Saint Thomas Academy Case Study: Upgrading Directory Services on an Education Budget

Introduction

The Saint Thomas Academy (STA) is a Catholic private school that offers college-preparatory and military/leadership day school for male students in the St. Paul and Minneapolis, MN area, serving grades 6-12. Like many organizations, STA had been leveraging Active Directory® (AD) as their core directory service for many years. However, they found themselves at a critical juncture: either upgrade their aging on-prem hardware, and renew Microsoft® licenses, or seek a new solution in the cloud.

Organization:Saint Thomas Academy
Size:680 Students, Faculty, and Staff
Location:Mendota Heights, MN
Problem:Aging directory infrastructure, mixed environment
Goal:Upgrade directory services

Background

As the System & Network Administrator at St. Thomas Academy, Paul McKeehan knows the challenges of IT in the education sector well.

“There are so many things that students, teachers, and admins need to effectively do their job. For example, we have applications like G Suite for Education, Office 365, and PowerSchool, to name a few. We also have a mixed environment of Macs, Windows, and Linux servers, all of which struggled to communicate with our traditional on-prem directory service,” McKeehan said.

“I kept running into projects that I wanted to implement, but was unable to manage with AD.”

But Paul McKeehan had an even more pressing problem: aging hardware. “I have a 2003 AD server. I have 2008 DHCP and DNS servers. I also have an entire department of Windows machines that are about a year away from end of life,” McKeehan said. “I needed to upgrade all of that and maintain access level privileges across the different platforms. When you factor all of this and the Windows licenses we would need together, the price tag gets expensive.”

Searching for Solutions

“Even with discounts for education, I estimated that the upgrade costs would total $12,000. But that was just for the first two years,” McKeehan said. “You also have to think about maintenance and annual license renewals. Then, five years later, you have to do it all over again.”

“Budgetary constraints became a huge hurdle.”

McKeehan’s first thought was to replace AD with OpenLDAP, but he quickly found that he was running into the same issues he had found with AD. “Eventually, I realized the on-prem approach wouldn’t be able to solve most of my mixed environment woes.”

McKeehan’s next thought was to try Google Cloud Identity, but was again disappointed to find that it was limited to Google services. “So I started to think, ‘Maybe there is a holistic cloud-based directory service available.’”

“I literally Googled, ‘Directory-as-a-Service,’ and JumpCloud was the top result. After some digging, I quickly realized JumpCloud could easily mitigate the challenges I was facing.

JumpCloud in Action

McKeehan only recently made the leap to JumpCloud, but he’s already using it to manage systems (Windows, Mac, Linux), web applications (Office 365, G Suite), on-prem resources (PowerSchool), and even STA’s WiFi network.

McKeehan walked us through each component of the implementation:

Systems

“We have the JumpCloud agent installed on all of our administrative devices. It’s also installed in our computer labs and on servers,” McKeehan said. “This makes management easy because instead of having to point all of these systems to an AD authentication server, we just install the JumpCloud agent on our systems, and then everyone can log in with their own unique credentials.”

Apps

“Prior to JumpCloud, onboarding and offboarding users was a very granular process. I would first have to go into Office 365 and create their account. Then I had to go into Google and create the same account there. Next would be going into AD or Open Directory to create their accounts there, and so on,” McKeehan said.

“Now, all of those resources tie directly into JumpCloud Directory-as-a-Service®,” McKeehan said. “All I have to do is set up their account in JumpCloud once, then provision all of their necessary resources by clicking a few checkboxes. Revoking access is as easy as disabling the checkbox. This saves me significant time per user.”

PowerSchool

“We use a few hosted apps here, but all of our learning management system (LMS) software still needs LDAP,” McKeehan said. “Instead of us having to import our Google directory into PowerSchool to create users, we can simply have PowerSchool look back to JumpCloud’s LDAP-as-a-Service for user creation and authentication. There’s no need for on-prem LDAP servers.”

Networks

“Getting RADIUS to work was a highlight for me personally,” McKeehan said. “JumpCloud’s RADIUS-as-a-Service provides ease of access for students and faculty, while enabling us to secure WiFi via their personal username and password. Not only does it cut down on the management overhead from password resets and lockout, but it is also boosts network security by getting rid of the “old-style” pre-shared key SSID authentication. Plus, no on-site RADIUS servers.”

The Result

JumpCloud has addressed the school’s directory needs while coming in well below the $12,000+ they would have spent upgrading their AD infrastructure. But opting for a cloud-based directory service has also saved Paul McKeehan valuable time.

“I can accomplish just about any task in a third of the time with JumpCloud.”

“For example, setting up a new faculty user account and provisioning access to all of their resources used to take me an hour or more,” McKeehan told us. “With JumpCloud, I can reach the same result in twenty minutes or less.”

The ability to centralize resource management has been “huge” for Saint Thomas. McKeehan explained, “JumpCloud empowers me to control all of my IT resources from one pane of glass rather than having to switch between multiple different sites and services to create user accounts manually.”

But the most important factor is the end user; no directory implementation could be a success unless it was a success for the students and faculty of STA.

“The best part about my experience with JumpCloud has been that most of my users haven’t even noticed the change,” McKeehan said. “The implementation has gone so smoothly that it has been ‘business as usual’ for my users. There haven’t been any issues or complaints. Everything just works.”

Conclusion

Sys Admins in the education sector have the unique challenge of managing vast, mixed environments on a smaller budget.

Faced with aging hardware, Paul McKeehan knew it was time to make the move to the cloud. Now that he’s implemented Directory-as-a-Service, it’s clear that he made the right decision for Saint Thomas Academy.

“JumpCloud has enabled me to effectively eliminate the upfront costs of upgrading on-prem infrastructure, not to mention maintaining it,” McKeehan said.

“I just pay for what I use, and JumpCloud takes care of the rest.”

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.