Hi, On Wed, 17 Oct 2007, Bill Moseley wrote:
> Our small elementary school received a donation of reasonably new > machines, all fast P4s with 1GB and large disks. One common use is > educational games via flash over the Internet. Although much of the > documentation discusses using LTSP, my thinking is that there will be > quite a bit of screen bandwidth needed. Since the machines are > powerful I'm thinking it makes more sense to not use LTSP. Animated stuff will use more bandwidth alright. That said, it might not be as bad as you think. Make sure the server has a GigE network card to its switch and that there's a GigE link between each switch. If you have problems with X consuming lots of bandwidth, you might find that dropping all thin clients (or those that will) to 16-bit colour might help. > This does make management a bit more difficult, though, especially > if the school decides to give out logins for each student using the > machines (instead of, say, a "guest" login). Yes and no. If you go with this, you should be using some sort of centralised authentication scheme, be it LDAP, NIS, or Active Directory. This will make accounts appear on all machines and your NFS share of /home will mean all machines will magically have the user's profile and files. > Can anyone offer suggestions how to best setup this configuration. > Seems like NFS mounting /home, but I'm wondering what else can be > shared to ease management. You could consider using the machines as diskless kiosks running local applications. We do this with the feisty LTSP kiosk mode, though that only provides a web browser at the moment. In Gutsy (I hear) there is supposed to be support for more extensive local applications. That way, you might install all applications to the central image and all of your machines will automatically get them. > Another question is how to lock down the machines. I've looked at the > Lockdown Editor Pessulus and Sabayon. What about blocking URLs? Mac > OSX/Safari has a reasonably easy parenteral control where the browser > won't go to any domain that isn't defined. And when it's attempted > the admin can enter their password to provide access. Any pointers > how to implement this? The only way I know to (reliably) block content is using a proxy server like squid with something like "dan's guardian" or squidguard. Thankfully, the Irish dept. of education has contracted HEAnet to be ISP and look after filtering en mass for every school in the country so this headache is lifted from us. Gavin -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
