This guide introduces some of the considerations schools typically have to give around working differently in the cloud environment, particularly when it comes to using Google’s G Suite (previously known as "Google Apps").
G Suite for Education (previously known as Google Apps for Education) is free to state and state-integrated schools. Please see the Guide to setting up Google's G Suite for Education for your school .
Consider how you can access training for being an administrator for G Suite. This is typically found online or delivered by professional learning or technical providers. If possible, ensure more than one person is trained and is actively being an administrator as this is part of good succession planning.
You should seek the permission of parents or caregivers before setting up their children’s accounts. This VLN discussion and Google's Communicating with Parents and Guardians about G Suite for Education help with suggestions on how to communicate with parents about providing accounts.
There are a variety of sources of help with administration in a cloud-based system. Reaching out to connect with others is one of the best ways to learn.
Adding users, like students, teachers, and support staff, to the directory is usually done manually by an administrator or automated by a scripted process. Ideally your user accounts should be provisioned automatically with your Student Management System (SMS) being the authoritative source of users coming and going. Some SMSs allow for this to happen by feeding data to the school’s network directory which can then synchronise the user accounts with the cloud system’s own directory.
Whether automated or not, having robust procedures for setting up and managing user accounts in a timely fashion is essential for students and teachers to be able to use the cloud services that are available.
There are two key ways that multiple users are identified and managed in bulk: Organisational Units (OU’s) and Groups. Organisational Units are distinctly separate in their function to Groups, as explained below.
Organisational Units separate the allocation of things such as the services, settings, policies, and apps that are allowed or deployed to users.
Usually schools separate staff and student users as a minimum at the top level of OUs. Then, the OU structure could be further granulated, depending on the specific needs around which types of user require different services, settings, policies, and apps. By separating students into OUs using the year in which they leave the school (as opposed to their current year level), students can remain in that OU rather than an administrator having to rename it each year:
Putting users into groups makes it easier to assign the access permissions for things like files, folders, calendars, email distribution lists, and so on.
Naming groups with a prefix such as GRP- or an underscore ’ _ ‘ makes it easy to see at a glance that it is a group rather than an individual, for example, _AllTeachers, or GRP-Teachers. Use a naming convention that is easy to follow rather than written in code.
Some typical groups might be:
Groups can be created and managed separately in the admin console or they can be synchronised with the groups that are already in place on the school’s network directory. Whatever system is used, it is essential to have clear systems, roles, and responsibilities around maintaining group memberships. It does not require technical expertise to administer group membership so designating this task to administration staff is recommended. However, it’s important to provide sufficient training, and ensuring that the tasks can be done by more than one person as this is good succession planning.
Some SMS providers enable groups to be exported automatically. This can be an effective system to enable the Groups in the cloud system to match the year levels, classes, subjects, and so on that the students and staff belong to.
When an account is deleted, any files, folders, emails, calendars, and so on that that person has created are also deleted so it is important to consider what content needs to be retained by the school, what needs to be downloaded or transferred to that person, and what should be archived.
Rather than deleting accounts, they can be suspended which means that the shared content is still accessible to others but the user themselves can not log-on to retrieve it. Alternatively, when a person leaves the school, ownership of their files can be transferred to another account such as a generic "past users" account or to a particular person.
Another option to consider is to rename the user who is leaving to "deleted_$Name", change the password, and disable email for that the account.
Setting up a good filing system (folder structure) for storing and sharing files is important. You may find that the folder structure you were already using on your server is suitable and you would simply like to duplicate this into your cloud service, or you might decide that this is time for a change.
With any filing system, it is always useful to have clear naming protocols for files and folders that are understood and used by anyone with access to it. If you have named a file/folder carefully in your cloud service, the search function will quickly locate it.
Thinking about who needs access to which files and folders is important. Best practice from a security perspective is to limit access to files and folders to only those who really need it.
Setting up a folder structure for shared folders requires some planning. Once the shared folder structure has been created, the groups that are to use the folders can be assigned suitable access permissions. The top two or three levels of the shared folder structure should be owned by a generic service account (for example, firstname.lastname@example.org) and shared so that they are "view only" otherwise people will likely add files and folders that turn the orderly structure into chaos!
Once the structures and permissions are in place, people will need to locate the top level shared folder in their "Shared with me" folder and "Add to my Drive".
You might also be interested in:
It’s a good idea to establish clear expectations (possibly through a policy) around the sharing of resources in your cloud service. You might consider:
There are admin console settings available for sharing outside of the school domain .
This may be a good opportunity to consider your school’s policy around who owns the resources a teacher produces, and whether you want a Creative Commons policy in place .
When giving others editing rights to files and folders it is possible for items to be deleted. Options for minimising accidental deletion of files include:
Once a folder structure and groups have been put in place, people can start to benefit from being able to more easily create and share files and folders. Sharing files and folders means that everybody is always accessing the latest version and they can collaborate on one document from different locations at the same time. For this reason always encourage people to share files rather than send attachments.
As everybody gets more online accounts, be they from school-related activities or personal accounts, it is easy to be confused about which account is being used at any one time and to manage many different usernames and passwords.
Personal and school online activities.
It is best if personal and school-related online activities are kept separate. Some ways to do this include:
According to the Verizon 2016 Data Breach Investigations Report , 63% of confirmed data breaches involved weak, default, or stolen passwords.
We recommend that your strategy for password security should be centred around both highly secure and highly useable practices. This will increase security with little impact on staff. We recommend that you consider using:
See Recommendations for managing passwords for more information.
Setting up shared calendars can help everybody know what is going on at school. People or groups of people can contribute to particular calendars so that the responsibilities for maintaining calendars are more effectively shared which leads to more reliable, up-to-date calendar entries.
Some tips include:
Join these groups to participate in discussions with other teachers/educators about the content here, or that is relevant for you.
Subscribe to the newsletter.
Note: You can manage your email subscriptions using the links provided in the email footer.