CLEO Thread, 2nd/Backup Internet Connection in Regional Broadband Consortiums (RBC); We have a CLEO 100Mbit filtered connection. As The Internet is becoming increasingly important in schools, almost to the point ...
20th June 2009, 05:07 PM #1
- Rep Power
2nd/Backup Internet Connection
We have a CLEO 100Mbit filtered connection. As The Internet is becoming increasingly important in schools, almost to the point where our school see it as mission critical (at least for emails, not so much for teaching resources), where do we stand on getting a backup connection?
Ive read through some older posts here and it seems part of the T&Cs of CLEO are that we are not allowed a 2nd connection at all? Has this been changed since? Is it likely to change? If not, why not(reasoning below)?
Schools are now becoming ever more reliant on internet access and speaking to a contact of mine, who deals with a lot of schools (including building schools for the future), backup connections are becoming increasingly popular.
If the 2nd connection only allows access to particular sites, (lgfl email/school moodle/vle/sims learning gateway/hotmail/bbc etc) as there would be little/no filtering on this, would this be acceptable, or is it just a straight 'no' if your currently with CLEO?
Is the only way to end up with a backup connection to terminate our CLEO connection and look for 2 other providers (expensive!)?
Im aware the costs are massive for things like leased lines @ 100Mbit, but for the odd occasion CLEO does break, I think ADSL2+ would be sufficient, or perhaps a 10/20Mbit syncronous line.
If this 2nd connection is allowed, where would we stand for using this to access SMT-vetted whitelist sites while the primary link is still up, eg youtube.com which is blocked at county level via our primary connection?
I guess an alternative to this would be to host moodle/vle/slg/email internally - and hope your own switches/servers dont break :P. Not a route I would like to take as it puts a lot more strain on us as support staff!
20th June 2009, 05:59 PM #2
They don't allow a 2nd connection to stop them from having any ill effects from any security problems at your end and also the whole filtering thing. If it clicks over to the backup connection and the kids can then access pr0n they wouldn't want to be held responsible.
At least that's what I was told.
20th June 2009, 06:45 PM #3
Who are they to say no? Surely it is the school to decide? We have a backup connection and it is filtered the same as the normal connection.
If you do want a backup connection you could get smoothwall express and install URL filter and allow a whitelist of sites. Then they can't get on anything they shouldn't Also the smoothwall box can firewall your LAN
20th June 2009, 08:45 PM #4
It was part of the TOS and agreement the schools signs for its RBC Intenet so of course they can say you cannot do that you signed up to the agreement to abide by the rules. Its to prevent you risking there network which makes sense, especially as CLEO seem to be a forward thinking and listening lot instead of some others I know and hear about. Although, on a personal note I do agree that its a bit bad not having the option for a 2nd source, I would say they should re-write the TOS to say something like if you have that and use it you must disconnect our router from your LAN and not ever allow the two to touch but that is my opinion.
20th June 2009, 09:16 PM #5
It is not just the T&Cs of CLEO, but pretty much all RBCs ... partly due to T&Cs they have with JANET.
Let's face it, if you head told you he was going to put a second connection into the school that you had no control over what would your reaction be?
There are ways you could do it with havig the second line on hand, ready to go if CLEO failed ... but you would also need to cough up for a decent filter too, sort out how you are going to do your NAT, if you are hosting services internally then how will you sort your DNS for minimal interuption.
21st June 2009, 01:44 PM #6
- Rep Power
I understand their reasoning for not allowing it, but I was hoping it had changed since they last wrote the T&Cs.
I was proposing no filtering, but the backup connection would ONLY be able to access the whitelisted sites, therefore no need for filtering.
Anyway, a fruitless task since its not allowed. If we got rid of CLEO I couldnt see the school agreeing to pay twice/thrice the amount of CLEOs price for 100Mbit plus extra for backup and losing all the cleo 'freebies' email/moodle/videoconferencing.
21st June 2009, 09:28 PM #7
My approach is to have a second Internet connection connected to a second physical machine and run the filtering machine as a VM, mirrored to that second machine. If the primary Internet connection goes down you simply switch the VM to the second one, no one notices the change (although any internally hosted servers become inaccessible from their usual IP address, which might be a problem). I'd keep the VLE and email hosted on site to allow for faster access anyway. I work at a private school, though, your county IT support group might be a bit slower implementing something similar.
Originally Posted by Frazer
21st June 2009, 11:01 PM #8
You cannot have 2 physical connections to the internet connected onto your network at the same time. That is the block in the T&Cs. This is to stop anything nasty on the second line coming in through your school and out onto the RBC and JANET.
You would *have* to leave it physically unconnected until the change over is needed ... and your suggestions also relies on the school running in house filtering where many / most schools rely on RBC / LA provided filtering alone.
It would actually be easier to run an internal firewall (in routed mode) so that you can continue to use the RBC connection but then swap it to NAT mode, connected the second line, have a whitelist enabled on the firewall.
There are solutions for fail-over connections that segment off the RBC and the second connection but even that would be in breach of the T&Cs ...
Basically, if you have a connection by the RBC, I personally think it is worth your time and effort to put pressure on your provider to make sure it is working properly ...
Oh, there is one last thing. Your RBC connection and second line are likely to come in to the school at the same point, go to the same exchange and even travel the same routes for some of it. If one goes down, then so will the other.
21st June 2009, 11:31 PM #9
Besides better bandwidth, what is it you get with your average RBC / JANET network that you don't with a standard "home" or "business" ADSL connection? Is there something more breakable on RBC / JANET? There must be all sorts of grubby little applications running on people's home PCs, all hooked up to the same ADSL provider as me, but my home ADSL connection seems pretty reliable. Is it simply that RBCs / JANET can provide better bandwidth if they know they don't have to double-check the data coming from schools?
This is to stop anything nasty on the second line coming in through your school and out onto the RBC and JANET.
22nd June 2009, 09:47 AM #10
yes, every academic institute in the UK.
Originally Posted by dhicks
By FN-GM in forum Wireless Networks
Last Post: 29th December 2007, 08:19 PM
By wrights in forum Wireless Networks
Last Post: 10th September 2007, 11:02 AM
By sqdge in forum Thin Client and Virtual Machines
Last Post: 21st August 2007, 06:21 PM
By richard in forum How do you do....it?
Last Post: 22nd April 2006, 09:23 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)