This document covers areas that need consideration, action, or information that needs to be gathered as part of bringing a school / client onto Mobile Guardian, either directly or via a partner.
This document is aimed at Mobile Guardian staff and Partners, to support their work with end users. It provides an outline of possibly required information and covers key questions to help clients with their decision making processes.
2. Key Questions
What operating systems are you onboarding? Please take a look at OS-specific sections.
Do you operate a Global Proxy?
Do you operate across multiple site or will the devices be used in multiple locations?
If so, do you have the details of the Geo Fence area(s) needed?
Have these been validated against Google Maps for accuracy?
2.1. Considerations / School Scenarios
2.1.1. School purchasing / setup scenarios
- School-based devices enrolled via automated process (e.g. DEP for iOS devices).
- School-owned devices, purchased ad-hoc and initially setup by school staff (or allocated support)
- Devices brought into school as BYOD.
These can be further broken down depending on how the devices are going to be managed and used.
- a) Devices are managed by the school and controlled as part of allocation to classrooms or areas. These devices can be used as standalone devices, via allocated use by authentication to online services such as VLEs, or set for sharing (though tools to allow users to login in, such as Apple School Manager, Google Classroom or Microsoft O365 Classroom. The amount / areas each tool subsequently allows that user to access will vary from platform to platform.)
- b) Devices are managed and controlled by the school and allocated to an individual. This could be a school owned device or it may be at the request of parents.
- c) Devices are generally managed and control by parents and students but some areas (e.g. filtering) are managed by the school.
3. Technical Pre-requisites
- An 802.11 wireless network that is open or using a Pre-Shared Key (PSK)
- Ports that need to be open for registration. 80, 443
- For Apple devices: https://support.apple.com/en-us/HT203609 but essentially TCP ports 5223, 2195, 2196, 443 (5223 and 443 for enroll and control. Rest of are for MDM servers)
- For Android and Chrome: Outbound TCP connections on ports 5228-5230
- Schools utilizing SSL-inspecting proxies will need to add a temporary network without SSL interception in order to configure tablets.
- Schools need to ensuring consistent connectivity and sufficient bandwidth is available for any initial deployment of apps
3.2. OS-Specific Areas
For managing Chromebooks, the following will be needed or need to be considered.
- Google Apps for Education for your domain
- A unique Google Apps for Education account for each tablet
- An 802.11 wireless network that is open or using a Pre-Shared Key (PSK) and compatible with your tablets
- Access to these domains:
- Google Provisioning API, enabled in the Google Admin console. (For information, see Administrative APIs in the Google Apps Administration Help Center.)
Note: Specific applications may have additional requirements.
The above areas are subject to change, and key sections may be allocated to certain staff as owners.