+ Post New Thread
Results 1 to 11 of 11
East Midlands Broadband Consortium (EMBC) Thread, Standard network build? in Regional Broadband Consortiums (RBC); ...
  1. #1
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,158
    Thank Post
    184
    Thanked 54 Times in 46 Posts
    Rep Power
    26

    Standard network build?

    Had a meeting with the ICT curriculum adviser today and was told that we shouldn't be using our ISA proxy to cache web requests as it not in the EMBC standard network build.

    As we’re only on a 2 Mb line I thought made sense to use our own cache especially now schools are using online services like mathletics, renaissance learning and gridclub.

    What do other schools do in this situation and do you follow the standard network build to the letter?

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,297
    Thank Post
    1,673
    Thanked 2,021 Times in 1,469 Posts
    Blog Entries
    2
    Rep Power
    457
    Hell no! We were in a similar position, and told them that if they didn't like it, that's tough. We got a few letters saying we have to stick to their framework, but when we argued for our ISA box to stay in, they couldn't really say no.

  3. #3

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,033
    Thank Post
    1,373
    Thanked 1,777 Times in 1,199 Posts
    Blog Entries
    22
    Rep Power
    531
    Yep we have ISA and have had a couple of letters and visits from LA to promote the disadvantages of not following SNB. Admittedly there are some disadvantages for us but the school decided to put in ISA for a good reason and we outlined them to the LA.
    Ultimately they had to admit there was nothing they could do about it.

  4. #4
    Bezwick's Avatar
    Join Date
    Feb 2008
    Location
    Nottinghamshire
    Posts
    359
    Thank Post
    93
    Thanked 57 Times in 43 Posts
    Rep Power
    25
    We have an ISA server here since 2005 and got round it by simply not telling them, cant see it really making a difference to them. Did they give any real reasons as to why its a problem, other than we dont normally do it like that?

  5. #5

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,033
    Thank Post
    1,373
    Thanked 1,777 Times in 1,199 Posts
    Blog Entries
    22
    Rep Power
    531
    Quote Originally Posted by Bezwick View Post
    We have an ISA server here since 2005 and got round it by simply not telling them, cant see it really making a difference to them. Did they give any real reasons as to why its a problem, other than we dont normally do it like that?
    To quote our last visitor on this matter "We can't see what's going on in your network". To quote myself "We don't want you to"

  6. Thanks to sparkeh from:

    powdarrmonkey (5th May 2010)

  7. #6
    36Degrees's Avatar
    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    1,065
    Thank Post
    165
    Thanked 153 Times in 124 Posts
    Rep Power
    52
    Quote Originally Posted by Jobos View Post
    What do other schools do in this situation and do you follow the standard network build to the letter?
    Tell them it's your school and your network!

    We've had similar issues with the LEA in the past over changes we made. We used to have a 3rd party internal proxy that the LEA blamed for any internet problems, despite the fact that the 3rd party's tech support would identify and resolve any issues almost straight away whereas I would be lucky if anyone actually spoke to me from the ISP (the old Fujitsu EMBC *shudders*).

    One year I was moaned at by LEA techs because they claimed by not following their standard network build it could be a security risk. I nearly wet myself as the security they had set internally meant anybody's personal folders could be easily browsed to and accessed by everyone. I showed the Head Teacher how every member of staff could look at the confidential information in his - needless to say it was changed very quickly.

  8. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    Quote Originally Posted by Jobos View Post
    Had a meeting with the ICT curriculum adviser today and was told that we shouldn't be using our ISA proxy to cache web requests as it not in the EMBC standard network build.

    As we’re only on a 2 Mb line I thought made sense to use our own cache especially now schools are using online services like mathletics, renaissance learning and gridclub.

    What do other schools do in this situation and do you follow the standard network build to the letter?

    We use a proxy caching server but it isn't a firewall or series linked I think this is what they mean. Basically they'll have no issue with you having a proxy that you direct outgoing internet through but they don't want a firewall in the way so they can offer support etc. The idea is that they firewall your connection at their end of the cable.

  9. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,998
    Thank Post
    1,359
    Thanked 1,831 Times in 1,137 Posts
    Blog Entries
    19
    Rep Power
    602
    Poacher turned gamekeeper time.

    The SNB is there for a reason ... it is a baseline which means that should you stick to it then you can be easily supported by your LA, Synetrix or both. Different LAs have different reasons for wanting you to stick as close to it as possible ... remembering that there are times when a fault cannot be diagnosed that the supplier (or their subcontractor) can rightfully turn round and say "we've tried our best".

    Lots of schools have had caches over the years ... no problems there. The issue start when you introduce it as a firewall and start locking things off yourself. I've been in schools who have put ISA in place and tried to use as out of the box as they can and it has worked fine, but others where they have repeated problems. Unless you are confident with ISA and seriously know what you are doing (no offense intended to the OP or others who do) but this is a device that will sit between you and the world ... get it wrong and you only have yourself to blame.

    If you are going to put any device like this in line then you also need to make sure your internal network is routed correctly. Where possible use your core switch as your internal gateway which is then routed to device, which goes to a managed switch (fairly cheap one will do) then to your router. This allows you to plug a device outside of your local LAN but still within the EMBC LAN structure. If something is not working on the inside of your ISA box then you can test from the outside too.

    Personally I always went for a decent firewall appliance but that can go wrong as well.

    If you want to operate a cache ... then fine ... do so ... remembering that it will not cache https traffic and things like Its Learning, SAM Learning, etc are media intensive, interactive sites which will not cache either. ISA will not help in this. If you think that a large proportion of your traffic is made up of rubbish (iPlayer, etc) then addressing it with ISA may help ... but the best it can do is spot what needs to be sorted out in your school otherwise people will just look at ways of bypassing whatever you put in to block / control it.

  10. #9
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,158
    Thank Post
    184
    Thanked 54 Times in 46 Posts
    Rep Power
    26
    Quote Originally Posted by Bezwick View Post
    Did they give any real reasons as to why its a problem, other than we dont normally do it like that?
    Just that it isn't part of the standard network build.

  11. #10
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    We use a linux squid and dansguardian box to cache sites and its great. Get them to send you the full specification of a standard network and I would guess 99.999% of schools would not follow it. We are not a business with loads of cash and have to make do and mend. If they don't like you caching them explain to them that you will need a nice big connection speed. In Lancashire they are working towards 10 meg for primary schools and 100 for secondary. To be truthful though the more they give you the more you will want and its a never ending race.

    Richard

  12. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,998
    Thank Post
    1,359
    Thanked 1,831 Times in 1,137 Posts
    Blog Entries
    19
    Rep Power
    602
    The specification is available in the tech library on the EMBC site (no login required). It is the baseline ... I know schools will do it differently but they should think carefully about why. All to frequently things are decided without people even looking at the SNB. People want a larger range of IPs so rather than looking at what options there are (including sorting out your network onto layer 3, getting your VLANs, etc sorted) they just stick an ISA box in and start NATing ... then have problems with VC or other stuff and wonder why.

    I'm all for the freedom and flexibility to work as you want ... but there are limits. Also remember that a lot of members on here will be in-house staff or in schools on a regular basis. Many schools will only be visited by a technician one morning a fortnight perhaps ... so by keeping it simple for them it is easier to support.

    Do people feel that there is a need for more clear explanations around the standard network build? Did anyone who went to the EMBC Spring Event feel that great depth was needed in the technical areas (firewall rules, etc)?



SHARE:
+ Post New Thread

Similar Threads

  1. Adobe CS3 Standard Network Install
    By steveo2000 in forum Windows
    Replies: 27
    Last Post: 20th August 2012, 03:00 PM
  2. Enterprise or Standard
    By duxbuz in forum Windows Server 2008 R2
    Replies: 7
    Last Post: 23rd February 2010, 01:45 PM
  3. CC4 Build trick for outdated network cards
    By MNHughes in forum O/S Deployment
    Replies: 0
    Last Post: 4th December 2009, 03:46 PM
  4. Build error of HP Probook 4510s on RM Network
    By gpjt in forum Network and Classroom Management
    Replies: 1
    Last Post: 17th November 2009, 12:55 PM
  5. Backbone speed for new build network/VoIP/IP Cameras
    By TheFopp in forum Wireless Networks
    Replies: 6
    Last Post: 17th April 2008, 09:06 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •