cancel
Showing results for 
Search instead for 
Did you mean: 
cawighton
Level 9

Class Room Control via WG7??

Jump to solution

Hi All

I have a number of classrooms that are identifiable by IP range (eg 10.1.1.1/27) and want WG7 to control internet access to them. Their internet status is either ON or OFF.

I want teachers to login to the WG console and turn the various rooms On / Off as required.

Overnight I require all classrooms to be defaulted back to Off  (ie no internet access) for the next day.

I do not want teachers to see rulesets for security reason - only lists or settings that I can put permissions on.

Any clues how I can do this in WG7 ?? 

Many thanks for your ideas

Craig

0 Kudos
1 Solution

Accepted Solutions
cawighton
Level 9

Re: Class Room Control via WG7??

Jump to solution

Yeah I couldnt just insert a user Defined string - which was stange. (might be a bug!)

I eventually got it by turning the "Show Source'  on and replacing your propertyId with the one from our system. What ever works I guess !

Now to do some more testing on it before extending it to 230 classrooms !

Many, many thanks for your assistance. I'll let you know how I go and any mods I do.

Cheers

Craig

0 Kudos
15 Replies
eelsasser
Level 15

Re: Class Room Control via WG7??

Jump to solution

You might be able to actually do this outside of the GUI with some well-crafted rules, variables and block pages.

I have a basic one working, but i have some questions:

Are the teachers going to be in the same classroom (subnet) as the machines? or will they need to enable/disable other rooms their Client.IP is not in?

Are they going to be logged onto their own PC with their own UserID that can have a "Teachers" AD group?

Would you like to enable a room, want it to remain active for a period of time, then automatically disable the room?

0 Kudos
cawighton
Level 9

Re: Class Room Control via WG7??

Jump to solution

Thanks for your reply.

Teachers have their own device and are on a different subnet. I can identify them via AD groups etc in WG7.

I'm open to all ideas on this. What do you have going?

Many thanks

Craig

0 Kudos
eelsasser
Level 15

Re: Class Room Control via WG7??

Jump to solution

Right now, i have a quick prototype where students come in and the room is disabled by default in the morning.

Capture.JPG

A teacher would logon and go to a link to get to a control page:

Capture3.JPG

When you click Enable, the students are allowed from that point on to surf for 1 hour (user-definable).

When you click Disable, the room's subnet is then again blocked.

Only teachers in the AD group called "ClassroomControl" are allowed to disable/enable.

Currently, the control page only selects the classroom in the current subnet and no others.

That's as far as I got but it brings up some design questions.

  • How to associate a teacher's logon with the particular classroom they are in if the control workstation is not in the controlled subnet?
  • Should the control page be allowed to enable/disable multiple rooms with the potential of it accidently shutting down the wrong classroom?
  • Should all rooms be default enabled (during school hours) and only use this to explicitly disable a room?
  • Should all rooms be disabled and use this to explicity enable each room when needed?

Message was edited by: eelsasser on 9/13/11 9:19:11 AM EDT
0 Kudos
cawighton
Level 9

Re: Class Room Control via WG7??

Jump to solution

Yes - this is the sort of thing Im after !

Its a great concept as it keeps teachers out of the WG7 console - something I like !

From your design questions, my take would be:

  • How to associate a teacher's logon with the particular classroom they are in if the control workstation is not in the controlled subnet?

>>>>  You could use AD membership and do a WG query for the membership. If the rule was higher in the ruleset then the classroom enable / disable rule then it should work.

  • Should the control page be allowed to enable/disable multiple rooms with the potential of it accidently shutting down the wrong classroom?

>>>> Yeah I think this is acceptable risk. We has a similar system before moving to WG7 that listed all classrooms and never had too many issues with it. I guess it is more of a training thing with the teachers. You would hope they would do the right thing, but the outcome is not life threatning  ! If possible my plan would be to list all classrooms to enable / disable for a campus on a web page, similar to your screen grab above, and then let any teacher on campus access to all classrooms to enable / disable internet. That way I dont have to worry about ongoing pesky permission stuff around who can do what.

  • Should all rooms be default enabled (during school hours) and only use this to explicitly disable a room?

>>>> I can see a mixture of this in our lab environments. Teacher will require some classrooms always on & others always off unless changed by a techer.

  • Should all rooms be disabled and use this to explicity enable each room when needed?

>>>> Yes in the case a room is disabled by default

Im interested in the html code your using behind your enable / disable buttons and how this interacts with your WG rules set


Happy to work and share with you, on developing this as I believe you are on the right track.

Cheers

Craig

0 Kudos
eelsasser
Level 15

Re: Class Room Control via WG7??

Jump to solution

Well, here's a first draft. I had these done before you replied, so I made some assumption you did not validate beforehand. Obviously, changes can be made.

One of the challenges of creating these kinds of in-band block pages is you don't have a lot of rich interaction with a static HTML form. It's possible to add Ajax and a lot of JavaScript, but KISS is always recommended.

There are many potential methods for accessing the Control page, but my thoughts were to force another authentication against the local user database to get to the control page instead of doing it transparently to the domain with the current instructor credentials to avoid an unattended instructor console from getting abused. This also allows an instructor to use any workstation to enable/disable a room and use his own credentials. Closing the browser window on the Control Page dissolves the credentials.

Currently:

  • There are 3 subnets/classrooms to use as a guide. Additional ones can copy/paste/edit from existing ones.
  • Classrooms are default off. Must be Enabled to turn a room on.
  • When enabled, room is active for 50 minutes. When timer expires, Class is disabled.
  • Add a parameter of "&ClassroomControl" to any URL that is proxied to activate the Control Page.
    • This was an arbitrary choice, you could trigger the page on anything in the URL
  • Control Page prompts for username/password in local User Database to allow access to the Control Page
    • This username must also be in the group named "ClassroomControl" in order authorize access to Control Page
  • Only a workstation within the classroom can control the classroom.
    • Ability to control another classroom subnet outside of your own not implemented yet.
  • If you logon to the GUI and enable the Override / Shutdown rules, you can force a room on / off regardless of the Control Page settings

If you want some some rooms default disabled and some default enabled, then I'm going to have to think really hard how to do that. I might have to duplicate the entire rule set and invert the conditions. I was trying to keep a single code path.

Also, the Control Page only supports one room at a time. I was trying to avoid having to statically code all the rooms on one HTML form. It can be done, but when you add/remove a subnet, the HTML page needs edited to reflect that.

Technically a teacher, once authenticated, can fondle the URL to enable/disable any room like this:

But it's much nicer having buttons.

Those are the features so far. What do you think? Rules and Block Pages attached.

Message was edited by: eelsasser
Removed Table and attachment on 9/13/11 10:43:29 PM EDT
0 Kudos
eelsasser
Level 15

Re: Class Room Control via WG7??

Jump to solution

Hmm. New version already.

Adding Default Enabled vs. Default Disabled wasn't as hard as I thought.

I threw in After-Hours restriction rules in there while I was at it.

Classroom Control
[Rules to control internet access per Classroom/Subnet Put the all IP:RoomNames associations in here to reduce the amount fo editting further below.]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
Always
EnabledRuleActionEventsComments
DisabledEnable Rule Tracing
Always
ContinueEnable RuleEngine Tracing
EnabledSet Classroom1 (192.168.1.0/24)
1: Client.IP is in range 192.168.1.0/24
ContinueSet User-Defined.ClassroomName = "Classroom1"
Set User-Defined.ClassroomDefault = "Enabled"
Assign a Name to the Subnet. Set Default Enabled / Disabled.
EnabledSet Classroom2 (192.168.2.0/24)
1: Client.IP is in range 192.168.2.0/24
ContinueSet User-Defined.ClassroomName = "Classroom2"
Set User-Defined.ClassroomDefault = "Disabled"
Assign a Name to the Subnet. Set Default Enabled / Disabled.
EnabledSet Classroom3 (192.168.3.0/24)
1: Client.IP is in range 192.168.3.0/24
ContinueSet User-Defined.ClassroomName = "Classroom3"Assign a Name to the Subnet. Set Default Enabled / Disabled.
Classroom Control Page
[To invoke the Control Block page, simple add "?ClassroomControl" at the end of any proxied URL, like http://google.com?ClassroomControl]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: URL.HasParameter("ClassroomControl") equals true
EnabledRuleActionEventsComments
EnabledAuthenticate ClassroomControl User
1: Authentication.Authenticate<User Database Basic Auth> equals false
Authenticate<Default>This pops up a logon prompt and a user/password must be entered that is in the UserDatabase
EnabledClassroomControl Group
1: Authentication.UserGroups does not contain "ClassroomControl"
Block<Authorized Only>The authenticated username must be a member of the a group called "ClassroomControl" (watch the Caps)
EnabledEnable Classroom
1: URL.HasParameter("Control") equals true
2: AND URL.GetParameter("Control") equals "Enable"
ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Enabled")<ClassroomControl>
PDStorage.Cleanup
This Enables the classroom based on the &Control= parameter
EnabledDisable Classroom
1: URL.HasParameter("Control") equals true
2: AND URL.GetParameter("Control") equals "Disable"
ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Disabled")<ClassroomControl>
PDStorage.Cleanup
This Disables the classroom based on the &Control= parameter
EnabledControl Classroom1 (192.168.1.0/24)
1: Client.IP is in range 192.168.1.0/24
Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom1"Currently, a workstation within the classroom subnet can control the subnet
EnabledControl Classroom2 (192.168.2.0/24)
1: Client.IP is in range 192.168.2.0/24
Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom2"Currently, a workstation within the classroom subnet can control the subnet
EnabledControl Classroom3 (192.168.3.0/24)
1: Client.IP is in range 192.168.3.0/24
Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom3"Currently, a workstation within the classroom subnet can control the subnet
EnabledControl All Classrooms
Always
Block<ClassroomControlPage>Set User-Defined.ClassroomName = "All"This does not work yet. Still trying to figure out how to get all of them on one Control Page.
Classroom After-Hours
[Manage classroom access after hours. All classrooms are disabled after hours by default. Enable classroom rules here to override each rooms time restriction. Classrooms are still subject to being disabled by ClassroomControl]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
Always
EnabledRuleActionEventsComments
DisabledClassroom1 Override After-Hours
1: User-Defined.ClassroomName equals "Classroom1"
Stop Rule SetDisable all Classrooms between 18:00 and 07:00
DisabledClassroom2 Override After-Hours
1: User-Defined.ClassroomName equals "Classroom2"
Stop Rule SetDisable all Classrooms between 18:00 and 07:00
DisabledClassroom3 Override After-Hours
1: User-Defined.ClassroomName equals "Classroom3"
Stop Rule SetDisable all Classrooms between 18:00 and 07:00
DisabledAll Classrooms Disable After-Hours
1: User-Defined.ClassroomName does not equal ""
2: AND (DateTime.Time.Hour greater than or equals 18
3: OR DateTime.Time.Hour less than or equals 7)
Block<ClassroomDisabled>Disable all Classrooms between 18:00 and 07:00
Classroom Override / Shutdown
[Enable these to administratively override and force a classroom on/off]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
Always
EnabledRuleActionEventsComments
DisabledOverride Classroom1
1: User-Defined.ClassroomName equals "Classroom1"
2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
Enable this rule to always have classroom enabled regardless of the Control Page settings
DisabledOverride Classroom2
1: User-Defined.ClassroomName equals "Classroom2"
2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
Enable this rule to always have classroom enabled regardless of the Control Page settings
DisabledOverride Classroom3
1: User-Defined.ClassroomName equals "Classroom3"
2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
Enable this rule to always have classroom enabled regardless of the Control Page settings
DisabledShutdown Classroom1
1: User-Defined.ClassroomName equals "Classroom1"
2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
DisabledShutdown Classroom2
1: User-Defined.ClassroomName equals "Classroom2"
2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
DisabledShutdown Classroom3
1: User-Defined.ClassroomName equals "Classroom3"
2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
Block Disabled Classrooms
[this is where the actual Disabled Classroom gets blocked]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
Always
EnabledRuleActionEventsComments
EnabledSet Default Action
1: PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals false
2: OR PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> equals ""
ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
PDStorage.AddGlobalData.String(User-Defined.ClassroomName,User-Defined.ClassroomDefault)<ClassroomControl>
Determines if the classroom defaults to enabled or disabled. If ClassroomDefault is undefined, room is disabled.
EnabledAllow Enabled Classroom
1: PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> equals "Enabled"
Stop Rule SetAllow if Not Disabled
EnabledBlock Disabled Classroom
1: PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
Block<ClassroomDisabled>Block if not Enabled
cawighton
Level 9

Re: Class Room Control via WG7??

Jump to solution

Ah great stuff !  

Im running it up now in WG7 to see how it all hangs together.

Will let you know.

Cheers

Craig

0 Kudos
cawighton
Level 9

Re: Class Room Control via WG7??

Jump to solution

This all seems to work great.

I have placed the Control Page rule set under our Staff rule sets (ie validates staff members in the AD) to ensure students cant get to it further.

My only issus is around the Control Page. Im trying to work out how to get multiple classrooms to display with the ability to enable / disable each classroom.

I will chip away at this. Any ideas?

Craig

0 Kudos
eelsasser
Level 15

Re: Class Room Control via WG7??

Jump to solution

Here you go. I resorted to statically listing each room on the page itself. It works pretty good, but when you add or remove one, you must re-edit the HTML.

Capture4.JPG

Also, I didn't like the way the page got invoked in the first place by putting any URL with a parameters at the end.

I changed it, so to launch the page you go to:

http://<Proxy.IP>:<Proxy.Port>/ClassroomControl

The attached ZIP file has the entire rules set and a break-out of Classroom Control Page Rules-Only.xml to load independently.

The ClassroomControlPage.html has alsoo been updated.

Classroom Control Page
[To invoke the Control Block page, "http://<Proxy.IP>:<Proxy.Port>/ClassroomControl"]
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: (URL.Host equals IP.ToString(Proxy.IP)
2: OR URL.Host equals System.HostName)
3: AND URL.Port equals Proxy.Port
4: AND URL.Path equals "/ClassroomControl"
EnabledRuleActionEventsComments
EnabledAuthenticate ClassroomControl User
1: Authentication.Authenticate<User Database Basic Auth> equals false
Authenticate<Default>This pops up a logon prompt and a user/password must be entered that is in the UserDatabase
EnabledClassroomControl Group
1: Authentication.UserGroups does not contain "ClassroomControl"
Block<Authorized Only>The authenticated username must be a member of the a group called "ClassroomControl" (watch the Caps)
EnabledEnable Classroom
1: URL.HasParameter("Control") equals true
2: AND URL.GetParameter("Control") equals "Enable"
ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Enabled")<ClassroomControl>
PDStorage.Cleanup
This Enables the classroom based on the &Control= parameter
EnabledDisable Classroom
1: URL.HasParameter("Control") equals true
2: AND URL.GetParameter("Control") equals "Disable"
ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Disabled")<ClassroomControl>
PDStorage.Cleanup
This Disables the classroom based on the &Control= parameter
EnabledControl All Classrooms
Always
Block<ClassroomControlPage>This does not work yet. Still trying to figure out how to get all of them on one Control Page.

Message was edited by: eelsasser on 9/14/11 9:19:51 AM EDT

Message was edited by: eelsasser
Re-posted files with some minor comment edits on 9/14/11 9:34:24 AM EDT
0 Kudos