Apple Macs and School Networks www.rmeducation.com/apple Table of Contents Introduction 3 Why we have written this paper 4 The experience of four schools 5 School A 5 School B 6 School C 8 School D 9 RM recommendations 10 RM configuration 11 What this means Appendix 2 12 13 Introduction With Apple technologies becoming more prevalent in schools, it is important that, as the Network Manager, you have all the information to hand to know how to implement and integrate these – especially when Apple Macs co-exist with an existing Windows infrastructure. We hope you find this guide useful, whether you are considering buying Apple technology or have already done so and are seeking technical information to ensure the adoption of this technology in your school runs as smoothly as possible. With reference to four case studies, we will outline some Apple network scenarios, highlighting the pros and cons of each. In the final section, we outline our recommended set-up and hope this allows you to select the best course of action to suit your school, taking into account considerations such as appropriate network infrastructure or selecting the most suitable option for saving students’ work. Why are Apple Macs becoming popular in education? If you are considering introducing Apple Macs into your school, it is worth taking a moment to consider why they are becoming popular in schools. Many of the schools we have spoken to are using Apple Macs for key subjects, including design & technology, media studies, art and music. Some of the most frequently used applications in the schools include: the iLife Suite, Final Cut, Logic and Adobe’s Creative Suite. Some schools are using Apple Macs as generalpurpose computers across their school and want to give students using Apples at home the choice to use them within school too. 3 Why we have written this paper Schools often purchase Apple Macs for use in specific departments. In all cases, the use of Apple Macs appears to have motivated users and represents an excellent solution for music, media studies and art. However, schools have made different decisions regarding the levels of integration that they want to undertake. They have been clear about what they are trying to achieve and agreed an approach to bring the greatest value to their school. In order that users experience optimal performance, Apple and other software vendors design some of their applications to save files locally on Apple Mac clients. The implication for users created with roaming profiles and networked home folders is that some applications will not launch or work optimally with this configuration. A few examples are: • Adobe® Creative Suite® • Apple iLife Suite (e.g. Garage Band and iMovie) What are the challenges working with large media files? These particular software titles are produced and tested for use on standalone machines only, not in a network environment. As such, they either will not run, or not run as expected over a network. When networked user profiles and networked home areas are introduced, some of the apps that create large media files either do not function or are unreliable. Performance and stability can also be compromised. Some terms explained When an application runs for the first time, it generates files that are placed in the profile folder ‘Library’. Some applications may not work if they detect that this folder is on a network share. Others will work but will not operate correctly as they expect this folder to react with the speed of a local disk. What are profiles? Profiles are folders of data created for each individual user, which contain user-specific data, such as the user’s application and system preferences (e.g. Desktop Wallpaper settings). Profiles can either be stored locally on the client for each user, or on a remote server. Network roaming profiles are profiles that are stored on a remote server and are accessed over the network infrastructure by any client when the user logs on. Network profiles are normally preferable to client based ones in schools as they ensure that a user’s settings and preferences travel with them, no matter which device they use. 4 network volume, or both. These areas have automaticallygenerated sub-folders to which most applications save to by default. The default folders created on an Apple Mac are: Documents, Music, Movies, Pictures, Downloads, Library (which is the Profile folder), Desktop, Public, Sites. Microsoft® Word®, for example, will have a default save location of ‘Documents’; iMovie will have a default save location of ‘Movies’. Media-intensive applications create large files that are resource-intensive. If these files are generated over a network connection, they are prone to performance delays and possible corruption and the resultant file is either unusable or is of poor quality (in the case of a movie, for example). This can also cause issues with network profiles and, as a result, cause long log-ins if the network backbone is insufficient to deal with the demand. What are home folders? The following pages describe the experiences of four schools Home folders are data storage areas created for each individual user. These can either be local on the client, on a that have introduced Apple Macs into their computer estate. The experience of four schools… School A School A is an Academy of 1,200 students and in line for a rebuild. This means that spend is constrained in this interim period. There are 60 Apple Macs, of which only 20 are networked. The full estate is 630 computers. What does this school want to achieve? School A purchased the Apple Macs principally for video editing, design & technology and music. The students often work in groups with two or three to a computer. Their mostused application is Final Cut. The decision to have Apple Macs was also driven by the desire for students to have experience of and exposure to Apple Macs in school, due to the prevalence of Apple Macs outside of school. Decisions the school has made to support their main usage School A is currently working in a period of assessment with Apple Macs. Their decisions, therefore, are based on a desire to gain experience and determine which areas they need to re-evaluate in the future, such as set-up, on-going management, back-up, storage and archiving strategies. For this reason, they’ve kept their set-up small and controllable. They were also very conscious of potential impact on their Windows network, so the decision to keep them separate was to ensure that this didn’t impact normal business. School A’s original intention was to use the normal My Work areas to store video, but as they were using the Apple Macs for HD video editing, the size of the files would be too large for users’ My Work areas. The school is now using the Apple Macs on a separate network and users authenticate through an Apple server, picking up IP addresses via DHCP on the Community Connect network. New users are created manually on the Apple server when required, based on a list provided by the teachers. This means that students are not able to use their Community Connect log-on when using the Apple Macs. As they are saving work locally on the Apple Mac desktops, it also means that they have to use the same Apple Mac station each time and students try to do this for the duration of a project. If they do not, they have to synch work centrally and then have a long log-on, as all their work will have to synch to the new station. The school uses an external device to back-up the data on the Apple server, but data that only exists locally is not backed up. For flexibility, the school originally purchased MacBooks for use in the music department, but they have now replaced those with high-performance standalone iMacs, as these provide a better solution due to their larger screen size and greater peripheral support. The school chose to go for a simple solution, because they recognised they did not currently have the technical experience with Apple Macs to support a complex integration with Windows, which may have required additional outsourced support. Any other usage? The MacBooks at School A are a bookable resource. As there were concerns about users leaving data on them when they were returned, they are now reformatted after each use. This means users are personally responsible for saving their work in a suitable place before they are returned. The saving of work will happen automatically via a synch as they log-off, but they must log-off properly to achieve this. Pros & cons of the approach Pros Cons Starting small, so able to use the opportunity to learn what works with the programs they want to use and the current infrastructure. By having a separate network for Apple Macs, students are able to save faster. This restricts users to using the same machine each time to access their work. The back-up is performed separately from their normal regime. Any data that is only stored locally will not be backed up. Users must authenticate separately to access their Community Connect home areas on the Apple Macs. MacBooks are ‘clean’ when being booked out. Responsibility for saving completed work as part of a proper log-off rests with the users. However, this can also be viewed as a benefit, providing lessons of the importance of maintaining their own data. 5 The experience of four schools… School B School B is a 1,000 student secondary school with a media arts specialism. There are 60 Apple Macs in an estate of 560 computers. Of the Windows workstations, 200 are traditional desktop PCs and 300 are thin clients. The school uses Community Connect network management tools to manage their network. The Apple Macs are networked and used as both regular Apple devices and thin clients, depending on what students are working on. What does this school want to achieve? only using 65TB of the capacity. This requirement has also driven the decision to ensure that all of the Apple Mac created work is part of the central back-up regime. The school wants to support a broad use of Apple applications, particularly in the creative subject areas to support their specialism. School B has also provided staff and students with clear guidance on how to use the Apple Macs. The media, art and music departments are the key users of the Apple machines. Favoured applications are iMovie and Final Cut Express, but many others are used in different departments. The school also uses a wide array of peripherals, including HD video cameras, digital microscopes and network scanners. When accessing the Apple workstations for media studies work, the students are provided with separate usernames and passwords using Community Connect user management (e.g. Username: Yr10_Gp3_Project4). These are used by individuals or groups of students to access work on specific projects over a wired connection. The creation of separate usernames and passwords overcomes several issues: Decisions the school has made to support their main usage • Project work is often done in groups and no student has to share their normal network password with the group. School B has made two main decisions – one relating to how they spend their budget and the second on how the Apple Macs are used. School B has focused spend on the network backbone, server and storage infrastructure, while reducing spend on the Windows client hardware. By repurposing older workstations as thin clients, they have continued to be able to support the requirements of departments, while at the same time releasing funding for other areas – most notably, a 10Gb backbone, 1Gb links to an Apple server and a 20Mb Internet connection. They have also invested in high spec Windows servers, which are virtualised and have a maximum storage capacity of 200TB. They are keen to ensure that all the intensive and time-consuming media work is properly backed up, although they are currently 6 • The home area for these users is located on the Apple server and is often project specific. These two conditions speed up the log-in process; firstly, as the connection to the Apple server is 1Gb in these rooms; and secondly, the project-specific log-ins reduce the log-in time, as only the current project is synchronised at log-in. Older projects on the same log-in can also be archived to minimise log-in times further. • Working in this way prevents one student’s Community Connect network quota being eaten up by large media files. (They can use 40GB on the Apple server, compared to 2GB for their home folder on the rest of the network). When accessing Windows applications and resources, the students use the Apple machines as thin clients. Logins are short and all applications are available from the terminal server. Work is saved to home or shared areas as normal. The experience of four schools… School B Any other usage? Some applications look for a local home area on Apple clients and will not run if they do not detect this. For these applications, the school applies individual tweaks, so that they will run with a network home area. These customer tweaks may be vulnerable to being overwritten by future operating system or application version updates, but work well currently. Students and staff are able to borrow MacBooks for use outside school. On these occasions, the user copies their own home folder to the laptop, so that it is available while they are offsite. This can take some time (5-6 minutes), but students and staff are aware of this. Where possible, they borrow the laptop they used previously, so that the synch time is reduced, but acknowledge that this is not always possible. Pros & cons of the approach Pros Cons All students can use Macs to log-in to Community Connect home areas. All work is backed up centrally. Cost of investment in backbone, server and SAN to facilitate this. Logins are quick and users are able to work in groups. Additional usernames have to be set up to have separate home areas for media students, so extra effort and liaison required with individual departments. However, this also has benefits. All home areas are on the network. Applications which are designed to save locally have to be tweaked to facilitate a network save. Information on these tweaks is gleaned from technical forums on the Web. When applications or operating systems change, these tweaks will have to be tested and updated, which could prove very difficult and time-consuming. Such change may not be supported by either Apple or the software supplier. 7 The experience of four schools… School C School C is a secondary school with around 900 students. The school’s main network is Community Connect and they have a small Apple network of 30 stations. Of the 850 computers in the school’s estate, approximately 500 are laptops with only a few of these being Apple Macs. What does this school want to achieve? School C is keen to use Apple Macs mainly for Key Stage 4 and A-level students in media studies and music. The most frequently used applications are iMovie, Garage Band, Pages and Keynote. The school also uses two main peripherals: web cams and camcorders. Decisions the school has made to support their main usage School C has taken the decision that all students will be able to access their Community Connect home areas from either a Windows or an Apple Mac computer, but that certain work will be saved locally. School C has a 100Mb link between the Apple Mac desktops and the Apple server and 1Gb between the Apple server and the Community Connect server. All students are able to log on to the Apple Macs using their Community Connect passwords, but the school encourages them to save all video work locally to avoid performance issues and to reduce log-in times. Students therefore have to use the same Apple Mac in each lesson. All other work can be saved in the Community Connect home area as normal. School C investigated a solution using an Apple server to get iLife (including iMovie) and Final Cut files copied there, so that work was not saved locally. However, the primary purpose 8 of this is now only back-up, due to the level of bandwidth required to support this mode of use. The network team insists that students regularly back-up the contents of the Mac folder to the group share on the Apple server, where they have 1TB of storage. If the server fails, the content is on the local machine or if there is a local hard disk failure, then the data can be restored from the Apple server. The Apple server is backed up as part of the school’s server back-up regime. School C encourages students to save files as per the requirements of the application, and also encourages them to back-up their work to the Apple server. Students are trained on how to save their work during their first sessions using the Apple Macs. Each Apple Mac has a drive in excess of 300GB, so School C has not had any storage space issues yet. School C would like the current solution to have a better backup solution, which is less reliant on the users. Pros & cons of the approach Pros Cons Students can use their current username and password. Students have to remember to back-up their work manually. Students have to use the same machines for each session. Students are able to use iMovie, iLife and Final Cut from the local machines. The local Apple Mac stations may need to have work archived over time, when disk space is exceeded. The experience of four schools… School D School D is a new build academy with over 1,000 students of years 5 to 18. The computer client estate comprises 600+ Apple Macs, comprising iMacs and MacBooks. They have Community Connect for user management and a further server to house additional services, such as cashless catering and follow-me printing. In addition to this, they have six Apple servers. All the iMacs are connected to the network over 1G links and the Apple servers are connected with consolidated 2Gb links. What does this school want to achieve? The school was keen to implement Apple Macs as part of a visionary statement to support the school’s ambition and desire for innovation. They are used in all subjects by both teachers and students. The iLife suite is a key set of applications, but a wide variety of general curriculum applications are used. Decisions the school has made to support their main usage Originally the school made the decision to use mobile user home drives on all of the Apple Macs, which automatically synchs all user data at log-on and log-off. This was to support applications that required a local home area for saving (e.g. the iLife suite). The consequence of this was unacceptably long log-ins, even with the 1Gb link from the desktop to the Apple servers. This was due to the very large quantity of data that was being copied to and from the servers at the start and end of each lesson, when large number of users across the school were all logging on or off at the same time. School D has now switched to normal network log-ins. Teachers are configured with a local profile on their own MacBooks, but students are prevented from saving anywhere locally on the shared MacBooks and iMacs. All users have a drive mapping (mounting) to their network home area on the Apple server. For applications that support saving directly over the network, these save directly to the Apple server and most applications can be used in this way. Login times are now acceptable. This solution does not work well for some applications however, including iMovie and Final Cut, which need to save locally. The project files can be as large as 5GB and so can take a long time to copy down and back-up again at the start and end of a lesson. The school is now investing in 30 500GB USB portable hard drives, for those students that need to use iMovie and Final Cut and take their files with them. The teachers maintain a list of who has signed out a portable hard drive. Students are still able to backup the content of the portable hard drive to their network home area, but they recognise that this may take some time and so do not backup every lesson. All work on the network is backed up as part of a central backup regime, which will include data the students have manually copied to their network area from the portable hard drives. However, the whole school backups are a significant size, with multiple TB of data requiring to be backed each night. The school has recently started making more use of Adobe Creative Suite and 3D printing technologies, so expects the demands of data storage to continue to grow. Pros & cons of the approach Pros Cons Students can access and save to their network shared areas from any computers. Cost of implementing the 1Gb links to the iMacs. All servers are part of the central back-up regime. There is a considerable amount of data that needs to be backed-up. The devices are motivational and work well for all departments across the school. Some applications are not used due to saving implications for students. Good log-in times. To make use of applications, such as iMovie and Final Cut, they need to use portable hard drives. 9 RM recommendations RM recommends that in the majority of cases Apple Macs are set up to use local profiles and local home folders for all users of the Apple Macs, as this is typically the best way to ensure that all applications will work in a way that is supported by the software suppliers and Apple. In some cases an alternative configuration may be more appropriate, such as standalone computers with generic user accounts. Please contact us to discuss the best approach. Network integration is still possible, and network home folders and shares can be made available as part of the solution, the caveat being that users have to be configured to use local profiles and home folders as a default. To facilitate copying work, we recommend connections to network home folders are created. These can be to either a Windows or Apple server network home folder, and each should be configured to be regularly backed up. With this configuration, for each client device that a user logs onto, be it an iMac, Mac Pro, MacBook etc., a new user profile will be created including a local home folder. If a user saves files locally on one client and then moves to another, the files will not be automatically available on this client. Or if a user makes preference changes to an application on one client, these changes will not be available at another client, unless the user re-configures the changes. Where a school is using a suite of Macs, we recommend a dedicated printer in the room to serve these. The printer should be configured to use Bonjour network discovery where available. Where a school is using mobile devices or where there is a room with a mixed suite of Apple and Windows devices, the Apple devices should be configured to use the Windows server print queues. 10 RM configuration RM has created a script that works together with some network policies to provide the user with the following recommended desktop experience: The folder highlighted in green is the ‘Mac Network Home’ stored on the Apple server. This is an additional home folder, which should be used as the primary network storage location while using a Mac, as it provides a fast connection using the native AFP file protocol, and is available on all Mac clients when a user logs on and utilises the storage of the Apple server. This is only appropriate where your network has either a Mac Pro or an existing Xserve* as a server. The Mac mini server is not recommended as a server to hold large media files, as it lacks in performance, storage space and resiliency. The Shortcut highlighted in red is to the ‘Windows Network Home’. This connection is to facilitate the access/usage of files that are required and compatible on both Windows and Apple platforms, e.g. Microsoft Word documents. In a Community Connect network, this is the same location that students access via My Work and their N drive. The folders highlighted in brown are the local user profile (‘Library’ folder) and the default save locations for most applications. When producing resource-intensive files, such as those generated when creating a movie in iMovie for example, the local folders should be used to save the project/files. Once the project is complete, it can be copied in its entirety to the ‘Mac Network Home’ folder to facilitate back-up and subsequent access to these files from an alternative device. *See appendix 11 RM configuration What this means In order to help ensure as many applications as possible will perform well on a mixed network infrastructure of Windows and Apple clients, we make the following recommendations. Windows Network Home Folder (Roaming) Mac Network Home Folder (Roaming) Network User Logon Local Home Folder & Profile (Per client) Networked Apple Macs should be set-up to use local profiles and home folders for network users. Therefore, files will not be automatically stored centrally and users will need to manually copy projects or files to their network home folders. This will ensure that users’ files are available for central back-up and for access from other computers. An alternative option is to copy these files/projects to USB portable hard drives, although careful consideration will need to be made on how to manage these devices. Users can be encouraged to use the same client within a given classroom to avoid profiles having to be created at log-on, and to avoid having to re-configure any local preferences they may have changed. Once a user has logged-on to a given client, the profile is permanently stored on that client. The primary network user home folder is called ‘Mac Network Home’, for which a shortcut can be found on the user’s desktop. The files stored locally on a client are not backed-up or synchronised automatically in this solution. Users need to be 12 instructed to copy any projects that they need backed-up or made available on other clients to their ‘Mac Network Home’ folder. Over time, the number of local profiles stored on an Apple Mac will increase as multiple users log on. Eventually this will result in the need to clear these profiles. We recommend that this is configured as a termly or yearly task. Although this solution puts the reliance on the students to copy files back to the network shares and, as such, increases the potential risk that students may lose data, some schools have recognised an educational benefit to this approach. It teaches students the importance of managing their own data; a potentially important life skill in both in the work place and at home, where they may not have the facilities to automatically back-up their own work for them. RM is working to improve this solution in the future to provide a better user experience that reduces the risk of users making manual errors. Appendix Apple Xserve Mac mini Mac Pro Apple has discontinued the Xserve hardware platform. If you are looking to purchase a Mac server, you now have the option of Mac Pro or Mac Mini. The Mac mini servers are normally only recommended for solutions of 50 Mac computers or less and where no storage of user files is required on the server. Mac Pros are recommended for larger solutions, and where users will be saving large files from applications, such as iMovie. The most suitable server for your school is dependent upon the proposed scale of your solution (including consideration of future growth). If your solution is on this scale and is not likely to grow beyond this, the Mac mini could be a good choice, but may not be suitable for storing large media files. Both of the Mac mini and Mac Pro servers can be supplied with the Snow Leopard Server OS. More details about Apple’s transition away from the Xserve are available at: http://images.apple.com/xserve/pdf/L422277A_Xserve_Guide.pdf 13 www.rmeducation.com/Apple © RM Education 2011. All trademarks and copyrights of third-party products herein are acknowledged. Apple, the Apple logo, iPod touch and iPad are trademarks of Apple Inc., registered in the US and other countries.