1 2 Previous Next 15 Replies Latest reply on Sep 16, 2011 1:12 AM by eelsasser

    Class Room Control via WG7??

      Hi All

       

      I have a number of classrooms that are identifiable by IP range (eg 10.1.1.1/27) and want WG7 to control internet access to them. Their internet status is either ON or OFF.

      I want teachers to login to the WG console and turn the various rooms On / Off as required.

      Overnight I require all classrooms to be defaulted back to Off  (ie no internet access) for the next day.

      I do not want teachers to see rulesets for security reason - only lists or settings that I can put permissions on.

       

      Any clues how I can do this in WG7 ?? 

       

      Many thanks for your ideas

       

      Craig

        • 1. Re: Class Room Control via WG7??

          You might be able to actually do this outside of the GUI with some well-crafted rules, variables and block pages.

           

          I have a basic one working, but i have some questions:

          Are the teachers going to be in the same classroom (subnet) as the machines? or will they need to enable/disable other rooms their Client.IP is not in?

          Are they going to be logged onto their own PC with their own UserID that can have a "Teachers" AD group?

          Would you like to enable a room, want it to remain active for a period of time, then automatically disable the room?

          • 2. Re: Class Room Control via WG7??

            Thanks for your reply.

             

            Teachers have their own device and are on a different subnet. I can identify them via AD groups etc in WG7.

             

            I'm open to all ideas on this. What do you have going?

             

            Many thanks

             

            Craig

            • 3. Re: Class Room Control via WG7??

              Right now, i have a quick prototype where students come in and the room is disabled by default in the morning.

               

              Capture.JPG

               

              A teacher would logon and go to a link to get to a control page:

              Capture3.JPG

               

              When you click Enable, the students are allowed from that point on to surf for 1 hour (user-definable).

              When you click Disable, the room's subnet is then again blocked.

              Only teachers in the AD group called "ClassroomControl" are allowed to disable/enable.

              Currently, the control page only selects the classroom in the current subnet and no others.

               

              That's as far as I got but it brings up some design questions.

              • How to associate a teacher's logon with the particular classroom they are in if the control workstation is not in the controlled subnet?
              • Should the control page be allowed to enable/disable multiple rooms with the potential of it accidently shutting down the wrong classroom?
              • Should all rooms be default enabled (during school hours) and only use this to explicitly disable a room?
              • Should all rooms be disabled and use this to explicity enable each room when needed?

               

              Message was edited by: eelsasser on 9/13/11 9:19:11 AM EDT
              • 4. Re: Class Room Control via WG7??

                Yes - this is the sort of thing Im after !

                Its a great concept as it keeps teachers out of the WG7 console - something I like !

                 

                From your design questions, my take would be:

                 

                • How to associate a teacher's logon with the particular classroom they are in if the control workstation is not in the controlled subnet?

                 

                >>>>  You could use AD membership and do a WG query for the membership. If the rule was higher in the ruleset then the classroom enable / disable rule then it should work.

                 

                • Should the control page be allowed to enable/disable multiple rooms with the potential of it accidently shutting down the wrong classroom?

                 

                >>>> Yeah I think this is acceptable risk. We has a similar system before moving to WG7 that listed all classrooms and never had too many issues with it. I guess it is more of a training thing with the teachers. You would hope they would do the right thing, but the outcome is not life threatning  ! If possible my plan would be to list all classrooms to enable / disable for a campus on a web page, similar to your screen grab above, and then let any teacher on campus access to all classrooms to enable / disable internet. That way I dont have to worry about ongoing pesky permission stuff around who can do what.

                • Should all rooms be default enabled (during school hours) and only use this to explicitly disable a room?

                 

                >>>> I can see a mixture of this in our lab environments. Teacher will require some classrooms always on & others always off unless changed by a techer.

                 

                • Should all rooms be disabled and use this to explicity enable each room when needed?

                >>>> Yes in the case a room is disabled by default

                 

                Im interested in the html code your using behind your enable / disable buttons and how this interacts with your WG rules set


                Happy to work and share with you, on developing this as I believe you are on the right track.

                 

                Cheers

                 

                Craig

                • 5. Re: Class Room Control via WG7??

                  Well, here's a first draft. I had these done before you replied, so I made some assumption you did not validate beforehand. Obviously, changes can be made.

                  One of the challenges of creating these kinds of in-band block pages is you don't have a lot of rich interaction with a static HTML form. It's possible to add Ajax and a lot of JavaScript, but KISS is always recommended.

                   

                  There are many potential methods for accessing the Control page, but my thoughts were to force another authentication against the local user database to get to the control page instead of doing it transparently to the domain with the current instructor credentials to avoid an unattended instructor console from getting abused. This also allows an instructor to use any workstation to enable/disable a room and use his own credentials. Closing the browser window on the Control Page dissolves the credentials.

                   

                  Currently:

                  • There are 3 subnets/classrooms to use as a guide. Additional ones can copy/paste/edit from existing ones.
                  • Classrooms are default off. Must be Enabled to turn a room on.
                  • When enabled, room is active for 50 minutes. When timer expires, Class is disabled.
                  • Add a parameter of "&ClassroomControl" to any URL that is proxied to activate the Control Page.
                    • This was an arbitrary choice, you could trigger the page on anything in the URL
                  • Control Page prompts for username/password in local User Database to allow access to the Control Page
                    • This username must also be in the group named "ClassroomControl" in order authorize access to Control Page
                  • Only a workstation within the classroom can control the classroom.
                    • Ability to control another classroom subnet outside of your own not implemented yet.
                  • If you logon to the GUI and enable the Override / Shutdown rules, you can force a room on / off regardless of the Control Page settings

                   

                   

                   

                  If you want some some rooms default disabled and some default enabled, then I'm going to have to think really hard how to do that. I might have to duplicate the entire rule set and invert the conditions. I was trying to keep a single code path.

                   

                  Also, the Control Page only supports one room at a time. I was trying to avoid having to statically code all the rooms on one HTML form. It can be done, but when you add/remove a subnet, the HTML page needs edited to reflect that.

                  Technically a teacher, once authenticated, can fondle the URL to enable/disable any room like this:

                   

                  But it's much nicer having buttons.

                   

                   

                  Those are the features so far. What do you think? Rules and Block Pages attached.

                   

                  Message was edited by: eelsasser Removed Table and attachment on 9/13/11 10:43:29 PM EDT
                  • 6. Re: Class Room Control via WG7??

                    Hmm. New version already.

                    Adding Default Enabled vs. Default Disabled wasn't as hard as I thought.

                    I threw in After-Hours restriction rules in there while I was at it.

                     

                    Classroom Control
                    [Rules to control internet access per Classroom/Subnet Put the all IP:RoomNames associations in here to reduce the amount fo editting further below.]
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    Always
                    EnabledRuleActionEventsComments
                    DisabledEnable Rule Tracing
                    Always
                    ContinueEnable RuleEngine Tracing
                    EnabledSet Classroom1 (192.168.1.0/24)
                    1: Client.IP is in range 192.168.1.0/24
                    ContinueSet User-Defined.ClassroomName = "Classroom1"
                    Set User-Defined.ClassroomDefault = "Enabled"
                    Assign a Name to the Subnet. Set Default Enabled / Disabled.
                    EnabledSet Classroom2 (192.168.2.0/24)
                    1: Client.IP is in range 192.168.2.0/24
                    ContinueSet User-Defined.ClassroomName = "Classroom2"
                    Set User-Defined.ClassroomDefault = "Disabled"
                    Assign a Name to the Subnet. Set Default Enabled / Disabled.
                    EnabledSet Classroom3 (192.168.3.0/24)
                    1: Client.IP is in range 192.168.3.0/24
                    ContinueSet User-Defined.ClassroomName = "Classroom3"Assign a Name to the Subnet. Set Default Enabled / Disabled.
                    Classroom Control Page
                    [To invoke the Control Block page, simple add "?ClassroomControl" at the end of any proxied URL, like http://google.com?ClassroomControl]
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    1: URL.HasParameter("ClassroomControl") equals true
                    EnabledRuleActionEventsComments
                    EnabledAuthenticate ClassroomControl User
                    1: Authentication.Authenticate<User Database Basic Auth> equals false
                    Authenticate<Default>This pops up a logon prompt and a user/password must be entered that is in the UserDatabase
                    EnabledClassroomControl Group
                    1: Authentication.UserGroups does not contain "ClassroomControl"
                    Block<Authorized Only>The authenticated username must be a member of the a group called "ClassroomControl" (watch the Caps)
                    EnabledEnable Classroom
                    1: URL.HasParameter("Control") equals true
                    2: AND URL.GetParameter("Control") equals "Enable"
                    ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
                    PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Enabled")<ClassroomControl>
                    PDStorage.Cleanup
                    This Enables the classroom based on the &Control= parameter
                    EnabledDisable Classroom
                    1: URL.HasParameter("Control") equals true
                    2: AND URL.GetParameter("Control") equals "Disable"
                    ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
                    PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Disabled")<ClassroomControl>
                    PDStorage.Cleanup
                    This Disables the classroom based on the &Control= parameter
                    EnabledControl Classroom1 (192.168.1.0/24)
                    1: Client.IP is in range 192.168.1.0/24
                    Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom1"Currently, a workstation within the classroom subnet can control the subnet
                    EnabledControl Classroom2 (192.168.2.0/24)
                    1: Client.IP is in range 192.168.2.0/24
                    Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom2"Currently, a workstation within the classroom subnet can control the subnet
                    EnabledControl Classroom3 (192.168.3.0/24)
                    1: Client.IP is in range 192.168.3.0/24
                    Block<ClassroomControlPage>Set User-Defined.ClassroomName = "Classroom3"Currently, a workstation within the classroom subnet can control the subnet
                    EnabledControl All Classrooms
                    Always
                    Block<ClassroomControlPage>Set User-Defined.ClassroomName = "All"This does not work yet. Still trying to figure out how to get all of them on one Control Page.
                    Classroom After-Hours
                    [Manage classroom access after hours. All classrooms are disabled after hours by default. Enable classroom rules here to override each rooms time restriction. Classrooms are still subject to being disabled by ClassroomControl]
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    Always
                    EnabledRuleActionEventsComments
                    DisabledClassroom1 Override After-Hours
                    1: User-Defined.ClassroomName equals "Classroom1"
                    Stop Rule SetDisable all Classrooms between 18:00 and 07:00
                    DisabledClassroom2 Override After-Hours
                    1: User-Defined.ClassroomName equals "Classroom2"
                    Stop Rule SetDisable all Classrooms between 18:00 and 07:00
                    DisabledClassroom3 Override After-Hours
                    1: User-Defined.ClassroomName equals "Classroom3"
                    Stop Rule SetDisable all Classrooms between 18:00 and 07:00
                    DisabledAll Classrooms Disable After-Hours
                    1: User-Defined.ClassroomName does not equal ""
                    2: AND (DateTime.Time.Hour greater than or equals 18
                    3: OR DateTime.Time.Hour less than or equals 7)
                    Block<ClassroomDisabled>Disable all Classrooms between 18:00 and 07:00
                    Classroom Override / Shutdown
                    [Enable these to administratively override and force a classroom on/off]
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    Always
                    EnabledRuleActionEventsComments
                    DisabledOverride Classroom1
                    1: User-Defined.ClassroomName equals "Classroom1"
                    2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
                    Enable this rule to always have classroom enabled regardless of the Control Page settings
                    DisabledOverride Classroom2
                    1: User-Defined.ClassroomName equals "Classroom2"
                    2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
                    Enable this rule to always have classroom enabled regardless of the Control Page settings
                    DisabledOverride Classroom3
                    1: User-Defined.ClassroomName equals "Classroom3"
                    2: AND PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Enabled")<ClassroomControl>
                    Enable this rule to always have classroom enabled regardless of the Control Page settings
                    DisabledShutdown Classroom1
                    1: User-Defined.ClassroomName equals "Classroom1"
                    2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
                    Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
                    DisabledShutdown Classroom2
                    1: User-Defined.ClassroomName equals "Classroom2"
                    2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
                    Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
                    DisabledShutdown Classroom3
                    1: User-Defined.ClassroomName equals "Classroom3"
                    2: AND PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals true
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,"Disabled")<ClassroomControl>
                    Enable this rule to always have classroom Disabled regardless of the Control Page settings or the room's default settings
                    Block Disabled Classrooms
                    [this is where the actual Disabled Classroom gets blocked]
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    Always
                    EnabledRuleActionEventsComments
                    EnabledSet Default Action
                    1: PDStorage.HasGlobalData(User-Defined.ClassroomName)<ClassroomControl> equals false
                    2: OR PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> equals ""
                    ContinuePDStorage.DeleteGlobalData(User-Defined.ClassroomName)
                    PDStorage.AddGlobalData.String(User-Defined.ClassroomName,User-Defined.ClassroomDefault)<ClassroomControl>
                    Determines if the classroom defaults to enabled or disabled. If ClassroomDefault is undefined, room is disabled.
                    EnabledAllow Enabled Classroom
                    1: PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> equals "Enabled"
                    Stop Rule SetAllow if Not Disabled
                    EnabledBlock Disabled Classroom
                    1: PDStorage.GetGlobalData.String(User-Defined.ClassroomName)<ClassroomControl> does not equal "Enabled"
                    Block<ClassroomDisabled>Block if not Enabled
                    1 of 1 people found this helpful
                    • 7. Re: Class Room Control via WG7??

                      Ah great stuff !  

                      Im running it up now in WG7 to see how it all hangs together.

                      Will let you know.

                       

                      Cheers

                       

                      Craig

                      • 8. Re: Class Room Control via WG7??

                        This all seems to work great.

                         

                        I have placed the Control Page rule set under our Staff rule sets (ie validates staff members in the AD) to ensure students cant get to it further.

                         

                        My only issus is around the Control Page. Im trying to work out how to get multiple classrooms to display with the ability to enable / disable each classroom.

                         

                        I will chip away at this. Any ideas?

                         

                        Craig

                        • 9. Re: Class Room Control via WG7??

                          Here you go. I resorted to statically listing each room on the page itself. It works pretty good, but when you add or remove one, you must re-edit the HTML.

                          Capture4.JPG

                           

                          Also, I didn't like the way the page got invoked in the first place by putting any URL with a parameters at the end.

                          I changed it, so to launch the page you go to:

                          http://<Proxy.IP>:<Proxy.Port>/ClassroomControl

                           

                          The attached ZIP file has the entire rules set and a break-out of Classroom Control Page Rules-Only.xml to load independently.

                          The ClassroomControlPage.html has alsoo been updated.

                           

                           

                          Classroom Control Page
                          [To invoke the Control Block page, "http://<Proxy.IP>:<Proxy.Port>/ClassroomControl"]
                          Enabled
                          Applies to Requests: True / Responses: False / Embedded Objects: False
                          1: (URL.Host equals IP.ToString(Proxy.IP)
                          2: OR URL.Host equals System.HostName)
                          3: AND URL.Port equals Proxy.Port
                          4: AND URL.Path equals "/ClassroomControl"
                          EnabledRuleActionEventsComments
                          EnabledAuthenticate ClassroomControl User
                          1: Authentication.Authenticate<User Database Basic Auth> equals false
                          Authenticate<Default>This pops up a logon prompt and a user/password must be entered that is in the UserDatabase
                          EnabledClassroomControl Group
                          1: Authentication.UserGroups does not contain "ClassroomControl"
                          Block<Authorized Only>The authenticated username must be a member of the a group called "ClassroomControl" (watch the Caps)
                          EnabledEnable Classroom
                          1: URL.HasParameter("Control") equals true
                          2: AND URL.GetParameter("Control") equals "Enable"
                          ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
                          PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Enabled")<ClassroomControl>
                          PDStorage.Cleanup
                          This Enables the classroom based on the &Control= parameter
                          EnabledDisable Classroom
                          1: URL.HasParameter("Control") equals true
                          2: AND URL.GetParameter("Control") equals "Disable"
                          ContinuePDStorage.DeleteGlobalData(URL.GetParameter("ClassroomControl"))
                          PDStorage.AddGlobalData.String(URL.GetParameter("ClassroomControl"),"Disabled")<ClassroomControl>
                          PDStorage.Cleanup
                          This Disables the classroom based on the &Control= parameter
                          EnabledControl All Classrooms
                          Always
                          Block<ClassroomControlPage>This does not work yet. Still trying to figure out how to get all of them on one Control Page.

                           

                          Message was edited by: eelsasser on 9/14/11 9:19:51 AM EDT

                           

                          Message was edited by: eelsasser Re-posted files with some minor comment edits on 9/14/11 9:34:24 AM EDT
                          1 of 1 people found this helpful
                          1 2 Previous Next