Background to OS update blocking
In mid-2015, the department's network was significantly impacted by a large take-up of iOS devices such as iPads and the introduction of BYOD in many schools. The sheer quantity of these unmanaged devices being connected to our network, was not the problem. It was the unmanaged operating systems which were constantly requesting OS updates from Apple and Microsoft.
Schools were finding that their Internet gateway was quickly congested with these constant download requests as soon as students arrived each morning and throughout the day. It even got to a point where the department's main Internet gateways to Telstra also became flooded, affecting all users statewide.
To resolve this issue, ITD implemented multiple mitigations, one of which was to apply a block on all OS update traffic in schools between 9am and 3pm on school days.
This, together with other infrastructure enhancements, resolved the issue and allowed schools to function effectively during core time.
Device Management became harder
The down side of blocking OS updates was that during school hours, it made legitimate device updating for unmanaged devices impossible within this time period. This meant that for the past two years, staff had to schedule such work before or after school or during school holidays.
Introducing OS Update limits
ITD is responsible for delivering quality Internet and corporate application access to schools. While OS update blocking has helped to maintain reliable service, we have been working on a solution that allows a level of access to OS updates during school hours, while not severely impacting a school's available bandwidth. A successful pilot at several schools during term 3, 2017 has identified that applying access limits during school hours is a viable solution, providing reliability and convenience.
So what happens now?
From 3pm, Wednesday 15 November 2017, OS Update Blocking will be replaced with OS Update Limiting. From 9am on the following morning, access will be available to:
- Microsoft Windows Update
- Microsoft Windows Store
- Apple MacOS update
- Apple iOS update
However, these sites together will be limited to a maximum of 25% of the school's available bandwidth. This means that these updates will now be able to occur during school hours, but will not be allowed to saturate the school's bandwidth.
What this means for users
iPads and other unmanaged Windows devices will now be allowed to get OS updates during school hours - but the more of these devices that simultaneously request updates, the slower they will download them. It will always be best to manually request updates outside of school hours, but users will no longer be blocked if these requests are made during school time. Also, the more devices that request OS updates during school hours, the more likely the school will need to work within the remaining 75% of their total bandwidth capacity for all other online requirements.
Apple Caching Server (ACS)
Any school with a fleet of iPads or Mac devices, can massively reduce this OS update load on their bandwidth by purchasing and installing an Apple Caching Server. This device is designed specifically to deliver both OS and app updates to these devices at your school, without negatively impacting your bandwidth. Now that OS updates are now longer blocked, but just limited, it means that local iPad management can be completed effectively during school hours by schools with an Apple Caching Server. For schools using a Mobile Device Management solution or considering it, an ACS is an absolute must have.