+ Post New Thread
Results 1 to 4 of 4
MIS Systems Thread, ePortal - external access data protection issues in Technical; Now that external access in technically possible for us with ePortal, we're thinking on the data protection side of things. ...
  1. #1

    Join Date
    Mar 2008
    Location
    Norfolk
    Posts
    227
    Thank Post
    5
    Thanked 10 Times in 8 Posts
    Rep Power
    21

    ePortal - external access data protection issues

    Now that external access in technically possible for us with ePortal, we're thinking on the data protection side of things. For those who've use ePortal externally at their school (though i'd imagine the issues are the same for all MIS'), how have you dealt with the data protection issues? Have you a policy or best practice document you could share, or maybe just some advice on the issues?

    I did find a handy looking page on the Becta website here that i've yet to go through in detail - i'm interested in the real world experiences of how this actually works, though.

    Cheers!

  2. #2

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,240
    Thank Post
    55
    Thanked 278 Times in 186 Posts
    Rep Power
    134
    I'd be interested in this too - also any technical advice on the best way to do it - as we will be seeking to do this in the medium term.

  3. #3
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    25

    Exclamation

    : Bump :

    I've been asked to publish CMIS E-Portal too. I've got it working on a 443 SSL connection, going through an ISA 2006 server, but the management here simply want the CMIS login page shown directly to the whole world, with no other authentication required.

    Does anyone know (maybe from reading the latest Becta remote access guidelines - http://schools.becta.org.uk/upload-d...#_Toc226885596) if this is even the recommended route?

    A big concern is that it maybe fine for parents / carers to login directly, no need for two factor etc., but what is to stop any members of staff using this same direct login page? This, I am sure, is against the guidelines. So, I've a problem. Does anyone know if E-Portal can be configured to only allow certain logins via certain routes? I doubt this is possible, so does this mean we should be using some extra security? Even if you could depend on the staff to use a more secure, two factor authenticated route, would there be anything stopping anyone else simply trying to guess the staff logins via the parental front end???

    Sorry about the rambling questions, but I'd like to figure out the best way to implement this correctly, rather than have to change things later when we discover that it has not been done properly.

  4. #4

    Join Date
    Jun 2007
    Location
    Wakefield, West Yorkshire
    Posts
    627
    Thank Post
    96
    Thanked 131 Times in 102 Posts
    Rep Power
    67
    Hi,

    I would recommend setting up one route in and using that for all incoming queries. Setup the highest level of authentication you require and use that.

    There are other possible ways - If you had more than one installation of ePortal, you could set one up with the teacher accounts and one with the parent / carer accounts.
    You could do this using multiple servers, or you could have multiple dataservers installed on one machine.
    There is a very specific way to set this up, don't try it without speaking to us first. It involved multiple more services and batch script to do things for you. You'd also have multiple sets of XML file,s images, etcetc.
    If you did do this however, you could have a website in IIS running for each dataserver and apply different authentication to each site.

    This method is only really recommended for LEA's hosting multiple schools on ridiculous servers, it's a lot of management for a school to handle, and greater overheads on the server(s).

    The other way to do this would be to have the entire eportal install on multiple servers.
    This would mean the utilisation of another server but it would be much easier to manage.
    It would also give you a failover eportal for the internal connection should anything on one server go pear shaped.
    That's pretty much the only way you're going to get 2 different sets of authentication.

    But if you can apply one set of higher level to everyone, i would. Don't let the SMT bully you into reducing it, you can always point them at things such as BECTA and explain that they are in part if not wholy responsible for the security of the data.

    If you want any more specific advise, ask away or PM me.

    Michael @ Serco

  5. Thanks to michael2k6 from:

    tonyd (6th May 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. [ACS] Serco ePortal, external access and Fronter - your setup??
    By cheredenine in forum MIS Systems
    Replies: 9
    Last Post: 6th October 2012, 03:42 PM
  2. "Get External Data" not working in Access 2003 or 2007
    By BatchFile in forum Windows Vista
    Replies: 2
    Last Post: 13th November 2008, 11:00 AM
  3. Folder access - Data Protection Act - How do you do it?
    By Paid_Peanuts in forum How do you do....it?
    Replies: 7
    Last Post: 29th August 2007, 11:39 AM
  4. Data Protection Act - re: Remote Access
    By mark in forum School ICT Policies
    Replies: 18
    Last Post: 26th September 2005, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •