What does all this actually mean?
Googles change means you have to make a couple of changes to your school devices to ensure your users remain protected from inappropriate content online. We are here to walk you through the process and provide as much information as we can to ensure you’re kept informed and protected.
I don’t know where to start with downloading and deploying the SSL certificate, who can help me?
We have a team of support staff who will be getting in touch with you to walk you through the process and answer any further questions you may have. They will be in place from early December, we will share the number as soon as it’s available.
What happens if I do nothing?
Google plans to make this change in mid-January, after which, when a user searches using Google, they will not have any search results filtered, so inappropriate thumbnail images could be displayed. At the point that a user tries to click through to that inappropriate link, SafetyNet will then filter and restrict access as necessary.
I’m not happy about you intercepting secure traffic, how do I know you won’t intercept other secure traffic?
Please view our interception policy document. We are only intercepting Google search traffic at this time to ensure your users remain protected, as more school used websites move to SSL encryption; we will be able to extend this protection as necessary. We will not intercept personal banking or online shopping for example.
Will I have to do this every time another website we use moves to SSL encryption?
No, once the SSL certificate has been installed you don’t need to do it again as more sites move to SSL.
I use transparent proxy, what do I have to do?
After deploying the certificate you just need to let RM know that you are ready to enable SSL filtering for your school. We’ll then make a change on our side to start SSL filtering transparent traffic. You won’t need to switch from transparent filtering to using a proxy address.
What about BYOD using transparent proxy?
We understand that deploying a certificate isn’t so simple for unmanaged devices. Therefore you can instead choose to continue without SSL filtering of Google results, and instead:
- Use Google’s SafeSearch (we’ll force this automatically for all customers) and lose the ability to have RM SafetyNet filter searches
- Block Google and use another search engine
- Configure any managed devices that you would prefer to use SSL filtering of searches to instead use the new SSL filtering proxy address
All schools will continue to have access to both standard and SSL filter proxy addresses, for both regular and staff proxy. So they will have 4 proxy addresses to choose from: (standard, standard with SSL filter, staff proxy and staff proxy with SSL filter), and you can mix traffic over those addresses.
I heard that from January, unless a I take the remedial action on every device, Google search results will not be filtered by default as RM can't ensure that Google SafeSearch is applied to search results.
We will always continue to force apply SafeSearch, even if a school don't take our SSL filtering service. If a school decides to stay with the current (non-SSL filtering) service, they will get just Google safe search which isn't a suitable filtering approach for most schools.
Google initially announced the changes would happen in January but a date has now been confirmed as 23 June 2015. This is welcome news given the tight timescales originally suggested, I'm sure you'll agree.
How long is the certificate valid for?
The certificate is currently set to expire in 2034.
Are customers with local filtering devices supported?
- If you are using the local device for filtering (and therefore not filtering through SafetyNet) then you don't need to deploy the RM SafetyNet certificate anywhere. You will however need to contact your support provider for the filtering device to understand how to enable HTTPS filtering and then how to export a root certificate (if this is supported by the device).
- If you are using RM SafetyNet for filtering (and therefore the local device only for caching/auditing) then you need to deploy the RM SafetyNet certificate to all client devices, and then configure your local device to use the new RM SafetyNet SSL filter proxy server address for your site as an 'upstream proxy'
What are my options if I'm a Smartcache customer?
- Do nothing, keep your Smartcache where it is for now and be aware that Google SSL traffic (search and youtube) will not be filtered, you will need to willing to accept the risk involved with this option. This is not an option that RM Education recommend.
- If you have RM connectivity: Remove your Smartcache from the network, apply certificates, everything will be filtered. Using just SafetyNet will offer full filtering, what's more granular filtering will be available early this year. Be aware that removing Smartcache may lead to more bandwidth being consumed.
- Keep your Smartcache as option 1, remove when new SafetyNet granular filtering is released. Please be aware that removing Smartcache may lead to more bandwidth being consumed.
- Replace your Smartcache with another device - call 01235 645 316 and speak to our sales team.