staff intake, leavers, or changes – and modifications are transported securely via SIF and the (2) Zone Integration Server (ZIS) to the Identity Management (IdM) server.  Here users identities are matched or created.  (3) Then the identities are passed via SIF to the ZIS and then (4) on to Google Apps.

SIF Identity Management

Now here’s the cloud clever bit… Before deployment to your users, each Google Chromebook is registered with your organisation’s Google Apps domain using the management console.  Here you can define a multitude of policy options including which applications, or extensions, a user should, or should not, have access to.  Policies can be defined for different organisational units – pupils and staff, sales and marketing, etc. – and updated at any time.  Any user who signs-in in to any registered Chromebook will automatically receive the profile relevant to them.  Organisational Unit policy changes are automatically applied the next time a user signs-in, or after a set time period.

Chromebook Management

This is a fantastic example of how simple, powerful, efficient and cost effective cloud computing really can be.  No expensive domain servers to maintain and house.  No network intensive traditional roaming profiles.  Easy management from any place in the world with an Internet connection.  Flexible and mobile workforce and learners.

UK Government seeks a common infrastructure built on open standards

The UK Government’s Cabinet Office has announced a strategy to deliver real financial savings and efficiency gains through the agile implementation of an ICT infrastructure that will enable the reuse and sharing of our ICT assets.

In a move that is believed to reduce the high level of risk associated with large scale ICT projects, the infrastrtucture will build upon the successes of smaller projects that have transformed services through the use of common and open standards.  By encouraging and in some cases mandating the use of open standards, joining-up all of these pockets of smaller projects to form a supportive, comfortable and long lasting king size infrastructure mattress will be simpler.

Some key points to note:

The Government will push ahead with its agenda for data centre, network, software and asset consolidation and the shift towards cloud computing.

The standardised cloud platform will also allow developers, especially SMEs, to generate innovative solutions.

A common infrastructure based on open standards will allow for greater flexibility of policies and services delivered at lower cost and within a shorter timeframe.

The use of common standards can make ICT solutions fully interoperable to allow for reuse, sharing and scalability across organisational boundaries into local delivery chains.

The adoption of compulsory open standards will help government to avoid lengthy vendor lock-in, allowing the transfer of services or suppliers without excessive transition costs, loss of data or significant functionality.

Modern, knowledge-based service delivery underpinned by effective information architecture and open standards will support government to build more transparent, trusted and efficient information exchange processes.

Read more at http://www.cabinetoffice.gov.uk/content/government-ict-strategy

At Number 5 in The Gadget Show’s Top 5 Tech for 2011 is…

…Cloud Computing.

 

http://fwd.channel5.com/gadget-show/videos/top-5/top-5-tech-in-2011

Caught on camera!

We’re up and running now in Norfolk with our Virtual Data Centre which is hosting our Systems Interoperability Framework (SIF), Identity Management and Shibboleth Single Sign-on infrastructure… It’s all good 🙂 I’ve been in three or more minds as to whether I should share this link, but one of the minds clearly won http://www.globalservices.bt.com/LeafAction.do/Norfolk-County-Council/param/Record/Norfolk_County_Council_casestudy_all_en-gb/Context/Products/icid/gsproducts_direct_directtxt_Norfolk_County_Council_casestudy_all_en-gb.

Virtualising SIF

Well… It’s been a mad few weeks hence being a quiety on the blog!

We’re migrating our SIF, Identity Management and Shibboleth Single Sign-on infrastructure to a ‘virtual data centre’ – a kind of private cloud.  This will give us loads of confidence in terms of scalability, high availability, sustainability and total cost of ownership, as well as alleviating the strain of managing the hardware, OS and networky side of things.

It has meant that there is much interest in what we are doing resulting in case studies, media coverage and a spell for me in front of the camera, lights and action – oh and having make-up applied in front of the team :-S

Still, I’ve learnt a few things…  It doesn’t matter how well you know your subject, asked about it in front of the camera and even a thoroughbred Bable Fish will struggle to translate your ramblings.  And, should I ever acknowledge that the Johnny Depp Pirates of the Caribbean look does have its advantages, then I now have some make-up application training 😉

If the film team are magicians and able to cut and slice the vid into something that is not too career limiting – and if I am able to post it – it will be here at some point.

Electricity Cost Calculator

I’ve put together a crude spreadsheet to work out how much money per annum devices cost to run based upon watts and hours used.

(Right-click and select Save (link) as… to download Electricity Costs Calculator in MS Excel format… Google Docs version coming soon with Carbon Footprint output field 😉

How much ICT infrastructure does a school really need to manage?

Let’s just start with servers…

A quick tally of the number and types of servers a typical secondary school might have sitting in a dedicated, no doubt air-conditioned, room resulted in this visual…

School Server Infrastructure Today

School Server Infrastructure Today

And a few of the disadvantages of this approach might be:

  • Some poor soul has to keep all of these running and somehow manage stay an up to date expert across a wide-ranging set of server services.
  • Each server is most likely running 24/7/365 at an average of around 200 watts – roughly £2.5k per annum in electricity bills alone and that’s quite a smelly carbon footprint to boot.

Provider: Scottish Power (Tariff: Premier Plus online, London)
Rate: 11.252 pence per kilowatt/hour
Rate last checked: 10th Sept 2009

And that’s without going down the whole maintenance and replacement, licensing and support costs. Nor factoring in stuff like resilience and security…

What if today looked something like this..?

School Infrastructure Today?

School Infrastructure Today?

A few of the advantages might be:

  • High availability resulting in high teacher confidence in the ‘invisible’ ICT.
  • Much lower total cost of ownership – subscription based access to services that you need and when you need them.
  • Flexible – add new and remove unwanted services with ease.
  • More space – no more dedicated server room.
  • Sweeter smelling carbon footprint.
  • Access from anywhere and at any time 🙂

Yeah right… But how do people login to the network?

They don’t. Ideally they single sign-on (online) into the services that they have privileges to access. Look at how you can link-up your accounts on many of the popular web based apps like Google, Flickr, Twitter, Facebook and so on and on and on… In education terms this would most likely look like using the UK Access Management Federation and Shibboleth for single sign-on.

But the web isn’t advanced enough yet to support all of the teaching, learning and management tools, apps and services that we need!

Sure it is! Just check out my Delicious bookmarks for a sample… Also check out Johannes Ahrenfelt’s blog for even more ideas!

Okay… But how on earth do I keep all of these disparate apps updated with the relevant info about students and staff?

How do you right now? A combination of many different and often bespoke or proprietary methods methinks? The Systems Interoperability Framework (SIF) is a promising option for education services. Get involved!

Yeah but what if our connection to the internet goes down?

Get some resilience. A fail-over connection maybe? Let’s face it, with all of those servers a potential weak point, the chances are that your internet connection is far more reliable than you might think!

What do you really think? Some good debate around this is very welcome 🙂

PS Would we still need a proxy server if, as is likely, most of the web traffic is encrypted across Secure Socket Layer (SSL) (port 443 / https)?