website stats
September, 2008 - Microsoft UK Schools blog - Site Home - MSDN Blogs
The UK Schools Blog
News and views from the Microsoft UK Education Team
Home    index of content      about this blog     rss feed     email us     our website

September, 2008

  • Microsoft UK Schools blog

    Information Security – more, but not yet enough, advice from Becta


     The Becta Information Security advice page for schools has been updated, and they provide a more detailed document (Keeping data safe, secure and legal) which goes further than their previous advice, but not yet far enough. In fact, if you take the report at face value, you’re going to lock up your registers, and wait for the next set of reports!

    First, the good news

    This latest update is a step towards clarity – helping us all by being clear about what precautions are needed to ensure that data is kept safe (and that this advice applies to data in whatever format – whether it’s on a computer, or written on a piece of paper).  This guidance will get to the top of your senior leadership priority list pretty quickly. The Becta document talks of the various management roles responsible for information security, and then goes on to say…

    FirstquotesAlthough these roles have been explicitly identified, the handling of protected school data is everyone’s responsibility – whether you are an employee, consultant, software provider or managed service provider. Failing to apply appropriate controls to protect this data could amount to gross misconduct or even (lead to) legal action.Endquotes

    And now, the bad news

    Implementing these Becta Information Security guidelines is going to take a while, and a level of technical understanding of what must be done. In fact, given the statement on page 7 “All education ICT systems must be classified for the highest level data processed by the system and automatically labelled at the corresponding level”, it means that you’ve got to assume that almost all of your systems, and all of your staff, are handling highly secure data (in Government-speak “IL3-Restricted”). And that this therefore involves lots of changes to the way you handle, transport and allow access to your school’s pupil data. In stark terms, it says on page 5:

    FirstquotesUntil new technology or enhancements to your existing ICT infrastructure can be put in place, you are likely to need to make operational changes. These may mean that certain types of sensitive data may no longer be accessible away from the school in the short term.Endquotes

    The next set of Becta guides, not yet published, will hopefully spell out what classifications of data need to be protected by which mechanisms - see below. The current advice is almost ‘lock everything down folks’, and that’s not sustainable in the long term. But certainly, if you have a member of staff taking sensitive data home on their laptop – like special needs records, or other sensitive information on a pupil – then you need to take immediate action to safely remove the data from their laptop, or fully encrypt that data and/or their laptop. And if you have remote web access to your MIS and Learning Platform, and it’s not protected by the little SSL padlock in Internet Explorer image, then you’ll need to urgently review/change your systems.

    The guidance covers keeping data secure whilst in school, and on your ICT systems, and also how you must ensure that the data are appropriately labelled encrypted, stored and disposed of. (Eg all documents and screens displaying protected data need to have labels showing that the data is protected, and must be securely destroyed after use). The 6 key bullet points from page 7 of the Becta document are below:


    And finally, more good news

    The Appendix A of the Becta Information Security report is called “Quick wins for data handling compliance”, and I’d recommend taking a look at that (and passing it on up the chain!).

    And there are more documents coming, which will contain really specific, practical advice. According to the current document:

    FirstquotesThere are four accompanying good practice guides:

    • Impact levels and labelling
    • Data encryption
    • Audit logging and incident handling
    • Secure remote access. Endquotes

    Although they are not yet published by Becta, there’s more to come soon – and hopefully these guides will be the ones that spell out specifically what information falls into the different categories, and how it needs to be protected. For example, is a class list something that should be protected by IL-2 or IL-3 mechanisms? And what are the defining bits of data that moves it up from IL-2 to IL-3. For example, is a Special Needs statement automatically IL-3, or IL-2 until it has medical info attached?

    What do you need from us?

    There’s some obvious advice we’ll issue, as soon as the four further guides are published – eg encryption and remote access. But what other advice do you need from us, to help you respond to these guidelines? And at what technical level? Comment now, as what you say now will set the direction of the conversations I’m having with our Government security guys…

  • Microsoft UK Schools blog

    Creating my first Photosynth


    Today, I’m in London, and inspired by Alan’s IT Suite Photosynth yesterday, I thought I’d have a go. And I am astounded at how easy it turned out to be.


    I took my photos of Westminster Cathedral, which is right outside of our office. Just before you say “But that’s not Westminster”, then re-read the last sentence. It’s the Roman Catholic Westminster Cathedral, not Westminster Abbey.

    Before I first worked in Victoria Street, I had no idea that this impressive building was a few hundreds yards from the Abbey. It is well described on its website: “Westminster Cathedral is one of the greatest secrets of London; people heading down Victoria Street on the well-trodden route to more famous sites are astonished to come across a piazza opening up the view to an extraordinary facade of towers, balconies and domes.”

    Anyway, I stood in front of it, and kept taking photos – 103 of them – including close ups of the statuary, and the left hand-side of the building, and then loaded them into the Photosynth software. I didn’t have to tag them, or arrange them, or shoot in any particular order – it did all of the work. And after about an hour (analysis, upload and display time, I guess) that was it – a 3D model of the cathedral was made.

    You can see a snapshot of a part of it on the right, and you can see my whole synth here.

    I tried a few tricks, to see how they would work:

    • Walking in the left-hand door, and you can too, but the lighting made it impossible to take photos inside - LINK
    • A close up of the notice board by the door – LINK spot the bargain!
    • And a view around the side, with a close up of the mosaic over the door – LINK

    I was astounded at the “3D dot” model it created, as it is an amazing trick from a few photos!

    Have a go at Photosynth yourself. I think this whole model took less than 30 minutes of my time (plus the background uploading)!

  • Microsoft UK Schools blog

    Information Security – it’s not black and white


    I’m continuing to read the new Becta guidance documents on Information Security, and think about the consequences. After a few discussions with people, and comments from others here and elsewhere, I thought I’d try a to create a visual way of understanding where we are. This is by no means definitive, and it might be wrong. But it’s an attempt to simplify all of the guidance down to a simple picture of what is and isn’t allowed with the current guidance, and to highlight some of the things in the grey areas. Hopefully the further guidance we’re expecting to come will narrow down some of the grey areas.

    Updated 19th September, with input from John from Bolton (see comments). The “reds” are growing!


    My picture has three areas - “green” for good things; “red” for definitely bad things; and “grey” for those areas where it just isn’t yet clear. (Some of which are bound to turn “red”!)

    Let’s make this a community thing – what else do you think is missing? What do you think is in the wrong place (according to your reading of the guidelines)?

    Read my previous post “Information Security – more, but not yet enough, advice from Becta

    For more about Information Security, take a look at all the related earlier articles

  • Microsoft UK Schools blog

    Information Security – all the guidelines are out


    And, boy, do they take some reading. We’re rocketed from ‘worry, but I can’t tell you why’ to ‘this is what you should really worry about’, in a mere 125 pages. How does that make you feel?

    For the minute, if you want all of the specifics on the Becta Data Handling guidance, you’re going to have to take a look at all of the documents on the Becta website, and work your way through them as though your job depended upon it. That’s exactly what I plan to do with a small group of others from the business, starting later this week!

    But, in the meantime, here’s my take on the big headlines:

    Impact Levels

    Appendix A, in the “Information Handling – Impact Levels” document is one of the first to deserve a look. It lists the different examples of data types, and the required authentication according to the Government requirements, and what kind of external access is allowed. If you look at Impact Level 3 data, you’ll see that it mandates two-factor authentication for teacher remote access to a learning platform or MIS system. As far as I know, there aren’t any Learning Platforms in the Becta approved list that meet that criteria, so I guess we’ve got a big shake-up coming on that front.

    Now, if we can provide that easily on SharePoint/Learning Gateway systems, then that’s a quick win for you – because you can enable it for your Learning Platform, and MIS, and other systems all in one go. I know that SharePoint isn’t being used by everybody, but it’s probably now a majority of schools and local authorities



    The good practice guide for “Data Encryption” (54 pages of good practice – definitely no skimping on detail or Mb here!) has some specific pointers. You will need to read (and re-read!) the guide to work out what it means in your situation, but there’s some direct instructions, eg:

    Page 3: “Users may not remove or copy sensitive or personal data from the school or authorised premises unless the media is encrypted and is transported securely for storage in a secure location”.

    Helpfully, it goes on to warn It should also be noted that the use of encryption – installing and configuring additional software on every teacher’s laptop as well as new Authentication Tokens, SSL and perhaps SSL accelerators and logging technology – is not only time consuming but also requires a change of culture for all users. Awareness of the sensitivity of data – whether electronic or on paper – must be part of every school's duty of care to staff and pupils. At least it’s clear that these rules apply to paper and electronic data.

    And, just in case you were thinking that you had time to get your ducks in a row, on page 4, in section 2.1 it says:

    Note that if your school does not have encryption now, you should stop all copying, removing or accessing protected data until you have software to encrypt files and protect the communication links accessing this data.”

    In Summary?

    For those of your responsible for the ICT systems in your school, here’s my simple four point summary of what this all means. (You’ll have to read the 125 page detail for more!)

    • Students need username, password and SSL for remote access to the Learning Platform (SSL=the Internet “padlock”)
    • Staff will need username, password, SSL and a second factor (like a smartcard) for access to school systems remotely.
    • MIS data can’t be allowed on teachers/managers laptops.
    • Computers that may contain sensitive data should be encrypted, whether or not they leave the school.

    Oh, and my simple diagram (below) in my “Information Security – it’s not black and white” post was a pretty good forecast!

    And finally (ITN style!) the Data Encryption guide has 54 pages, because it contains a 29 page guide to installing TrueCrypt, an Open-Source encryption tool. “29 pages?” I hear you ask. Well, yes. Because it starts with this dire warning:

    “TrueCrypt is a free open-source encryption software package for Windows Vista/XP, Mac OS X, and Linux platforms. Issues have been raised with the high level of complexity of the user interface and configuration processes for typical users.
    There is a significant probability that inexperienced users will cause irrecoverable damage to their machines/data during the installation process.”

    I’m guessing that things like Jerry Fishenden’s guide to using Bitlocker to secure USB memory sticks, suddenly look simple!

  • Microsoft UK Schools blog

    What Photosynths would help your teaching?


    How about something to help your teaching colleagues. Now that you know what Photosynth can do, are there any places that you’d really like a Photosynth of, to use in a lesson?

    I’m currently sitting at a desk between the marketing managers for Health and Government, and I’d be happy to ask them to get one of their customers to create a synth. But what would be useful? What other types of Photosynth would you want? Although I don’t know them all, I bet I could find somebody in Microsoft who deals with organisations that would have interesting buildings or locations for Photosynthing.

    Here’s some ideas:

    Add your thoughts by adding a comment, or dropping me an email, and I’ll see if I can get some going…

  • Microsoft UK Schools blog

    Shift Happens UK download


    It's been quite a while since I posted up the UK Shift Happens presentation,and UK Shift Happens download. For some reason, whilst checking the pages this evening, the server seems to be having a problem with the page. So, to ensure that everybody can still get it, here it is all over again:

    Shift Happens is a brilliant PowerPoint presentation, which has a strong message for educational audiences. It works as an opener for conferences or events where the future of education and learning is under discussion, or where you want to provoke a discussion about learning.

    This version is the UK version of Shift Happens, modified from Karl Fisch's American original to reflect both a UK context, and designed specifically for an audience of people involved in the UK education system.

    • Karl Fisch, of Arapahoe High School in the US, conceived and created the first version of this presentation for a staff development day. And published it on the web via his website. He released it and gave permission for others to modify it under a Creative Commons licence.
    • Scott McLeod modified it, to make it more relevant to an audience in a wider context. And published it on the web with a Creative Commons licence
    • After conversations with Karl & Scott, I modified Scott's version to include UK-relevant content (it was quite US-centric)
    • And then Jeff Brenman, of Apollo Ideas, applied the creative design to Scott's version. And published it on the web via SlideShare where, incidentally, it won the competition for the "World's Best Slideshow"
    • And finally, with Jeff's permission, I modified his with the UK context. And published it on the web 
      This Shift Happens download has become one of the most popular resources for people searching for the Shift Happens presentation, and especiall the Shift Happens UK Version

    There are two versions available here:

    • For an easy to use version, then download the movie which includes the soundtrack - then you can embed it into your PowerPoint presentations or play it directly in Windows Media Player etc
    • Alternatively, you can download the PowerPoint presentation, which can be modified as you wish.

    Right Click and "Save Target As..." to download either file

    If you modify this version, and following the norm of the Creative Commons Licence, we’d all ask that you share it on the web too, so that others can benefit.

    Update: Since the original version created by Karl Fisch, over 4,000,000 people have seen his presentation on YouTube alone! Karl has posted a very detailed reflection on the content on his blog, which analyses the sources and his original intentions for publishing. Some of the sections/slides he refers to aren't in this UK version, but there is very interesting comment from him worth reading if you are interested in looking into the presentation more deeply.

  • Microsoft UK Schools blog

    Jersey e-Learning Day


    Yesterday I went to (not so) sunny Jersey, where the roads are narrower than my rural broadband pipe! Although I was only there for 24 hours, I got to see the whole island – mainly as a result of the air display, which forced me to return to the airport via the “long” route.

    It was a great day, with lots of good presenters and presentations, and I really enjoyed listening to all of the speakers.

    My humble contributions are below.

    For the first time in months, I used the Shift Happens presentation, because most of the audience hadn’t already seen it. It was a relief that nobody else used it before me – the last couple of conferences I went to started with the conference chair saying “I don’t know where this came from, but I wanted to share this video I saw at another conference” – and then I sit through my own presentation; and also have to go off and change my presentation, because I obviously can’t use it twice!

    The presentation that I gave, themed around “The New World of Learning”, is below – of course, it’s not the same without the story that goes with it, but yet again I forgot to take my Zoom H2 recorder to make the soundtrack. Next time!

    imageimage The conference was hosted at Grainville School in St Helier, which has a fantastic recent entrance and set of ICT suites. Unlike all new school buildings in England, it doesn’t have an atrium (go Jersey, show your independence from the current atrium-fetish on the mainland!)

    What it did have was a fantastic art installation in the foyer from one of the students. I couldn’t resist create a Photosynth of it, because it was truly astonishing – a massive white cross, adorned with barbed wire, and surrounded by a sea of ‘blood’ – created by Demi-Lee Thompson

    Sadly, for the minute nobody in the school in Jersey will be able to see it – the Jersey broadband service has filtered Photosynth out! Hopefully somebody there will be able to add it to the safe sites list.

    I’ve also heard that other education broadband providers have filtered out Photosynth – which seems really bizarre, when you consider the content. If you’re Internet connection has it filtered, add a comment to this post, saying which provider you have, and we can all see if there’s a common thread!

  • Microsoft UK Schools blog

    Making sure you buy the right version of Windows


    With the news this week on Information Security guidelines for schools – and the obvious need for encryption on teachers’ laptops from now on, I think it would be timely to remind you how to ensure that you buy the right licences for Windows Vista – so that you get the licences for BitLocker, which is a government certified encryption system built into Windows.

    BitLocker is automatically included within either Windows Vista Enterprise, or Windows Vista Ultimate editions. If you are buying Windows Vista Business or Home editions, then you need to take some action. Under all circumstances, you first need to buy a computer with Windows on it.

    If you know which scheme you use to buy your Microsoft licences, then this’ll be easier!

    • School Agreement customers
      If you buy your licences under the Microsoft School Agreement (you pay an annual fee for your software, and you simply count how many PCs are in your school) then you need to read no further. You are automatically licensed for either Windows Vista Enterprise or Ultimate upgrades. BitLocker away…
    • Select Licence customers
      You buy a computer with a Windows licence, and then upgrade to Windows Vista Business by buying a Select licence. (Lots of people do this because it is one of the cheapest ways to get Vista Business edition – often cheaper than buying a PC with a Windows Vista Business licence pre-installed).
      You need to take action to ensure that you get BitLocker, by buying the Software Assurance option. This is a 1 or 3 year agreement, a bit like a software maintenance agreement, that gives you a bundle of benefits, including the automatic right to upgrade to Windows Vista Enterprise (and therefore BitLocker).
    • You buy a computer with Windows Vista Business or Vista Home
      You need to contact your Microsoft reseller and buy Software Assurance for Windows Vista. This automatically gives you rights to run the Enterprise edition, and therefore run BitLocker. You only have 90 days to buy this after you’ve bought your computer!

    But what happens if I’ve already bought Windows Vista licences, and haven’t bought “Software Assurance”

    Okay, unless it hits the 90-day rule above for a new PC, then you can’t go back and retrospectively add Software Assurance. If you’re in this situation, then you are going to need to get new licences, and use your old upgrade* licences on computers which don’t need encryption – like ICT suites and student laptops. Most schools are regularly bringing in new computers, so you shouldn’t be up the creek.

    And you may have to bring in new laptops for your teachers anyway, as it is likely that the laptops will need to have additional capabilities to enable encryption (like TPM chips)

    You can read more about Software Assurance here – look at the bottom of the page for “How to get Software Assurance”

     * If you buy your Windows Vista Business licence as an upgrade on our academic licensing schemes (Select/School Agreement/Campus Agreement) then you can transfer your upgrade licences between computers. If you buy a licence with your computer (normally known as an OEM licence) then it's fixed to the specific computer. Moral of the story: Not only is it normally cheaper to buy a Volume Licence version of a Windows Upgrade, it is also more flexible.

  • Microsoft UK Schools blog

    Running out of space/power for your servers?


    Just one of the things on head teachers’ minds these days is the budget gap created by rising electricity and gas costs. Some schools talk about 150% increases, and the knock on to other school budgets could be immense. And ICT is surely playing its part in the increase. Since 2002, the number of computers in a typical school has doubled, and with that more power-hungry servers have also arrived (a typical rack-mount server might have a 700 watt power supply).

    So it makes sense to think about your power consumption. I’ve written before about power-saving on your desktop/laptop computers here, but what about servers?

    One of the easy wins is to plan your strategy for virtualisation – reducing/restricting the number of physical servers you need in your server room, and giving you more flexibility in your ICT infrastructure. To be honest, we’re probably in the foothills of the Virtualisation Alps, which is why it’s a good time to build a strategy.

    There are a pair of education case studies worth looking at, to compare others’ strategies:

    Kentucky’s virtualisation strategy

    The Kentucky Department for Education run 900 servers on behalf of their schools – 200 in a data centre, and 700 spread across their school system. They found they were each running at typical 10% of capacity, because they had dedicated servers for each task. By deploying virtualisation (they were lucky to be on our early adopter programme for Windows Server 2008 and Hyper-V) they estimate that they’re going to reduce their physical servers by 60%, reduce data centre space by 50%, and reduce power use by 25%.

    And their goal is to reduce any downtime by building in redundancy – ensuring that there are less interruptions to learning across the schools. And then to enhance their disaster preparedness as a result.

    Warwickshire’s central virtualisation hub

    The education team’s ICT Development Services started virtualising applications to better support their 250 schools. Their model uses a delivery model of applications served from a central hub, to give them network and device neutrality – so that users can connect to applications from anywhere on the Internet, not just within school. Not only does it save cost, and reduce hardware costs, but they have also seen that it can enhance data security rights across the system.

  • Microsoft UK Schools blog

    Churchend Primary School goes virtual


    John Hardstaff, from entrustIT, dropped me a line to let me know about the changes that Churchend Primary School, in Berkshire, have made to their ICT system recently. The first quote from Nic Allen, the school’s ICT Co-ordinator was so typical of the low-level frustrations experienced by some schools:

    FirstquotesIf ICT is to be a key resource then it must just work - without the reliability and consistency problemsEndquotes

    With their permission, here’s the complete story from the team at entrustIT, and Churchend:

    A new approach to ICT at Churchend Primary School

    FirstquotesChurchend is a leading primary school in Reading, Berkshire. It is a medium sized primary with approximately 60 KS1 and 150 KS2 pupils. The school has recently been awarded National Support School status.

    In the summer of 2007, in response to problems the school was experiencing with reliability of their ICT, Churchend decided to undertake a root and branch review of ICT provision. While the staff at Churchend felt confident using IT and had the necessary skills, the systems often let them down. In particular, the ICT equipment was perceived to be unreliable, inconsistent and problem resolution was slow. These challenges were undermining the enthusiasm of both staff and pupils to use the ICT at Churchend.

    Churchend set out on a path to maximise the benefit from ICT usage across the school. As Nic Allen, Churchend’s ICT coordinator says, “If ICT is to be a key resource then it must just work - without the reliability and consistency problems”. Access to ICT needed to be dramatically improved, particularly in the classroom, to give pupils the opportunity to use it in the majority of lessons.

    The school began to explore alternative means of achieving reliable ICT provision, which would also allow a step change in availability of resources and enable pupils to use the school's suite of software from home.

    Eventually, the school chose to pilot entrustIT’s Education Desktop hosted IT solution. This is a fully managed IT solution for schools, specifically designed to address the major challenges in school  ICT.

    The system provides 24x7 access to a school’s ICT infrastructure for both staff and pupils - whether working in school or from home. In school, the system allows the school to increase the PC to pupil ratio, usually without any corresponding increase in funding, and to increase the availability of ICT services by reducing the amount of downtime and maintenance.

    The entrustIT solution provides:

    • support for pupils, teaching staff and administration staff - including provision for remote connection from any internet enabled location (e.g. from home) with full access to the school’s IT
    • secure data management, disaster recovery and malicious threat protection
    • full email server capabilities and diary management / scheduling
    • shared drives and folders and central storage of school data
    • management and support service releasing school staff and budget from IT management issues
    • centralised deployment, licensing and management of software
    • managed internet access, protecting pupils from unsavoury content and securing online communities from outside contact.

    And the verdict? “The system has greatly improved the way that the teachers work and the children have thoroughly enjoyed working on the desktop at home” says Allen. “The children can access their school environment from home and many regularly communicate with each other using the emailing service. The teachers can prepare and place the work in a shared folder that all children can access and can use SharePoint so that the children can click through to web sites rather than have to type in lengthy web addresses.”

    Now, ICT is reliable and consistent – so much so that IT has become ubiquitous across the entire curriculum – and Churchend have decided to roll out the system across the whole school.Endquotes

    Churchend school are talking at entrustIT’s free seminar here at the Reading Microsoft Campus on 25th September from 9:30am-2:30pm. Email Bonami to register for a free place, or look here to find out more about the event.

    You can find out more about the entrustIT products and services on their website

Page 1 of 2 (14 items) 12