The integration of the N4L user level filtering into Crystal

(Lots of changes here- waiting to test the latest Google solution)

N4L Content filtering

Keyword: N4LFiltering

All schools that are connected to N4L’s Managed Network and using N4L’s Web Filtering are able to utilise Individualised Filtering and Secure Website Inspection.
These features allow schools to fine-tune their web filtering, and also meet the needs of increasingly complex digital environments within schools.
 Building upon the existing Web Filtering features already available to schools on N4L's Managed Network.
 
Secure Website Inspection

  •  When a site uses secure protocols (https://) the standard category and URL filters only allow the category or site to be blocked or allowed. Content inspection rules do not apply as the filtering platform cannot inspect the secure web traffic.
  • Secure Website Inspection allows you to filter parts or all of these secure websites. This is great for sites like YouTube, where the site is used to support learning but you want to ensure the content is used appropriately.
  • Sites that need to use secure protocols, such as online banking, can be excluded from the inspection to ensure user security is maintained.

 
Application Control
 When combined with Secure Website Inspection this feature allows your school to set up controls over hundreds of popular web applications.
This means you can allow access to a website, but block a certain aspect of that web application.
For example, students could be allowed access to view Pinterest, but prevented from posting comments or uploading their own photos.
 
Individualised Filtering
N4L’s Web Filtering integrates with your existing user directory service (eg. AD or LDAP) allowing you to personalise student and teacher internet browsing access.
You can allow teachers access to certain sites, while restricting student access to the same sites.
 All of these features can be combined with existing content, category or time-based filters to create a school online environment such as this:

  • All staff have unrestricted access 24/7 to the internet, but the categories of “Alcohol & Gambling” are blocked
  • All students have unrestricted access to education-specific services (e.g. Google Apps and Moodle) but all other internet browsing, including social media, requires authenticated sign-on
  • Facebook is accessible to Year 10-13 students only, but uploading and commenting are blocked.
  • Pinterest is available to Year 10-13 Art students, including uploading and commenting between 1pm -3pm (art class times)

 
Implementation of these features

  •  These web filtering features are fully funded for all schools as part of their Managed Network connection. However it is the responsibility of all schools to ensure N4L’s Web Filtering integrates with your school’s existing directory structure and system.
    The costs to implement and integrate these features are the responsibility of each school.
  • For Individualised Filtering, a robust and well-designed directory implementation within your school is necessary for this feature to be fully utilised.
  • Some of the features detailed above require a high level of technical capability, so it is important that schools discuss what internal capability and external support options they have available, and understand the time and cost implications for implementation.
  • This service can integrate with existing user directory services (eg. Active Directory, Novell eDirectory or other LDAP capable directory services) allowing schools to apply specific filtering policies to students and teachers’ internet browsing.  A robust and well designed directory implementation within the school is necessary for these features and benefits to be fully utilised. Additionally, the service also allows for filtering of secure websites (https).
  • The cost of the added functionality and features are funded as part of each school’s Managed Network package. Schools may choose to contract the services of an IT company such as yourselves to carry out the implementation work, at their own discretion. Any cost incurred for this implementation work is not funded by N4L under the current transition services arrangement and should be agreed between yourselves and the school directly.
  • The majority of work for integration will be within the school environment, and will involve the following:
    •  Ensuring the school’s directory service is setup to work with N4L’s Web Filtering.
    • Deployment of  trusted root certificates on internet enabled devices 
    • Applying changes to the school’s filtering settings
    • Setting up and running reports
    • Troubleshooting basic errors.

N4L Configuration of the N4L web filtering service.

  • Training ...
  • Multiple schools ...
    • If you are acting on behalf of a number of schools - the principal of each school will need to contact the N4L Helpdesk to add you as a verified Web Filtering Administrator and implementor. Helpdesk can then confirm what existing N4L web filtering services the school has, and if required, can start a request for the provisioning of the advanced content filtering. 
    • While the N4L web filtering services are fully funded for schools to use, the costs of implementing and integrating the services, which in this case, will be your time and cost - are the responsibility of each school. 

Crystal Configuration of the N4L web filtering service.
The technologies used by this service are complementary to the ones Crystal uses.

  • Prerequisites - see N4LFiltering -school link below
  • Costs
    1. Crystal
      1. Setup cost
        • There will be a one off cost in configuring the LDAP, certificate and access via Crystal>
          The cost is $ ??? Our best guess is $250/school. We need to confirm this wil our first school.
      2. Ongoing costs:
        • If the level 3 users in a school do the N4L required training then there should be NO ongoing costs.
    2. School
      1. Setup costs:
        • Training: If the level 3 user(s) carry out the training as required by the N4L there will be NO training costs.
        • Certificates ...
          Budget for about 30 min/per device @$60/hour. This rough estimate can be refined later.
          • If a school's own ICT support installs the required digital certificates and keeps Kete updated (mostly automatic)  then setup costs will be "in-house".
          • If the school requires Crystal to install the digital certificates on each and every device at school then there WILL  be the normal costs (ask for a quote)
      2. Ongoing costs:
        • If the level 3 users in a school do the required training then there should be NO ongoing costs.
        • It is expected that the school will keep records (suggest using Kete) to monitor aging certificates.
          When a certificate expires then there there will be a cost for renewal.
        • If needed Crystal is able to supply support but there WILL  be a cost as per normal.
  • The "How to"  configuration process is two parts.
  1. The school side implementation - mainly the installation of the required digital certificates on each device (see link below)
  2. Crystal side - the configuration of the Crystal side (see link below)