Archive for the ‘PROPOSED’ Category

School Technology Infrastructure

May 4, 2006

I’ve started compiling what I hope will be a comprehensive list of the essential elements of a school information technology infrastruction. This is very much a work in progress, compiled by reviewing the technology plans of various schools and unerversities.  I’ll start by summarizing the strategic IT plan of Stanford University, found at

Basic Infrastructure

  • Authentication
  • Authorization
  • Backup
  • Calendar
  • Desktop Management
  • Directory
  • Email
  • Identity Management
  • Integration
  • Printing
  • Storage
  • Voice
  • WWW Services
  • Windows Infrastructure

Let’s describe each one at a time:


The goal of an authentication system is to provide a highly stable, centrally administered authentication service both for internal use by IT Services and for use by any and all campus systems that need to authenticate the population of users affiliated with Stanford. We must attempt to balance the following concerns:

  • A set of systems capable of handling the full authentication volume of all university business, tied into university-established notions of identity from the student and HR systems as well as sponsored and guest accounts, and able to centrally handle in a timely fashion withdrawal of authentication capability to terminated employees or abusive users.
  • Use of industry-standard and vendor-supported authentication technology to ease integration with vendor applications and software developed elsewhere while avoiding locking ourselves into any one vendor.
  • A highly secure authentication system that will be able to meet security concerns going forward. The authentication system must never be the weak point in the security of an application and must be sufficient to comply with regulatory restrictions such as HIPAA.
  • Users must be able to authenticate via hosts other than their normal desktops, including mobile devices in the future.
  • Authentication should be external to applications so that authentication mechanisms can be updated or changed to reflect changing requirements without requiring significant application development or surgery.
  • Authentication should be mutual, allowing clients to confirm the identity of the server as well as allowing the server to confirm the identity of the client. This will assist in preventing phishing and man-in-the-middle attacks.

Given the prevalence of the web as a user interface to applications, a trend which is expected to continue, special attention should be paid to standardized web authentication as the place that the most users will interact with the authentication system.

When possible, we will push for the ideal of never letting a user’s authenticator leave their local system under their physical control. This means using network authentication protocols based on a local identity cache rather than sending a password or passphrase to a server for verification. However, we must recognize that there is very little vendor support for such authentication systems at present, particularly in common desktop clients, and most software is still stuck on the model of verifying a password on the server. When it is necessary to send an authenticator to a server, that conversation must always be encrypted. (In other words, the network link shall not be trusted.)

All Stanford users will have to interact with the authentication system to do their daily work. In addition, all application developers and system administrators on campus, inside ITSS and out, represent a key audience for our authentication strategy. If we do not meet their needs, they will develop their own separate authentication systems, which both harms our ability to centrally manage authentication and hurts the consistency of the user experience. The goal is to get as close to universal use of the central authentication services as possible.

The authentication system will be closely tied to any campus identity management or authorization systems, and therefore will be directly affected by any projects in those areas even if those projects are not authentication projects directly.

Enterprise Applications

  • Student Information Systems – enrollment, grade tracking, attendance
  • Business Information Systems – Payroll, Budget, Purchasing, Finance
  • Transportation Management
  • Foodservice Management
  • Library Automation
  • Special Education Management
  • Course Management – authoring, testing, assignments

Conference Room Setup

April 20, 2006

Goals for projector in FCBC conference room:

  • Put lcd projector on ceiling by 5/1/06
  • Put roll-up screen on wall by 5/1/06

Proposed Projects

April 20, 2006

These are new ideas floating around that will turn into active projects when

  • clear goals are established
  • some funding if figured out 

Moving off of filemaker

April 18, 2006

District 287 has several very productive custom databases written in Filemaker. They have been good, but the expense and challenge of supporting Filemaker on all desktops accross the district is catching up with us.

We are starting to look at ways to provide these applications through alternative platforms. Microsoft Office is one possibility for some needs because it is installed ans supported district wide. The weakness of Office is in providing enterprise-level database functionaility. Microsft Access, the standard Office database, does not support high-volume sharing of data to many people. And Access is not even available for the Macintosh which is about half of our desktops.

Excel and Access probably has some role to play in an alternative to Filemaker, but we are also looking for other possible solutions.

Filemaker projects to move

April 18, 2006

The list of Filemaker projects that need to move to some other platform include:

  • Student incentive pay check writing and reporting
  • Individual health plans
  • Student ID cards
  • End of year data sheets
  • Math assessment checklist
  • Student resume builder
  • Alternative assessments

Promising Reservation Tool

April 10, 2006

I think I've found a promising asset reservation tool called MRBS. I'll report on it once I give it a try.

Need for asset scheduling and reservation system

April 4, 2006

With a growing number of IT resources that need to be shared among a growing number of people, it is becoming apparent that we need a better way to keep track of where things are and a better way to reserve them for important events. Examples of shared resources include projectors, laptop computers, cameras, instructional CD ROMs, movies.

An ideal inventory management system would combine inventory, reservations, scheduling, troubletickets and a knowledgebase. That is, we need to know what we have, where it is, who needs it, how it works, what is broken, and how to fix it.  All of this information is related to each other.

Our new trackit system will give us a good inventory, troubleticket and knowledgebase system. But reservations and scheduling — sort of like a library setup — seems to still be a need.

287 Allows MSN Messaging

April 3, 2006

Interestingly, while most instant message services are blocked by 287s internet filter, the MSN messaging service at is allowed through. Maybe MSN messanger can be used for district messaging needs for now.

Instant Messaging for Work

April 3, 2006

Because of concern about abuse, many office networks block access to instant messaging services such as AIM, Yahoo Messenger, MSN Messenger.  However, instant messaging can improve and organizations productivity.  What IM tools are out there that will work in a filtered internet environment?

Request from Vector North

April 3, 2006

We want to set up a sort of real time conference through the network so that we can display (and maybe voice) bus arrivals to each classroom through the network. To start with I was going to create a private yahoo chatroom; however, this yahoo service is temporarily unavailable. Anyways, we would like something a little more elaborate – such as a service such as (though this is only for pcs and we have macs also) or With the new setup of a server and all, can we use a service such as this? Ideally, however, it would be nice to use a 287 district service that might be similar to this and that is available to us? Is there any such thing?