+ Post New Thread
Results 1 to 10 of 10
CLEO Thread, 2nd/Backup Internet Connection in Regional Broadband Consortiums (RBC); We have a CLEO 100Mbit filtered connection. As The Internet is becoming increasingly important in schools, almost to the point ...
  1. #1

    Join Date
    Sep 2005
    Posts
    143
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    19

    2nd/Backup Internet Connection

    We have a CLEO 100Mbit filtered connection. As The Internet is becoming increasingly important in schools, almost to the point where our school see it as mission critical (at least for emails, not so much for teaching resources), where do we stand on getting a backup connection?

    Ive read through some older posts here and it seems part of the T&Cs of CLEO are that we are not allowed a 2nd connection at all? Has this been changed since? Is it likely to change? If not, why not(reasoning below)?

    Schools are now becoming ever more reliant on internet access and speaking to a contact of mine, who deals with a lot of schools (including building schools for the future), backup connections are becoming increasingly popular.

    If the 2nd connection only allows access to particular sites, (lgfl email/school moodle/vle/sims learning gateway/hotmail/bbc etc) as there would be little/no filtering on this, would this be acceptable, or is it just a straight 'no' if your currently with CLEO?

    Is the only way to end up with a backup connection to terminate our CLEO connection and look for 2 other providers (expensive!)?

    Im aware the costs are massive for things like leased lines @ 100Mbit, but for the odd occasion CLEO does break, I think ADSL2+ would be sufficient, or perhaps a 10/20Mbit syncronous line.

    If this 2nd connection is allowed, where would we stand for using this to access SMT-vetted whitelist sites while the primary link is still up, eg youtube.com which is blocked at county level via our primary connection?

    I guess an alternative to this would be to host moodle/vle/slg/email internally - and hope your own switches/servers dont break :P. Not a route I would like to take as it puts a lot more strain on us as support staff!

    Thoughts?

  2. #2
    Midget's Avatar
    Join Date
    Oct 2006
    Location
    In a Server Room cutting through a forest of Cat5e
    Posts
    1,298
    Thank Post
    5
    Thanked 59 Times in 49 Posts
    Rep Power
    40
    They don't allow a 2nd connection to stop them from having any ill effects from any security problems at your end and also the whole filtering thing. If it clicks over to the backup connection and the kids can then access pr0n they wouldn't want to be held responsible.

    At least that's what I was told.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,033
    Thank Post
    888
    Thanked 1,724 Times in 1,489 Posts
    Blog Entries
    12
    Rep Power
    453
    Who are they to say no? Surely it is the school to decide? We have a backup connection and it is filtered the same as the normal connection.

    If you do want a backup connection you could get smoothwall express and install URL filter and allow a whitelist of sites. Then they can't get on anything they shouldn't Also the smoothwall box can firewall your LAN

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304
    It was part of the TOS and agreement the schools signs for its RBC Intenet so of course they can say you cannot do that you signed up to the agreement to abide by the rules. Its to prevent you risking there network which makes sense, especially as CLEO seem to be a forward thinking and listening lot instead of some others I know and hear about. Although, on a personal note I do agree that its a bit bad not having the option for a 2nd source, I would say they should re-write the TOS to say something like if you have that and use it you must disconnect our router from your LAN and not ever allow the two to touch but that is my opinion.

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,939
    Thank Post
    1,343
    Thanked 1,787 Times in 1,110 Posts
    Blog Entries
    19
    Rep Power
    595
    It is not just the T&Cs of CLEO, but pretty much all RBCs ... partly due to T&Cs they have with JANET.

    Let's face it, if you head told you he was going to put a second connection into the school that you had no control over what would your reaction be?

    There are ways you could do it with havig the second line on hand, ready to go if CLEO failed ... but you would also need to cough up for a decent filter too, sort out how you are going to do your NAT, if you are hosting services internally then how will you sort your DNS for minimal interuption.

  6. #6

    Join Date
    Sep 2005
    Posts
    143
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    19
    I understand their reasoning for not allowing it, but I was hoping it had changed since they last wrote the T&Cs.

    I was proposing no filtering, but the backup connection would ONLY be able to access the whitelisted sites, therefore no need for filtering.

    Anyway, a fruitless task since its not allowed. If we got rid of CLEO I couldnt see the school agreeing to pay twice/thrice the amount of CLEOs price for 100Mbit plus extra for backup and losing all the cleo 'freebies' email/moodle/videoconferencing.

  7. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,647
    Thank Post
    1,256
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by Frazer View Post
    I was proposing no filtering, but the backup connection would ONLY be able to access the whitelisted sites, therefore no need for filtering.
    My approach is to have a second Internet connection connected to a second physical machine and run the filtering machine as a VM, mirrored to that second machine. If the primary Internet connection goes down you simply switch the VM to the second one, no one notices the change (although any internally hosted servers become inaccessible from their usual IP address, which might be a problem). I'd keep the VLE and email hosted on site to allow for faster access anyway. I work at a private school, though, your county IT support group might be a bit slower implementing something similar.

    --
    David Hicks

  8. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,939
    Thank Post
    1,343
    Thanked 1,787 Times in 1,110 Posts
    Blog Entries
    19
    Rep Power
    595
    You cannot have 2 physical connections to the internet connected onto your network at the same time. That is the block in the T&Cs. This is to stop anything nasty on the second line coming in through your school and out onto the RBC and JANET.

    You would *have* to leave it physically unconnected until the change over is needed ... and your suggestions also relies on the school running in house filtering where many / most schools rely on RBC / LA provided filtering alone.

    It would actually be easier to run an internal firewall (in routed mode) so that you can continue to use the RBC connection but then swap it to NAT mode, connected the second line, have a whitelist enabled on the firewall.

    There are solutions for fail-over connections that segment off the RBC and the second connection but even that would be in breach of the T&Cs ...

    Basically, if you have a connection by the RBC, I personally think it is worth your time and effort to put pressure on your provider to make sure it is working properly ...

    Oh, there is one last thing. Your RBC connection and second line are likely to come in to the school at the same point, go to the same exchange and even travel the same routes for some of it. If one goes down, then so will the other.

  9. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,647
    Thank Post
    1,256
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    This is to stop anything nasty on the second line coming in through your school and out onto the RBC and JANET.
    Besides better bandwidth, what is it you get with your average RBC / JANET network that you don't with a standard "home" or "business" ADSL connection? Is there something more breakable on RBC / JANET? There must be all sorts of grubby little applications running on people's home PCs, all hooked up to the same ADSL provider as me, but my home ADSL connection seems pretty reliable. Is it simply that RBCs / JANET can provide better bandwidth if they know they don't have to double-check the data coming from schools?

    --
    David Hicks

  10. #10
    Midget's Avatar
    Join Date
    Oct 2006
    Location
    In a Server Room cutting through a forest of Cat5e
    Posts
    1,298
    Thank Post
    5
    Thanked 59 Times in 49 Posts
    Rep Power
    40
    Quote Originally Posted by dhicks View Post
    Is there something more breakable on RBC / JANET?
    yes, every academic institute in the UK.

SHARE:
+ Post New Thread

Similar Threads

  1. VPN connection with internet connection option
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 29th December 2007, 07:19 PM
  2. Anyone in York looking for an Internet connection?
    By wrights in forum Wireless Networks
    Replies: 11
    Last Post: 10th September 2007, 10:02 AM
  3. Virtual PC Internet Connection
    By sqdge in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 21st August 2007, 05:21 PM
  4. Unfiltered Internet Connection
    By richard in forum How do you do....it?
    Replies: 16
    Last Post: 22nd April 2006, 08:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •