1 Reply Latest reply on Oct 5, 2016 9:56 AM by shaneg

    Chromebooks in the Classroom - Best Solution?


      With Google Apps for Education gaining steam (or us being behind the curve and just now getting to century 21) GAFE and moreso 'Chromebooks' have made their way into the hands of students in the classroom (as well as @home).


      Most everything I am seeing in regards to filtering, is rather limited (and API based).  This is fine for those devices that we keep segmented from the network (and the MWG).    Here recently a decision has been made to allow Chromebooks into the classroom exclusively.   

      Our initial testing is showing VERY poor results (namely because of SSL) although this was not totally unexpected.
      These systems are not exactly meant to play nicely together - or are they? 


      Is SaaS a viable solution or even the Mcafee MDM? 


      Thanks for any and all suggestions to this

        • 1. Re: Chromebooks in the Classroom - Best Solution?

          For those who may stumble across this same issue/question, I will go ahead and answer this question for myself (and hopefully) the benefit of others.


          We are currently in a Direct Proxy (w WCCP) config. 
          Unfortunately the Google infrastructure doesnt mesh with MWG/IWG authentication so basically the 'workaround' is to look at the User-Agent headers being generated from the DEVICES that you are looking to filter. 


          Create a rule based on User-Agent Header *CrOS* (Chrome OS - not necessarily the browser) to bypass authentication (and some SSL scanning) while assigning it a username or grouping that will allow access.
          Fortunately, WCCP will catch anything that is not being pushed to the device/browser via .pac file and (should) apply the username/auth based on the rule(s) you create.