Cloud Mobile Device Management Delivers For Schools & Partners
Through the use of cloud-first technologies and modern deployment methodologies Cyclone have supported Christchurch Girls' High School through a significant device upgrade to Windows 10 over the Christmas 2017 break. This was achieved through using the full suite of services included i n the Microsoft Schools Agreement with the Ministry of Education and driven greater efficiencies for Cyclone and reduced costs for Christchurch Girls ' High School.
This week I caught up with Stefan van der Busse from Cyclone to learn more about the company's latest school deployments and how their continued focus on cloud technologies is assisting them to deliver faster and more affordable system upgrades for their education customers. Stefan talked specifically about Christchurch Girls' High School Te Kura o Hine Waiora (CGHS) and the upgrade from Windows 7 to Windows 10 over the Christmas 2017 holiday break.
When Cyclone first engaged with CGHS there was a very traditional network in place, with on-premise Active Directory and Group Policy managing the school owned Windows 7 fleet with no device management platform at all. Stefan's goal was to increase the visibility of these devices both on and off the school network and therefore the plan was to move the school towards a cloud-first Modern Device Management (MDM) approach. The Microsoft technologies used in this deployment were:
- Microsoft Intune
- App-V
- Windows Analytics
- Azure Active Directory (AzureAD)
- Including Automatic MDM Enrolment as part of AzureAD P1
- Seamless Single Sign On
- Windows Updates For Business
- Microsoft Deployment Toolkit (MDT)
- Office 365 2016 Pro Plus (Click-to-Run)
Why Use Modern Cloud Deployment Technologies?
Historically, Cyclone have used reasonably custom deployments for each school they managed and had planned towards standardizing deployments to increase efficiencies and reduce costs for the schools. Over the Christmas 2017 break they had a number of school sites that were looking to upgrade from Windows 7 to Windows 10 and this presented the perfect opportunity to co-ordinate a hybrid-cloud approach to deployment across multiple sites.
CGHS alone had 60x staff laptops to be replaced in January (TELA), with a further 200x desktop machines around the school between January and April and 100x HP Stream laptops that were effectively 'unmanaged' with local administrator users and were being replaced with Lenovo N24 laptops. Upgrading over 350 machines represented a significant amount of work, where typically a systems administrator would be on site at the school building a custom image based off the required applications requested by the school.
Cyclone briefly considered implementing Microsoft SCCM into the environment to manage all of the school devices, however quickly opted to use a hybrid approach with more cloud technologies for the following reasons:
- It was more in line with the Ministry of Education and their clear strategic push towards schools leveraging the cloud more effectively.
- Cyclone could reduce costs by not using SCCM as there would be no need to deploy a local server and the associated overheads with running and maintaining the environment.
- SCCM requires considerable technical skill sets to manage effectively and Cyclone has been strategically focusing on Microsoft Cloud Certifications for their engineers as a priority over traditional on premise infrastructure.
Planning For A Successful Upgrade:
This was the first foray into using Windows Analytics by Cyclone and they opted to deploy this via Microsoft CSP, provisioning an OMS workspace into Christchurch Girls' High School Azure tenant. Allowing shared visibility between Cyclone and the school into the status of the machines needing upgrading introduced a new level of transparency for the school. Using Upgrade Readiness the team at Cyclone had full visibility into the school devices and could easily see which were still on Windows 7 and, for the handful of devices that had previously been upgraded to Windows 10, they could see which version of Windows 10 was running. This level of reporting made it easier to sign off completion of the upgrade when all devices were on the latest version of Windows 10.
[caption id="attachment_9765" align="alignright" width="1024"] An example of the Upgrade Readiness dashboard as part of Windows Analytics[/caption]
Furthermore, the ability to see various drivers on the devices and identify ones that were causing issues provided a pathway to quicker resolution of issues during the upgrade as technicians could then physically track down any remaining 'troublesome' devices that needed manual intervention.
"Moving forward, our goal will be to use Windows Analytics and Upgrade Readiness across all schools as part of our standard deployment practice. This will allow us to reduce costs and reactive support calls by proactively targeting and resolving any issues on specific devices" – Stefan van der Busse
In addition to Windows Analytics, Cyclone used Microsoft App-V for the first time. This is a form of virtualization where applications are 'containerized' when deployed:
Microsoft Application Virtualization (App-V) can make applications available to end user computers without having to install the applications directly on those computers. This is made possible through a process known as sequencing the application, which enables each application to run in its own self-contained virtual environment on the client computer. The sequenced applications are isolated from each other. This eliminates application conflicts, but the applications can still interact with the client computer.
App-V is provided at no cost as part of Windows 10 Enterprise or Windows 10 Education (compare features here) which is available to schools under the Ministry of Education Schools Agreement. Cyclone now deploy the Windows 10 Education SKU as the standard operating system into all of their managed schools. Stefan explained the motivation to use App-V in these schools as allowing them to:
"Dynamically control consistent application deployment to the right people, at the right place, at the right time."
For example, a student studying music can be sitting in the music tuition room accessing specific course related music applications on a school desktop machine but could equally be using a school laptop in the common room or outside on the lawn and have the same experience on either device. Conversely, if another student who was not studying music logged into the same machine after the music student had signed out they would have no access to the music applications. This degree of dynamic application control provided by App-V delivers real and immediate benefits to Cyclone in terms of saving time and money spent previously on creating base images for schools.
Essentially, Cyclone is now able to create a standard barebones image that will suit most schools and through using App-V they only need to sequence and deploy applications once and know they will be running the same version across all school sites they manage. Stefan shared the example of Sketchup Pro, a product licensed for schools by the Ministry of Education, by packaging and sequencing this with App-V it can be opened in a virtual container across any school on any device using the provided licensing information. Cyclone can now use their growing catalog of pre-packaged applications in App-V and supplement this with a school's unique applications as required. This significantly reduces the amount of work required by a technician customizing a deployment for each school.
Seeing The Benefits Of Cloud Management:
For Christchurch Girls' High School the benefits of this new cloud-first approach has been immediate. One of the biggest benefits is seamless sign on across multiple educational cloud platforms through the implementation of AzureAD P1 and Seamless Single Sign On, which now enables students and staff to use a single set of credentials and a tailored CGHS user experience to sign into:
- Office365
- G Suite
- Wheelers eBooks
- AccessIT Library System
- ClickView Video Library
- Education Perfect
- Moodle Learning Management System
With Seamless Single Sign On, students only need to enter their username and password when logging into Windows 10. Seamless SSO then authenticates the user to any of the integrated services, regardless of browser choice (Internet Explorer, Chrome, Opera & Firefox).
What’s next?
From the perspective of the Cyclone team, this is only the beginning of leveraging cloud-first technologies to drive efficiencies and reduce costs for schools. They have only touched the surface of the feature sets of Intune, using largely the automatic enrolment into AzureAD to drive device reporting in Windows Analytics and have already identified features they will use Intune for in their school management.
Cyclone plans to further refine their Windows 10 deployment service, making it accessible to all of Cyclone’s managed customers across the education sector, ideally without the need for any on-premise infrastructure or investment. Stefan explained:
Our end goal will be to equip our engineers with a standardized USB key that can be inserted into any internet connected device, which will then boot and connect to Azure Web Services back ended by an Azure SQL Database for acquiring site specific deployment decisions at install time . This will be particularly important for schools that Cyclone are supporting to reduce on premise infrastructure investment and leverage cloud service .
Clearly, this will lower both the cost for schools through reduced hardware on premise, but also the overheads for Cyclone in terms of managing different schools by standardizing on a single, consistent approach.
My Perspective:
This is a great example of a System Integrator recognizing that the management of Windows devices is changing significantly, as Microsoft pivots towards increasing use of cloud-first MDM technologies. Future releases of Windows 10 will have even greater management capabilities in Intune and this will require all IT administrators to re-think their traditional standard deployment methods of local on-premise domain controllers, with Group Policy and Active Directory as the primary means of managing devices.
As the students and staff at CGHS have experienced first-hand, starting with a cloud identity in AzureAD opens up seamless single sign on to a wide range of other cloud services providing a simpler experience and faster access to learning tools in the school. Perhaps most importantly, it's also driving down costs for the school as their IT partner can leverage greater levels of automated device reporting and remote management through these services.