|
This chapter contains the following information: This chapter will give a brief overview as to the manner in which the AT server is setup and how to go about setting up the clients. OverviewThe Assistive Technology server is a member of the OSU Active Directory Domain. Active Directory is a Microsoft suite of networking tools that allow multiple computers to use the same authentication systems and resources to accomplish completely separate goals. In this case, the most notable benefit of utilizing this Active Directory system is that the Orange-Key (O-Key) universal identity management system can be streamlined across systems. This has multiple benefits, including having single sign-on functionality (not having to worry about multiple usernames and passwords for each system), control over roles (student, faculty, or staff), and other advantages, handled in a centralized manner in the domain. Therefore access management of the Assistive Technology server is simplified as most of the processes required to gain access to University resources is handled in a centralized and automated manner by OSU’s Information Technology department. Client-Server MethodologyIn a nutshell, the Assistive Technology server handles three major components. It is, first and foremost, a Windows File Server, holding user profile data and files created by the Assistive Technology software. This allows users to travel from computer to computer while maintaining settings and configurations vital to the customized use of the Assistive Technology as an accommodation for a disability. Secondly, the server handles license tracking and confirmation. Since all of the software is configured on a per-user basis that limits the total or concurrent usage of the software, the server itself has software on it that prevents the OSU-System from allowing non-compliance with our licenses. Third, the server handles the web accessibility validation system, which is a completely separate system and is beyond the scope of this document. Because the Assistive Technology software itself is highly specialized, most of the manufacturers have developed a client-server model that requires installing a component on a client workstation, that will then communicate with the server for license verification and user settings. To the end user, the hope is that seamless, effortless use of the AT can be achieved, especially due to the nature of some severe disabilities that may prevent the use of a computer before the software is actually loaded. The process of “starting up” the software varies, but generally follows these steps: If the client workstation is on campus, then a reliable, secure connection is already available. The system may authenticate (as in step ) without further effort. If, however, the workstation is located off-campus, the reliability of the connection cannot necessarily be ensured, either in a security aspect, or in a technical aspect. As certain ports, representing services offered by the underlying operating system, are required to maintain for these services, a secure “tunnel” must be created in which data to the server will be passed. This is achieved through the OSU Virtual Private Network. The Virtual Private Network, being a separate system, also requires authentication. However, this authentication is the same as O-Key authentication, so the credentials gathered from the user can simply be passed twice to the OSU network. Authentication with the server, in which a username and password is checked against centralized resources to determine access. The client software is started and requests a license. The server responds back if there are available licenses. The user chooses a profile, which is requested from the server. The software starts up under the selected user profile.
Efforts to streamline this process further are in the works, but are incredibly complicated. The process, at the time, may be as streamlined as possible. Active Directory NotesIt is not enough that the client workstations simply be a member of the Active Directory Domain, it is also vital that the workstations require Active Directory logins from users. If the workstations use a service account, or if there is some other access directly to the desktop, the user credentials will not be passed to the AT server, even if the machine credentials are. Additionally, some security measures, especially those in group policy designed to secure the workstation from outside attackers, may make the software incapable of contacting the server. In these cases were customizations are common, it is recommended that a user or technician utilize the support information section of this document to contact the AT Specialist. Alternatives to Active DirectoryFor some workstation deployments, the use of Active Directory is not ideal, due to various reasons. This also includes personally-owned computers, such as a student’s workstation in their dorm room or off-campus, or a staff member’s home computer. To meet this need, a middleware application has been developed by the Student Disability Services office called the AT Loader. The current version of this software, AT Loader 2.0 RC1, allows individuals to access the AT server from both on and off-campus locations, as well as automatically load the software needed itself, all while providing accessibility. In fact, the AT Loader is capable of meeting the needs of a blind individual by providing speech before a full screen-reader has been loaded. For those with severe disabilities, customized setup by the Student Disability Services office is necessary, as the actual installation of the AT Loader is not yet accessible itself.
|
