Main Nav

This question was asked 18 months ago by William from UTA, but without much in the way of an answer. The replies immediately went down a cloudpath rabbit hole, never to be seen again. Here is what William asked, and exactly the situation my team was put in today: "Does anyone have experience managing iPads for classrooms (where an iPad is given to each user and returned at the end of the course, only for the next class to pick them up)? I'm interested in how to manage credentials in an 802.1x environment (to ensure actions on the network are attributable to the user at that time). If someone has resolved this, I'd like to speak with them, we have instructors working on proposals." We have a 'no generic account' policy on our campus, and if it is possible we want all of our students to use their own credentials at the start of the class period with the iPads getting amnesia at the end. It seems that re-syncing them using the Apple Configurator or iTunes is the only way, but I wanted to check with the hive mind to see if anyone had some neat trick. Ideally it is a setting/template to be used, and not some MDM/onboarding solution. -Luke =-=-=-=-=-=-=-=-=-=-=-= Luke Jenkins Network Engineer Weber State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Luke, Our experience has been as follows (keep in mind we are a two person IT dept with 400+ K-12 students). After numerous conversations with an apple engineer, it appears that there is no reasonable (Configurator would take too long) way to reset the devices to ground zero state. We are using a Palo Alto firewall, with captive portal (Kerberos to AD accounts), to track any internet usage on the devices It seems pretty obvious that Apple expects everyone to purchase their own. Hopefully a bigger dept. can chime in and prove us wrong! Sincerely, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: +1.253.284.5465 | F: +1.253.572.3616 | Bob_Williamson@aw.org Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society.     
I do not know how difficult it is to manage the users, teaching them to navigate the iOS settings to delete the 802.1x profile as they return the iPad... but on the loaning side, autoconfig, cloudpath or even a mobileconfig profile should get users onboard quickly. I can tell you that in cisco land with a current controller revision it is possible to syslog the Radius authentication logging. We use Splunk, but rsyslog should also be useful if scrubbing the text logs for attribution data is not sufficient. I suspect Aruba and others might be similar. Randall Grimshaw rgrimsha@syr.edu ________________________________________
Might be betterr off using a non-802.1x network and you could have a easy timeout on some sort of gateway. Other than that there may be some sort of kiosk type software that will do that sort of thing on a schedule. ----- Walt Reynolds University of Michigan
Message from jjj.hooper@bristol.ac.uk

>
I did not know about the .mobileconfig expiration date/time, that is something I'll look into. The other solutions are also good ideas. I think a captive portal might have to be the solution for now. Thanks to everyone. I think a feature request with Apple is in order. Either 'forget network credentials on sleep' (with a 5+ minute sleep timer) or 'forget network credentials after x minutes.' -Luke
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.