Slashdot Mirror
Ask Slashdot: Best Practices For Maintaining IT Policy In K-12 Public Education?
First time accepted submitter El Fantasmo writes "I work in public education, K-12, for a small, economically shaky, low performing school district. What are some good or effective tactics for getting budget controllers to stop bypassing the IT boss/department? We sometimes we end up with LOW end MS Win 7 Home laptops, that basically can't get on our network (internet only) or be managed. The purchaser refuses to return them for proper setups. Unfortunately, IT is currently under the 'asst. superintendent of curriculum and instruction,' who has no useful understanding of maintaining and acquiring IT resources and lets others make poor IT purchasing decisions, by bypassing the IT department, and dips into IT funds when their pet project budgets run low. How can this be reversed when you get commands like 'make it work' and the budget is effectively $0?"
Just make up some bullshit about how only machine brand XYZ will work for us. All the others can be hacked by predators to take pictures of the children. Use FUD to your advantage.
You need to have the licensing right for the software that you have.
http://www.microsoft.com/education/en-us/buy/licensing/Pages/schoolenrollment.aspx
But right now you need to tell the people who say 'make it work' how big the fine is for not have the licensing right.
There is a reason people are bypassing you. From my experience, it is because you either are not performing well, or they think that you are not performing well. If it is the latter, you should raise awareness with regard to backups, security, etc. You may also want at look at prices. For example, recently I have seen ridiculous internal prices for a few GBs of file-server storage accessible to a complete department.
Of course, if it is the former, then you are screwed and people are bypassing you so that they can get their jobs done. In that case you should think about abandoning the current IT department and building up a new one with people that understand that they are service providers.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Have you considered purchasing your software through Techsoup. Microsoft software is virtually free (last i remember something like 10 to 20 bucks per copy of windows, similarly cheap for server OSes as well) so long as your organization qualifies. I am assuming you want to integrate everything on a Windows domain...
Nuclear war would really set back cable. - Ted Turner
If it's literally as bad as you describe, your intended function is to fail as spectacularly as possible in order to be the fall guy. You can't gather meaningful evidence to convince or refute the decision-makers, and no one is going to believe you when you claim you're being asked to do the impossible by the unreasonable.
Leave. The only reason they want you there is that they want you on the bridge when the ship runs aground.
When failure's not an options (because it's mandatory), you're under no obligation to remain involved with that fiasco, and short of blackmail-level evidence, you have no way to change course anyway.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Shut it all down. Continuing to run it in that condition's just going to degrade it further. Send the kids home with a note explaining what the incompetent !@#$hole forced you to do to their kids. Cc: the note to the news media.
Oh, and get another job. You'll need it. Hell, you need it now.
A !@#$storm like this can only blow up in your face. No point putting the solution off until it does.
"Tongue tied and twisted, just an Earth bound misfit
If your department doesn't have a mission/vision statement, then you have no standard to complain about not being able to meet. You also have no direction, and frankly, probably don't deserve to get funding for anything anyway. If you do have a mission statement, and you're currently unable to meet its objectives, then point it out. If you don't have leadership support, go to the citizens. Have them elect a school board which gives priority to educational technology. This is not that hard to do, but it does require a steadfast commitment. The National Ed-Tech Plan is also a good resource to argue from. Seriously, there are so many funding opportunities for low-income school districts in this country that there's no excuse for wallowing in your current predicament.
dips into IT funds when their pet project budgets run low
Given the fact that you work in the public sector, you may wish to consider obtaining anything and everything available on budgetary policy for your school district, county, state, etc. It may turn out that what you're observing on the fiscal side of things actually represents clear misappropriation of funds. If that's the case, bringing it to the attention of people three or four levels up in the chain of command may have an interesting effect, and perhaps a detailed letter to a state representative would bring uncomfortable attention to those mismanaging the funds.
Write failed: Broken pipe
This is a management/politics question. Gaining resources for your own department is what a good manager or VP does every day. IT people are fundamentally bad at this because they give answers that are technical and correct, yet are irrelevant in a financial or political context. While fighting the good fight, terms like "PCI", "HIPAA", and "BSA" will help you much more than "IPSEC" or "DNS".
Learn political skills, work on establishing trust relationships with the other players rather than just being a technical grunt, and remember that if you're not at the table, you're on the menu.
Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
Bitch, constantly, in writing... preferably notorized.
That way, when the shit inevitably hits the fan and your bureaucratic slave-driver comes looking for a fall guy, you have documentation that shows you tried your ass off to get them to change their idiotic ways, but they staunchly refused.
Been there, done that; still got screwed, but at least by documenting everything I managed to take the asshat who wouldn't listen down with me.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
start by cutting off access to devices that you don't have control or at least knowledge of, i.e., any device that hasn't been brought in for proper setup (where I work we achieve this through central static DHCP).
So annoy everyone and make more work for yourself?
We have done this on about 250 out of 650 systems. For the most part it works very well, as the students are not yet brainwashed into the "I can only blow my nose on a kleenex" mindset when it comes to product choice. That happens when we become adults.
You do, however run into problems with short-sighted vendors who only support windows and grudgingly support mac. And despite the relatively short path to porting most mac stuff to linux most vendors are loathe to do so. For the most part this is kind of warped economics, as they fear they will have to start supporting Linux. No dude. That's what WE'RE here for.
You will also need to prevent your curriculum "experts" from getting starry-eyed from the shiny BS spun by the sales reps. On a broader note, even though they may have a "cloudy" spin on their web-based stuff to get the suits all moist, it damn well better integrate with the SIS, and not charge extra for the privilege. Unfortunately you have to get the powers that be to see past all the cutesy graphics and crap to the underlying mechanisms (or lack thereof).
LDAP integration for auth, and NOT just AD. Support for groups in separate OUs. The list goes on.
Content filtering etc. is done at the firewall/router/proxy level, so that's not an issue. If the hardware supports it (switches, access points, etc), then I'd set everything up so that clients get assigned round-robin into a number of VLANs -- as large a number as the network hardware will support. Each client would then only see the outside internet (via a proxy), a domain server, and a small number of cohabitants on the same VLAN. I've set it up that way at work, and it helped prevent spread of worms and viruses that would try and attack every machine on a given subnet. Since we have about 20 permanently attached machines plus up to 10 coming-and-going ones, everyone is always on their own VLAN as we have configured 64 VLANs. Equipment is also segregated into VLANs: IP phones on one VLAN, printers on another, network switch and access point management interfaces on yet another. Access to internet, and routing between VLANs, it configured per VLAN, so for example printers are invisible for anything but the server machine, as are the phones. Client machines are not mutually visible either, and guest clients only see a SMB print service (via a separately running instance of samba). Only clients that register on an internal webpage (using a valid username/password) get switched over to the full gamut of services (SMB file/domain/print server, AD server, etc).
Sadly, it's not just education that's suffers the "make-it-work with $0" mindset. This along the lines of "the beatings will continue until morale improves" except it's "the budget will not be funded until results are achieved." This is a management problem, not an IT problem. You need someone intelligent who speaks management to make it understood that they have to have realistic and definable IT goals which includes a willingness to fund them on your side.
I don't know much about your community but if you're lucky enough to have a grant-savvy PTO, you might be able to get them to write a grant application for the funding but, again, you need to be very clear about what the goals are and how the hardware/software you want will achieve them.
Also your local board of ed and board of finance may be interested in the dipping into the IT budget when pet project funds run low. They tend to frown on stuff like that.
I do as well. We've been able to save TONS by purchasing off-lease systems at 10 cents on the dollar WITH 3 year warranties. The bigger issue is that the wrong person is selecting and specifying technology purchases. Talk to the Supt or CBO. And yes try to make them look good, if you can. All computer, networking, AND software purchase should have to pass through the IT dept for evaluation. To not do so is foolish at best.
Make Network Maintenance an elective!
Quit.
You'll score a job at a place which values your expertise, probably with higher pay. The institution you worked for will go under, not because you left, but because it's fairly obvious that it's already borderline, and the people in charge have their heads up their asses -> Misallocation of appropriated funds is not looked kindly upon by the press, and following the fomenting scandal, the state may be forced to shutdown the school. Since it's already a low-performing school, an argument will be made that the state's SAT scores will rise by getting rid of this particular institution, and after a fight by the local Teacher's union (you need a leg to stand on to win these kinds of battles, and they won't have one), some dagger work will be pushed through, and the problem (the school) will be made to "go away."
You probably feel for these kids, and you want to help them out; however, you can't. You have neither the time nor the resources necessary to change the pervading mentality that IT is the asst. supervisor's trick. Given that, the best you can do is hope that their future will not be terribly impacted by the ensuing shit-storm, and get yourself out of the line of fire.
And be sure to document all further interactions with people of interest, in either written or electronic form. Keep a nightly off-site backup of your emails, as you may be charged at some point for complicity in this madness, and will need an alibi. Remember, a bureaucrat will not hesitate to throw an underling under a bus to save himself, and no one believes the accused.
I am John Hurt.
I have worked in EDU for quite a few years now, I was involved with a K-12 before (consulting) and have been at two higher ed jobs (one in central IT, one in research)
a) Go open source and simply tell them: no more Windows because your licensing doesn't check out (licensing for small-to-mid schools is mighty expensive even if you get all the discounts). You have to not only get your licensing for your machines (which are ridiculously low to pull in your non-technical staff at a low point sometimes $10 or $20 for Professional versions or bundles with Office and Windows licenses) but a heap load of servers and CAL's to get everything on the Microsoft-side to work together (which ended up in one of the negotiations I was in averaging $25/FTE/service (Exchange, Sharepoint, Forefront and AD (the standard suite) was thus $100/FTE) + several $100's per server (~$300 for W2K3 Standard back then).
b) Spec a lot higher than you need. Sure, someone (you) can go to Dell/HP and spec out a $500 machine but you should budget for that machine to cost $1500, your purchasing department (if there is one) will balk and negotiate you down to $1000 and you'll get a decent machine. I have to do this all the time in research because computer gear is the first thing that gets axed out of the budgets. For ballpark figures in research: budget your workstations at 2x the actual cost, servers at 3x the actual cost, storage at 4x the actual cost and you'll usually barely be able to afford what you need.
c) If you really need MS Office or a 'commercial' offering because the manager/purchasing/principal wants someone to yell at when it breaks down talk to an Apple rep and have them spec out your environment including all software licensing, they're pretty honest about it unlike Microsoft as the client is simple and included in your hardware cost (no 'upgrade' or 'enterprise' required), Server is unlimited clients and cheap (and again, your organization qualifies regardless), no CAL's, no FTE calculations, no hidden fees, no need for extra licenses or site licenses just to evade their auditing department (I'm your customer Microsoft, not your serf), you'll get a rep that has experience with K-12, free seminars and classes. They're great and easy to manage and integrate well with Windows even though they may require an overhaul of your entrenched Windows admins that got hired because they're the friend of the cousin of the principal.
d) Get better negotiation skills and set up vendors against each other. Dell for example will RAISE their prices or remove their cheapest offerings for K-12 (especially existing customers) unless you can pit two sales people against each other. They can sometimes go to great lengths to reduce their cost. Alternatively, I have found that if you need a boatload of generic computers, you might even be cheaper getting a local company to custom build you a boatload of your specced out computers. I have worked with a company that custom builds laptops and desktops (if you need more than 50) and they have local, free customer and technical service whenever it breaks down and they're cheaper than the Dell/HP offerings and they build only to what you need. I needed for example specific workstations (2 nVidia cards with at least 1GB VRAM, Xeon CPU's, 16GB ECC RAM) and HP would sell me machines that came with the choice of Quadro ($$$) or an empty slot while Dell would in the same lineup have 1 month a shipment of nVidia cards and the next a shipment with ATI (now AMD) cards and then all of a sudden they would send me a machine with ECC RAM but the motherboard didn't support the ECC functionality.
e) Look elsewhere to cut your budget. Do you really need Cisco gear? How about HP or Netgear even? Do you really need service plans? Do you really need Microsoft software on your server? LDAP is free, Samba is free and both are just as easy to manage as AD with the proper tools. And for the whiners that say "how about Global Policies" - do you really use that crap? In an educational environment you want to be
Custom electronics and digital signage for your business: www.evcircuits.com
samzenpus,
Stop making it work. It's the only answer. Your cleaver ability to make it work (somehow) only reinforces their "vision" that you don't know what you're talking about and ask for too much. Do be careful, and don't do this when a really obvious workaround is available. I'm taking about spending a week or two head scratching to come up with an answer is what you should stop or at least slow down. Don't make the slowdown suddenly, make it over a year.
Also see this post: http://ask.slashdot.org/comments.pl?sid=2686997&cid=39131125 - and take it to heart. Just happened to me. I quit rather than take the "death march". Got nearly a 100,000 dollar raise out of it too. Did I mention it's always good to carefully document your projects?
When the higher-ups start complaining about things not working, say things like:
"Yes, I knew that would happen if we substituted the windows licenses I requested for the less costly versions we were supplied. There is a reason for the price point difference. I would have pointed it out if I'd been informed of the change."
"That hardware was known to be under-preforming, however, we were not advised our requested hardware was to be substituted for that or I would have pointed out the deficiencies."
"I wouldn't dream of selecting what educational materials were purchased because I'm not an educator. I'm not sure why people that are not IT professionals would substitute their judgement in IT areas with out a even a consult with IT. We know about budget constraints and we specify the least expensive choice that still gets the job done with the resources available." (Careful with that one.)
You should come up with at least a dozen variations on this theme and drop them causally to everyone, not just the PHBs. I was able to force out a PHB that constantly was changing my orders for software, services and equipment with careful documentation and a grass roots effort from classroom teachers.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
You might consider exploring a campus agreement--some variants allow the sale of software at a super-steep discount (in recent years including OS) to students for use on their machines, so this might get you to a place where the machines could be manageable Pro or higher editions without major expense... Compliance would still be hard, but really we're at a point where you shouldn't be having "client" systems connect directly to the internal network, and should instead carefully manage their traffic and communicate content to students from the school on semi-private networks that don't have access to the live network. It isn't very difficult to conceive of configuring a VPN service onto that network in such a fashion as the clients couldn't communicate with the other clients, and only have access to the terminal servers you provide application services from...
If students want access they need to login... Android, iPhone, and iPad all support VPN connections so it seems like a trivial inconvenience to protect all involved.
It would also give you access to some very cheap pricing for the software you're probably already over-paying for.
Who did what now?
@Joe_Dragon's suggestion re: informing the higher ups of Microsoft's licensing terms is good.
If they ignore the advice, and El Fantasmo drops a dime on the district, he'll still need to anticipate looking for another job. Unless the written licensing memo makes it all the way up the chain, including the district superintendent and board (if any), there's probably going to be someone with firing authority to scapegoat IT if the resulting BSA audit ends up costing the district any money.
I'm not surprised that the office responsible for the PO is getting you the lowest end crap they can find, it's a pre-Dilbert cliche.
Luke, help me take this mask off
What problem would switching platforms solve? They'd have to select/learn a whole lot of different software, they'd have to cobble together some way of centrally managing several hundred computers AND a thousand or two user accounts without any real vendor tools to speak of.
Typically people who spout 'linux' as the answer for problems in educational computing tend to think that shooks use little more than an office suite & a browser... That is rarely the case - typically textbooks have supporting software, there are various assessment tools, special-purpose tools for managing HVAC, the library, student records, etc.
Turning the entire infrastructure of a school upside-down to switch platforms is more of a problem than a solution.
The OP didn't complain about technology (apple, PC) but about respect and trust issues. His teachers would never think twice about picking hardware for his environment, but they'd never let him pick their text books.
Ken
Meta: So, parent was modded flamebait... I find that moderation more inflammatory than the above comment. Whom would the comment be baiting? Are we really supposed to not mention that linux is free of cost and could be used for general computing, because that could get Microsoft proponents agitated? I think the moderator should try to aquire some better moderating skillz.
Come on now. Microsoft probably paid good money for someone to mod that post down. ;-) Oh wait! You're post is modded to zero as well. Surprise, surprise. OTOH, maybe it's due to the AC. Let's wait and see if my post gets modded below 1 as well.
As someone else posted, there are application considerations, and Microsoft still has an "applications barrier to entry" in the PC world. This might be insurmountable wrt textbook software, etc., but like you said, one can easily set up some test machines.
Having previously worked in several educational settings, I'd have to say that teachers (and more-so school admins) are often some of the most self-entitled irresponsible clients you could have in IT.
It's not necessarily that the IT dept sucks, but rather that the staff get in their mind that they want something right now and must have it - standards/rules be damned - and that they know better than any slob in the IT department.
To them, there's no reason why they can't go buy the cheapest laptop possible and then have IT get it to work on the school network (despite lacking PXE or fitting into the standard imaging scheme) with all the standard software.
Alternately, there's no reason they shouldn't be able to go out and buy a bunch of Macs in a PC environment (or PC's in a Mac environment).
There's no reason not to share out their password with the class to install software X... after all why should the class wait for IT to vet+install software that they decided yesterday is absolutely necessary.
You can't tell them they're wrong, because they're educators. They're used to telling students what's correct, so how dare some lowly IT peon tell them they're wrong.
*Disclaimer: I have worked in 3 school districts as well as various other public/private entities not related to education. The above reflects many of my experiences with teachers. Not *all* teachers are like this - more are not - and happily the newer generations of teachers seem to be less self-entitled. However, even a few rogues can certainly make an IT Dept's life miserable, and generally detracts from the quality a district receives overall due to IT being tied up fixing their crud. I don't see as much of this in non-educational settings, possibly because a rogue employee is an expense.