Since 2003, the Bremen „Senator for Children and Education“ has been developing and implementing a centralized offer for the provision of IT infrastructure in Bremen‘s schools. Among other elements, this covers centralized identity and infrastructure management, defined server and desktop environments, software distribution of educational applications for schools, a school software solution for computer-assisted teaching and roll-out, support, update and helpdesk procedures.
There are two separate IT infrastructures in Bremen‘s school sector: The school administration network, which is closely connected to our public authorities‘ network, and the education network in schools. The latter connects the computers of the pupils and teaching staff and provides the services and functions required for teaching and independent learning.
The educational network that we as the senatorial authority built up together with Univention and made available to all schools in Bremen since 2006 comprises six components:
- Basic server infrastructure with directory service and identity and infrastructure management
- Decentralized login services and file archive and print services
- Central services and Internet gateway, including mail services for all pupils and central filtering of web content, e.g., for malware
- Client and desktop management
- Centrally administered WLAN infrastructure with central RADIUS systems
- The school software solution UCS@school for use in computer rooms
The educational network in Bremen
The first step in building up the education network was the introduction of a central user administration for our approx. 80,000 pupils and teachers as well as approx. 10,500 clients with different operating systems (Windows, Mac OS and Linux): This was achieved with the use of central UCS servers (production and backup systems), mail and proxy servers with web filtering and central services (e.g., routing, DNS and firewall) in the school authority. The decisive factor is that the user accounts are automatically maintained by synchronizing them with the central school administration database and via replication in the LDAP directory. In this way, each person logged in to the school administration software receives a user account for the school’s education network automatically the following day. In addition, a user group and a shared file are generated for each class group by default. As the administration of users and computers is performed centrally, the schools generally do not have to do anything in this respect. Nevertheless, school administrators do have the possibility to administrate groups, printers and network shares.
In addition, in UCS@school, teaching staff have an application for IT-supported teaching at their disposal with which they can complete simple administrative tasks, such as the creation of groups for teaching purposes, blocking Internet access for individual computer rooms and distributing digital teaching materials. What’s more, UCS@school offers functions for the integration of digital media and digital cooperation in classes. A wide range of basic settings can be preconfigured so that the working environments for different classes are instantly available to teachers.
School WLAN and Bring Your Own Device
In 2011, the go-ahead was given for the development of a centrally managed WLAN infrastructure for Bremen’s schools. Equipment from Cisco Systems was used to set up two separate WLAN networks in the school buildings:
- The first WLAN network is designed for exclusive access to the Internet. Students and teachers can log on to the WLAN with their private, WLAN-enabled end devices (Bring Your Own Device) and their regular user account. For authentication, the Cisco devices use the RADIUS server from UCS. Access to systems in the school LAN is not possible for security reasons.
- The second WLAN network enables the school‘s own devices to access the Internet and school LAN. As part of a project, the certificate-based login of school‘s devices to the WLAN via the UCS RADIUS server was implemented. An interaction with the users is not necessary for a login to the WLAN via the school’s own devices.
Currently, there are about 1,200 access points in operation at 125 schools, through which up to 12,000 WLAN clients receive network access at peak times.
Automated maintenance of user accounts
The maintenance of UCS@school users was automated in Bremen at a very early stage. The automation chain already begins in the school secretariat, where data records are created and updated in the pupil and teacher directory of the school administration network. Through an automatic nightly export, the relevant user data is transferred from the school administration network to the educational network, where the data is then imported into the UCS@school system. New pupils and teachers at a school thus receive their own user account in the UCS@school directory service overnight.
In summer 2018, the import process in Bremen was also converted to the new UCS@school import interface, which
- leads to a massive reduction in process logic in the school administration.
- enables the use of cross-school user accounts.
- allows a more flexible generation of user names and e-mail addresses.
Parts of the process logic are realized by a project-specific addon for the UCS@school import, which integrates seamlessly into the existing UCS@school import process.
Open Source software guarantees long-term vendor independence for Bremen
The automation of user administration, centralized infrastructure administration and the restriction of local administration options to areas relevant to education made it possible to keep personnel efforts for the operation of the complete solution within moderate limits. Together with Unviention, we have made the consistency of the infrastructure across schools a standard so that teaching staff and pupils can adjust quickly if they change schools.
The server components and the whole management system are not only based on Open Source software but are also completely licensed as Open Source software themselves. Thanks to this, the city of Bremen secures its long-term vendor independence and an extremely high flexibility with regard to the implementation of new requirements. UCS@school has proven itself as a robust, secure andreliable system, which can be flexibly adapted to suit new requirements in the large, distributed school IT infrastructure in Bremen. Over the last ten years, the central administration has allowed us to streamline numerous processes and make them more efficient.