Introduction
(STA) is a Catholic private school that offers college-preparatory and military/leadership day school for male students in the St. Paul and Minneapolis, MN area, serving grades 6-12. Like many organizations, STA had been leveraging Active Directory庐 (AD) as their core directory service for many years. However, they found themselves at a critical juncture: either upgrade their aging on-prem hardware, and renew Microsoft庐 licenses, or seek a new solution in the cloud.
| Organization: | Saint Thomas Academy |
| Size: | 680 Students, Faculty, and Staff |
| Location: | Mendota Heights, MN |
| Problem: | Aging directory infrastructure, mixed environment |
| Goal: | Upgrade directory services |
Background
As the System & Network Administrator at St. Thomas Academy, Paul McKeehan knows the challenges of IT in the education sector well.
鈥淭here are so many things that students, teachers, and admins need to effectively do their job. For example, we have applications like G Suite for Education, Office 365, and PowerSchool, to name a few. We also have a mixed environment of Macs, Windows, and Linux servers, all of which struggled to communicate with our traditional on-prem directory service,鈥 McKeehan said.
鈥淚 kept running into projects that I wanted to implement, but was unable to manage with AD.鈥
But Paul McKeehan had an even more pressing problem: aging hardware. 鈥淚 have a 2003 AD server. I have 2008 DHCP and DNS servers. I also have an entire department of Windows machines that are about a year away from end of life,鈥 McKeehan said. 鈥淚 needed to upgrade all of that and maintain access level privileges across the different platforms. When you factor all of this and the Windows licenses we would need together, the price tag gets expensive.鈥
Searching for Solutions
鈥淓ven with discounts for education, I estimated that the upgrade costs would total $12,000. But that was just for the first two years,鈥 McKeehan said. 鈥淵ou also have to think about maintenance and annual license renewals. Then, five years later, you have to do it all over again.鈥
“Budgetary constraints became a huge hurdle.”
McKeehan鈥檚 first thought was to replace AD with OpenLDAP, but he quickly found that he was running into the same issues he had found with AD. 鈥淓ventually, I realized the on-prem approach wouldn鈥檛 be able to solve most of my mixed environment woes.鈥
McKeehan鈥檚 next thought was to try Google Cloud Identity, but was again disappointed to find that it was limited to Google services. 鈥淪o I started to think, 鈥楳aybe there is a holistic cloud-based directory service available.鈥欌
鈥淚 literally Googled, 鈥楧irectory-as-a-Service,鈥 and 探花大神 was the top result. After some digging, I quickly realized 探花大神 could easily mitigate the challenges I was facing.
探花大神 in Action
McKeehan only recently made the leap to 探花大神, but he鈥檚 already using it to manage systems (Windows, Mac, Linux), web applications (Office 365, G Suite), on-prem resources (PowerSchool), and even STA鈥檚 WiFi network.
McKeehan walked us through each component of the implementation:
Systems
鈥淲e have the 探花大神 agent installed on all of our administrative devices. It鈥檚 also installed in our computer labs and on servers,鈥 McKeehan said. 鈥淭his makes management easy because instead of having to point all of these systems to an AD authentication server, we just install the 探花大神 agent on our systems, and then everyone can log in with their own unique credentials.鈥
Apps
鈥淧rior to 探花大神, onboarding and offboarding users was a very granular process. I would first have to go into Office 365 and create their account. Then I had to go into Google and create the same account there. Next would be going into AD or Open Directory to create their accounts there, and so on,鈥 McKeehan said.
鈥淣ow, all of those resources tie directly into 探花大神 Directory-as-a-Service庐,鈥 McKeehan said. 鈥淎ll I have to do is set up their account in 探花大神 once, then provision all of their necessary resources by clicking a few checkboxes. Revoking access is as easy as disabling the checkbox. This saves me significant time per user.鈥
PowerSchool
鈥淲e use a few hosted apps here, but all of our learning management system (LMS) software still needs LDAP,鈥 McKeehan said. 鈥淚nstead of us having to import our Google directory into PowerSchool to create users, we can simply have PowerSchool look back to 探花大神鈥檚 LDAP-as-a-Service for user creation and authentication. There鈥檚 no need for on-prem LDAP servers.鈥
Networks
鈥淕etting RADIUS to work was a highlight for me personally,鈥 McKeehan said. 鈥溙交ù笊疋檚 RADIUS-as-a-Service provides ease of access for students and faculty, while enabling us to secure WiFi via their personal username and password. Not only does it cut down on the management overhead from password resets and lockout, but it is also boosts network security by getting rid of the 鈥渙ld-style鈥 pre-shared key SSID authentication. Plus, no on-site RADIUS servers.鈥
The Result
探花大神 has addressed the school鈥檚 directory needs while coming in well below the $12,000+ they would have spent upgrading their AD infrastructure. But opting for a cloud-based directory service has also saved Paul McKeehan valuable time.
“I can accomplish just about any task in a third of the time with 探花大神.”
鈥淔or example, setting up a new faculty user account and provisioning access to all of their resources used to take me an hour or more,鈥 McKeehan told us. 鈥淲ith 探花大神, I can reach the same result in twenty minutes or less.鈥
The ability to centralize resource management has been 鈥渉uge鈥 for Saint Thomas. McKeehan explained, 鈥溙交ù笊 empowers me to control all of my IT resources from one pane of glass rather than having to switch between multiple different sites and services to create user accounts manually.鈥
But the most important factor is the end user; no directory implementation could be a success unless it was a success for the students and faculty of STA.
鈥淭he best part about my experience with 探花大神 has been that most of my users haven鈥檛 even noticed the change,鈥 McKeehan said. 鈥淭he implementation has gone so smoothly that it has been 鈥榖usiness as usual鈥 for my users. There haven鈥檛 been any issues or complaints. Everything just works.鈥
Conclusion
Sys Admins in the education sector have the unique challenge of managing vast, mixed environments on a smaller budget.
Faced with aging hardware, Paul McKeehan knew it was time to make the move to the cloud. Now that he鈥檚 implemented Directory-as-a-Service, it鈥檚 clear that he made the right decision for Saint Thomas Academy.
鈥溙交ù笊 has enabled me to effectively eliminate the upfront costs of upgrading on-prem infrastructure, not to mention maintaining it,鈥 McKeehan said.
鈥淚 just pay for what I use, and 探花大神 takes care of the rest.鈥