Net losses – #glew #EDUScotICT #glowplus

I read the following article with some interest yesterday.

I want to start by clarifying my own position on the topic of Internet Filtering in a schools/LA/Education context.

For reference – here is a link to my earlier post on this topic

I consider that some degree of filtering is necessary to protect users from the considerable amount of illegal/undesirable content which is available and accessible on the internet and also prevent illegal use of publicly funded facilities.  The Internet Watch Foundation provides  and maintains a filter list which it considers contains a list of content which is unacceptable for use/access in schools.  Any network provider who is making content available for children should take account of this and apply at least a basic level of filtering in line with the IWF approach.  There may also be additional content which should also be blocked.

When I was involved in provisioning the original SSDN Interconnect (now known as the Glow Interconnect), one of the driving objectives was to provide more cost effectively a connection to the internet which could sustain classroom (and admin) ICT needs for schools, libraries and LA’s.   The SSDN (Glow) Interconnect provided an unfiltered path – again I say an unfiltered path, to the internet via Super Janet.  The Interconnect provided bandwidth/capacity which far exceeded the amount of bandwidth LAs could traditionally afford.  The Interconnect was/is provided by the Scottish government at no cost to the LAs.  It remained the responsibility of the LA to provide connectivity between Schools and the LA SSDN (Glow) Interconnect node – LAs also had to sign up to the Janet Acceptable Use Policy – which refers to the transit of unacceptable information/data across the network.  The connection between the school and the LA SSDN Interconnect node was/is paid for by the LA (the cost of this, which to some extent was dictated by circuit bandwidth, geographical location and circuit length etc).  LAs provided the connections that they could afford which resulted generally in urban schools being provisioned with better connectivity than rural ones.  ADSL was often used to connect schools which was always, in my opinion, an inappropriate technology for schools connectivity (I don’t want to develop that line here) but it was often the best that could be provided.  The Broadband Pathfinder (Scottish Government funded)  project lead to an improved position for schools in the following LAs, Shetland, Orkney, Highland, Moray, Argyle and Bute, Dumfries & Galloway and Scottish Borders.

Why do LA’s Block certain traffic types?
Now some comments regarding the position in Scottish Education which has lead LA network administrators blocking whole services as opposed to specific instances of inappropriate content. This includes Twitter, facebook, youtube etc……  I believe that some original decisions were based on the need to protect bandwidth resources.  This particularly in relation to YouTube where there was a concern that LA WANs were not designed/provisioned to support video traffic.

Video and its use to convey knowledge was always attractive for educators.  The introduction of YouTube and other similar services would provide attractive possibilities for learning and teaching which when appropriately exploited, would add value.  Video needs bandwidth – and many LAs were aware that to open up the likes of YouTube would lead to a potential flood of network traffic.  This could certainly lead to problems on the LA WAN and reduce performance as seen by end users to unacceptable levels.  So I would maintain that in order to open access to video based sites it would make good sense to increase bandwidth on school uplinks and ideally move to synchronous circuits (same bandwidth for up and down stream data paths).  Interactive video services – video conferencing etc was another video application which was commonly blocked.  There may be other reasons for blocking access to video services (the common use of commercials etc) but I think that the original bandwidth preservation issue may well have lead to a continuation of the “status quo” even as bandwidth provision improved.

I take the view that all of the services listed above should be made available where there is a clearly understood and demonstrable value of the service to the learning/teaching process.  Regarding the question of who is best placed make that judgement – I think the answer to that has to be teachers.  This said there is also need to be able to identify abuses of the “network” and to provide mechanisms to deal with such incidents.

Ideally, I would like to see system that provides access to most of what the internet/web has to offer as long as the content being access is legal, relevant and appropriate for the individual viewing/using it.  This applies to web pages, any other web accessible services/content including social network tools and interactive services etc.    But the users we are responsible for are at a wide range of different stages in their IT literacy journey and I feel that this needs to be given careful consideration when designing filter policies.

What could be done to improve the situation?
‘What if’ there was a badge system which pupils and teacher can be linked to – simply put the there would be a beginners badge (all users would be assigned this when they enter the school system) through to a advanced user badge (the ultimate level which all teachers should attain and also any pupils considered to have achieved internet maturity) and various intermediate stages.  The badge would be accessible by the filtering system (which should be a nationally provisioned and linked to the Glow Directory and authentication system) so that users would have a filter policy which is linked/controlled by their badge level.  There would be an incentive to progress through the badge levels which would be based a on users “network maturity” – the topic of how to define “network maturity” certainly need further investigation/discussion.  Network abuses, if they occur, would result in the user being demoted down an appropriate number of badge levels – the number of levels of demotion would be decided by school staff.

A users publishing rights as well as their rights to view internet based content should be controlled by their badge level.  Being a network user should include the concept of consuming content but also that of publishing content.  For this reason I think it reasonable that a pupils of low network maturity should be able to engage in network activity’s – such as blogging – but their content should not be published automatically – and be subject to teacher or peer review!  A very mature pupil on the other hand should be able to have their blog posts immediately viewable on the public internet.  This brings me to the point that there is still a valid need for a Glow like intranet environment which becomes more open in as the user matures.  I think this will be subject matter for another post.
In conclusion
In this post I supports the need for a filtering service – but one that is “fit for purpose” and sensitive to an active users degree of “network maturity” as opposed to what still seems to be the case today where an all or nothing approach is taken.  The end goal of the school education system should be to help pupils achieve full network maturity and the badge system would be a mechanism to allow them to see progress towards that goal.

To read more of my blog posts around Glow Future see here

Note – the views expressed in this post are my own, based on my own knowledge and experience and are in no way connected to my employer which is Cisco International Limited. POC for Glow Futures #glew #EDUScotICT

Glow Futures project seems to have taken an interesting turn with the introduction of  Glew is the work of Charlie Love and has been constructed to provide a portal front end which provides an easy place to start when accessing a range of application cloud and hosted applications as follows.  It is a excellent proof of concept (POC) – which will need to evolve in a number of ways before it can become a national portal.

Glew Desktop
Picture of Glew 1st June 2012

You can read more about the components in the following page which is a snapshot of Charlies Glew Wiki page.

I do not propose to say a great deal about this here but I do want to ask the following questions about how this proof of concept might evolve into a service and become the face of Glow in the future.

These are to an extent issues that I think need to be carefully considered as well as some questions that occur to me.

  • Glow should continue to be a national platform with a set of core services which are hosted – so who/what organization will take responsibility for hosting arrangements? As the service scales, the hosting requirement CPU/Power etc will increase – how will this be dealt with?
  • Other third party services should be available to users to enrich the feature set – who will be responsible or by what process will third party services be assured and included?
  • Single Sign On (SSO) is essential – will users retain their current Glow UID/PWD in the new platform? If so, how will this be enabled? If not, what procedures will be put in place to provision new accounts nationally?
  • What mechanisms and procedures will be implemented to ensure that the user base is trusted?
  • Will we see a presence service which is universal throughout the platform?
  • Will the UI be customizable to individual user needs, including  the very young, those with particular physical needs, etc?
  • What formally constituted organization will be responsible to ensure that the core services will remain available and provide adequate performance on a 365/24/7 basis?
  • What will the terms of service be?
  • Who will pay?  The portal and authentication service needs to be hosted and powered – these are not likely to be available on a free basis, especially as the service scales up.
  • Who will ultimately own the service and take responsibility for the conduct of its users?
  • Will Federated Authentication be available to support access to external and federated services through the UKAMF.  Currently this includes, as examples,  SCRAN and other services managed by Education.
  • What provision for retraining staff and users will be made to facilitate a smooth transition?
  • Concerning the future evolution of the service, what plans/procedures/facilitates will be put in place to allow system upgrades and modification to proceed with minimal risk to continuity of service.

One aspect of Glow which had been noted as a great success Glow Groups.  This is an aspect which should be retained in the new solution – I see that Glow does feature access to Google Group’s which is a reassuring start but fundamental to the set-up and management of such collaboration is the existence of a role based user directory.

So, will there be a national directory that will allow special interest groups (SIGs) to be established, including role-based SIGs that can be created and populated in a top-down manner as well as bottom-up, and that can be ‘owned’ by schools, by local, regional and national bodies, as well as by individuals?

What will happen to all the currently-established Glow Groups?  Is there a migration plan in place to allow not only users but the groups to which they belong making a smooth transition to the new platform?

Of one thing I am certain, to make a smooth transition from Glow 1 to Glow 2 will require a well designed plan which can be executed without major disruption to the user base.

I trust that the above matters are being given very careful and comprehensive consideration.


Learning Environment – Components #EduScotICT #Glow2 #Glew

Learning Environment – Components

(Sorry that this is a long post – but there is quite a lot to say here)

In light of Charlie Love’s recent publication of his proof of concept portal ( see and also he has worked on in the context of Glow Futures, I thought it would be worth sharing the essential components of a paper which I wrote some time ago.  This sets out a high level vision for the components which might constitute a learning platform.

There are three points I want to highlight:

  1. I take the view that an absolutely fundamental concept here is the establishment (and maintenance) of a trusted user base.  This trusted user base should be a welcomed basis for collaboration for the future benefit of education in Scotland – it should be a basic right for every Scottish pupil, parent and teacher to be a member of this community.  This should be an area of strategic investment by he Scottish government.
  2. Secondly, what I call “Universal Search“ is also a fundamental requirement in any environment bringing together disparate applications.  This feature will give users the capability to find relevant content across the whole platform through one search tool.  This was an original object of Glow but there were various obstacles which prevented this being fully achieved.  Lessons learned!!
  3. And lastly the user interface should be instinctive and customisable making provision for the wide range of user ages and abilities (and disabilities) requiring access to the environment.

In my ideal world – this portal should provide a platform for its community to develop values and behaviours to prepare them life beyond school.  For this reason a desirable characteristic of this environment is that it provides a passage for learners, which is initially more restricted and protected and later more open and unrestricted.

The end product of this should be individuals who whilst still retaining their Glow accounts are able to freely share and collaborate using tools that are not necessary intrinsically part of the Glow platform.  It should also be possible for users to publish to the wider community using Glow tools, but most importantly do this in a responsible manner.

BYOD is now more than ever a basic requirement – this much be a key feature of the future of ICT is our schools.  I take this to be a given in the context of the rest of this paper.

It is very easy to iterate these points but I also recognise that there is a burden of responsibility which weights heavily on todays decision makers who need to temper the need for budget restraint against providing the best opportunities for our future generations.

Much has been made about the cost of the original Glow Platform which was £37.5M + VAT over the first 5 years (= 44/5  = £8.8M inc VAT).

Compare that to the total spend on Schools Education which was in 2008-9 £4,869,127,000 (source

So based on this the total cost of Glow was 0.18% of the total Schools spend in 2009 or to put another way for every £100 spent on Schools Education 18 pence went towards Glow.

1.    Introduction
This system will be a supplement to existing classroom support and can be used both in the classroom and out with school hours from any location where broadband Internet access is available.  The solution will be made up of a number of components some of which will be core and essential others which are optional add-on modules.  Where it is deemed necessary to own solution components, these will be hosted in a data centre and provided to end users as a number of tightly integrated web based services which can be configured according to specific customer requirements.  Indicated below is a brief description of all the service modules which can be combined to provide a custom solution.

In view of the nature and range of the services required, those which are not existing cloud based services, will be hosted in a secure data centre which is connected to a country wide network featuring good (high bandwidth and low latency) connectivity to all schools.  Currently the JANET network is used for this purpose, this should continue to be the case if there are no changes to the connectivity landscape.  This data centre and its hosted services will need to be available on a 24/7 basis and the services should be able to perform efficiently across the network.  In view of the fact that young children will be make up a substantial proportion of the user base, it will be necessary to underpin the end user services and applications with a number of safety measures which are designed with school users in mind.  The data centre will need to operate to similar performance standards as any other commercial data centre but will also need to support some services which are specific to the education sector.  The nature of modern teaching and learning is such that there will be occasions when large groups of pupils in a given school will need to access broadband resources which are hosted in the data centre – with this requirement in mind it will be essential deploy network optimization services as part of the overall solution.

The overall approach taken here is to design a modularised system which has the capacity to be expanded or shrink both in terms of user base and features sets. Access will also be possible from mobile devices through the provision of custom Apps as well as desktop and laptop computers.

2.    The learning environment core components
Account provisioning and maintenance system
A web based system for configuring the system components and the managing the user base will be provided.  This system will feature a hierarchy of admin roles which will allows some tasks to be delegated to nominated users at country, regional and local levels.  For example the creation users accounts can either be done manually or using trusted inputs from existing school Management Information Systems.  The transmission of management information will be performed via a secure and encrypted web service to ensure that user data confidentiality can be maintained.  This approach will allow system administrators to take ownership of their local users and deal directly with any user management tasks are necessary such as creating and deleting users, and moving users from one school to another etc.

2.2. Single Sign On Service (SSO)
This service is used to authenticate and authorise users to access the system!  When a user attempts to access any part of the service package this module will confirm that the user is a member of the system and also has appropriate access privileges.  The user is required to have a valid and current user ID and password.  Once a user has logged into the SSO service it is possible for that user to subsequently, during the current web session, to access any module to which the user has been granted access rights.

2.3. Portal Service
The portal provides the basic user interface with which all users interact when first logged in!  The portal can be configured to show linkages all system modules to which the current user has been given access privileges by means of portlets. So if a user has not been configured to have access to a particular service it will not be visible on the users portal screen.  The Portal will also have the ability to provide real time status information about the users applications through the portlets according to specific application features.  So for example if a user has access to the email application, it will be possible see on the email portlet when new mail has arrived in the users mail box or if the user has access to the Managed Learning Environment information about due assignments could be notified etc.  The portal should also be customisable in terms of the range of applications that can be integrated and look and feel of the user interface so that interfaces can be designed and selected for different users types including young pupils, older pupils, teachers, university students etc.

2.4. Global User Directory Service
The global directory service contains a record for all system users holding necessary personal information access rights concerning the system modules to which each user has been granted access.

All users are granted some level of read access to the directory and can discover information about other users.  It is also possible for users to configure the directory to hide some information about them selves that they do not want to share.  So for example if a users mobile phone number is in the directory a user can choose to hide this particular field from other users.  This restriction can be applied either on a global or user group basis.  So a teacher might allow his/her mobile phone number to be shown to other teachers in their own school but deny access to all other system users.

2.5. Presence
The presence module is tightly coupled to the SSO service so that as soon as a user has been authenticated to access the system their status will be update to show that they are online.  It will be possible for the user to change their statues when logged based on their current work activity. So when in a meeting the user status can be setup to “do not disturb” etc…

2.6. User Interface
The user interface should be configurable to allow users to select an appropriate look and feel according to their needs.  Support for screen readers should be provided throughout the entire platform to provide support for impaired users.

2.7. Federated Authentication
In order to extend the use of the SSO service thus providing access to “external content” the system should be a member of an appropriate access federation.  In this way and using SAML based federated access system it will be possible for system users to gain access to third party protected content.  It will further be possible for users to benefit from personalised access to this third party content – this will be useful where some users can be granted authoring capabilities whilst others need only read only access etc.  It is likely that Federations will already exist and it would be desirable to also have support for cross Federation access.

3.    Content Services
Content can be stored in the system in a number of different ways depending on its type.  The follows content storage/publishing system are available.

3.1. Content Object Repository (COR)
This system allows static content objects to be stored and shared.  It is possible to store the following content types, Application Documents ( eg Word, Excel, Power Point, Audio/Video or any other computer based application), it is possible for the publishing user dictate which groups of users may have access to the content being published.  The publishing user can also apply tags to content to make it more discoverable.  Content tags can either be pre or user defined.

3.2. Managed Learning Environment (MLE) or Virtual Learning Environment ( VLE)
The MLE is used to produce, manage and execute ‘lessons’.  Lessons are typically created by teachers but it will also be possible for other system users to be given management rights in the MLE.  Only lesson control data will be stored in the MLE with the Content Object Repository being used to store and serve the learning objects.  Learning objects can also be linked into the system from any external repository assuming that appropriate access right have been granted.

3.3. Video Portal
This service is specifically designed to efficiently store and serve video based content.  The system can store video content in a range of formats which can then be linked into lessons in the MLE module.  Video assets can be stored, tagged and searched and will seamlessly exist alongside other content.

3.4. Web Service and Wiki’s
Users will have access to web publishing services which will enable them to publish both their own static web pages and also build collaborative content using Wiki’s etc.  In either case the content published will be indexed so that each asset (or item) can be discovered by the systems internal search engine.

3.5. Blogs
Each user of the system will have the option of maintaining a personal Blog which can be configured to visible to restricted groups of users.  Typically, a pupil’s Blog will not by default be visible on the public internet, but it will be possible to assign various grades of visibility to any users blog.  So visibility can be controlled between very restrictive (own class and teacher only) and very open – accessible to the whole internet.  The degree of restrictiveness will be set according to local management policies.

3.6. Content Search
All the above systems can be searched through the global search tool which is accessible from the portal and from within other modules where appropriate.  Search results will be presented to the user based on the users access privileges and in the context of any work that they are currently engaged with.  The user profile in the directory will be key in allowing the search module to rank relevance of the search results.  So for example if a user is a pupil engaged in a particular subject lesson the result will be ranked according to the pupils current work context.  Where a user is denied access to any content, that content will not be returned in any search results.  The global search engine will have the ability to index content from a wide range of repositories including external repositories using a standards based remote search protocols and standards.

4.    Collaboration and Communication services
The solution is rich in communication and collaboration tools which facilitate both real time and asynchronous activities.

4.1. Presence
When a user is logged in to the SSO service the Presence service will provide a signal to all collaboration applications that the user is online.  It is also permissible for the user to define and control the exact presence status message according to their own work pattern.   So for example the displayed message could be set to “on the phone” or “away from my desk” etc….

4.2. Real Time Collaboration
Users will be able to use a suite of real time collaboration tools.  The real time collaboration system will support communication using one to one and one to many text messaging (chat) and Video/Audio.  Users can also jointly author documents allowing them to share documents so that editorial control can be handed from one to another.  A web based white board will also allow users to share presentation material and author and highlight any application document in real time.

Recording facilities will also be available to allow collaboration sessions to be recorded and played back as necessary.  This later feature can be used to provide evidence of collaborative work done by pupils and also to record lessons/tutorials so that pupils can play them back at a later time.

4.3. Asynchronous communications
The system also supports threaded discussion system which can support long term conversations with contributions being possible as and when the users have the opportunity to access the system.  Any such discussions can be indexed so that the global search engine can see contents and returns links to discussion forums when user conduct content searches.

4.4. Personal Calendar
Each user will have their personal calendar, which they can manage directly by adding and editing events.  It will also be linked to the community at large so that group meetings/events can be setup and resources such as rooms and real time collaboration tools can be added to the event.  Important deadline events such as assignment submission dates will also be automatically added to a user calendar based on their activities elsewhere in the system – such as the VLE etc.

4.5. Twitter, Facebook and Instant messaging
These tools which are now in daily as generic internet communication services will also be available within the environment but subject to moderation measures for young users.  As a user develops their knowledge and experience of using these communication tools, it will be possible for them to graduate to a more open environment and eventually to the internet based equivalents.  It is recognised that users will be able to access the Internet versions of these services at any time separate from the Cisco based service.

4.6. Email
The email service will provide users with a web based solution which allows them to exchange email messages subject to filter policies which can be setup by the system administrator.  Very young pupils may be restricted to sending email within their own school, subject to the approval their teacher.  The mail system will also feature protocols which allow users to use a rich mail client if they require additional functionality.

4.7. Cloud Based Content creation tools
A range of content creation tools are now available which can be access for free these should be accessible for users via the SSO and the Federation or a supported authenticator.  Google Apps for Education is a service which could be popular in this repect.

5.    Safety
In any ICT service that is designed for young children, safety is a prime concern.  For this reason a number of services can be deployed to ensure that any possibility of user abuse is minimized.  Typically local policies can dictate whether the safety regime is applied to certain types of users.

  • All text based communication modules will be subjected to a banned words filter service.  So if a pupil uses inappropriate language in either a real time chat session or in an email the offending message will be stopped and an alarm will be set to notify either the responsible class teacher or system administrator.  The list of banned words can configured to take account of regional variations in the use of language
  • All systems what involve user interactions will have all communications logged in files that can be analysed.  These system logs will be retained for a time which can be configured by the system administrator according to local policies.
  • Real Time systems are configured so that communication can only take place when a responsible user is present.  This might be a teacher or school support worker.
  • Any abuse pattern which can be detected by system monitors will raise alarms which the system administrators can then deal with according to the relevant acceptable use policy.6.Safe Access to the Internet
    Any schools network should have a part of its facilities onward access to the internet to allow users to access the wide range of resources which exist throughout the wider education community in the local country and throughout the rest of the world.  The range the quality of resources on the internet can vary in quality so it is essential to ensure that only appropriate resources are made available to schools users.  Some content available on the internet is known to be unsuitable for use in schools.  This can include in the worst cases pornography, politically inappropriate content and morally questionable content.  Some sites have been identified by the Internet Watch Foundation (IWF) as inappropriate where the content is likely to be illegal in most countries.  Because of these conditions, it essential that the schools internet gateway be subject to filter policies which can protect schools users from these unacceptable content sources.

The schools user base will also consist of a diverse set of users ranging from very young children to older children and adults.  The internet content filter should have the capacity to take account of this entire user base by allowing filter policies to be applied based on the group to which the browsing user belongs.

In any case the internet access filter should apply the IWF black list to all traffic and then supplement this with additional filter policies which are applied according to the actual user identity.


Trusted File Store – a Glow Future Service??? #EduScotICT #Glow2

I recently posted concerning the issue of Copyright Ownership and Cloud Based Services – you can read this by following this link

A key concern here is that organisation like Google claim ownership rights over your data when a user decide to use their service.  I recently come across a pilot service which is being setup by TERENA which is called the TERENA Trusted Cloud Drive.  Read more about it here

I am not intending to ellaborate this concept in this post.  But I do want to ask the following question.

Should the Glow Future applications tool set feature a Trusted Cloud Drive to allow for the use of other cloud based services such as Google Apps or MS Edu 365 whilst allowing users to retaining control/ownership of their data?

I think this is worthy of further investigation.  The TERENA implementation is based on Open Source software but is running in pilot mode.


Posts around GlowFutures for easy reference #EduScotICT #Glow2

 Updated: 6th September 2012

It seems that I commented quite a few times in the last few months about Glow – the project which I worked on before taking up my current position.  I wanted to bring all of this together in one post in light of the fact that the Schools IT Excellence Group is now setup and active in its deliberations.  The links below are set out in reverse chronological order.

Internet Filtering for Schools – more

Mobile Makes a Difference – always available

Learning Environment – Components #EduScotICT #Glow2 #Glew

Mobile makes a difference – always available #glew #EDUScotICT #glow #glowplus

The Flipped Classroom POC for Glow Futures

Learning Environment Components

Trusted File Store – a Glow Future Service???#EduScotICT #Glow2

Copyright ownership and cloud based services #EduScotICT

The Welsh approach to next generation of e-learning #EduScotICT

Glow account management in the “free world” #EDUScotICT

BYOD – its happening where I work! #EDUScotICT

Glow – Closed or Open? #EDUScotICT

What could Glow become? #EDUScotICT

Scottish Unique ID for all citizens #EDUScotICT

Universal search a core Glow service #EDUScotICT

Does the “knowledge explosion” affect Glow Users? #EDUScotICT

Making video discoverable – a core need in Glow Futures #EDUScotICT

BYOD to school – why ever not? #EDUScotICT

Single Sign-On – taking it to the desktop – or not? #EDUScotICT

Content Filtering – who’s in control? – a potted history. #EDUScotICT

Glow 1 to Glow 2 – preserving the a national learning platform through evolution.

Bandwith – need more? #EDUScotICT

Wireless Roaming for Scottish Education users.

#EduScotICT – recurring themes