PARCC Field Test Spring 2014 Emerging Technologies and Security with Computer-Based Testing
Agenda Manually Configuring iPads for Secure Testing Managing iPads for Secure Testing Managing Chromebooks for Secure Testing Virtualization Computer-based Testing Security Contacts Read slide
Configuring iPads for Secure Testing PARCC Field Test 2014 Configuring iPads for Secure Testing 3
iPads & Computer-based Testing Pearson has developed an iPad TestNav app available from the iOS app store in January 2014 TestNav app is available at no cost Encrypted Student Response Files (SRFs) are saved on the student device as the student tests Districts must take steps to configure iPads to deliver tests securely. iPads must be configured for single app mode whenever TestNav is launched. TestNav will not allow a student to test if single app mode is not enabled Single app mode disables hardware buttons and functions, including: Home button (except for the triple click function) Side switch Sleep/wake button Screen capture Read slide
Managing iPads for Secure Testing There are several options for districts to manage multiple iPads for secure testing. Manually configure iPads for single app mode via Guided Access (iOS 6 and above) Enable/Disable single app mode with Apple Configurator via USB (iOS 6 and above) Enable/Disable single app mode wirelessly via Apple Profile Manager or third party Mobile Device Manager (MDM*) (iOS 6 and above) Enable/Disable app requested single app mode via third party MDM* (iOS 7 and above) * Note: A third party MDM may incur additional costs to purchase and implement read slide
Manually Enabling Guided Access on iOS 6 To manually configure Guided Access on iPads running iOS 6 complete the following steps: [read slide] Orient the iPad so it displays in landscape mode Go to Settings->General->Accessibility->Guided Access Turn Guided Access on Set Passcode Enable Screen Sleep should be in the “off” position
Manually Enabling Guided Access on iOS 6 [read slide] Touch the Accessibility left arrow to return to the Settings->Accessibility screen Set the Triple-click Home setting to Guided Access Hit the Home button
Manually Enabling Guided Access on iOS 6 Triple click Home button Turn off Motion to lock iPad to landscape mode Turn on Touch setting Press Start [read slide]
Exiting Guided Access on iOS 6 To exit TestNav and close Guided Access mode Triple click the Home button Enter passcode Press End [read slide]
Manually Enabling Guided Access on iOS 7 To manually configure Guided Access on iPads running iOS 7 complete the following steps: [read slide] Orient the iPad so it displays in landscape mode Go to Settings->General->Accessibility->Guided Access Turn Guided Access on Set Passcode Turn on Accessibility Shortcut Hit the Home button
Manually Enabling Guided Access on iOS 7 Launch TestNav app Triple click Home button Tap on Options and turn off Sleep/Wake button and turn on Volume Buttons setting Turn off Motion to lock iPad to landscape mode Turn on Touch setting Press Start [read slide]
Manually Enabling Guided Access on iOS 7 To exit TestNav and close Guided Access mode Triple click the Home button Enter passcode Press End [read slide]
Managing iPads for Secure Testing PARCC Field Test 2014 Managing iPads for Secure Testing
Managing iPads for Secure Testing To enable single app mode on iPads you must first put iPads in Supervise mode for your organization. Putting iPads in Supervise mode will wipe the iPad. Be sure to back up the iPad if you wish to retain any data or applications. You may restore the iPad after this placing the iPad in Supervise mode to put data and apps back on the device. read slide
Enable/Disable single app mode with Apple Configurator read slide Connect the iPad using a USB connection On Mac OS X Server open Apple Configurator
Enable/Disable single app mode with Apple Configurator read slide In Configurator's’ “Prepare” tab, turn ON Supervision. Click on the “Prepare” button at the bottom of the window
Enable/Disable single app mode with Apple Configurator read slide Enter the Organization information if prompted
Enable/Disable single app mode with Apple Configurator read slide Click Apply to apply the settings to all connected devices
Enable/Disable single app mode with Apple Configurator read slide Wait while Configurator completes the action
Enable/Disable single app mode with Apple Configurator read slide When the process is complete click on the Supervise tab Select the popup Lock to App and choose TestNav Click “Apply” at the bottom of the window
Enable/Disable single app mode with Apple Configurator read slide Click “Apply” at the bottom of the window. To release the device from single app mode, ensure that the device is connected, select “Lock to App” and choose “None.”
Enable/Disable single app mode wirelessly via MDM The use of Apple Configurator requires the use of a USB connection to place devices in single app mode. Using a Mobile Device Manager allows administrators to wirelessly push a profile to devices to enable/disable single app mode. Profile Manager is Apple's MDM solution and is available for Mac OS X Server. Profile Manager allows you to select the assessment app from the Lock to App pop-up menu and push the profile wirelessly to supervised devices. read slide
Enable/Disable app requested single app mode via MDM Only available on iOS 7 or above MDMs can configure app requested single app mode. This allows selected apps to enable single app mode when they launch and disable single app mode when they terminate. Administrators will no longer need to push profiles to devices to enable/disable single app mode, but can grant TestNav the ability to invoke single app mode on demand when it starts. App requested single app mode is the recommended solution for LEAs to manage single app mode because it reduces the workload on administrators. Read slide
Configuring Chromebooks for Secure Testing PARCC Field Test 2014 Configuring Chromebooks for Secure Testing 24
Chromebooks & Computer-based Testing Pearson has developed a Chromebook TestNav app available from the Chromebook app store in February 2014 Chromebook app is available at no cost Encrypted Student Response Files (SRFs) are saved on the student device as the student tests LEAs must take steps to configure Chromebooks to deliver tests securely. Chromebooks must be configured for kiosk mode whenever TestNav is launched. LEAs can configure Chromebooks via the Chrome Admin console Google charges a cost of $30 per Chromebook to allow group administration via the Chrome Admin console Read slide
Chromebooks and Secure Testing Read slide Log into the Admin Console and select Device Management
Chromebooks and Secure Testing Read slide Select Chrome Management
Chromebooks and Secure Testing Read slide Select Device Settings
Chromebooks and Secure Testing Read Slide Districts should know the Chromebook device serial number being shipped and a new device is forced to enrolled automatically in the domain the first time the Chromebook boots up. At that point a device becomes a managed device. Any policies configured through the Management Console get pushed to the device
Chromebooks and Secure Testing Read Slide Select Allow Single App Kiosk from the Single App Kiosk field and then select Manage Kiosk Applications
Chromebooks and Secure Testing Read Slide Select TestNav from the Chrome Web Store and then select Save
Chromebooks and Secure Testing Read Slide Select Do not erase all local user data from the User Data field to ensure that SRF files are not erased on the student machine if they log off the machine. Select Save Changes for the new policy to be applied
PARCC Field Test 2014 Virtualization
Virtualization What is Virtualization? Using your monitor/keyboard/mouse to look at and run software on some other computer “Thin Clients” are one type of virtualization VDI (Virtual Desktop Infrastructure) is becoming popular as a way of turning aging computers into terminals, instead of retiring them What is Virtualization? Virtualization is using your monitor, keyboard and mouse to look at and run software on some other computer “Thin Clients” are one type of virtualization VDI (Virtual Desktop Infrastructure) is becoming popular as a way of turning aging computers into terminals, instead of retiring them
Virtualization Virtualization often appeals to schools looking to lower the student to computer ratio within limited IT budgets Virtualization presents unique security considerations when used for high-stakes online testing Virtualization often appeals to schools looking to lower the student to computer ratio within limited IT budgets, by allowing them to use older machines as terminals to deliver modern operating system and application functionality. While virtualization can be an appealing solution for schools, virtualization does present unique security considerations when used for high-stakes computer-based testing
Virtualization Network This is a high level diagram of a virtualization network. The virtualized environment runs on a central server and streams the user interface to workstations A Virtualized environment runs on a central server and streams the user interface to workstations.
Virtualization Security Concerns Looking at this diagram we can see several virtualization security concerns. Virtualization security settings on the server are typically unable to be accessed or controlled by the test delivery engine, which means the test delivery engine can not verify or control the security of the computer-based test. Streamed data between the virtualization server and workstations may not be encrypted and could be intercepted by “man in the middle” exploits. This could potentially expose Secure test content, Student keystrokes and interactions with TestNav and Student responses to capture or manipulation. Virtualization running on student workstations may not properly lock down the environment and provide a secure online testing environment. The test delivery engine may be unable to prevent student use of other applications, unable to prevent capturing screen and test content, and there is a lack of visibility to virtualization “modal” windows Virtualization performance issues could also potentially negatively impact students’ ability to test. 37
A Worst-Case Virtualization Scenario This example shows a virtualization worst case scenario. The test delivery engine is running on a virtualized guest operating system in a virtualization window run on a machine running a separate host operating system. While it is able to secure the guest operating system window, it is has not visibility or control over the host operating system. This could allow students to open a browser and search for answers, utilize screen capture functionality and compromise the test, or communicate with other students and share answers. It is obvious that a solution like this is completely unsecure and is not suitable for high stakes computer-based testing.
TestNav and Virtualization Pearson is working with individual virtualization vendors to qualify their solutions for use with TestNav Approved virtualization solutions will be listed on: www.TestNavQualified.com Email TestNavQualified@pearson.com to work to get local solutions qualified for secure online testing Non-approved virtualization solutions may expose online testing to exposure of secure content LEAs using non-approved virtualization solutions should contact their PARCC Field Test Coordinator or PARCC state lead assessment coordinator While virtualization does present some security challenges, it is still possible to use a properly configured virtualization solution. Pearson is actively working with individual virtualization vendors to qualify their solutions for use with TestNav Approved virtualization solutions will be listed on: www.TestNavQualified.com and will provide the necessary configuration instructions to ensure students can safely and securely test. The use of any non-approved virtualization solutions may expose computer-based testing to exposure of secure content and is not recommended.
PARCC Field Test 2014 Computer-based Testing Security
Testing Security PARCC guidance for testing security policies will be provided in the Test Coordinator and Test Administration manuals released Jan 2014 Many modern school networks have software installed that allows a teacher’s computer to display in real time what is on a student’s monitor. LEAs may want to consider policies that clearly disallow the use of such technology during the administration of the test, as this technology can allow exposure of test content intended only for viewing by an individual tester. Many portable electronic devices feature additional functionality such as cameras, text notepads, calculators, and other capabilities that can potentially compromise the security of the test environment. Policies may be needed regarding collection or prohibition of these devices during testing. [read slide]
Testing Security Student access to testing workstations prior to beginning the test should be carefully monitored, in order to ensure that students are not activating software or other resources that could interfere with the security and integrity of the test. Best practices for student testing should ensure that no student is aware of which computer he or she will use for testing until it is time for testing to begin. Any scratch paper or work folders distributed in compliance with the test administration instructions should be collected along with the authorization ticket and stored or disposed of via secure methods, just as would be employed for a paper-based test. [read slide]
Testing Security Testing lab configuration can also help facilitate test security. The following configuration options can help prevent students from viewing another’s computer-bases assessment. Placement and spacing of testing workstations Privacy screen filters Computer hoods/visors Once testing has begun, Test Administrators are generally expected to be actively monitoring the entire class of students. Test Administrators may need to be advised not to allow individual issues of a lengthy or complicated nature, such as technical problems with a single student’s computer, to distract from their active monitoring role. As a best practice, it is recommended that appropriate IT resources be contacted ahead of time, to be available to assist proctors with such issues. [read slide]
Testing Security LEAs may want to consider a policy for local IT personnel regarding the importance of not viewing secure content within a student’s test while trouble-shooting and problem-solving. IT personnel will be required to sign the security agreement so they must attend the same security training that Test Administrators or Test Proctors receive. [read slide]
Other Technology Considerations PARCC Field Test 2014 Other Technology Considerations
Other Technology Considerations Additional technical setup considerations for PARCC Field Tests can be found at http://www.parcconline.org/field-test-technology including: Tablet/thin client specifications Headphones/earphones requirements Keyboard requirements Accommodation/accessibility features Assistive technologies [read slide] 46
Support Contacts PARCC Support Center 888-493-9888 PARCC@support.pearson.com That concludes our presentation. For additional support, you may contact the PARCC Support Center at 888-493-9888 or by email at PARCC@support.pearson.com. 47