iChatting across subnets

We’ve had iChat set up on our macs for a while, making use of Bonjour to provide a zero- configuration way for teachers to communicate around the school. We now have a second site and teachers wanted to be able to iChat between sites but it wasn’t working as Bonjour doesn’t easily work across two different subnets (especially if LGfL are involved!). So instead I set up iChat Sever on our Lion Server.

It was mainly straightforward, once I had figured out how…

  1. Turn on iChat server on the Lion server.  Involves switching it to on.  It sets up a Jabber messaging server.
  2. Set up the login details using Workgroup Manager.  There is a manifest called ‘iChat.Jabber’ which gives you a managed client settings already set up.
  3. When a user logs onto the Mac, their credentials are used to log onto the iChat server.  This requires an AD or OD setup, which meant a few issues when it came to the experimental ditched directory Macs. I had to set these machines up manually using the user’s network logins.
  4. Initially, the iChat window doesn’t show any ‘buddies’, which  renders the service useless at school because teachers wouldn’t know each other’s iChat accounts.  Lion server promises the ability to add all users as buddies automatically, but this only seems to work if you’ve got an Open Directory setup (i.e. all user accounts are on the Mac server rather than elsewhere).  Instead I had to log each user into iChat and then run the command ‘sudo jabber_autobuddy -m’ in Terminal on the Lion server.  This adds everyone who has ever logged into the iChat server onto everyone’s buddy list.

It seems to be working fine, with the teachers across two sites particularly finding it helpful.

Advertisements

LGfL 2.0 attempt 1.1

A weekend or so ago, our most excellent technician did the fantastic job of switching our school over to our LGfL 2.0. We were going to wait until the Easter holidays to do it until someone from LGfL pointed out that we were running two broadband connections, which was costing lots of money so please can you switch over as soon as you possibly can, thank you.

The switchover did involve moving all the admin computers into the curriculum subnet as the new firewall couldn’t cope with different subnets using the same cabling. But all seems to be working now. I’ve managed to tame WebScreen enough so that most people can access most of what they need, and we’ve turned off all the proxy servers so that people can even get Internet access.

How has anyone else found the switch?

Atomwide Training

Today I had some training at Atomwide‘s headquarters in Orpington, having a reasonably technical look at the range of services they offer, such as USO, Staff Mail, London Mail, WebScreen filtering and remote access. It was really good to see some human faces instead of just interacting with a support site, but also to understand the bigger picture of how everything works.  With the demise of any sort of local authority level ICT stuff, it feels like very little is now communicated to schools about  what’s going on with LGfL.  And because of data-protection, Atomwide can’t just email everyone just because they’ve got all our email addresses, even though I wish they would.

It was a very organised day, with precise start and finish dates, and an individually wrapped and named sandwich at lunchtime, which had been previously ordered on their support site weeks earlier.  Atomwide certainly are very thorough in their approach to ICT, with a deep commitment to an audit trail, and it was helpful to talk through issues we had been having.

Some thoughts:

  • I didn’t know I had to create the aliases for our Staff Mail accounts, so they don’t end in @lgflmail.org but rather @myschool.com.  I was wondering why lots of the new staff’s email accounts weren’t working correctly, but now I know it was my fault.  Or rather I only found out today that it was my fault.
  • LGfL 2.0 doesn’t let things like logmein for remote access for security, but the new solutions actually seem quite powerful once you know how.  They also offer VNC support, which is good for remotely accessing Macs.
  • I also didn’t know anything about distribution lists, but do now.  Will be playing with that over the next few weeks, as some members of staff have been asking about how to easily send an email to all the teachers.
  • Despite being warned off AD-Sync by someone from LGfL, it does still seem like an attractive proposal.  I’m all for teachers only having to remember one login for everything and so I’m willing to sacrifice some local-level control over our Active Directory.
  • WebScreen 2.0 is the new web filtering service on LGfL 2.0 and apparently I need to go back at another time for a day’s training on how to use it!  But I think I’ve gleaned enough information to be able to make the WWW actually useful when we do the switch.

Hopefully I will now be in a better position to manage the switchover to LGfL 2.0 that is happening this weekend…we’ll see!

LGfL 2.0 attempt 1.0.1

Tomorrow we plan to revert back to our old Synetrix broadband. Now that’s what I call a broadband fail! The only advantage for the Admin network was faster broadband, but the downside was no access to Curriculum shared files and no VPN access from our second site. Not a great trade off if you ask me.

Instead we’re going to wait until the next holidays (April) and attempt it then, merging our Admin and Curriculum networks into one and extending our IP range to accommodate more devices as well. It’s a big job – let’s hope that it works better than the last time.

LGfL 2.0 install tomorrow

Tomorrow I’m helping our genius technician do the switchover of our network to LGfL 2.0. I sure know how to spend a half term!

LGfL 2.0 is a London-wide project where they’re switching over broadband from BT cables to Virgin Media instead. This is an epic undertaking, but from our end it just means that they install lots of new routers and firewall boxes and then let us do the physical switch-over when we’re ready. (In a slightly ironic twist, Virgin Media don’t actually have any fibre-optic cables in our area so we had to use BT’s anyway.) We did a little test a few weeks ago and the speeds are about 4x faster – yay!

The main difference with the setup at school is that there no longer is a proxy server for web filtering but instead Virgin Media’s DNS server blocks or lets sites through. We’ve got our own internal DNS server so hopefully we’ll just have to change the settings on that rather than for every machine. I’m also hoping that a Apple Remote Desktop UNIX command to all the Macs should be enough to turn off the proxy server settings. But we shall see!