Networking | Feature
IT Does Not Love iPads
Students and faculty may love them, but IT personnel get a major headache when they try to integrate Apple tablets--and the company's TV technology--in an enterprise setting.
Illustration by Matthew Daley
Is there a higher ed institution in the United States that has not fallen into a swoon over iPads? Some colleges hand them out by the thousands to their entire student body. Others stockpile hundreds for use by faculty, staff, and administrators, or to be checked out of the library by students. On many campuses, iPads have taken over the hearts and minds of everyone.
Everyone, that is, except the IT department.
These sexy tablets might be the apple of faculty and students' eyes, but for IT directors and their staffs, working with iPads in an enterprise network environment is not the stuff of a love affair.
To state the problem simply: iPads are designed for consumer use, and as such, they're not set up for large-scale implementations. They're not even set up for two users to share the same device, much less for sharing over a network. For schools making a major investment in iPads on campus, the solution is a combination of new policies and investment in third-party tools for managing the devices.
For many other institutions, though, the devices are acquired as needed, or in small batches for specific purposes. In such cases, schools don't necessarily anticipate the additional tools and administration the iOS devices can require--until IT starts bumping up against the limitations of a device that's not easily managed under the school's existing network and resource management infrastructure. The differences between iPad device administration and that of desktop machines or laptops are apparent at all stages of their use, beginning the moment the machines arrive on campus.
Take, for example, the case of Seton Hill University, a school that has distinguished itself as a forerunner in campus iPad implementations, including being named a second time as an Apple Distinguished Program. In the spring of 2010, the Greensburg, PA, school ordered 1,850 iPads in anticipation of providing them to students for the following fall term. What IT faced was a giant pallet of the devices, individually wrapped or in boxes of 10. Phil Komarny, Seton Hill's vice president for information technology and CIO, says that his staff had to take each iPad out of the box, update the operating system to the most recent version, image tag it, and put it back in the box to be ready for deployment.
"There was nothing else we could do, because this device that they built is completely consumer," Komarny shrugs.
Thomas Hoover, associate vice chancellor and CIO at the University of Tennessee at Chattanooga (UTC), had a similar experience with iPads in a previous role at Pepperdine University (CA), where the IT group handed out several hundred of the devices to students, who turned them back in at the end of the year. "We'd have to manually go through and redo all the iPads," Hoover explains. "It's not like a computer device that you can configure automatically."
Two years after the first Seton Hill deployment, Apple brought out Apple Configurator, a free download from the Mac App Store that can be used to configure 30 devices at once. But for many campus CIOs, that's too little too late. Those with big iPad implementations tend to rely on mobile-device management (MDM) applications like MobileIron that enable enterprise-level configuration, security, and app management.
There's Not an App for That
With the iPad, app management is a whole new ballgame for IT departments familiar with licensing and managing applications in bulk for desktop or laptop machines. Rather than selecting from software options hosted on the school's network, faculty and administrators download apps from the App Store, choosing from hundreds of thousands of options. Many schools simply haven't set up a good strategy for purchasing and tracking this new approach to apps. And in lieu of a policy, faculty often download an app using their personal Apple account, and then get the university to reimburse them. (Students are generally not reimbursed for their app downloads, which are considered a "books" expense.)
More than one CIO laments that the ad hoc nature of app downloads can lead to the school purchasing the same app repeatedly, especially if it's a popular one like Numbers. Hoover describes the problem like this: "You reimburse professor A for an app, and then they leave. IT wipes out the iPad because you don't want any sensitive information from the previous person, then yeah, you're going to have to buy that app again for professor B."
Some schools have developed workarounds to avoid repeatedly purchasing the same apps. John Haverty, assistant director of user services at Washburn University (KS), says he started to recommend that departments create a generic account for their faculty members to use. "That way, if someone does leave, that software's not going to stay with them--it's going to move on to the next person," he points out.
Haverty raises another app-related issue for tax-exempt universities, which is the time-consuming process for getting tax reimbursements on app purchases. "We had to go ahead and make the purchase, then contact someone at Apple to provide the tax ID to get the tax reimbursed." Haverty says that often departments don't bother.
Apple has a Volume Purchasing Program for education, released in 2011, which enables educational institutions to buy apps and books in volume at discounts and tax-free. And mobile-device management providers enable schools to manage their Apple volume licensing as part of the broader MDM. Indeed, MDM solutions solve just about all the major challenges presented by Apple devices, including network access, enterprise configuration, and device and app management, as well as security requirements like the ability to remote wipe a lost or stolen device. Apple, in fact, recommends that enterprises use them. But for schools like Washburn that have acquired devices like iPads and apps in a more informal manner, MDMs represent a time and resource sink that they haven't yet committed to.
This Revolution Is Not Being Televised
But even if your school works with an MDM, there's still the problem of Apple TV working within the campus enterprise. Apple's media receiver is the ideal device for mirroring iPads onto a large screen because the two devices can connect wirelessly. Even better, Apple TV is configured to receive iPad input, so content looks like it should without tweaking.
Apple does provide a VGA adapter that can connect iPads to televisions and monitors, but, depending on the version of your iPad, you still often have to fiddle to get it to display apps. So Apple TV seems like a natural choice for projecting iPad content. And faculty like Apple TV for features like the ability to stream Netflix. But as UTC's Hoover says, "making Apple TV work on the campus network is an abomination on a grand scale."
Hoover may be a bit hyperbolic but he's captured the zeitgeist of IT's exasperation with Apple TV, which is the subject of a July 2012 petition posted on change.org by members of the Educause Wireless Local Area Networking Constituent Group. The petition notes that while Apple has created advertising that promotes the use of Apple TV in college conference rooms, auditoriums, and laboratories, "Apple TV, AirPlay, and Bonjour technologies make it very difficult to support these scenarios on our standards-based enterprise networks."
To set up Apple TV, says Jeff Kell, a member of UTC's network services, "you have to enable wireless multicast/broadcast traffic. Such traffic is sent out over every access point on campus, tying up airtime." This means that in an "enterprise setting, every access point will get a copy of every device's advertisements or discoveries in the entire enterprise." Not only is this a huge waste of airtime and bandwidth, Kell says, but it is "a disaster incident waiting to happen, such as some dorm kid streaming porn onto a classroom projector."
In a blog post, Matthew Libera, performing arts technology consultant at the University of North Carolina at Greensboro, described the steps he took to use Apple TV in his classroom, which included creating his own network and sacrificing access to the internet on his iPad. While it was doable, Libera wrote, "there is no way in heck that I'll be able to convince any of my faculty here that this is a worthwhile undertaking."
Indeed, many schools just forbid the use of Apple TV on campus. Or they turn to companies like Aruba Networks, which offers a solution for managing Apple TV and other Bonjour protocol-reliant devices in a university enterprise network. But again, this takes an investment in a third-party toolset that's generally attractive only for institutions that are all-in when it comes to iOS devices.
A Serious Investment
All-in schools like Seton Hill say that that its iPad program would have been impossible without a major investment in a state-of-the-art network, which included replacing wiring for full campus coverage and upgrading both the wired and wireless networks. The latter, which provides campuswide 802.11n technology, was essential to support the demands of an iPad-oriented university population.
With the help of Enterasys network solutions, Seton Hill also revised its approach to managing the network. Now, the school handles network traffic on three virtual LANs: one for iOS devices, one for Mac OS X traffic, and a third for Windows and guest traffic. This approach streamlines network management, but also enables IT to manage network traffic at a more granular level.
Lynn University (FL) is another iPad-committed campus that will roll out an iPad mini program to all freshman and transfer students this fall. It was able to create a robust campus network as a windfall from hosting one of the presidential debates last October. While the school had to pick up the tab for the new network, it got good deals on some of the technology from participating companies.
According to Lynn's CIO, Chris Boniforti, the school had to provide a completely new network environment for up to 6,000 media personnel attending the debate, and it had to be totally isolated from the university's network. Lynn essentially created a whole new network, roughly the size of its existing network, with the understanding that the school would bring it in to replace its aging network once the debate was over. The school estimates that process would otherwise have taken several years and pushed back its iPad mini initiative.
For schools like Lynn and Seton Hill that have invested heavily in what Boniforti calls the Apple ecosystem, there seem to be fewer hiccups in using enterprisewide iPads. But IT directors who want to incorporate iOS products into their campus ecosystem without making such full-scale investments say they would like a little more support from Apple. As one Educause wireless LAN constituent mused on the group's listserv: "This is where I daydream about the likes of several Apple engineers reading this list, thinking 'Gee, maybe we should consider how to make our toys work in the actual enterprise.'"