View RSS Feed

zag

Stable ICT systems in Schools

Rate this Entry
by
zag
, 4th February 2014 at 11:51 AM (20370 Views)
Intro
I've been doing this job for many years and one of the biggest targets I have had in that time is to make our entire ICT ecosystem "Stable". By this I mean that things work as they should in a classroom or for our admin staff and dont break too often. In fact when something breaks it should be a surprise or an extraordinary event, not something that inevitably just happens. We all see jobs of "the projector is broken" or "the hard disk died" but these are entirely preventable if you buy the correct equipment and maintain it properly. I'm a great believer in building solid infrastructure and letting staff and students get on with their job with ICT there to help, not hinder people. So after having a think I've written a few bits of advice down for the benefit of others.


Projectors
Lets be honest, in a school, projectors are probably the most important bit of kit a teacher will use. For years we had problems with bulbs blowing, or coming to the end of their lifetime. I couldn't see an easy solution until one day Casio released a "bulbless" projector. Now the claim was pretty wild and the price was almost double our normal projectors but I thought I would give it a try. 5 years later and most of our projectors are of the new Casio Model and we have not had one problem with them in all that time. They just work!

Recommended Model = Casio XJ-M140
blogs/zag/attachments/22653-stable-ict-systems-schools-untitled-1.jpg

Servers
Server farms in schools tend to be a collection of random devices purchased over the years in a panic to fulfil a short term _and_ long term need. A few years ago I looked in our server room full of different machines and realized that this had to change to make them more reliable. Since virtualization has come along, the hardware for a server has become far less important, it just needs to have lots of memory and enough space for the VM's. We chose to upgrade all our servers at once to a single make and model. You would think this would have been expense but actually buying 8 simple servers all with the same specification came to around £8,500. We chose the very base model with a RAM upgrade, nothing more. No RAID (its caused me more problems than its ever solved), no dual CPU, no redundant PSU's... Just a simple server that will do its job. The advantage of not using all this extra stuff is that it just works, there is less to break and its cheaper! The great thing about using identical hardware is I can swap it over easily and quickly. I don't have or use any manufacturer warranty as its quicker to fix myself. We did add an after-market Intel SSD drive for the storage which was an additional cost but for the reliability and speed its well worth it.

Recommended Model = Dell R320 1u 32gb ram, 600gb SSD, Single PSU.
blogs/zag/attachments/22654-stable-ict-systems-schools-poweredge-r320_f.jpg

Backup
After struggling for years with Backup exec and "bare metal" recoveries (whatever that means) I finally found a better solution. With the advent of virtualized machines its actually very very easy to backup entire servers. We use the VEEAM software to do this and it literally takes 4 minutes to backup or restore a server. No more complicated options or configuration screens. Just simple backup and restore. A recent feature they have introduced is individual file backups so now all I do is restore a file if someone deletes it. You can use shadow copy for an extra layer of help to any student or teacher who is a bit trigger happy with their touchpad. The end result of this is quick restores and peace of mind when it comes to full servers and disaster recovery. Users should never even know when something needs to be restored, it should be invisible. A vast improvement over the 2 day restore times that we used to have with Backupexec

Recommended Package = VEEAM
blogs/zag/attachments/22659-stable-ict-systems-schools-veeam_modern_data_protection_logo.png

Teacher Devices
Teachers are notorious for breaking things, and to be honest I don't blame them. They do an incredibly hard job standing up in front of a class every day and the devices we give them should help them do that job without causing any additional stress. We've tried desktops in the classrooms but they ended up being damaged often by students during breaks and lunch. We've tried laptops but there always seemed to have something go wrong with them or be accidentally damaged. We finally tried giving teachers iPad mini's and a funny thing happened.... the teachers liked them. If I asked a teacher if they wanted a laptop or ipad the answer was always an ipad. Not surprising really but when you go watch how they use it in class its really impressive. They can be used to show presentations, take the registers or visualise documents on the whiteboard. The best thing is teachers tend to look after the devices more and get in less "software troubles". A simple process to plug in a cable to the wall and the image immediately shows on screen is so much better than the right click >> output to >> function F5 rubbish with windows. Again these devices just work, especially when assigned to individual teachers as a personal device.

Recommended Model = Ipad Mini
blogs/zag/attachments/22655-stable-ict-systems-schools-ipad_air_vs_ipad_mini_2_3.jpg


Printers
Printers drive me crazy, they always have done. A company really just needs to build a printer that prints what you ask it to. There are no need for 5 pages of grey-scale options, bloatware or obscure buttons to decipher when you have a paper jam. We have found the most reliable way to print is to have a shared photocopier attached to the network that all can use. Now teachers are lazy people sometimes and require that a printer is within 50 meter walking distance. So we had to buy a few more than we wanted but they do work, and rarely go wrong. We setup email to print and network share printing with little trouble. We also use Papercut to audit the printing and generate some nice usage reports. This keeps the tonor usage down and ultimately means the photocopier can be used for a longer time without running out of toner.

Recommended Model = Sharp 3110n MFD
blogs/zag/attachments/22656-stable-ict-systems-schools-mx-3110n.jpg

Storage
We've all had a hard disk die on us at some point in time, its an inevitable fact that at some point 5-10% of them will just give up the ghost and loose everything on them. That was until SSD drives showed up. They are not effected by someone dropping their laptop or overheating in some way. But what some people found who bought OCZ and Crucial devices is that they died in different ways due to poor cheap components inside. We went with Intel and have never had this problem, it just shows that spending a little extra money on things can work out much better in the long run. We are now 4 years into our SSD experiment and have never had a failure. All our desktops, laptops and servers run on them with no trouble at all. Its a no brainer for me.

Recommended Model = Intel 320 series 60gb-600gb
blogs/zag/attachments/22657-stable-ict-systems-schools-ssd-320.jpg

Email
About 5 years ago I was sitting by the beach in Greece enjoying a cold beer and soaking up the sun on my summer holidays when the inevitable call came through that "our email is down, can you fix?". It turns out our server room air conditioning had failed and the email server had overheated and crashed. It took 4 days for me to return home and struggle to get the server back up and running. Trawling though exchange SQL server logs and obscure Microsoft knowledge base articles I managed to just about get it up and running. From that day forward I promised to look into "outsourcing" our email. To me its a very simple service that has no need for in house servers or complicated mail connectors. So as soon as live@edu came along we jumped ship, and then onto Office 365. This has been one of the best decisions I've made as a network manager as again the service just works. I think we have had 7 minutes downtime in the 3 years since our changeover. I have nothing but praise for this service and its an excellent example of how the cloud can make things easier for us. Oh did I mention its free as well?

Recommended Service = Microsoft Office 365
blogs/zag/attachments/22662-stable-ict-systems-schools-office365.png

Internet
Everything runs on the internet these days, I would go as far as to say that it is more essential than a telephone and maybe oxygen If the internet goes down I probably get a complaint within 3 minutes from someone and it continues every 3 minutes until its fixed. Now back in the old days we had an ISDN line and then ADSL line both of which used to die randomly. It wasn't actually the internet line that was causing disconnections, it was the router due to all the traffic. So when we came to move away from local authority shared service a few years ago I made sure we got the best Cisco router we could. We invested in a 100mbit BT line which came with a managed Cisco router. To this day we have never had an outage, its rock solid.

Recommended Service = BT Leased line + Router bundle
blogs/zag/attachments/22660-stable-ict-systems-schools-prod_large_photo0900aecd8016fb47.jpg

Wireless
We've been through several generations of wireless, from a single dlink transmitter to a collection of netgear Aps that crashed all the time, to our final destination of Aruba managed system. This works with a central controller that is very stable and 38 AP's around the school. Since putting it in 6 years ago its never gone down, not once. Aruba were notorious for breaking things with firmware updates, so we simply didn't do them. Lately we have upgraded to a recommended release that is stable and allows us to push out a 802.11ac signal. 2 firmware upgrades in 6 years was all that is needed. Moral of the story is don't upgrade for the sake of upgrading.

Recommended Model = Aruba 3400 controller + Aruba 220 Ap's
blogs/zag/attachments/22658-stable-ict-systems-schools-aruba3200.jpg

Windows Update
I'm going to be slightly controversial here and recommend you do not do Microsoft updates on clients that often. I've never been a "patcher" because I believe that stability is more important that low lever security. By this I mean that you probably dont need to worry about the 30 memory overflow patches Microsoft release each patch Tuesday. Yes they are theoretically a danger and if some very very intelligent person wanted to target you but is it really a problem? My answer is no. Sure go ahead and patch a major vulnerability that causes chaos around the world but trust me you will hear about that on the 300 million other computers before it comes to you. Just as an example, we recently patched all our client machines on the network and the next day desktop redirection was broken for all users. It turned out to be a single update that caused this and needed a registry patch to fix it. This caused 2 days of problems for all users and made our network "unstable" to the end user overnight.

Recommended = Patch once a year, stay on a recent operating system such as windows 7.
blogs/zag/attachments/22663-stable-ict-systems-schools-wsus-logo.jpg

Anti Virus
I'll be honest, I don't use anti virus at home, never have done and never will. I find the industry survives on scare stories and pre installed bloatware for new windows machines. The best way I have found to stop viruses is in fact to make a few system changes that stop them spreading. Make all the roots of your network shares read only, even to administrators. This will stop 80% of viruses right away. And the other 10% will probably come in via email so block any executable attachments. Finally the last 10% probably come from people installing or running software, its easy enough to block those with FSRM on windows 2008 R2. I once broke our entire exchange Webmail system by trying to install Symantec anti virus. The moral of the story is fix your system before looking at anti virus packages. We use Forefront here which is the corporate version of Microsoft Security Essentials, its light weight and we turn off a lot of features such as system scan. We only use it for real time protection. I think the last virus it picked up was in 2010

Recommended Package = Microsoft Forefront endpoint protection
blogs/zag/attachments/22661-stable-ict-systems-schools-3146.forefront-generic-brand-grid-v.png

So there you have it, just a little advice on keeping the systems running by buying the correct infrastructure and configuring it in the right way. Always remember that the user comes first, they don't care that there is a bug in a system or that its only meant to last 3 years, they just want it to work. I can only suggest you try and design things with your end users in mind. Comments welcome

Updated 4th February 2014 at 12:51 PM by zag

Categories
Uncategorized

Comments

  1. abillybob's Avatar
    Cheers mate good blog! Your infrastructure sounds great it's just a shame we have no budget anymore and I'm having to make do with HP Microservers to get the job done!
  2. chazzy2501's Avatar
    I have limited funds so have a different perspective.

    Projectors Casio's would be nice but pricey, I purchase £180 DLP projectors filter less (many) and swap out the unit if it fails

    Servers: I've virtualised as well, 2 big hosts and 1 san with redundancy. just 3 devices to manage 1 part fails, it get fixed under the 5 years warranty. (fixed 5 year cost)

    Backup, Similar I use vranger but no 2nd san so file shares on older server: same features but slower.

    Teacher devices: ipad minis !no way! can't agree with that. terrible management, consumer device (airplay) for projectors (more infrastructure) ITunes purchases, NO flash support. no power point

    Printer oh goodness yes, we went to large MFPs years ago and never looked back we use ms2640s. The also network scan (free) and photocopy.

    Email: I still use in house exchange) but I see the advantage of office 365.

    Internet: (bonded sdsl, its terrible and county supplied) if I could afford it leased line all the way.

    Wireless: I have an 8 year old dlink system not central management but it keeps on ticking... I'd go for a central system as you say.

    Windows update: I have wsus and let it run all critical updates only. This has yet to bite me after 5 years.

    Antivirus: I use nod32 for the last 5 years, I get atleast a virus a week, normally from Teachers surfing or usb sticks. Forefront really demands SCCM (which is a pig)
  3. browolf's Avatar
    I dig your ethos.

Trackbacks

Total Trackbacks 0
Trackback URL: