Making software available to students/staff off-campus with AppsAnywhere
Deliver university software to students and staff off-campus by configuring AppsAnywhere to make campus lab apps available anywhere, anytime.
Software Delivery Best Practices
Make your campus lab software and your academic applications available to access by students and staff off-campus, by setting-up AppsAnywhere for external access.
We've put together this guide for customers looking to enable AppsAnywhere for external access. This gives your students and staff a way to access applications from home via the internet.
With AppsAnywhere's licensing controls, your university can set who, where and how specific software apps can be accessed. You can also choose the delivery methods for each application, to ensure you can deliver as many of your apps off campus as possible.
Note to customers: Typically, off-site access isn't available to customers who are using AppsAnywhere on a 'device license'. However, throughout the COVID-19 pandemic we're looking to help all customers deliver their apps off campus. Please contact your AppsAnywhere account manager to discuss how we can help at this time.
Watch the webinar
Watch our webinar on how to enable off-campus delivery with AppsAnywhere and download the slides for later reference below.
Planning for off-campus access
The key to succesful off-campus delivery is in the planning phase. This doesn't need to be a complex or time-consuming process, so we've put together three simple steps. We recommend taking these three steps in your approach to making AppsAnywhere available off-site:
- Review your current apps, provisions and delivery methods to ensure license compliance
- Notify our suppor team so we can give you a new Cloudpaging license (if required)
- Make the required infrastructure changes to enable students and staff to access off-site
These simple steps can normally be completed within a day or two.
Adding access restrictions for your apps
If you haven't previously enabled off-campus access, you'll need to quickly review your software titles and provisions to ensure that any license-restricted apps don't all of a sudden become accessible off-site.
At the same time, you might also find it useful to check for any apps that cannot be made available for BYOD. Both of these restrictions are quick and easy to apply to via AppsAnywhere.
Generally, we recommend to apply these restrictions to 'Delivery Methods' rather than 'Provisions'. If a student isn't able to launch software in their present location, they'll still see the app but as unavailable. You can then add further delivery methods, such as web links, to signpost students and staff to where they can get the app.
We recommend the following steps:
- Check that your on-site IP ranges have been configured correctly in AppsAnywhere
- Make a list of any apps that need to be restricted
- Check each of the Cloudpaging Delivery Methods for those apps, and apply the matching restrictions (e.g. On-Domain or On-site only)
- Optional: add an External Website delivery method* to link users to further information if they cannot access an application off-site or for BYOD. Download links can also be added in a similar way.
*If an app is restricted, but there is an alternative option such as a free student license from the vendor website, you can add a web link so that students are signposted to the right place instead of simply seeing the app as unavailable.
VPN / License Servers
On launch, some apps may need connection to an on-site network license server, as provided by the license vendor. For students and staff to use these apps off-site you'll need to provide a VPN connection.
For simplicity and to avoid the need for a VPN connection, many of our customers use AppsAnywhere's integration with Parallels RAS to deliver these apps off-site. All Parallels RAS installation, setup and support is provided by AppsAnywhere's support teams.
Configuring your AppsAnywhere infrastructure
For students and staff to access AppsAnywhere and launch apps with our application virtualization technology (Cloudpaging), there are two main services that the end-device must be able to connect to, either locally or via the internet.
- The AppsAnywhere Portal URL e.g. https://demo.appsanywhere.com on port 443
- The Cloudpaging Paging Servers on port 80
Traffic flow
In order to launch apps, users first connect to AppsAnywhere via the load balanced address in their preferred browser, using HTTPS on port 443.
Should the user launch a Cloudpaged app; in order to allocate a license, internal connections are made from AppsAnywhere to the Cloudpaging Admin/License servers on port 443 (usually also via a load-balanced address). This load balancer and the Cloudpaging Admin/License servers do not need to be externally-accessible.
Once a license is allocated, a secure token is passed from AppsAnywhere to the Cloudpaging Player on the end-user device. This token contains the addresses of the available Paging servers, from which the Player can download the required data to virtualize the app.
Cloudpaging Player first performs a connection test from the end-user device to each of the Paging servers, to determine which server can provide the fastest connection at the present time. In this way load balancing and fault tolerance are acheived automatically.
Finally, to download the pre-encrypted application data to the end-user device, Cloudpaging Player requires a direct connection to the Paging servers, over HTTP on port 80.
AppsAnywhere
All connections to AppsAnywhere are made via the load balancer using TLS on port 443.
You will need to ensure that any certificates applied to your public load balancer or servers are from a Trusted Root Certification Authority. If you are using a self-signed certificate, users on personal devices will see warning messages in-browser when they connect to your AppsAnywhere portal.
Your AppsAnywhere servers, and/or Load Balanced address must be made externally-accessible.
Cloudpaging
All Paging server traffic is direct on port 80. TLS should not be applied.
This is because the paging data that is transmitted by the servers is already AES encrypted during the pre-virtualization and Cloudiification process. Switching to TLS will cause significant performance degradation with no additional benefit, and should be avoided.
Cloudpaging Server also provides formidable security using patented anti‐piracy protection. Connections to Paging servers are secure by design, as the paging servers will only respond to valid token requests from the Cloudpaging Player.
In short, the patented technologies of Cloudpaging Server protect the paging application code from viral attack, and from any in-transit corruption by hackers. Further details can be found in the Cloudpaging Server Admin Guide.
For off-site use, your Paging servers must be made externally-accessible as follows.
Paging Servers
Each individual Paging server needs its own DNS entry that resolves both from the internal network and externally via the internet.
For example, in this existing implementation, someuni.edu have three paging servers configured for internal access only:
In the Cloudpaging Admin console, the values that are set for the Logical IP/DNS are the addresses that Cloudpaging Player will try to connect to (from the end-user device) in order to 'page' the application data.
To allow external access, the Logical IP/DNS must be reachable by the Player both internally and externally. After reconfiguring for external access the servers may look something like this:
Ensuring continuity of service
Rather than make this change to all Paging servers simlultaneously, we recommend that you first make a subset of the servers externally-accessible.
By moving or re-configuring the Paging servers in two stages, external connections can first be tested without risking a service interruption to existing users.
If Cloudpaging Player (on an end-user device) is unable to reach one or more of the Paging servers, it will simply connect to another available server automatically.
The Paging servers have a built-in health check URL, which you can use to confirm if connections can be made successfully from external networks:
- http://xxx.xxx.xxx.101/jukeboxserver/stream/client.do?msid=ping
If the connection is successful you should receive the following confirmation
- Stream service is ready.
Important: License invalidation warning
The license for your Cloudpaging server infrastructure is restricted to the pre-defined Logical IP/DNS names of your Paging servers and may need to be updated ahead of any changes.
If your Cloudpaging license references *.intranet.someuni.edu or an internal IP address, and you change that value in the Cloudpaging console, those servers will be unavailable and service will be affected.
For this reason, any changes to your infrastructure should be notifed to our support team in a support ticket. We're happy to provide a new license ahead of time if required.
Further considerations
Number of servers
If you are expecting use of AppsAnywhere to increase with the introduction of off-site access, it might be prudent to review the performance of your existing servers and to consider an increase in capacity.
At a basic level, a functional AppsAnywhere and Cloudpaging implementation includes:
- 1 x AppsAnywhere Service
- 1 x Cloudpaging Admin/License Service
- 1 x Paging Service
Each set of three servers can handle 3,000 to 5,000 concurrent users.
So for a site license rollout with 20,000 users, working on 75% concurrency (15,000 concurrent users) we would recommend 3 servers for each service, 9 in total.
Support
If you would like any further advice, or need to request a new Cloudpaging server license, please feel free to contact AppsAnywhere Support for assistance.
We'll work with you to schedule any changes and to ensure a smooth transition to off-campus access for students and staff.
Visit our customer support forum
This article first appeared on our support forum, where you can find additional information and infrastructure diagrams for making AppsAnywhere accessible off-campus to both students and staff.
How to Make Your AppsAnywhere Portal Available Off-Campus Webinar Slides
Check out the slides from our How to Make Your AppsAnywhere Portal Available Off-Campus Webinar.
FAQs
Is there an option to still auto-validate?
Auto validation is still available as an option. We aim to ensure there are as few occasions of attempting to launch but being unable to as possible, and where they occur, explaining why.
Directory path local execution, when does detection occur? During login? During validation?
Detection occurs during validation - the client is given a list of directories to look in and it returns what it finds.
Any CSS options like Dark Mode available for users to customize the look of the portal?
Dark mode wasn't something we were able to do for this version, but it is something that we are looking to include in the future.
Can Download the Client be hidden?
If client download is not available in that instance - such as in labs mode or if client install is suppressed, then the client link will not appear. The client download link will also only appear on platforms which have a client - i.e. Windows and macOS.
When can we get 2.12?
If you would like to upgrade to 2.12 please submit a support request and the team will be touch.
How to implement BYOD in schools
To implement BYOD in a cost-effective and sustainable way, schools will need a clear idea of a number of key data points to understand which technologies are necessary and how many licenses of each technology are required: Number of users/devices Weighting of device type/platform (Windows vs Mac vs Linux) Software titles to deliver Usage data on software titles for licensing User groups requiring specialist software You can read more about implementing BYOD policies in schools in the SecurEdge article, ‘How to successfully implement a BYOD program into your school’ > https://www.securedgenetworks.com/blog/how-to-successfully-implement-a-byod-program-into-your-school
How communication is improved in school with BYOD?
With a BYOD policy implemented, schools can begin working to introduce centralized communication points such as Virtual Learning Environments (VLEs) or Learning Management Systems (LMSs). Software delivery tools such as AppsAnywhere also provide areas that can be used to communicate with students. Once BYOD is enabled, schools can be more confident that students are actively accessing digital academic resources through specific channels, and that communication propagated through those channels is much more likely to be seen.
Does BYOD save schools money?
Yes, it can do. While BYOD technologies may be expensive, with the correct provisioning and tools implemented, the decrease in hardware investment required from schools by allowing students to bring their own device and insight from reporting data can help schools save money on their software delivery.
Why BYOD is good for schools?
BYOD policies in schools reduce the hardware investment of electronic devices, including mobile devices, needed for schools to offer equal access to digital academic resources to all students. By leveraging student-owned hardware, BYOD policies in schools can increase the resources available to students, such as software, digital media and digital learning environments, at a fraction of the cost of ensuring there are enough organization-owned machines for every student to use. Furthermore, BYOD allows students to access school resources outside of school and outside of teaching hours via their own device.
Why is BYOD important in schools?
BYOD policies in schools help to introduce students to completing work from their own devices in preparation for higher education and employment. In an ever-more-digital world, getting used to using personal devices to complete work can help desensitize students to the potential distractions offered by those devices. BYOD can also help students learn to manage their time effectively in a society where the lines between work time and free time are becoming more and more blurred.
When is AppsAnywhere 3.0 out?
We’re excited to be releasing AppsAnywhere 3.0 in December 2022, in time for January enrolment. Your dedicated Customer Success team will be in touch when it’s available to ensure your institution gets the most out of AppsAnywhere.
How can I get the latest version?
To get the latest version if you are currently using AppsAnywhere, schedule a call with your specialist implementations team and we can help you to start benefiting from AppsAnywhere 2.12 now.
Who can help me deploy VDI?
Most IT professionals get excited when considering new technologies and solutions. Without a doubt, the prospect of a VDI deployment project is likely to get your team’s juices flowing. However, deploying VDI is complex and often includes a host of new infrastructure and unique software management tools. The best advice is to engage with a vendor partner early on so that the design for your campus can be vetted by experts who work with VDI on a daily basis. A vendor partner can also help guide through different architecture scenarios, use cases, and potential pitfalls. All of the knowledge transfer gained will put the IT team in a far better position to successfully deploy and support VDI for your campus.
Which is better: DaaS or VDI?
As is the theme throughout the rest of this article, there isn’t really an objective victor in DaaS vs. VDI. However, when it comes to Higher Ed, we rarely see full DaaS deployments. They’re often saved for more limited use cases, such as temporary BYOD access, or delivering to satellite campuses. For the scale of delivery required by HEIT, VDI will usually come out on top. However, you still need to decide whether to go for legacy VDI, or newer, hosted solutions…
What is the difference between DaaS and fully hosted VDI?
DaaS refers to virtual desktops being provided to organizations as a service-based solution. It will include support for managing, upgrading and maintaining virtual machines. It is a more complete out-of-the-box solution with a price tag to match. Fully-hosted VDI is just like legacy VDI, except you don’t need on-premise server infrastructure, and they are often pay-as-you-go. Fully-hosted solutions are also referred to cloud-hosted solutions and they are the same as VDI, except hosted for you, as the name suggests.
Citrix or VMware?
Both VMware and Citrix have a robust product offering across many different solution suites. Historically, Citrix has excelled in the realm of remote app delivery or app remoting solutions. On the other hand, VMware leads the way with full desktop VDI delivery. Deciding on the right approach is solely dependent on the needs of the institution and what goals they are hoping to achieve with the project.
Why have a BYOD policy?
A formal BYOD policy helps to ensure a high chance of success and adoption as well as communicating practical information to users on how to interact with and use software on their BYO devices.
What is in a BYOD policy?
To put it concisely, a BYOD policy should include any or all of the following: Device type Operating system Available resources Security Usage conditions
What is BYOD policy?
A BYOD policy is a formal definition and agreement between the BYOD provider (universities) and the BYOD users (students). It is similar to an SLA (Service Level Agreement) between service-providers and outlines how users can expect to interact with their university's BYOD program, as well as any limitations, usage conditions, and compatibility information.
JOIN THE COMMUNITY
Stay ahead
Sign up to our newsletter.
APPSANYWHERE
Deliver software at scale, on and off campus
AppsAnywhere is a global education technology solution provider that challenges the notion that application access, delivery, and management must be complex and costly. AppsAnywhere is the only platform to reduce the technical barriers associated with hybrid teaching and learning, BYOD, and complex software applications, and deliver a seamless digital end-user experience for students and staff. Used by over 3 million students across 300+ institutions in 22 countries, AppsAnywhere is uniquely designed for education and continues to innovate in partnership with the education community and the evolving needs and expectations of students and faculty.
Related reading
NEXT STEPS TO IMPROVING YOUR SOFTWARE DELIVERY
Your apps anywhere, anytime, on any device
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.
NEXT STEPS TO IMPROVING YOUR SOFTWARE DELIVERY
Your apps anywhere, anytime, on any device
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.