Goal: effective network management of laptops, iPads and Android devices, for 1300 students and 200 staff; long-term sustainability.
Requirements: initial estimated budget of $500,000 (actual spend was closer to $600,000).
Timeline: the project took two years:
Year one: switch upgrades, firewall implementations, uninterruptible power supply (UPS), data/comms cabinets upgraded around the school and full server virtualisation to VMware — the school went from having over 15 physical boxes to just two rack-mounted servers.
Year two: blade chassis and servers, SAN, VMware licensing for Enterprise, wireless controllers and APS and air-con upgrade.
With every student in years 9 through 12 entitled to a netbook, it would have been very easy for network administrators to take a very closed-system approach. The fact that students can take these devices home, where there is no control over how they are used, creates many of the same issues that businesses face when they attempt to come to terms with employees bringing their own devices (BYOD) into the work environment.
The school will be implementing a BYOD program. (Credit: George Mattar)
"We decided that the netbook would belong to students, open and fully functional. They would be administrators of the local machine, so they were allowed to install iTunes, home printer drivers and whatever they desired, as long as it was legal and tasteful," said Mattar.
What made this possible was the deployment of VMware View 5 to enable the delivery of a standard operating environment (SOE) to all staff and students. Not only did this help IT support in terms of time management, but it's also a huge benefit to the students and staff at the college.
Netbooks are not very powerful machines, which students also found limiting. The Adobe suite, for example, would simply not run on a netbook, due to RAM and CPU limitations.
Using a controlled virtual desktop, the support team was able to deliver school-purchased applications to students, regardless of what physical machine they were running. It was even possible to run Adobe Photoshop (a notoriously resource-hungry app) from any machine, as long as it was connected to the network.
So successful were the initial stages of the program that the team has decided to extend it.
"We will be introducing a BYO-device program shortly, which will enable students to bring in iPads and Android devices," said Mattar. "These will be able to run Windows 7 and [other] school applications at faster speeds than an average netbook device. Not to mention the cool factor of running Windows on an iPad."
Students have been quite happy with this arrangement, and, as a result, support is relatively simple. They can either connect to their virtual data image (VDI) or they can't; if they can't, it's usually due to one of four reasons:
Hardware — warranty issues
Viruses/spyware on their local machine.
Administrators have created a self-recovery partition using Windows image recovery (with a helpful YouTube how-to video) that enables students to recover the OS without overwriting their data, should they experience any issues with their netbook.
The back end of Hampton Park's network system is built around seven Dell blade servers. Four of these are used for the virtual desktop — each blade is equipped with 512GB of RAM and four 12-core AMD CPUs. The other three blades are used as infrastructure servers, and feature 128GB of RAM and two 12-core AMD CPUs, running close to 50 virtual servers.
The server room (Credit: George Mattar)
Storage is handled by a three-tier SAN with SSD drives, SAS drives and SATA drives. The load, in turn, is handled by a SAN controller, which moves the most-accessed data to the faster disks and the least-used data to the slower (cheaper) disks.
The network backbone is made up of HP Procurve switches, delivering 1Gbps speeds to every wired desktop and 10Gbps to the edge switches, with a 1Gbps redundant link to these edge switches.
The Aruba wireless controllers have instant failover, should a controller die. With students only able to access network resources via wireless, continued availability of wireless became mission critical for Hampton. There are roughly 92 wireless access points around the school.
The school's firewall appliance gives operators granular control of the network, and allows administrators to keep tabs on which groups can access the internet, and which groups can access certain sites. The firewall is especially critical, considering the school's intention to allow BYOD.
The firewall is also used to block students from browsing the web on their local machine while at school. This forces them to use the virtual desktop for any school network functions (such as internet and printing). In this way, the school can control the SOE, and monitor what the students are doing during school time.
For network backup, Hampton chose an APC 15Kva UPS, with three additional runtime battery packs. According to George Mattar, this sits at a 61 per cent load, with just over one hour of runtime for the whole server room.
In the Hampton Park system, VMware View 5 is being used to manage and create the pool of virtual desktops. Meanwhile, Trend Micro Deep Security 8.0 is being integrated into the environment to protect the VM servers and virtual desktops.
Students can print to the school printer from home. (Credit: George Mattar)
VMware ThinApp allows administrators to package programs and then make them available as shortcuts for students, eliminating the need to include the actual programs in the base image. This keeps the image size down.
"Deploying VMware View 5 means that we can deliver a standard operating environment to all staff and students. We have also decided to let students access the school virtual desktop from home, so that learning can continue 24/7, not just during school hours. This means they have access to their network drives, school-licensed applications and they can print from home to the school printer. The print job is held in a queue for seven days, until the student uses their smart ID card to release the print job at any printer," said Mattar.
"Students have — as part of their VM — a preconfigured school email account, and we encourage them to submit all work via email to reduce the impact on the environment (reducing printing costs and paper usage).
"The best part is that only one person is required to deploy new software to up to 1500 students. We don't need to recall laptops from students in order to add new software, or roll out software remotely over wireless," said Mattar.
The final addition to the college's system has been Microsoft Lync 2010, which is on a trial basis with select staff. The instant-messaging capabilities of Lync will enable messages to be kept on file, to prevent situations involving bullying (students will, of course, be made aware that instant messages are being recorded). Lync also enables users to share desktops, or to hand over control, enhancing the learning experience.
Students have been quite positive with the introduction of this new technology, and, as a result, the college has been getting a lot of positive feedback from the students.
Administrators have been monitoring students connecting from home, and the number of users from day one has been much higher than expected — and that number is growing on a weekly basis.
Renewed life is given to old hardware; once the devices are connected to the VM, they are running at server speeds. So the school is using old PCs as thin clients that are running in Kiosk mode.
The hot box (Credit: George Mattar)
One of the main issues that administrators had to deal with was cooling. Even with the modest size of the installation, the server room reached 40 degrees Celsius at one point, with the existing air-conditioning system. In the end, the main cooling unit had to be replaced, and a special hot box was built with exhaust fans.
With its strict time schedules, the school also experienced performance issues caused by log-on and log-off "storms", as large numbers of students started and finished classes at the same times.
Of course, a major issue from the beginning was actually being able to afford the project. In the words of George Mattar, "We would not have been able to afford to do this without the injection of money that we got from the Federal Government."
Currently, there are roughly 1500 staff and student laptops in the Hampton Park College system. Administrators were surprised to find that during actual day-to-day operation, there would only be about 350 concurrent connections to the virtual desktop per session. This seems to indicate that most students are happy to take notes on their local laptop, and only connect when network access is required.
Some staffers have commented that not having internet resources available on the local machine has been great for many of the lessons. This has allowed teachers to go through their lesson plans in a systematic way, with students able to think about problems instead of just jumping on the web and Googling the answers.