East Midlands Broadband Consortium (EMBC) Thread, Standard network build? in Regional Broadband Consortiums (RBC); Had a meeting with the ICT curriculum adviser today and was told that we shouldn't be using our ISA proxy ...
5th May 2010, 01:15 PM #1
Standard network build?
Had a meeting with the ICT curriculum adviser today and was told that we shouldn't be using our ISA proxy to cache web requests as it not in the EMBC standard network build.
As we’re only on a 2 Mb line I thought made sense to use our own cache especially now schools are using online services like mathletics, renaissance learning and gridclub.
What do other schools do in this situation and do you follow the standard network build to the letter?
5th May 2010, 01:19 PM #2
Hell no! We were in a similar position, and told them that if they didn't like it, that's tough. We got a few letters saying we have to stick to their framework, but when we argued for our ISA box to stay in, they couldn't really say no.
5th May 2010, 01:48 PM #3
Yep we have ISA and have had a couple of letters and visits from LA to promote the disadvantages of not following SNB. Admittedly there are some disadvantages for us but the school decided to put in ISA for a good reason and we outlined them to the LA.
Ultimately they had to admit there was nothing they could do about it.
5th May 2010, 01:59 PM #4
We have an ISA server here since 2005 and got round it by simply not telling them, cant see it really making a difference to them. Did they give any real reasons as to why its a problem, other than we dont normally do it like that?
5th May 2010, 02:02 PM #5
To quote our last visitor on this matter "We can't see what's going on in your network". To quote myself "We don't want you to"
Originally Posted by Bezwick
Thanks to sparkeh from:
powdarrmonkey (5th May 2010)
5th May 2010, 02:13 PM #6
Tell them it's your school and your network!
Originally Posted by Jobos
We've had similar issues with the LEA in the past over changes we made. We used to have a 3rd party internal proxy that the LEA blamed for any internet problems, despite the fact that the 3rd party's tech support would identify and resolve any issues almost straight away whereas I would be lucky if anyone actually spoke to me from the ISP (the old Fujitsu EMBC *shudders*).
One year I was moaned at by LEA techs because they claimed by not following their standard network build it could be a security risk. I nearly wet myself as the security they had set internally meant anybody's personal folders could be easily browsed to and accessed by everyone. I showed the Head Teacher how every member of staff could look at the confidential information in his - needless to say it was changed very quickly.
5th May 2010, 02:18 PM #7
Originally Posted by Jobos
We use a proxy caching server but it isn't a firewall or series linked I think this is what they mean. Basically they'll have no issue with you having a proxy that you direct outgoing internet through but they don't want a firewall in the way so they can offer support etc. The idea is that they firewall your connection at their end of the cable.
5th May 2010, 02:38 PM #8
Poacher turned gamekeeper time.
The SNB is there for a reason ... it is a baseline which means that should you stick to it then you can be easily supported by your LA, Synetrix or both. Different LAs have different reasons for wanting you to stick as close to it as possible ... remembering that there are times when a fault cannot be diagnosed that the supplier (or their subcontractor) can rightfully turn round and say "we've tried our best".
Lots of schools have had caches over the years ... no problems there. The issue start when you introduce it as a firewall and start locking things off yourself. I've been in schools who have put ISA in place and tried to use as out of the box as they can and it has worked fine, but others where they have repeated problems. Unless you are confident with ISA and seriously know what you are doing (no offense intended to the OP or others who do) but this is a device that will sit between you and the world ... get it wrong and you only have yourself to blame.
If you are going to put any device like this in line then you also need to make sure your internal network is routed correctly. Where possible use your core switch as your internal gateway which is then routed to device, which goes to a managed switch (fairly cheap one will do) then to your router. This allows you to plug a device outside of your local LAN but still within the EMBC LAN structure. If something is not working on the inside of your ISA box then you can test from the outside too.
Personally I always went for a decent firewall appliance but that can go wrong as well.
If you want to operate a cache ... then fine ... do so ... remembering that it will not cache https traffic and things like Its Learning, SAM Learning, etc are media intensive, interactive sites which will not cache either. ISA will not help in this. If you think that a large proportion of your traffic is made up of rubbish (iPlayer, etc) then addressing it with ISA may help ... but the best it can do is spot what needs to be sorted out in your school otherwise people will just look at ways of bypassing whatever you put in to block / control it.
5th May 2010, 02:39 PM #9
Just that it isn't part of the standard network build.
Originally Posted by Bezwick
5th May 2010, 03:39 PM #10
We use a linux squid and dansguardian box to cache sites and its great. Get them to send you the full specification of a standard network and I would guess 99.999% of schools would not follow it. We are not a business with loads of cash and have to make do and mend. If they don't like you caching them explain to them that you will need a nice big connection speed. In Lancashire they are working towards 10 meg for primary schools and 100 for secondary. To be truthful though the more they give you the more you will want and its a never ending race.
5th May 2010, 04:11 PM #11
The specification is available in the tech library on the EMBC site (no login required). It is the baseline ... I know schools will do it differently but they should think carefully about why. All to frequently things are decided without people even looking at the SNB. People want a larger range of IPs so rather than looking at what options there are (including sorting out your network onto layer 3, getting your VLANs, etc sorted) they just stick an ISA box in and start NATing ... then have problems with VC or other stuff and wonder why.
I'm all for the freedom and flexibility to work as you want ... but there are limits. Also remember that a lot of members on here will be in-house staff or in schools on a regular basis. Many schools will only be visited by a technician one morning a fortnight perhaps ... so by keeping it simple for them it is easier to support.
Do people feel that there is a need for more clear explanations around the standard network build? Did anyone who went to the EMBC Spring Event feel that great depth was needed in the technical areas (firewall rules, etc)?
By steveo2000 in forum Windows
Last Post: 20th August 2012, 03:00 PM
By duxbuz in forum Windows Server 2008 R2
Last Post: 23rd February 2010, 01:45 PM
By MNHughes in forum O/S Deployment
Last Post: 4th December 2009, 03:46 PM
By gpjt in forum Network and Classroom Management
Last Post: 17th November 2009, 12:55 PM
By TheFopp in forum Wireless Networks
Last Post: 17th April 2008, 09:06 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)