Digital Transformation at Flensburg Schools: From Heterogeneity to Uniformity

In the city of Flensburg, we have very successfully implemented a central school IT infrastructure in recent years and decisively advanced digitalization. By implementing UCS@school, we were able to create a central IT infrastructure that improves the learning environment for pupils and significantly reduces the administrative tasks of teachers.

Before the city’s education committee decided on a central concept for the provision of IT services for the 23 general education schools run by the city in 2016, there was no central IT structure, but rather a very heterogeneous landscape with a wide range of digital education services. Particularly in the secondary schools and support centers, IT-savvy teachers at individual schools set up and maintained networks and Wi-Fi at their schools and operated servers for various needs in the educational networks.

This heterogeneous structure was also reflected in the hardware. While some schools only had a not particularly powerful NAS server for storing individual files, other schools already operated significantly larger servers that were primarily used to run applications in IT lessons. In contrast, some smaller schools had no digital systems at all.

Waldschule Flensburg (Source: City of Flensburg)

In 2015, the schools expressed the wish to professionalize the management of the educational networks and the associated IT. This wish resulted in a series of proposals that were dealt with by our council and committees. The first of these was the creation of a “concept for coordinated IT support at Flensburg schools”, the installation of Wi-Fi at all schools and a broadband connection to the internet. Then, in 2016, the creation of a uniform basic IT infrastructure and the establishment of a staff position for IT support at the schools.

The initial considerations as to what future IT support for the schools could look like quickly revealed that, with the structures in place to date, supporting the individual networks and other information technology would require a great deal of personnel. During this time, the state initiative for the broadband connection of schools in Schleswig-Holstein was also a topic of discussion. This gave rise to the idea of using this planned fiber optic cabling in the city area for the educational networks and a central school IT infrastructure.

The political decisions and the work order to the administration were followed by work on a concrete concept for central school IT support. Initial surveys of the current situation showed that a solution could only be developed together with schools, school authorities and city IT.

Media development planning (MEP) was launched together with IQSH, the Institute for Quality Development at Schools in Schleswig-Holstein. All stakeholders at the schools, the school authorities and the municipal school IT department were involved from the outset. The aim was that the promotion of digital learning should no longer depend on dedicated teachers, but that IT should be set up professionally and sustainably. Teaching staff in the schools were to be largely freed from administrative IT tasks in order to concentrate fully on pedagogical tasks. Another important aspect was the uniform procurement of hardware and IT services. On the one hand to reduce the heterogeneity of services and devices, and on the other to benefit from price advantages through larger procurement volumes.

The technical basis and first building block of the new IT was the implementation of a modern, modular and particularly flexible identity management system. Every teacher and every student should have a digital identity, a user account and access to as many IT services and resources as possible.

Univention’s UCS@school was quickly chosen for this. The open source solution offers centralized identity and access management and had already proven itself at other school authorities in Schleswig-Holstein. The simple administration of users and roles as well as the connection to external services were particularly important to us. An important goal for us was to enable teachers to concentrate more on developing the content of digital learning instead of dealing with technical and administrative aspects: “Content instead of administration”.

To avoid the risk of wasting time, money and nerves, we decided to test the implementation as a pilot project at a single school in a test phase. In addition to learning how to use the solution itself, this pilot project was also intended to gather experience on topics such as the bandwidth required in the future or the need for hardware and personnel for support.

Topics that we tested and implemented in the pilot were, for example

• Central ID management with just one login for users in the educational network and IT services.
• Central Wi-Fi administration, one Wi-Fi SSID, realization of different Wi-Fi networks via the assignment of vLANs based on the respective user ID.
• Central, self-hosted cloud solution for data storage and collaborative work based on Nextcloud.
  Integration of existing local permissions into the cloud solution in order to establish the cloud storage as a central data storage location.
• The “teacher administrator” user role to manage users via a graphical interface, as well as the “teacher” and “student” user roles with restricted access rights to services and self-services for password resets.
• Connection of the Web-Untis timetable solution to ID management.

Based on the experience we gained with the pilot school, we were able to plan quite reliably what effort would be required to implement the solution for the entire school environment in Flensburg.

This pilot has saved us many mistakes and helped us to successfully implement a sustainable modernization process and create a very good basis for further expansion and adaptation to new requirements.

As a result, all support tasks are now efficiently bundled in the central services of the city of Flensburg and teachers are largely relieved of administrative tasks.

For this centralized approach, we have set up a standard UCS@school environment consisting of primary and backup directory nodes, along with a directory that is replicated to dedicated replic directory nodes for the individual school locations. These components run together centrally, virtualized and sorted by school in an area created for school IT in the new data center of the city of Flensburg, which will be built in 2022. Dedicated servers are operated there to reliably connect various services relevant to everyday teaching and learning. There is only one firewall in the schools, to which the internet access for the end devices is decoupled.

The majority of schools are connected via dark fiber optic lines (point-to-point connections) leased from Stadtwerke Flensburg. We were able to connect the remaining schools, for which this option would not have been economical due to their size and distance from the data center, via a VPN tunnel operated in Dataport’s fiber optic network.

Students and teachers log in via our central, web-based school portal with their user account and password and can then access the individual services, information and resources.

In addition to our school cloud, these include the well-known learning management system itslearning and the video conferencing solution BigBlueButton.

UCS@school Portal of the Flensburg Schools

In our experience, small schools such as our elementary school in particular were very willing to be included in the central IT support. In most cases, this was due to the fact that no technical equipment was available and there was also a lack of staff resources for IT support. At secondary schools, which in the past had been fortunate enough to be equipped to a lesser extent from their own school funds and in some cases also had dedicated staff to maintain the IT systems, the involvement of and cooperation with these people was particularly important in order to create acceptance for the new central administration.

In addition to the centrally established IT infrastructure and IT support, the Digital Pact for equipping local schools also began in 2019. There was a considerable amount of additional work involved in expanding the network in the school buildings and equipping them with digital end devices in the course of applications and billing, much of which was handled by the school authorities. This allowed us to focus our IT efforts on setting up the newly acquired hardware and integrating it into the newly expanded networks in the school buildings. This collaboration with our education office contributed significantly to the successful implementation of the digital pact.

Over the course of the project, the city’s IT department repeatedly encountered minor and major technical challenges. For example, when updating the students’ digital devices to Android 12, a problem arose with the previously smooth use of the RADIUS package including internet rules from UCS@school. In order to make the devices functional again after the update, we had to make adjustments to the existing package and store suitable certificates that would continue to enable a trustworthy connection.

While it was originally intended that Univention Samba shares would only be accessible from workstations within the school network, meaning within the UCS domain of the respective school, there were special requirements for computer science classes. Files needed to be saved directly to a network drive from within an application and accessed from outside the local network. A quick solution was found by leveraging the existing Nextcloud instance, integrating Univention Samba shares, and developing a small custom program for the school’s computers. Now, students’ login credentials are passed directly to Nextcloud, and the cloud is mounted as a local drive via WebDAV on the school workstations. This allows projects saved during computer science lessons to be accessed from home via their personal cloud. This extension has further increased the acceptance and usage of the centralized file storage in our UCS school portal.

Furthermore, the data protection requirements and the associated documentation were – and still are – a major challenge for us as the municipal IT department, but also for the school administrators as the departments responsible for data protection in the schools. The connection of additional services to the central identity management system in particular increases the formalities that need to be fulfilled.

As far as the continued smooth work of pupils and teachers with the established IT systems is concerned, the central connection of user accounts to the existing directory of the state of Schleswig-Holstein is indispensable, so we hope that the long-promised connector to this will be implemented soon. In Flensburg, we are currently still using our own solution for importing new master data lists of pupils, teachers and school staff. In future, this is to be automated by the Univention ID Connector, so that user maintenance and master data import at the school authority is no longer necessary and it will be easier to change schools within the federal state. Pupils in the lower grades in particular would benefit greatly from logging in centrally with just one account and one password.

Self-developed User Import from Flensburg

In addition to Flensburg, many other school authorities and schools would probably like to see the Digital Pact continue or receive follow-up funding in the future, as the large number of end devices purchased with it will of course have to be replaced one day. A certain level of commitment is needed here to make it possible to plan the life cycle of these devices and the associated investments.