Moving at the Speed of Creativity by Wesley Fryer

Planning for Smart School Network Management

As a new school technology director, I’ve been visiting with lots of folks lately about the ways school networks can be configured to manage network bandwidth for users, safely keep the network fairly open for content access by students and faculty/staff, and also provide for network accountability when administrators want to know “who did what” on the school network. Today I presented day 1 of iPad Media Camp for 40 teachers in Las Vegas, Nevada, who teach at Faith Lutheran Middle School & High School (@faithlutheranlv). They are 1:1 with MacBook laptops at the high school level and 1:1 with iPads at Middle School. I really enjoyed the opportunity to tour the school at lunch and visit with Jonathan Orr (@jorrflv), who serves as a technology coach, about many aspects of their programs and technology infrastructure today.

Currently at my school, we are not 1:1 but have several carts of both iPads as well as Chromebooks for student use. We don’t have any AppleTVs on our school network yet, but do have several teachers who are using AirServer software to AirPlay iPad content to classroom data projectors. I’ve heard horror stories about other schools deploying AppleTV on their network but not planning and purchasing for the management of “bonjour traffic,” which is the “chatty” protocol which can “flood a network with multicast discovery messages.” In a worst case scenario, AppleTVs can generate so much traffic they can render a school network almost useless because of all the packet collisions created by AirPlay. Some network administrators opt to turn off ports for AirPlay on the entire network, therefore preventing these congestion problems but also stopping teachers from using AirPlay. I want to encourage and empower our teachers to use AirPlay, but I also want to make sure we have a “smart network” that can manage this traffic effectively so it doesn’t pose congestion problems.

We’re in a different place than Faith is with respect to the number of end-user devices we have on our network, and how much bandwidth we have available for users. We currently have a 100MB primary connection to the Internet (for approximately 850 students and 150 faculty/staff), with a separate 50MB guest network connection. Faith just jumped up from a 200MB Internet connection to 1 GB over the summer. Faith is about twice our size, with around 1700 students in grades 6-12.

I created the rough sketch below on my iPad this evening using Forge, to illustrate some of the things I learned from Jonathan about network configuration and appliances they use at Faith. Like our school, they have a Sonicwall Firewall to protect the network and also perform “yes/no” filtering to comply with legal and ethical requirements for Internet content filtering. I’ve been looking into the benefits of adding a Lightspeed Web Filter behind our firewall, to provide user-authenticated information about network activities as well as other benefits. (More robust capabilities to answer the “who did what” questions.)

Planning for network management by Wesley Fryer, on Flickr
Creative Commons Creative Commons Attribution 2.0 Generic License   by  Wesley Fryer 

In addition to the firewall, however, Faith is using two other network appliances we don’t currently have but may need. The first is a “packet shaper,” which allows them to set quotas for different kinds of network traffic based on user group. For instance, they can define how much bandwidth students can utilize when accessing YouTube, so faculty/staff bandwidth is not affected by that traffic. In this way, web content like YouTube can be kept open for all users, but overuse by students (potentially) won’t negatively impact faculty/staff network use.

In addition to the packet shaper, Faith is using a “Bonjour Gateway” which manages as well as contains the AirPlay traffic created by the AppleTVs they have and are continuing to deploy on their network. This is also supported by the way they have segmented their network into separate VLANs, or virtual local area networks. They have separate VLANs for students, for faculty/staff, and for their AppleTVs. These are separate SSIDs which users connect to. Technically it’s all one wireless network, but it is virtually segmented to provide different access privileges for different users and devices. By putting the AppleTVs in their own VLAN, their Bonjour Gateway can cordon off all the AirPlay multicast discovery messages they create. The Bonjour Gateway passes along the names of the AppleTVs to the Faculty/Staff VLAN, however, so teachers can select and then connect to an AppleTV when desired from an iOS device or Mac laptop. The Bonjour Gateway is “the magic box” which keeps AirPlay traffic from overwhelming the school network, and makes AirPlay devices available when needed.

The Making of Harry Potter by Dave Catchpole, on Flickr
Creative Commons Creative Commons Attribution 2.0 Generic License   by  Dave Catchpole 

I still have lots more questions about the best way to configure our school network to utilize AirPlay as well as permit more managed traffic usage, but my conversations with Jonathan were very helpful today. I have heard about “packet shaping” as well as “bonjour gateways” (thank you Josh Pierce!) but today’s conversations helped me connect more of the dots about how these different appliances and network configurations can work together to provide a (hopefully) optimal digital user experience for learners at school.

If you have thoughts about these ideas or suggestions for things I should consider please let me know with a comment or Twitter reply to @wfryer.

If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on

On this day..