K12 Mobile Device Filtering Redux

We are happy with iBoss. 6500 Macs, 2500 of which get home filtering, plus 1000 iPads and 1300 Chromebooks. They are about to release a Chromebook extension to make Chromebook filtering easier. There were some growing pains getting the home filtering working for osx 10.10 last year, but I tested and it works fine in 10.11 so we'll be good going into next school year.

We were with lightspeed years ago but they couldn't handle our mac home filtering, but it seems like they've improved since then.

Don't waste your time looking at Edgewave/iPrism. The worst OSX support I've ever received. Pretty sure they outsourced everything and couldn't answer any questions.

How does the iBoss work with the iPads? Is it a VPN type? Proxy?

@lehmanp00 I believe they do proxy if you want to do that, someone else may be able to answer for sure. Our ipads don't go home - they get filtered in line here like any other device - we tie the VLAN to a filtering policy. They offer some sort of MDM solution (in addition to the filtering options), and I've had to explain to sales team more than once MDM doesn't do anything for JAMF customers. Just mentioning to not let them take you down the MDM road.

We would need a 'take-home' solution. The PA Global Protect is a straight-up VPN. The user has to login with the app. We can even set it to remember the username/password so they don't have to login more than once. However we have seem some BIG show-stopper issues:

1. The app can randomly timeout. That isn't so bad, except when it times out when the ipad is focused with Casper Focus. The ipad is basically unusable at that point and we have to wipe it.
2. The app crashes and has to be re-installed.
3. The students, god bless them!, have figured out that you can just do a "Reset Network Settings" on the ipad. The app is still there (so Smart Groups still show the app on the ipad) but the ipad is no longer forced thru the VPN until the app is deleted and re-installed.

We use ZScaler with ~12K iOS devices- some of the devices go home. We just push out a global http proxy and the certificates to the devices. Our rough patch with this product has been limitations with ipSec VPN tunnels from our outbound WAN to ZScaler's infrastructure. This may be something between our Cisco ASA and their connection so we're waiting on a newer router that supports GRE tunnel that will hopefully remedy this.

Apart from that, ZScaler works with iOS, OS X, and ChromeOS devices. Just a matter of pushing out the global http proxy profiles and certs to devices and mostly smooth sailing.

@CasperSally Agreed! We're actively looking at alternatives to iPrism. You'll be surprised to know their 10.11 client doesn't work and we're still waiting on an authoritative response...
We're going to try a demo of iBoss when we get back from break.

We use Lightspeed and force a global proxy through it for iPads. That works OK, but from what their support tells me, in order to use the actual mobile filtering app (which would provide more details, etc. when running Web Activity Reports) on the iPad in lieu of the proxy, you have to use their MDM. The app was just recently released, but that is really disappointing.

Next year we are rolling out some student Macbook Airs. I do seem to have the Lightspeed Mobile agent running on those, but haven't had it going long enough to gauge its performance.