Solving Common K-12 Access Challenges

虽然Mehlville School Districthas implemented COVID-19 remote learning like most primary schools, we’re also working on other initiatives to keep our students, teachers and technology systems safe. This includes using the exceptionally granular customization capabilities withinAruba ClearPassto solve common K-12 education problems.

Going beyond the default deployment

Upon deploying ClearPass about two years ago, we used it in the typical manner to consolidate many SSIDs into two – one internal and one guest network. Naturally, all district-issued devices automatically connect and authenticate based on device and user credentials. This includes our 1:1 Chromebook deployment for all 10,000 students as well as district-issued Windows and Apple devices for teachers, staff and classrooms, totaling roughly 17,000 devices.

Once we gained experience with the role-based solution, we began considering additional ways to leverage it. By establishing fine-grained custom policies, we discovered ClearPass eliminates much of the manual work around the following processes:

对所有设备进行身份验证，甚至BYO：By authenticating every device, ClearPass can identify classifications of BYO devices, based on username and password, and permit or deny access accordingly. For example, when a student logs on using their credentials with a device other than a Chromebook, then ClearPass classifies it as a student BYO device.

Limiting BYO Access:为了确保我们有足够的学术需求带宽并减少不良演员的可能入口点，我们使用ClearPass来拒绝BYO设备连接（包括在我们的来宾网络），除非该连接符合我们为成为批准目的而建立的标准。

一个例子是Google Expeditions，它是由需要智能手机的AR/VR设备启用的。使用ClearPass，我们创建了一个虚拟蜜罐，以允许访问探险，但不能访问互联网。当教师要求新的学习工具时，我们可以将它们添加到批准的选项列表中。此策略使我们能够以受控的方式允许BYO智能手机访问。

支持ing Healthcare Needs:类似于为了获得批准的课堂目的启用设备访问，我们可以使用ClearPass固定允许使用特定医疗保健需求的人使用的设备和应用。无论是不断监测血糖还是提醒人们服用药物，ClearPass都可以跟踪并允许所需的设备和应用程序。

Managing Inventory Efficiently:Despite having 17,000 district-issued devices actively in use, plus a few thousand more in our inventory as spares, ClearPass rapidly pinpoints any device we need to know about. In addition to searching by the default or custom attributes within ClearPass, the tool also searches information drawn from about a dozen other IT applications, such as our WiseTrack asset tracking system or our ZENworks Suite technology lifecycle solution. We’ve also set up various management reports that enable us to get a snapshot from ClearPass every 15 seconds.

消除流氓连接和移动热点：ClearPass also permits us to quickly identify, and disconnect, any Mehlville-issued devices that are accessing a rogue wireless signal, such as a home that’s broadcasting an open network near a school building. This also includes students who use their cellular data plans and personal devices to create a Wi-Fi hotspot, which enables others to connect and bypass our policies and protocols.

Helping us stay one step ahead

Let’s face it, people push boundaries and by using ClearPass, we’ve classified a host of details, such as using inappropriate terms as usernames and Mac randomization for attempting to beat blacklisting, to create granular policies, set alerts, restrict activities and automate searches. This helps us stay one step ahead of 10,000 students and over 800 employees while remaining within our lean K-12 technology budget.

Regardless of what becomes the “new normal” as result of COVID-19, we’re thankful we delved deeper into ClearPass and hope this blog gives you some ideas for doing the same.

Mark Frattois the Systems Administrator for the Mehlville School District, which serves 10,000 in the southwestern St. Louis metro area. Spread across 44 square miles, the Mehlville, Missouri district supports 18 campuses that including one early childhood center, 11 elementary schools, four middle schools, two high schools. During his decade with the district, Fratto has maintained various systems, including Mehlville’s 1:1 computing initiative for all students.在加入该地区之前，弗拉托（Fratto）是IT顾问。