King Edward VII School

From Schoolforge-UK

Contents 1 The School 2 The People 3 The problem 3.1 Unattended 3.2 WPKG 3.3 Auto IT 4 Other software 5 Future Projects 5.1 LTSP 5.2 Wine 5.3 Meta VNC 5.4 Google Mail 5.5 Moodle

The School

King Edward VII School (KES) is a 11-18 school with 1600 pupils and 200 staff on two geographically separated sites linked by 100Mbps fibre.

The People

Chris Johnson

has 14 years experience in IT in the public and private sector and 7 years experience of working in education, both in the primary, secondary and further sectors. Having spent 4 years as IT Consultant to the SE Sheffield Education Action Zone Chris held the position of Network Manager at KES for the period June 2005 - June 2006. Chris is now the Deputy Network Manager (the Network Manager has returned from her maternity leave) and is ably supported by the school's in-house Linux guru...

The problem

(one of them anyway)

The school has around 500 PCs and laptops running Microsoft Windows XP and 2000. The school has invested substantial amounts of money in subject specific software that doesn't yet have an equivalent that runs under Linux. We need something that will reliably and consistently install the operating system and software on new and existing PCs to a known standard to minimise the possibility of human (technician) error.

We looked at MS SMS server (used by other local schools) and commercial products like Alteris as used by one of our local universities (Sheffield Hallam) but neither of these fitted our budget. A quick search on google brought up the following products:

Unattended

This software allows us to install the PC operating system over the network. It also allows us to apply security patches to the OS automatically. The big difference it makes is that once the computer's name, operating system and drivers are stored in a database (MySQL) all referenced by its MAC address the whole installation is completely unattended. Having set all machines to PXE boot the PCs display a menu with the options "local boot" or "rebuild". Rebuild requires a password. If the user knows the password the PC can be reinstalled with no further input. Unattended will install software packages but we decided to leave this to WPKG which gives us more flexibility for chosing which software is installed and when upgrading.

Note

The way we use this software the PCs are automatically put into the active directory in the "computers" OU. Once the build is compete we manually move the computer object to another OU where the group policy invokes WPKG.

WPKG

This software can either be run manually at the command line on the PC or, as we do, as part of the group policy for the machine. It checks for software packages in a profile associated with each PC name and installs any software not currently installed. When used in the group policy this can happen after boot up and before the user logs in. Where supported the installation is done silently with no visible windows or dialogue boxes for the users to click cancel.

Auto IT

For the applications which will not install nicely from the command line (eg Macromedia Studio 2004) we use Auto IT to create a scripted install. This does display the dialogue boxes etc on the screen and users can interfere with the install process but as we tend to install most software in labs that are not currently being used this is not an issue.

Other software

We also use other open source and free software:

IRM

We use IRM to track all our technical support jobs. Its not the best job management system but its the only one we could find that has a decent built in inventory system to allow us to track jobs against particular pieces of hardware. We had previously used Mantis but this was designed for tracking software bugs and had no hardware options.

PS Tools

From Sysinternals

VNC

We use various versions (historical reasons) of this software to remotely control PCs around the school. As we now have WPKG working all new PCs will get a standard VNC installation. This is likely to be either Tight or Ultra VNC. We are about to start using VNC Scan to manage our VNC sessions which although not free or libre only costs $49 per administrator. We have not yet found a OS solution that allows us to view multiple scaled VNC sessions, power PCs on and off remotely, reset VNC passwords, blank screens, and install VNC remotely.

LAMP

We have a selection of servers running a selection of OS software providing web services as well as dhcp etc.

Nagios

This monitors our servers and switches aqnd printers and pesters us by email when things aren't how they should be.

VMWare Server

This allows us to use one of our more powerful servers (Dual Xeon 8GBram) more flexibly as we can run multiple servers on the one box allowing us to trial software and sevices without having to dedicate a box to each project. The server host OS is 64bit Gentoo Linux. There are a host of prebuilt VMWare "appliances" that can be downloaded for free from the VMWare site.

Mediawiki

We are moving our departmental documentation over to the wiki. We are also starting to use the wiki as a means of communication rather than emails so that the usual round of "update on project x" emails and their responses are avoided and all the replies and updates are in the wiki.

Endian Firewall

Based on IPCop but with lots of extra features this GNU/Linux distribution provides firewall, web content filtering, spam filtering and management, virus filtering (http and pop), caching and extensive reporting. We have found that a desktop P4 2.4Ghz with 512MB ram (spec tbc) is not enough to provide web content filteringing for all 1800 users on our 500 PCs with this solution with the

IP Cop

We use this GNU Linux distribution as our firewall. Content filtering is currently provided by squidguard on a separate box where we have 2 different proxies setup for staff and students.

OpenOffice.org

Is installed by default although we still use Microsoft Office as well. As we use WPKG to install the software it doesn't impact on the amount of time we spend installing it. We intend to run a study to identify which users actually require a paid for office solution so that when the school next comes upgrade we have data to show what will offer teh school the best solution.

The GIMP

Is installed by default on all PCs. Currently our Art department are not keen on it although we suspect it is because they are not familiar with it rather than because it doesn't do what they require.

7-Zip

Is installed by default on all PCs.

Firefox

We don't yet install Firefox onto users dektops as we have not had time to investigate how to lock down the settings to prevent the users bypassing the proxy servers we use to monitor access and protect pupils from inappropriate content.

Future Projects

LTSP

We believe choice is important so we are looking at adding an option to the PXE boot up menu to allow students to run Linux via a thin client session using LTSP. We trialled this last year (2005) with help from Skegness Grammar and Handsworth School but ran into problems giving the users access to their home folders. As a result of this we postponed the release until we had a fix for the problem which was caused by the way home folders were shared on the Windows server. We have plans to change the way home folders are shared this year to allow LTSP to work with access to users folders.

Wine

We will be looking to see how many of our windows applications will run under Wine so we can upgrade PCs currently running Windows 2000 to a free OS where there is a performance benefit.

Meta VNC

This version of VNC allows just the application window rather than the whole desktop to be viewed remotely. We are hoping this will allow non MS Windows applications to be used on Windows workstations.

Google Mail

With 2GB of space per user, excellent spam filtering, batch user creation, a great web interface and someone else looking after it all for nothing this is a solution most schools should at least consider. You can now get your google mail interface branded with your own logo and have your own domain name for email addresses (as opposed to gmail.com or googlemail.com)

Moodle

Moodle is one of three VLEs we will be looking at trialing. The other two are Dokeos (formerly Claroline and A Tutor).