Setup of an Efficient IT Infrastructure with Central Identity Management in 261 schools in Cologne

A large-scale project is currently under way in Cologne, Germany: the setup of a standardized, centralized identity infrastructure for all schools. This is set to include considerable simplification of the software distribution and the administration via the education authority over the coming years and measures to ensure that the schools in Cologne are ready for the digitalization of education.

To illustrate the size of the task: There are 261 schools in Cologne with around 10,000 members of staff teaching approximately 135,000 pupils. To this end, there are around 17,000 PCs available in the schools along with approximately 3,500 mobile devices at present, complemented by private devices. This makes the education authority in Cologne the third-largest in Germany behind Munich and Berlin. To put that into perspective: BMW, Lufthansa, and Bayer AG each have around 120,000 employees in total all around the world. The city realized early on that it is the schools’ responsibility to prepare youngsters for a world which is evolving quicker than ever before as a result of digitalization.

Am I online already? Cologne’s first schools provide Internet access since 1997

With this in mind, Cologne’s municipal authorities began connecting the first schools to the Internet with the support of NetCologne as far back as 1997. NetCologne provides schools with support for the maintenance of networks, clients, and servers via its SchulSupport department now counting around 45 members of staff via a hotline, problem management service, and field services. In 2016, for example, around 35,000 hours of support were provided. The standardized inhouse cabling of all schools was initiated in 2000, and 2014 saw the launch of the “Ganzheitliche Kölner Schul-IT” concept, which describes the services, standards, and strategies for IT in Cologne schools in detail.

Last year, all secondary schools and with them more than half of all the pupils had access to wireless Internet. The WiFi availability in the remaining schools is also a top priority. The rest of the schools should be equipped with a fiberoptic connection by the end of this year, allowing bandwidths of up to 1 GB to suit their requirements.

As all other school equipment, the IT infrastructure is a teaching instrument. It should not be assumed, however, that all staff members are IT experts, and so their skills must also be brought up to date. The IT must be low-threshold; it must function simply. Due to the existing technical basis, this has become increasingly more difficult in recent years and the freedom for further modernizations more limited.

Administration of decentralized school servers results in considerably higher support efforts

There are a range of different server environments currently in use at the various schools. Different school servers cannot be managed in a standardized fashion, with the result that current maintenance efforts for the systems are high. In addition, it is not possible to offer centralized services with standardized user names. As such, we saw a simpler and centralized administration concept for the whole IT infrastructure via centralized systems as a basic requirement for satisfying the schools’ increasing IT requirements.

The future requirements don’t stop at equipping each school with fiberoptic networks either. The initiated introduction of WiFi into schools has the aim of making it possible to integrate tablets into teaching. The concept designed for Cologne expressly includes a bring-your-own-devices element for both pupils and teaching staff. The private devices complement the approx. 3,500 tablets financed by the local education authority. In addition, the task also comprises the setup of centrally available services such as an e-mail address for each pupil, learning management systems, web space, and cloud services for the schools.

All these projects can only be realized through the development of centralized services which can be controlled by the education authority. The technical basis for this is an identity management system with a single sign-on function, a mobile device management concept, e-mail hosting, and a secure and data privacy-compliant school cloud. The schools should have to operate and supervise as few services as possible independently. The use of Office 365 and a school app is planned and almost ready for implementation. Attention must be paid to compliance with youth and data protection legislation; encryption is essential. In addition, the server hardware also requires modernization. We, as the education authority, are receiving news of different requests, topics, and requirements almost every day.

As such, the challenge consisted in finding a system which is open and can be flexibly expanded as necessary. In order to get the range of requirements and solutions under control, it was necessary to implement technical standards alongside organizational methods such as the establishment of specifications and regulations.

When searching for a suitable solution, we came across UCS, which has a central identity management (IDM) system in which a wide range of services can be mounted, irrespective of whether they are run on premises or on the cloud and are Windows- or Linux-based.

UCS’ centralized concept allowed us to pursue the following goals:

• standardization,
• quality optimization,
• specialization of the remote technicians and
• user maintenance from the school administration software SchiLDZentral via LDAP authentication

In addition to the central administration, we would also like to automate the software distribution. We decided on the OPSI tool from UBI in Mainz, Germany, which allows packed-based software distribution. Its advantages include improved reaction times, lower time and maintenance requirements, and simplification with the associated standardization.

Another important measure was the introduction and further development of cloud services, which should also be accessible to all users via a centralized identity management system. This brings with it the advantages of one-off user maintenance and simplified control of rights for administrators. It is also simpler for users as they can access all the systems available to them with just one user name and password.

Increased efficiency thanks to centralized administration and reduction of IT services in schools

As the result of the planned and to some extent already implemented measures, the City of Cologne will be equipped with a centrally administrated IT infrastructure for its schools, the administrative efforts for which will be considerably lower compared with those of the past. The schools themselves will only operate decentralized school servers with UCS and OPSI, a caching server, and an Internet access point to which the school computers and the teachers’ and pupils’ mobile devices can connect. This largely relieves the teaching staff of administrative responsibilities.

In future, the NetCologne data center will run UCS centrally for the identity management of applications such as the groupware Open-Xchange, the mobile device management solution Jamf, and the learning management system Moodle. This is complemented by cloud services including Office 365.

Challenge – Rollout of New IT at 260 Schools

The migration of each individual school demands a considerable amount of time and effort. In each case, the requirements include the migration of the existing data and the creation of the OPSI packages with the teaching software for the different subjects, etc. In addition, almost every school has individual requirements on its IT. With our more than 260 schools, we truly have a mammoth feat ahead of us. In parallel to the rollout in the schools, we will also still have to keep up with our core task: school support. As part of a pilot phase, we have already successfully connected the first schools to UCS, including an operational vocational college and five schools with pilot systems. The next step in the plan is the mounting of Office 365 in UCS and its provision to the schools.