Kristin School in Albany, Auckland, has around 1,700 students, ranging from kindergarten to Year 13. The school has a fleet of 1,400 PCs, of which almost 1,100 are laptops, and the school intranet allows students to upload assessments and have them reviewed online.
Students are introduced to a laptop programme when they start middle school, and are expected to buy a laptop for school and home use. The laptops are set up and maintained by the school’s ICT services department, which has ten staff.
For Jason MacDonald, director of ICT services, managing and updating the growing number of laptops was becoming a concern. MacDonald used Windows System Upgrade Server, but that system wasn’t enough for the school’s needs, especially when updates needed to be distributed quickly to all laptops.
“The students log on and off the network every 50 minutes,” says MacDonald. “So there is a lot of connecting and disconnecting. Our challenge was to find a tool that would allow us to deploy our software to [the entire] laptop fleet.”
He says it wouldn’t do to have security updates start in the middle of a class, slowing down the system, only to be cut off when the users disconnect to go to another class, and then start all over again when the laptops reconnect.
MacDonald wanted a solution that would help to maintain and manage the software, making sure that security patches were applied. He did some research and decided to go for Patchlink Update, a web-based security patch management software that supports the Microsoft, AIX, HP-UX, Solaris, Linux, Novell NetWare and Mac OS-X operating systems.
One of the main benefits with Patchlink is that the IT team doesn’t have to bring the fleet in to maintain it and do manual updates, MacDonald says.
“That’s a major consideration for us because we don’t have the size of team to support that, nor do we have convenient timeframes to bring all the laptops in to do updates.”
He says that education is becoming 24/7; the students want to be able to take their laptops home at night or over school holidays.
Patchlink is able to support what MacDonald calls “a bitwise type of transfer.
“If we are deploying [software or a patch] to a laptop and that laptop disconnects, Patchlink will continue where it left off when the laptop reconnects,” he says.
The system runs updates in the background, and the IT team can manage the amount of bandwidth used, to keep the impact on the network to a minimum.
“Patchlink also does a lot of security patches for many major software titles, and that’s really what made us more interested in this product [rather] than other products that do desktop management but focus more on helpdesk support,” he says.
The system was installed in April and MacDonald can already see reductions in the total cost of ownership for the fleet, mainly because less maintenance of laptops is now needed.
“Being able to automatically deploy a number of software titles that used to require physical installs has lowered the deployment cost significantly. We are also getting very good feedback from our customers on that process,” he says.
He says that the solution has enabled the ICT services department to do general upgrades in a way that used to be impossible from a time and resources point of view.
Previously, the process of upgrading was “quite disjointed”, he says.
“We tried to do small upgrades through [Windows domain] login scripts,” he says. “The antivirus application would do its own updates, and Windows would do its own updates, but then we had this big gap for everything else.”
The school also runs applications such as Adobe Reader, QuickTime, RealAudio and Firefox. MacDonald used to download patches from each vendor, build up the patch and then deploy it through the management tools. However, after all that work, sometimes he wasn’t even able to deploy the patch because it was too large to be distributed in the 50 minutes that the users were online.
“Now, Patchlink [manages that whole process] automatically for us, and it also pre-tests the patch. That gives me a huge reduction in terms of resources, time and cost,” he says.
There are other desktop support tools, some from major players, but they don’t manage the full security lifecycle, says MacDonald.
“Typically, you have got to manage your individual software titles, so even though those tools would do the deployment of the patch, you have got to build it yourself, whereas Patchlink does that for us,” he says.
In the future, users will be able to do updates and deploy patches around the clock, by connecting to the campus network, he says.
“We want to be able to manage patching, upgrading and quarantining in a way that will allow our users to continue with their work. [To do that] we need a tool that allows us to patch all the time, which means minimal interruptions to the users. And that is where Patchlink fits in really well,” MacDonald says.
Another benefit is that Patchlink has relationships with major [network] vendors and keeps itself informed about what is happening with network access control, he says.
“Looking forward, we can start doing quarantining and patch management either with Patchlink, with the network tools that we have, or with our Windows system. The solution gives us lots of options and I don’t feel like I’m constrained.”
The ICT department at Kristin School tends to do a lot of work inhouse, and MacDonald says there is support for that thanks to online forums and good documention.
Traditional firewalls and antivirus software are no longer enough to keep the network secure and patching has become very important, he says. There are constantly new threats coming up, like phishing.
“There are new security threats that are becoming an issue for us and to deal with that we are looking at things such as two-factor authentication, for example, using security chips and finger-print readers. But at the same time we need to make sure that those security tools don’t become a burden for our users.”
The ICT department will start evaluating what exactly is happening on the school’s LAN, to be able to better target security threats. Ongoing education of the students and also, in the future, of the parent community, is another measure to protect the network and keep the computers up and running.