Managing Anytime, Anywhere Access to Windows and Mac Apps at USC Engineering
Students in the University of Southern California's
School of Engineering no longer need to crowd into busy computer labs to access the specialized software they need. The school has implemented remote access to both Windows and Mac software, so students can do their work
from anywhere using their own laptops. And they can access both platforms with a
single user account, so the school's IT team doesn't have to manage separate
Windows and Mac user profiles for thousands of engineering students.
Challenge
These days, students come to university expecting to be able to access software anywhere, anytime from their own devices and computers, according to Michael Goay, executive director of information technology for
the engineering school.
While the institution has had remote access capabilities for Windows software for some time
now, students who needed to use Mac software — such as Xcode for developing
OS X or iOS software, or Adobe Creative Suite –– had to squeeze into a busy Mac
lab at the school or purchase the software themselves.
Both of those solutions were problematic. Xcode and Adobe Creative Suite are
too expensive for most students, and the computer labs had limited availability.
"We have a number of computing labs that are also used as classrooms, so in
between classes they are open to students who need to do their homework or
projects," said Goay. "The trouble is, given that the number of classes and
enrollments continue to increase, those spaces in the computing labs are pretty
much fully subscribed."
The school could have built more Mac labs, but that would require additional
space, which is expensive. The added labs would also require more IT staff
time to manage, and students still wouldn't be able to do their work they way
they wanted — which is anywhere, anytime.
Rather than add more physical lab space, the school decided to provide the
students with remote access to the tools they needed to complete their
coursework. But to simplify the process both for users and for IT, Goay and his team needed to make sure that they could
provide single sign-on and unified access management for both the Windows and Mac
platforms.
Solution
On the Windows side, the USC School of Engineering uses Microsoft Remote
Desktop Services (RDS) for remote access and Microsoft Active Directory for user
management. When the IT team decided to implement equivalent technology on the Mac
side, it was critical that the solution be scalable and manageable.
"Manageability is very important because we have thousands of students that
potentially may need access," said Goay.
Goay and his team spent about six months testing and evaluating potential
solutions, eventually focusing on Centrify to provide a unified group security
policy and centralized access management through Windows Active Directory, and
Aqua Connect to provide terminal services for remote access to Mac software.
They then spent an additional three months fine-tuning both products to meet
USC's needs. "Aqua Connect and Centrify both had committed engineering teams to
really tighten things up for us because they hadn't seen our use case before,"
said Goay. "So their products needed some fine tuning, and they eventually
incorporated the changes into their products as a general release."
The USC School of Engineering rolled out Centrify and Aqua Connect gradually,
beginning with a soft launch in the middle of the fall 2013 semester. "We let
faculty and the students know that it was not required but it was open to them
should they want to hop on," said Goay. "And throughout that first semester,
they came back and said, 'this is working out well, we'd like more. Let's put on
more applications, put on different things for us.'" Based on the success of the
soft launch, the team then implemented the solution full-scale in the spring
2014 semester.
How It's Used
Whether students are attending a Windows software-based class or a Mac
software-based class, studying in their dorm, the library or anywhere else on
or off campus, they can access both Windows and Mac software, as well as their data storage — as long as they have a WiFi connection and can log on to the
campus network with their student user ID. "So they can continue
their work whether they're in class or outside the classroom," said Goay. "And
all of this is managed within the unified platform because Centrify is
providing a bridge for us from a Macintosh to hook up with our Windows-based
management platform."
The solution enables the IT team to authorize end users in a way that gives
them single sign-on using Windows Active Directory that is centrally managed by
the university. "So I don't care what your password is," said Goay. "What I do
care about is that I know who you are because you authenticated yourself and
because you enrolled in my class, I will provide you access."
The implementation has been so successful that some of the Mac classrooms
have evolved from having rows and rows of computers to become more flexible
classrooms, where "people can work together more collaboratively and
rearrange the furniture — which meant the money budgeted for a hardware refresh
could be shifted toward adding more computing capabilities on the server side,"
said Goay.
Advice
For other universities considering a similar implementation, Goay stressed
the importance of scoping the project. "Understand the software well; know
whether it is appropriate to run in a remote environment or not," he said.
He also pointed out that remote desktops can never match the performance of a
full-fledged desktop computer in a lab. "There's no amount of work we can show
on the server side that can really substitute for a dedicated desktop," he said.
"But we know that a dedicated desktop has its drawbacks, which is that someone
physically needs to go to that space and then it has to be available."