RDPSD - Wireless Networks
Red Deer Public Schools: Wireless Network Changes
RDPSD-Guest - The guest wireless network is changing from its current mix of password and open authentication depending on location to a splash portal where the service user will be presented with information relating to their acceptable use of the network and the ability to proceed by “accepting”.
Although not all activities that can occur with an active internet connection will be allowed to protect the District’s infrastructure, a more permissive stance is being taken as to what a user can do while connected to the network. On-line tools such as VPN and vendor driven privacy services will now work with the Guest service.
This change will make ‘RDPSD-Guest’ similar to wireless services you have seen in hotels, at conferences, or even local coffee shops and restaurants.
Deployment Date: Now until completion sometime before end of July, 2023
RDPSD-Staff - A NEW wireless service will be made available to RDPSD teachers, staff members, and administrators that will allow them to access the Internet, some RDPSD network services (such as the ability to ‘cast’, file, and printing in the future), and the ability to use VPN and vendor driven privacy tools on their own BYOD systems.
An on-boarding process will occur for each device added as an acceptable user/device of this service. There are plans as well for the addition of using your RDPSD credentials at some point (especially when the intention is to use RDPSD network services such as ‘casting’, printing, or accessing local RDPSD resources.)
Deployment Date: August 2023 with advanced features in 2024.
RDPSD-Managed - A NEW wireless service will now exist intended for RDPSD provided systems such as District laptops and supplied phones.
Each individual system will go through an on-boarding process facilitated by RDPSD Technology and Information Services.
‘RDPSD-Auto’ (old ‘rdp_n’) - Upon returning for the 2022/2023 school year you will notice that the ‘rdp_n’ wireless service is no longer available. A new service will be added to serve RDPSD educational systems (such as chromebooks, chromecasts, and other sanctioned RDPSD equipment.) These systems will be set to use this service for you where applicable.
NOTE: All existing RDPSD chromebooks and the ability to ‘cast’ will still work as it does now.
Deployment Date: August 2023
Q. Why can’t we still use passwords, aren’t they more secure?
A. Unfortunately no.
Passwords have become technically insecure unless coupled with stringent policies/incompatible security technologies (i.e., very long complex phrases, 2FA/MFA, and regular timer based changes). Because of these and the requirement to make the passwords publicly available for guests/visitors to use the model has no intrinsic security value. The District wireless technology works in such a way to protect the District, the user, and all other devices on the network that insecure passwords are no longer needed.
Another strong feature is that as a District employee you can go to any location in the District and not have to change the configuration on your phone in order to connect.
Q. Will everything work now after the change? (Having been connected to ‘rdp_n’, ‘HS-Local’, or ‘LTCHS-Teacher’ for example.)
A. Without changing to one of the new services, no.
You will need to connect to one of the new services in order to use the RDPSD wireless network. Any application or service that doesn’t work after the change can be brought to the attention of Technology and Information Services for review via a new ticket in Sheldor.
Q. How do I onboard my device?
A. Please submit a Sheldor ticket and Technology and Information Services will work with you to complete the process. Feel free to connect to the ‘RDPSD-Guest’ service until that process has been completed.
Q. Why does the ‘RDPSD-Guest’ service require accepting the ‘Acceptable Use’ agreement every 24 hours?
A. Because the system includes non-District visitors and guests and any system that can connect to a wireless service is allowed to, the system is engineered to maintain a high level of security for all users and 24 hour periods of service are technically considered the maximum allowed value of use to keep that security level maintained.
Q. Why is this happening, it seems more complex?
A. The absolute driving factor in this work being done is due to the changing landscape of BYOD, the internet, and user privacy. The changes will make the protection of the user, their device and data stored on it, more forefront while still protecting the RDPSD infrastructure as a whole.
One key caveat, the user’s own BYOD device will always be the responsibility of the user to maintain.The security of the device itself, via up to date system and security software, is not the responsibility of RDPSD or maintained while using the RDPSD network. Although the system is protected while being on the District’s network from other systems on that same network, a user’s own activities fall under the responsibility of that user and cannot be guaranteed to not cause harm to the device or loss of privacy by the user’s actions.
Data to and from the device is protected while in transit on the applicable RDPSD networks from all other users and systems.
RDPSD makes available a system that protects the user if the device is allowed to use it by default but is not forced to (in the case the user wants to use VPN/Privacy software available to them.) The system, if used, does not record what the user is doing and only stops a connection if the target of the user's activity is known to be a security issue.
Q. I can see students/staff/visitors doing things that they couldn’t do before, do we not filter anymore?
A. We do.
Unfortunately there is an impossible dichotomy having to monitor what a user is doing on the network (and therefore knowing everything they do regardless of being a student, staff member, or visitor) in an effort to filter content and yet still allow the same user their privacy. This and the momentous effort being taken by companies to provide privacy functionality fundamentally limits all possible ways to filter unless invasive techniques are used.
Users, regardless of who, are still responsible to follow the relevant policies that govern the District.
Q. I need the service to be disabled at night to help protect against vandalism and encourage loitering. Can this be done?
A. Yes. Schedules are available for service operation.
When you leave for the summer, it is recommended that you ‘forget’ any network you currently use while at work as they will not function after the changes indicated in this document.