Upload
k-12-blueprint
View
432
Download
2
Embed Size (px)
Citation preview
Learning with Chromebooks Infrastructure Solution – Maximizing Learning ROI with Single Sign On Architecture
1
Why consider SSO?
How SSO makes access easyUse the same credentials for everything Fully compatible systems and applications authenticate in
the background – no additional prompt Increased security by alleviating the need to document
multiple sets of credentials
Teachers and Students get to their activities faster Maximize instructional minutes
Simplifies management of user accounts IT only manages one set of credentials simplifying
activities like password reset, etc. thereby reducing support costs
2
Authenticate all types of
devicesin supported applications & systems
Laptop
Chromebook
Convertible
3
Develop and implement your deployment planDefine your usage model Define your Chrome Use Case Implement for your Use Case
Supporting a hybrid Windows/Chrome environment will influence usage model and use case considerations
Google Apps For Education Google Apps For Education with SSO
Implement your solution elements to support your Usage Model and Use Case
Shared Hybrid Shared/1:1 Windows/
Chrome
1:1
4
Spectrum of Usage Models
1
Shared Device Model Chrome supports shared models
well – all data is stored in the cloud as opposed to locally
Devices shared amongst many classes which can create contention
Devices typically remain on premise at all times in carts, cabinets, etc. thereby excluding other off premise learning activities
1:1 Model Users are assigned a device Anytime/Anywhere eLearning Supports learning models such as
flipped classroom, etc. that are unsupportable in a shared model
Provides maximum degree of flexibility for all learning models
1
2
3
4
5
Spectrum of Usage Models
2
4
3
5
1 2
4
3
5
1
Usage Model – Windows Devices for Teachers/Admins
Teacher/Admin Devices may require: More offline capabilities Traditional Windows applications Support for all usage models and use cases Simplified authentication for greater ease of use
and manageability Access to many of the same features, apps
and extensions with a Chrome browser on the Windows teacher/admin device
5
Supporting new or existing Windows devices
in the same environment
Tablets/Detachable
Laptop
Convertible
Laptop
LaptopConvertible
6
Use Case – Feature Comparison
The table above defines a few of the feature comparisons to take into consideration when selecting your use case. The needs of the users and the environment are just a couple of the factors that will influence your use case decision and development of your deployment plan.
GAFE SSO GAFEGoogle DocsGoogle SheetsGoogle SlidesGoogle MailGoogle DriveUser Credential ContinuityAuthentication for 3rd Party Apps (e.g. LMS, CMS)Support Windows devices for teachers, admins, etc.
SSO Integration - Extended
An SSO infrastructure can be extended easily to support additional services such as: Content Management Systems Online Storage Security and MDM Learning Management Systems
…and many more!
7
Content Management
Systems
Network Access
Cloud Services
LMS
Data Analytics
Security MDM
Online Storage
Authentication and Identity Provider
(e.g., Active Directory & ADFS)
Solution BlueprintBasic Architecture
8
9
Basic Architecture
Wired Network
Wireless Network
Firewall
Shared Devices1:1 Devices
The basic architecture for a Chromebook deployment requires the following items: Connectivity to the Google cloud Connectivity security (firewall, gateway, etc.) Wireless network - May need to expand to support additional devicesThis architecture supports a 1:1 or a shared device usage model to easily support the transition.
10
Basic Architecture for 1:1
Wired Network
Wireless Network
Firewall
1:1 Devices1:1 Devices
The basic architecture and requirements for a 1:1 Chromebook deployment remain consistent and includes the following items: Connectivity to the Google cloud - Consider intended use, number of devices and
available bandwidth Connectivity security (firewall, gateway, etc.) Wireless network - Capabilities expanded to accommodate more devices
Solution BlueprintIntegrated SSO Architecture
11
Integrated SSO Architecture including Additional Functionality Leveraging the existing authentication infrastructure, including centralizing user credentials Enabling the integration with the existing authentication infrastructure via SAML Synchronizing the directory structures between the Google admin console and the existing
authentication infrastructure
12
Wired Network
Wireless Network
Directory SyncSAMLAuthentication
Firewall
1:1 Devices1:1 Devices
Google Admin Console
GAFEDocs | Sheets | Slides
Integrating Active Directory and the Google admin console with a few additions Active Directory Federated Services (ADFS) as the IdP Google admin console configured as the SP GADS configured to synchronize the AD hierarchy with
the Google admin console
13
Wired Network
Google AppsDirectory Sync
Active Directory Federated
ServicesActive
Directory
1:1 Devices1:1 Devices
Dedicated Internet Access
Network InfrastructureSwitches, Routers, WLC, etc.
Wireless NetworkStandalone Aps, Controller base Aps, Gateways,
etc.
FirewallContent filter, etc.
GAFE Access and Interaction
*IdP-Identity Provider*SP-Service Provider
Directory Sync
SSOGoogle Admin
Console
Existing server infrastructure at MoE, District or School
GAFEDocs | Sheets | Slides
Integrated SSO Architecture – deep diveIntegrating Active Directory, the Google admin console and other services can be accomplished with the same minor additions to an existing infrastructure. Active Directory Federated Services (ADFS) as the IdP Google admin console and other services such as
an LMS configured as the SP
14
Wired Network
Google AppsDirectory Sync
Active Directory Federated
ServicesActive
Directory
1:1 Devices1:1 Devices
Dedicated Internet Access
Network InfrastructureSwitches, Routers, WLC, etc.
Existing server infrastructure at MoE, District or School
Wireless NetworkStandalone Aps, Controller base Aps, Gateways,
etc.
FirewallContent filter, etc.
LMS and GAFE Access and Interaction
*IdP-Identity Provider*SP-Service Provider
Directory Sync
SSOGoogle Admin
Console
LMS
GAFEDocs | Sheets | Slides
LMS