Embed Size (px)
DESCRIPTION
With more use of interactive lessons, BYOD, remote access from home and greater network and internet security within Schools, IT departments are feeling the pressure. Here are 8 key building blocks to put in place to help keep your networks performing well.
Citation preview
8 Building Blocks for a High Performance School Network
© Copyright 2014 Modrus
The Problem
2
The Problem
3
Mark ZuckerbergFounder, Facebook“Our policy at Facebook is literally to hire as many talented engineers as we can find. There just aren't enough people who are trained and have these skills today.“
Eric SchmidtExecutive Chairman, Google“For most people on Earth, the digital revolution hasn't even started yet. Within the next 10 years, all that will change.
The Problem
4
Greater network and internet
security
Better monitoring of who is
accessing what
Wider use of video and graphical
content
Providing universal home access for staff and students
Students and staff wanting to connect to different kinds of
devices
Current pressures on School IT teams:
5
So, how can you keep your school networks on the rails?
The Problem
6
Users typically lose up to
30 minutes a day waiting for
PC’s to load or reboot
(Gartner, 2009)
86% of users across Europe, Asia
and North America lose 18 hours
productivity or more a month. (Forrester,
April 2013)
The Problem
No. users affected
x
average cost per user
x
lost productivity %
100 staff
£25k average cost pp
Half an hour a day = 6% of working week7
The Problem
No. users affected
x
average cost per user
x
lost productivity %
£150,000 lost per year
8
The Problem
9
Lowers both staff and student morale
The Problem
10
Decreases work satisfaction
The Problem
11
Increases stress in the IT dept
The Problem
12
Loss of user confidence in IT Dept
So How Does Poor IT Performance Impact
You?
?
8 Building Blocks
Protecting whom from what?
• How do you make sure the right people can access the right files?
• How can we stop the wrong people accessing the wrong files?
• How do we separate student and staff networks whilst enabling staff to appear on both?
• Where do we put the intelligence that manages our network access rules?
16
1 Security
What does good security look like?
Correct Access Permissions
• The right people access the data they need
• The wrong people don’t have access to anything they shouldn’t
18
Give authorized users a secure environment
• Users cannot do anything that may compromise their environment
• No admin rights for standard users
19
A good method for elevating permissions for super-users
• A secure and managed process for raising the permission levels of users
20
Reviewing access
• Do people who have left or moved roles still have access to data?
21
Strong security at the edge or border
• Firewalls to block external access
• VLANs to separate networks
22
Certificates to encrypt/decrypt data
• Ensuring nothing gets modified in transit
What’s actually going around our network?
• Is your network a free-for-all where “whoever gets there first gets the most”?
• Is more use of live streaming, video data and digital photography in learning vastly increasing your network traffic?
23
2 Resources
What does good network management look like?
Visibility of performance
• Monitor switches
• Alerts on thresholds of usage
25
Regular usage reviews/capability checking
• Is the school running low on ports?
• Do you need to organise more switches now and reduce delays to users when more capacity is needed at short notice?
26
Where are the performance bottlenecks?
• Are uplinks from edge switches able to cope with demand?
27
Quality of service
• Can performance be improved by identifying different data types and prioritising?
How can we connect anything anywhere and still manage it?
• How many people are likely to want to connect and where?
• How do you manage staff and students bringing their own devices to connect to your network?
• How do you authenticate and track users and focus on what is safe for them to access?
28
3 Wireless
What does good wireless management look like?
Appropriate levels of access depending on connection type
• Monitor switches
• Alerts on thresholds of usage
30
Performance monitoring, specifically capacity and coverage
• Ensure you have enough bandwidth or throughput to cope with demand
• Ensure you can get a strong wireless signal in all required areas and not available elsewhere
How can they get securely and simply connected in?
• How do you control how visiting teachers, parents and students connect to the internet?
• How do you separate that network from the core staff and students?
• How can you ensure guest devices and traffic are secure?
31
4 Guests
What does good guest management look like?
Separation of networks
• Only access limited services, if any
• Undertake regular penetration testing
33
Guest access is simple and supports a wide variety of connecting devices
• They just work without needing the IT team’s intervention
So what is happening where and when?
• How do you diagnose the symptoms when you hear “my connection is slow”?
• How can you monitor:
– Which devices are doing what?
– How much bandwidth is being used ?
– Which websites are being accessed?
34
5 Monitoring & Reporting
What does good monitoring look like in schools?
Automatic discovery
• Changes and upgrades to devices get automatically factored in
36
Smart classification and mapping
• Classify devices and map your network
• Helps identify bottlenecks
• Pinpoints devices which might be causing problems
37
Performance monitoring
• You must be able to monitor available resources, bandwidth and device uptime
• Controlled re-starts of devices can help banish glue in performance
38
Intelligent alerting
• You can’t watch everything every minute
• Alerts that make you aware of a situation before it becomes critical
39
Scalability and failover
• Can you keep up with demands?
• Build in redundancy as part of the solution to prepare for outages and hardware failure of your monitoring solution
What are they and how do we avoid them?
• How do we ensure the essential protection from:
– Worms – Trojans– Spyware– Adware– Bots
40
6 Viruses & Malware
What does good Virus & Malware protection look like?
Up to date virus and malware definitions
• Check at least hourly for new digital signatures
42
Regular, scheduled virus scans on devices
43
Email scanning outside of your network
• On cloud based services etc.
• Makes sure viruses don’t get as far as your network
44
AV Scanning on firewalls
• Prevent viruses getting in at the border
45
Subscribing to virus alerts and notification services
• Keep up to date with latest news
• Global comms means geography is no longer a barrier to virus infection
Homework from home?
• Can your students, staff and in some cases parents access school resources from home?
• Access to virtual desktops from home
• Access to webmail from home for staff and students
46
7 Remote Access
What does good remote access look like?
High level of security in the access method.
• Is a simple username and password enough?
• Should you insist on two-factor authentication?
48
Encryption on connections
• Prevent data being modified in transit
49
Control on what is accessible
• Limiting what users access externally
50
Do you allow data to be transferred in or out of the network?
• Do you monitor data being transferred?
• Ensures data from a controlled area isn’t being moved to an uncontrolled one
What if…?
• How do you ensure data doesn’t get lost or corrupted?
• Do you have a rigorous regime of regular maintenance and updates?
• Do you have more than one server?
51
8 Resilience
What does good remote access look like?
No single points of failure
• Never have just one of something
• Find ways to put things in more than one location
53
Physical redundancy
• Have additional hardware that will take over in event of failure
54
Is the redundant solution able to cope with the load in a failure environment?
• E.g. A UPS is designed to give enough power to enable a safe shutdown – not power the hardware in case of failure
55
Geographic resilience
• Internet lines that don’t follow the same route in to the building
• Hardware installed in different locations
So what have we learned?
Networks can be
A painHolding us backCosting us moneyA bit tricky
SecurityResourcesWirelessGuestsMonitoring & ReportingViruses & MalwareRemote AccessResilience
www.modrus.com
