Managing Anytime, Anywhere Access to Windows and Mac Apps at USC Engineering

Students in the University of Southern California's School of Engineering no longer need to crowd into busy computer labs to access the specialized software they need. The school has implemented remote access to both Windows and Mac software, so students can do their work from anywhere using their own laptops. And they can access both platforms with a single user account, so the school's IT team doesn't have to manage separate Windows and Mac user profiles for thousands of engineering students.


These days, students come to university expecting to be able to access software anywhere, anytime from their own devices and computers, according to Michael Goay, executive director of information technology for the engineering school. While the institution has had remote access capabilities for Windows software for some time now, students who needed to use Mac software — such as Xcode for developing OS X or iOS software, or Adobe Creative Suite –– had to squeeze into a busy Mac lab at the school or purchase the software themselves.

Both of those solutions were problematic. Xcode and Adobe Creative Suite are too expensive for most students, and the computer labs had limited availability. "We have a number of computing labs that are also used as classrooms, so in between classes they are open to students who need to do their homework or projects," said Goay. "The trouble is, given that the number of classes and enrollments continue to increase, those spaces in the computing labs are pretty much fully subscribed."

The school could have built more Mac labs, but that would require additional space, which is expensive. The added labs would also require more IT staff time to manage, and students still wouldn't be able to do their work they way they wanted — which is anywhere, anytime.

Rather than add more physical lab space, the school decided to provide the students with remote access to the tools they needed to complete their coursework. But to simplify the process both for users and for IT, Goay and his team needed to make sure that they could provide single sign-on and unified access management for both the Windows and Mac platforms.


On the Windows side, the USC School of Engineering uses Microsoft Remote Desktop Services (RDS) for remote access and Microsoft Active Directory for user management. When the IT team decided to implement equivalent technology on the Mac side, it was critical that the solution be scalable and manageable. "Manageability is very important because we have thousands of students that potentially may need access," said Goay.

Goay and his team spent about six months testing and evaluating potential solutions, eventually focusing on Centrify to provide a unified group security policy and centralized access management through Windows Active Directory, and Aqua Connect to provide terminal services for remote access to Mac software.

They then spent an additional three months fine-tuning both products to meet USC's needs. "Aqua Connect and Centrify both had committed engineering teams to really tighten things up for us because they hadn't seen our use case before," said Goay. "So their products needed some fine tuning, and they eventually incorporated the changes into their products as a general release."

The USC School of Engineering rolled out Centrify and Aqua Connect gradually, beginning with a soft launch in the middle of the fall 2013 semester. "We let faculty and the students know that it was not required but it was open to them should they want to hop on," said Goay. "And throughout that first semester, they came back and said, 'this is working out well, we'd like more. Let's put on more applications, put on different things for us.'" Based on the success of the soft launch, the team then implemented the solution full-scale in the spring 2014 semester.

How It's Used

Whether students are attending a Windows software-based class or a Mac software-based class, studying in their dorm, the library or anywhere else on or off campus, they can access both Windows and Mac software, as well as their data storage — as long as they have a WiFi connection and can log on to the campus network with their student user ID. "So they can continue their work whether they're in class or outside the classroom," said Goay. "And all of this is managed within the unified platform because Centrify is providing a bridge for us from a Macintosh to hook up with our Windows-based management platform."

The solution enables the IT team to authorize end users in a way that gives them single sign-on using Windows Active Directory that is centrally managed by the university. "So I don't care what your password is," said Goay. "What I do care about is that I know who you are because you authenticated yourself and because you enrolled in my class, I will provide you access."

The implementation has been so successful that some of the Mac classrooms have evolved from having rows and rows of computers to become more flexible classrooms, where "people can work together more collaboratively and rearrange the furniture — which meant the money budgeted for a hardware refresh could be shifted toward adding more computing capabilities on the server side," said Goay.


For other universities considering a similar implementation, Goay stressed the importance of scoping the project. "Understand the software well; know whether it is appropriate to run in a remote environment or not," he said.

He also pointed out that remote desktops can never match the performance of a full-fledged desktop computer in a lab. "There's no amount of work we can show on the server side that can really substitute for a dedicated desktop," he said. "But we know that a dedicated desktop has its drawbacks, which is that someone physically needs to go to that space and then it has to be available."

