That’s the subtitle of a case study that recently went online (so I’m not plagiarizing).  A colleague sent this over to me and I had the privilege of talking with these folks a couple of weeks ago.  Interesting details of this deployment (scroll down now to see why).  Reading the article I found some themes I hear across everyone in education -

(referring to managing labs)

“For years, meeting this challenge required two full-time IT administrators responsible for creating scripts for installing particular software combinations on PCs. Those hard disk drives then were cloned and the images distributed over the network to duplicate the software packages to other computers.”

How did they address this common challenge?  Application Virtualization.  From the article:

“Instead of installing entire applications through the network, Microsoft Application Virtualization 4.5 (part of the Microsoft Desktop Optimization Pack for Software Assurance) uses a streamlined delivery method. When a Sinclair student clicks to start an application, Application Virtualization receives a request from the student’s PC and then installs only the code necessary to start the application from a centralized virtual application server on the Sinclair campus. The software that is sent to the student’s computer is typically 20 to 40 percent of the total application.

After a student ends a session, the application and its user preferences are saved in a local, file-based cache location on the PC. When the student wants to use the application again, it opens from the local PC cache, resulting in a faster start than the initial session. There is little impact on network bandwidth, and the user’s applications are preserved even in the case of unexpected computer shutdown.”

Now, here is why I’m blogging about this.  The implementation details are different than other App-V projects I have heard about in EDU.  They are combing App-V, Terminal Services, and IAG, to do remote application access with end point inspection of student and faculty machines to ensure there is a consistent security baseline for anyone connecting in.  Many other organizations have implemented this type of scanning on a per-semester basis when student machines are required to register for network access.  In this case, every time a student accesses a virtualized application via IAG their machine is scanned to ensure they meet the security baseline throughout the duration of their enrollment.  From the article:

“The school is using Microsoft Intelligent Application Gateway (IAG) 2007 as a remote access gateway that works in tandem with Application Virtualization to deliver software packages. The school worked with SCE Consultants for the deployment of IAG including customization to provide role-based access to the campus network.

IAG uses a combination of a Secure Sockets Layer virtual private network (SSL VPN), a Web application firewall, and endpoint security so that students and faculty can easily access the software packages. The Sinclair IT department uses IAG to enforce compliance with rules that control access to and use of the applications, such as providing students with permissions to access software for particular classes after they are enrolled.”

This is really good work.  Congrats guys.  Look forward to hearing more from Sinclair Community College in the future!