Mobile Manager

Mobile Manager – iOS Best Practices

Overview

What you’ll learn!
  • The Importance of creating your own strategic plan prior to Mobile Manager deployment
  • Tips and available Resources
  • Benefits of SIS Integration and Delegated Management
  • And more!
Introduction:

Mobile Manager was made to be easy to use, but because of various deployment types and Apple programs it can get a little complicated — and the right setup is key to easy management moving forward. Lightspeed’s Mobile Manager works with all Apple programs and we’re always working with them to ensure we support their latest features, so you can utilize all of them at your schools.

This course will provide a best practice that you can build into your own Mobile Manager planning strategy prior to your deployment. Each deployment is different and will have its own unique challenges. But one thing that is universal is successful deployments require advanced strategic planning and great teamwork!

Network Design

What you’ll learn:
  • The importance of reviewing your current Network Design
  • Ways to minimize the impact on your Bandwidth
Introduction:

In this lesson we encourage you to start by looking at your Network Design and the potential impact that app deployments can have on your bandwidth. We have also included some tips and resources that are available to help you.

Let’s get started!

Network Design and Bandwidth usage

The first place to take a look at is device saturation on your access points. As the device count increases, it may be necessary to add as many as one access point per classroom to ensure adequate wireless range and density.

Apple provides a great resource for you in their iOS 6 Education Deployment Guide.

But once app deployment starts to kick in bandwidth usage can grow exponentially! For instance, let’s say you are deploying an app that is 200MB in size and you are sending this to a class of 30 students. You now have to download 6GB of data and that is just for one classroom. You can see how this can create a serious bottleneck on your WAN and lead to frustrations by end users that are expecting to be able to use the app right away. A good solution is to utilize Apple’s caching server, which you should setup at your school during the initial deployment.

Apple’s caching server requires Mavericks (10.9) and OS X Server. Once enabled, any Apple device that would normally download apps and updates from the internet will be redirected to download from the local caching server. This will conserve bandwidth and speed up installs. Learn more about the OS X Server Caching Service here: Apple’s OS X Caching Server

Also, an open SSID is very helpful when you deploy. During the device setup an Internet connection is required and not having to troubleshoot password issues will save a lot of time. Permanent wireless settings can be deployed through the MDM.

Apple also requires certain ports to be opened. Please refer to Apple’s KB article “Well known TCP and UDP ports used by Apple software products” for more information.

Conclusion:

It is important to look at your network design prior to deployment and have a plan in place to minimize the impact app deployment may have on your bandwidth. In addition, we suggest that you research and take advantage of the Apple resources that are available to you.

Take the quiz!

SIS Integration

What you’ll learn:
  • How to create your group structure using SIS integration
  • How to associate users to a device
Introduction:

SIS integration automatically updates your Lightspeed Systems Mobile Manager from users created, updated and populated right from your Student Information System! Creating your group structure is an important piece of how you will manage your devices. By utilizing your Student Information System (SIS), you can import class lists and the users that belong to those classes. You can then deploy apps and policies in a customized learning environment specific for a student. If your math class needs a specific app, you can deploy to just that class. This also allows you to leverage the class owners, so staff can log in and manage only their classes.

Let’s get started!

As a district administrator, you can automate SIS integration or use .csv file exports and uploads. As an option, Lightspeed Systems has partnered with Clever, a company that can help to synchronize your SIS database at no additional charge to you. You can also find out more about Clever here.The process is made to be easy, but the option you choose will depend on what SIS you’re using, how your information is stored, and how often the data will be synchronized. So to get started, you just need to complete an online form, we’ll put you in touch with a trained network technician or sales engineer for your area. They will discuss your system needs with you and recommend the best solution.

Now that the users are imported, you need to associate the users to a device. If your devices are in Apple’s Device Enrollment Program (DEP) then this can be done during the initialization process described in the next lesson on Apple DEP. The second method is by using a web clip. Web clips appear as icons on the devices that users can tap to access an enrollment URL. The enrollment web clip should be created at the group in which your devices will be enrolled. Once a user enters his or her credentials, the device will be associated to the user.

Mobile Manager can take advantage of your internal LDAP-compatible directory server for user logins. In order for Mobile Manager to utilize your internal directory server, you will need a Rocket on site and port 80 will need to be allowed. See the KB article “Enabling Port 80 Access” for more information. If you do not have a directory server you are still able to create users and associate a device. When creating your SIS import file, make sure you include the password field. This can then be passed along to users, so they can authenticate using this password. Learn more about SIS import files here: Provisioning Devices, Users, and Groups

Conclusion:

SIS integration makes it easy to keep all of your student information databases synchronized with one another. This will simplify your student and device management and save hours of work.

Take the quiz!

Apple's DEP

What you’ll learn:
  • The advantages of using Apple’s DEP with Mobile Manager
  • Where and how to enroll your devices
Introduction:

Mobile Manager and Apple’s Device Enrollment Program have simplified the enrollment process for you.

Let’s get started!

With Apple’s (DEP) devices can now be enrolled during the activation process directly in Mobile Manager. Some of the benefits of using Apple’s DEP are the devices can be supervised and the device profiles made non-removable.

Your goal is to get the devices into Mobile Manager and then manage the users. Choose a group within Mobile Manager, either for all of your devices or if enrolling in separate groups under each of the schools. For detailed instructions on creating a DEP instance go to the manual page “Apple Device Enrollment Program (DEP)”. You must create a DEP instance for each group that will have devices enrolled in. By keeping the number of instances you create down to a minimum on Apple’s site, it will help simplify your deployment.

To learn more about Apple’s DEP program or to enroll, please go to Apple’s DEP

      This website will provide:

      • Instructions on how to enroll devices into the Apple DEP program.
      • How to setup and configure devices over-the-air (OTA) with DEP.
      • And provide access to Apple’s Device Enrollment Program Guide.
Note:

Currently, you must remove devices from Mobile Manager prior to enrolling with DEP. In order for the devices to enroll properly they must be completely wiped and go through the initialization process. You cannot restore a backup of a device that was not already enrolled in DEP. Don’t sign in with your Apple ID during the initial deployment of DEP.

Conclusion:

As mentioned above, the devices can be supervised and the device profiles made non-removable. For these two reasons alone, it is highly suggested to enroll all of your devices that meet the criteria in Apple’s DEP.

Take the quiz!

Managed APP Distribution

What you’ll learn:
  • Determining who will be responsible for purchasing and deploying apps.
  • Where and how to add service tokens
  • How to invite users
  • The importance of informing users of the process prior to the invite
Introduction:

Managed App Distribution allows the push of apps without prompting for a password. A device that is supervised and participating in Managed App distribution allows for silent app installs.

Let’s get started!

The first question to address is who will be responsible for the purchasing and deployment of apps. A service token can be added to any group in your organization. That administrator can then deploy apps using that service token to any group under their hierarchy.

As the District Administrator, you will add your service token to the district level. You can then go to any group in your organization and select that service token to deploy the app. For step-by-step directions on setting up Managed Distribution for your organization please visit the manual page “Managed Distribution“.

After you have set up your service tokens, you will now need to invite your users. For each service token that applies to your users, they will have to accept the invitation. You can invite all users at once, but inevitably some users will cancel the invite or enter their password incorrectly. In this case, you will need to send out the invitation to a single user. Go to ReportsManaged Distribution, and then Users. Search for the user that needs their invite sent again and click Reinvite.

Managed Distribution makes it easy to distribute apps across your schools and classes. Use the Mobile Manager Managed Distribution page to configure Apple Managed Distribution to distribute free (non enterprise) and paid apps from the App Store.

See Apple’s Volume Purchase Program for Education page, which includes steps for enrolling, and Apple’s knowledge base article “Volume Purchase Program: Migrating from redemption codes to managed distribution” for more information. 

If you still have questions we haven’t covered here, check out our Managed Distribution FAQ.

Note:

Managed Distribution is only supported on iOS 7 and later and OS X 10.9 (Mavericks) and later. You must use redemption codes for earlier releases.

Conclusion:

Prior to sending the invite, educating your users about the process and what to expect will be extremely important! This can help reduce the number of times you will need to resend invites. A short guide on what to expect and then distributing that to your staff and students goes a long way in reducing the number of support requests you will incur when sending out invitations. And remember, you can do silent app installs if the device is supervised and is participating in Managed App Distribution!

Take the quiz!

Smart Groups

What you’ll learn:
  • What are Smart Groups and how are they created
  • How to use Smart Groups effectively
Introduction:

Smart Groups are…smart. They’re pre-configured groups based on user types. With Smart Groups you can configure policies, push apps, and view reports based on the basic user types, teachers and students.

Let’s get started!

By default a teacher and a student smart group are auto created for you. Smart Groups are automatically populated with users based on their user type field (teacher or student) or based off the grade level of the student. The smart groups allow you to deploy applications or set permissions to all students or teachers in a school, based on the smart group they are in. They can only be assigned to users and not devices, unlike other types of groups you cannot click Devices or Enroll Devices or Admins.

Conclusion:

Smart Groups are smart and easy to use. They are a handy tool to use to deploy apps, set restrictions, or view reports based on the basic user types, students or teachers.

Take the quiz!

App Deployment

What you’ll learn:
  • Things you need to know before you start deploying apps and where to find them
Introduction:

Preparation is the key to a successful app deployment.

Let’s get started!

You are now ready to start deploying your apps to all of your users. App licenses are acquired through your Apple VPP portal. Prior to deploying your apps, you need to make sure you have the number of licenses available for the amount of devices that will receive the app. This can be found by going to where your service token was added, reports, and view licenses. If you purchased the license recently, then select “Poll Licenses.” When you have the number of licenses that you require, then navigate to the group that needs the app, search for the app and select the appropriate service token.

As long as the Apple ID of the device has accepted the invitation to Managed Distribution (as discussed in Lesson 5), and the device is supervised with no age restrictions set on the device, then the app push will be completely silent.

Conclusion:

Being prepared and knowing that you have all the necessary pieces in place before beginning to deploy your apps will save you time and help make the process easy and the outcome successful.

Take the quiz!

Hierarchy

What you’ll learn:
  • What is hierarchy and how does it work
  • The benefits of Mobile Manager hierarchy
Introduction:

Mobile Manager works in a hierarchical fashion. This means when deploying an app or restriction at the school level it will be inherited by all groups underneath the school. 

Let’s get started!

The hierarchical structure allows you to distribute without having to make changes to every group. Typically, in an MDM the most restrictive setting will always take precedence, but because of our hierarchy we can enable a setting at a classroom that has been restricted at a higher level. If you do not wish for the group administrator to make any changes to that setting, simply use the lock option.

A real-world example would be that the camera has been disabled for the entire high school. However, the yearbook class needs to use the camera to take pictures. You can go to the group and enable the camera just for that class, while still keeping it disabled for the rest of the high school.

Watch: An overview of the Mobile Manager inheritance interface.

For more in-depth information on hierarchy check out our manual page.

Conclusion:

With a hierarchical structure, you are able to distribute and share device management with other group owners.  And knowing how group hierarchy and inheritance functions will go a long way toward understanding what is needed for a successful setup.

Take the quiz!

Setting Policies

What you’ll learn:
  • Why you should consider allowing more access to students
  • Common restrictions and necessary settings
Introduction:

Every environment has different needs and philosophies on what should be allowed and what needs to be restricted. Something you should consider before deciding on the level of access is that the more students can interact with the device, the more valuable it becomes. Overly restrictive settings can be a detriment on the student’s experience with your devices.

Let’s get started!

Common restrictions are limiting the use of Game Center, FaceTime, iMessage, and age appropriate media.
Please note that if you set app age restrictions on the devices, then a password must be entered when deploying applications.

However, certain settings are a necessity to set. Setting your wireless settings within Mobile Manager will allow you to make changes to your wireless passwords without having to touch each device. If your devices will be going off campus, then enabling Global Proxy is highly recommended. This allows the device to be filtered through your content filter anywhere where there is Internet access.

Conclusion:

Policies are an important part of making devices work in your classroom and managing student behavior. Mobile Manager policies let you effectively balance control of student devices, while still allowing safe and collaborative learning in your classrooms.

Take the quiz!

Delegated Management

What you’ll learn:
  • Shared management and how that works
  • Group Admins access and authority
Introduction:

Lightspeed Systems Mobile Manager makes it easy to manage devices distributed throughout your district and to maximize their educational benefits. Unique education-specific tools and policies split management between IT staff and classroom teachers, so everyone has the visibility and control they need, and no one is overburdened with management

Let’s get started!

For instance, your site technician can make settings and push apps for just the site in which they are responsible. Teachers can log in to Mobile Manager and only see the groups that they were made administrator of in your SIS import.

However, Group Admins are limited in their access and authority.

They can:

          • Only create groups below their level
          • Only manage the passwords of admins at lower levels, not at same level or above
          • Only manage devices at the same level or below

They cannot:

            • Create or delete users
            • Edit organization details
            • Assign a device to a user
            • Delete apps from the main apps tab
            • Delete devices
            • Override locked restrictions
Conclusion:

Mobile Manager allows you to share or delegate management of the devices within your organization, while still maintaining control. In addition, Mobile Manager has a list of various reports, so that you can monitor what is happening when needed.

 

Take the quiz!

Carts

What you’ll learn:
  • The best way to setup devices on carts
  • The two main paths to associate these devices to users
Introduction:

All the previous topics discussed in this course will generally apply to carts. However, there are some slight differences in the setup of the devices on carts.

Let’s get started!

For example, each device that belongs to the cart should be associated to a user, if you want to use Managed Distribution. The best way to do this is to create “fake” users, using a SIS import. In the same method that real users are created, a file will then be generated with unique user names of the devices. You will also need to create some initial “fake” administrators, as well. Once this has been added, groups for the carts will need to be made. Lastly, you will need to tell where the carts go. See the article “Provisioning Devices, Users, and Groups” for sample group, membership, and user SIS files.

Once all of the structure has been created, go through the enrollment on each of your devices. The easiest path is to place all cart devices in a single group, outside of your permanent structure. This can be off to the side of the district office or the school that they will ultimately belong.

Now you need to associate these devices to users. You have two main paths to best accomplish this. The first would be to use the web clip method mentioned previously in this course. The second would be to use the SIS import option in Mobile Manager. In this case, you need two columns. The first being the serial number of the device and the second column the unique SIS ID just created with our cart SIS import. Mobile Manager will then associate any existing serial number with the users.

Conclusion:

After the association has been done, you are now ready to send your managed app invitations.

Take the quiz!

BYOD

What you’ll learn:
  • How to manage a BYOD (Bring Your Own Device) environment
Introduction:

On student-owned devices, you’re going to have two primary concerns: pushing apps and managing policies during school hours. With Mobile Manager you can configure Internal Policies that only manage the devices when they are using your network.  This can be particularly useful in BYOD environments. For more detailed information, please see KB How-to article Internal Policies.

You can also push apps to student devices, and through Managed Distribution, the school retains ownership of them and can revoke them from the student device at any time.

Let’s get started!

BYOD will function much like your 1:1 deployment. However, there is one exception. You will not be able to use Apple’s Device Enrollment program (DEP), because the students will own the devices and they may not all be Apple devices or meet the criteria.

The enrollment URL for your BYOD group will need to be passed out to your end users. You can find this by going to the group and selecting Enroll Device. After the users have enrolled, they will need to associate their user by signing into a web clip. Managed app invitations can now be sent to the users.

Conclusion:

Most environments have a mixture of 1:1, carts, and BYOD. It is important to understand the differences between the different models during setup.

Take the quiz!

Resources

Available Community Resources:
  • Mobile Manager is always adding new features and capabilities, so be sure to check out the latest release notes.
Conclusion:

Now that you have completed this course, you are ready to start your own Mobile Manager planning strategy. And remember when you are ready to install Mobile Manager, Lightspeed Systems is part of your team and we are here to help.