Case Studies Archive Search Case Studies

Texas School District Successfully Secures iPads for Student Use

McAllen Independent School District needed to ensure students adhered to web filtering policies as they accessed the Internet from outside of the campus network on district-issued iPads. Using an F5 solution, the district has solved that problem and gained the added benefit of protecting its network from distributed denial of service attacks.

Business Challenges

The McAllen Independent School District (ISD) comprises 34 campuses with over 25,000 students, each of whom is issued an iPad by the district as part of its TLC3 framework, which supports anywhere/anytime learning as part of its mission.

Once the district issues an iPad to a student, it must ensure that the device is actually being used for its intended educational purposes and that Internet access is tightly controlled.  To that end, McAllen ISD implemented a third party VPN solution that forced all campus-connected devices through the district’s web filtering solution, which blocked students from accessing certain websites. The students, however, very quickly learned to circumvent the district’s filtering policies by turning off the VPN.

“For the TLC3 initiative to be successful, it was critical that we protect our students from the Internet and the Internet from our students. We not only needed to block access to certain sites, we had to ensure we could enforce the same filtering policies whether the device was connecting via our campus network, a student’s home network, or any public network such as a coffee shop,” says Pat Karr, director of network services for McAllen ISD.

Karr notes that extended device monitoring capabilities were critical to the district’s ability to gauge return on its multi-million dollar investment. “The iPads are technology assets, but they also represent an investment in students and staff. We want to ensure that we’re getting the most out of them on both counts. That means knowing how much they’re being utilized and ensuring they’re being utilized correctly.”

In the future the 25,000 district-issued iPads won’t be the only devices driving Internet traffic to the district’s eight content filtering servers. The district anticipates its students bringing one or two additional devices to school in the future as its BYOD program matures, placing a greater emphasis on the need for scalability and efficient traffic management.

“The bottom line is that without BIG-IP APM, we simply could not adequately control student activity on our devices.” Pat Karr, Director of Network Services, McAllen Independent School District

Solution

The relationship between McAllen ISD and F5 began when Karr started evaluating traffic management solutions. “I researched traffic management vendors for two months and learned that F5 is the market leader in that technology,” says Karr. “But when we started looking more deeply into the BIG-IP Local Traffic Manager (LTM) and the broader BIG-IP platform, we found granular security, policy management, redundancy, resilience, reporting and analytics. We asked how F5 might help us prevent students turning off the VPN, and they showed us BIG-IP Access Policy Manager (APM). The integrated platform F5 provides ultimately led us to choose F5 over a Citrix NetScaler solution.”

BIG-IP APM provided a level of access security the district didn’t have with its existing Cisco VPN solution. “Another important characteristic of the F5 platform is that it’s vendor-agnostic,” says Karr. “We’re not just looking at district-issued iPads, we’re looking at BYOD down the road, and we want to support other applications and platforms without having to reinvent the wheel each time.”

As the BYOD program progresses, the district anticipates a four-fold increase in devices connecting to its network. To provide the scalability to handle traffic generated by 100,000-plus devices, McAllen ISD deployed the F5 solution on VIPRION, F5’s chassis-based hardware platform.

“The integrated platform F5 provides ultimately led us to choose F5 over a Citrix NetScaler solution.” Pat Karr, Director of Network Services, McAllen Independent School District

Benefits

With F5 BIG-IP LTM, BIG-IP APM, and the highly scalable VIPRION platform, McAllen ISD has intensified control over student Internet usage on district-issued mobile devices. Additionally, the solution enables the district to better manage traffic passing through its content filter servers and protects the network against volumetric DDoS attacks.

Ensures all web traffic flows through content filters

With BIG-IP APM, McAllen ISD is now able to direct all Internet traffic from authorized, district-owned devices through its filtering solution, regardless of whether the web access originates on the campus network or a public network.

“BIG-IP APM plays an indispensable role in this process by identifying each device, authenticating the user associated with it, and then steering that traffic to our filtering solution just as if it were connected on premises,” says Karr. The process is completely transparent to the user—and unavoidable. “The bottom line is that without BIG-IP APM, we simply could not control student activity on our devices, and that means we wouldn’t be able to provide this program at all.”

Delivers strong defense against DDoS attacks

While BIG-IP LTM easily provides the traffic management capabilities McAllen ISD needed, an added benefit it provides is robust protection against volumetric DDoS attacks.

“BIG-IP LTM gives us a more intimate knowledge of the nature of the traffic coming into our data center, which we were able to leverage in several ways,” Karr points out. “We soon realized we were getting a lot of attempted attacks from other countries, which not only posed a security risk but also consumed a lot of our bandwidth. We subsequently blocked all traffic originating from outside North America. I had not seen a product that was able to do that, and it was a game changer for me.”

Supports multiple deployments and applications

Karr discovered that, rather than simply providing siloed solutions to address the security and traffic management challenges he initially faced, F5 provides a dynamic, vendor-agnostic platform that can support many different applications and deployments.

“Are we going to use the BIG-IP platform only for filtering? By no means,” he says, while pointing to recent success using F5 to manage traffic to the district’s Microsoft Exchange client access and hub transport servers, mobile device management servers, and domain name servers. “Can we use it to manage traffic to our mail servers, our financial servers, our student information systems? Of course we can. The F5 solution delivers great ROI, and it will save us a lot of money in the future as we grow and deploy additional services.”

Karr summed up his experience by pointing out the importance and quality of F5 support staff.  “F5 Professional Services has been a dream, the individuals that came down to install our solution, to install the policy management solution, have just been beyond my expectations.”