In order to log into and use an itopia CloudApps Classroom Lab, a few steps may need to be taken by the District Administrators in order to allow for proper functionality. This includes:
- Outbound access from within the school district network
- Inbound access from static itopia CloudApps Classroom IPs for access to network license servers
- Application access approvals from your Google Workspace tenant
- Proper licensing for applications
In this article, we'll review:
- Network access to itopia services
- Content filtering
- Domain Allow List
- Global access
- Packet inspection / SSL decryption
- Network firewall
- Inbound connectivity
- Network bandwidth & performance
- Application access approval
- Application licensing
Network access to itopia services
School networks are often protected with multiple layers of networking security to prevent access to unauthorized content and protect internal resources. These protections typically include network firewalls and content filtering devices.
To ensure your students and instructors can access their CloudApps sessions, ensure that your network security platforms are configured to permit outbound traffic to the following addresses and domains.
If your network includes content filtering devices (sometimes called reverse proxies), it may be necessary to exclude itopia CloudApps from filter rules. This is commonly done by adding a set of DNS domains to an allow list (previously called whitelist) to ensure that traffic destined for those domains is not blocked or inspected.
Domain Allow List
To ensure that on-network devices can access all itopia CloudApps functionality, make sure that the following domains are allowed:
# Admin and User Portals
# Cluster endpoints
# Speed test feature
# Cluster endpoints
# Speed test feature
Packet inspection / SSL decryption
If your content filtering device performs packet inspection and/or SSL decryption, these technologies will significantly impact the performance of CloudApps desktop sessions. It is highly recommended to disable this functionality for the domains listed above.
itopia CloudApps can provide desktop-level monitoring and filtering solutions to ensure that students do not access unauthorized material from within their CloudApps sessions. Contact your itopia Account Executive to discuss available options.
itopia CloudApps requires only standard, outbound HTTP(S) connectivity to the domains listed above.
If you are performing strict outbound firewall filtering, ensure that the following IP addresses can be accessed on the following ports for the itopia STUN/TURN traffic.
220.127.116.11 - turn
Network bandwidth and performance
itopia CloudApps is designed to dynamically adapt to clients' network performance and deliver the best available experience. However, itopia recommends the following minimum network connectivity specifications to ensure a stable and performant session for users.
|Download speed / bandwidth||
Graphics-accelerated sessions (e.g., Adobe Creative Cloud or Blender):
4 Mbps or higher
Non-accelerated sessions (e.g., Microsoft Office or Computer Science):
2 Mbps or higher
|Download speed refers to the rate that data can be received by the client. Higher bandwidth allows CloudApps to stream the desktop with less compression and higher framerate, resulting in a smoother, clearer image.|
|Upload speed / bandwidth||1 Mbps or higher||
Upload speed refers to the rate that data can be transmitted from the client. Typically, upstream data is restricted to keyboard and mouse input and therefore does not require much bandwidth.
Recommended: 60ms or less
Maximum: 200ms or less
Latency refers to the delay between data being sent from CloudApps and received by the client, or vice-versa. Lower latency means that user input (keystrokes or mouse movement) are represented more quickly in the CloudApps session.
|Packet Loss||0.25% or less||
Packet loss refers to the number of data packets that must be re-transmitted between CloudApps and the client and reflects the stability of the client's connection to the CloudApps environment. Higher rates of packet loss mean more data has to be re-sent, resulting in intermittent delays or garbled displays.
Users can view their network status from within their CloudApps session using the "flyout" menu on the right hand side of their browser window. This menu monitors the metrics listed above and is useful for troubleshooting poor connectivity issues. Users are automatically notified if CloudApps detects persisting network performance issues.
Application access approval
If you are a Google Workspace district, users designated under age 18 may receive the following message when they try to access the student portal (https://labs.itopia.com):
If this happens, please log into your Google Workspace admin console and head to:
Security > API Controls > App Access Control
Look for the app called “App Launcher”. The ID for the itopia app will start with 429027536837.
The App Access Control page should look like this:
Once the app is approved students will be able to log in to https://labs.itopia.com using their Google account.
For all application licensing information, check out this article.
Some applications allow the use of both a named user license and a network license, such as Autodesk, others only allow strictly named user licenses such as Adobe Creative Cloud.