Dynamic policy ensures faster, safer network for school district

By Jessica Scarpati 30 Sep 2009 | SearchNetworking.com

Network security news, advice and technical information Digg This!     StumbleUpon     Del.icio.us

While town hall employees on their lunch breaks would frantically refresh websites offering real-time updates about their March Madness brackets, a high school teacher somewhere couldn't download a document or graphic for her lesson plan.

"It was like on a party line if everybody started talking at once," said Bruce Forster, the school district's executive director of educational technology and information services. "It became very, very hard to do business."

"This is something we have to highly customize, and it might seem difficult at first … but on the other hand, we need to be able to make this work the way we want it to." Bruce Forster Executive director of educational technology and information services, Chelmsford Public Schools

Two years ago, Forster's staff ripped out the town's "spaghetti clump" legacy hybrid network and trenched in 21 miles of fiber-optic cable, he said. Six pairs of fiber went into each of the 21 town and school buildings, with all lines leading into one data center in the central school building.

Last year, the town hired Andover, Mass.-based Enterasys Networks for the deployment. Forster chose Enterasys in part because the dynamic policy capabilities written into its switches could ensure that users logging into the network would have the same level of access everywhere, regardless of where they were located on the network.

"We had the fire department on the same fiber network as the high school. The library was on the same network as the kindergarten classes," said Brian Doe, senior solutions engineer at Enterasys. "They really needed a network to allow them to manage the network, but one that also identified the needs of each user."

Dynamic policy protects students but offers open access to adults

Axing Chelmsford's hybrid network and embracing dynamic policy has also ensured a higher level of security for one core group -- students -- while not compromising the needs and access of others, Forster said.

In order to receive federal subsidies to defray Internet subscriber costs, public schools must meet various requirements, including adherence to the Child Internet Protection Act (CIPA), according to the Federal Communications Commission (FCC). The law mandates that schools and libraries contain content-filtering for minors.

"So now what we have is a First Amendment rights issue. People at the public library really and honestly believe that we shouldn't filter content that's coming through our Internet service," Forster said. "But with the Enterasys network, I can set up a node [in the library] so that when [students] connect to that node, it's like they're connecting [with the same policy as they are] at school."

The Enterasys network will eventually allow Forster to extend those capabilities to protect not just students using a wireless LAN in the library but also the network itself from anything on the students' laptops. Two security software products -- Enterasys NAC and Enterasys SIEM – will enable Forster to detect and counter any threats to the network.

"We knew from the get-go this is not something you just open up out of the box and it works like that," he said. "This is something we have to highly customize, and it might seem difficult at first … but on the other hand, we need to be able to make this work the way we want it to. The more control we have over threats, the safer everybody is."

Network segmentation allows for smoother performance

Network segmentation and bandwidth aggregation have gone a long way in improving network performance in Chelmsford's schools and municipal buildings, Forster said.

"It became a much easier task to be able to share data across the network because we could then separate the data," he said. "We could have the school data on one side and the town data on the other side, so they wouldn't interfere."

Aggregating bandwidth from 11 cable modems in the school -- 10 of which are 16 Mbps up and 2 Mbps down, the eleventh being 50 Mbps up and 20 Mbps down -- has accelerated the network to a combined speed of 160 Mbps up and 18 Mbps down.

"That's an enormous thing because what that allows us to do is bring streaming video into the classroom," Forster said. "Our textbook budget has almost dried up. An advanced placement physics book in high school is almost $150 a book. However, if we can get our content online through a service, not only is the content up to date, but the kids can get it from home."

The core network uses Enterasys N-Series switches with distributed forwarding edge (DFE) blades, while G3 and B3 switches are used on the edge, Doe said. Small buildings with a handful of employees use D2 switches, which provide just 12 ports.

Meanwhile, the ability to customize security and bandwidth policies on that equipment down to individual user groups -- without any additional hardware, software or service contracts -- was what made Enterasys stand out among "the big three" vendors Forster considered, though he declined to name the other two.

"What was also very important to us was the lifetime warranty on the switches we had … and no service contract I have to pay," Forster said. "It's really important in education because my budget fluctuates so much. I really can't get myself in a position that I'm so tied up in service contracts that I can't [buy] anything."

Let us know what you think about the story; email: Jessica Scarpati, News Writer

Tags: Network Access Control,  Network Design,  Network Management Software, Tools and Utilities,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Network security risks multiply when enterprises begin outsourcing NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion Network access control poised for a comeback by aiming small Network Design Desktop virtualization network challenges: A primer No data cable? Wireless mesh networking the answer for Wi-Fi backhaul 802.11n upgrade: College ditches legacy network for new vendor Network device management overload: Engineers managing too many boxes Distributed network management means no more hard NOCs Enterprise passive optical networks: a spanning-tree LAN alternative How important are network infrastructure maps for engineers or admins? New skills emerge for network engineering and administration careers Cloud computing networks: Preparing for the future Power and cooling considerations for data center network design Network Design Research Network Management Software, Tools and Utilities Out-of-band network management ensures data center network uptime Web gateway helps Texas manufacturer develop network user management Network automation lags general IT process automation for now How can I calculate perimeter firewall throughput? Where can I find a wire driver that unblocks recognized passwords? What network loss testing tools/methods calculate dropped packets from a PC? Network user management Green enterprise: Three networking investments that make a difference Storage area networks change management primer CA-NetQoS deal: Network management = application performance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary network access control  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary