Good Practice

  1. Network Management
    • Peer support :
      We all make mistakes and see the networks in different ways. One way to ensure a professional management of your system is to ask for a peer support for your network.
      The Loop is able to offer this service by Loop engineers at a basic cost.The Loop engineers (including Apple, Windows, Smartnet and routing experts) are ideally suited to this type of support. Invite them in for a walk through... ideal chance for a catchup and to float new ideas..

    • Levels of ICT support
      This can be a strength but not having a good system means your senior management must spend more of their valuable time 'fire fighting'.
      ITIL is the ICT support standard used in most institutions.. The ITIL model promotes a standardised procedure so that 'incidents' are always and correctly addressed but also ensures that this is done at the most appropriate level of support. There are three levels of ICT support with associated hourly rates.
        1. Level 1 - Basic. This is the users first contact. In schools it is usually a teachers aide or receptionist. 90% of all ICT problems can be solved at this level.
          This means that 90% of ICT incidents can be resolved instantly with little cost with the minimum of training.
          If it cannot be resolved at level 1 it is the user responsibility (not the receptionist/TA) to ensure that the 'incident' escalates to level 2 (that is written down in the 'book').
        2. Level 2 - Advanced. Level 2 concerns tend to be resolved by in house or local specialists by following ITIL's suggested 3 steps ...
          1. The incident is recorded. This is usually done in a book or web site.
          2. The ICT (aka network) manager resolves the incident and if appropriate writes an FAQ.
            The FAQ is a critical action as it records the 'fix' for future users but more importantly enables the user to solve similar future incidents themselves.
            This step is important as it enables the user to take ownership of their own virtual world.
          3. If the concern cannot be solved at level 2 then it is the school's ICT manager task to assemble the relevant information and promote the incident to level 3.
        3. Level 3 - Engineering. Occasionally a problem requires an high level engineer. It is recommended that the school assemble all the relevant documentation and seek guidance in selecting the appropriate engineer (the Loop can help here). The school does not want to pay for either research or engineer training rather than results. It is important that the school ICT Manager retains ownership if the incident is to avoid cost overruns.

          Remote schools: Remote schools have very specific problem.
          1. ITIL level 1 in- school support and as such relatively easy to access. Training can be down by various agencies such as Loop, MoE or even Level 2 technicians.
          2. ITIL level 2 are typically community based IT support. This is usually available in towns of 1000+ but in smaller centres school often have to 'buy-in' this assistance. << Level 2 solution for schools in communities less than 1000>>
          3. ITIL level 3 engineers are not common. These are best contracted via Loops or other larger educational networks. It is becoming common where educational organisation are aggregating to acquire these services (Loops, Area schools, New Era). School should NOT use local level 2 support technicians for level 3 problems but rather look to their aggregated organisations.

    • Managing your budget
      Many schools waste valuable resourcing by not following a set of basic rules.
      • Ask first - your expertise lies in education not IT. Ask around other schools, Loop engineers,... or the Loop Manager. Watch out for biased advisors.
        Fact: Seldom is a mistake made when using collaborative ICT expertise ... but ... 80% of ICT projects have cost overruns when an ICT policy decision is made by one person.
      • Make sure the network documentation is current - it enables your 'collaborative experts' to make a quick and knowledgeable decisions.
      • Get the ICT support levels (see above) working.
      • Make a three year forward planning budget ... it forces a rationale to be applied rather than knee jerk purchases and makes your ICT program more predicable.
      • Use the Loop services as much as possible. Many ICT services become cheaper and better the bigger you are... the Loop aggregates schools so that together they can attrrack critical price points.
        The related CBA (Cost of Benefit Analysis - secure site - open on request) indicate that schools can save 15% by using high quality Loop services.

    • Funding your budget

      In terms of anecdotal data, we know that schools can deliver a rich, reliable, secure ICT environment for ongoing annual tech support costs of between $225 and $300 per access device (2008). Note that “ongoing” includes preventative maintenance and responsive break/fix support, but does not include the technical services associated with major additions or changes to the network. The factors that determine the ongoing annual cost of support per access device are ...

      • Manageability of the network thanks to the technologies being used and the configuration techniques being employed.

      • Age and quality of the cabling, switching, servers, and access devices as this largely determines reliability.   

      • The complexity of the system, which is largely a factor of the number of operating systems being supported, the number of software applications being delivered, and the ability to offer a unique or customise experience to each user.

      • The ability of those individuals providing the technical support whether they be in-house technicians, an external provider or a combination of

      • The presence of supplementary level one support from non technical sources such as teacher aides, teachers, DP’s or in some cases principals!

    • Documentation
      Schools should have a good ICT documentation process. Some schools even archive a copy with the Loop for times of disaster.
      It is well worth...
      • Constructing a clearfile containing all your school ICT documentation.
        Give this to any IT engineer entering your school ... it will save time and money.
      • Schedule a payment to your Domain register. Failure to pay annual domain registration causes 20% of schools internet breakdowns.
      • Document all your ICT devices so you have a 'fingertip' records in case of fire, theft or asset register requirements.
        This can be made automatic and your schools finance person will be your friend for life.

    • Monitoring your network
      1. Loop Monitoring service: The Loop is aware of the complexities of some of the good practice expectations. The Loop offers a set of utilities (aka monitoring services) to schools that seek to relieve the school from a number of these expectations ... but the school must request these services be 'activated' for their school.
        School find that activating these utilities has removed many of the 'unexpected' network occurrences.
      2. Admin or Postmaster mail: Ensure that all email and reports addressed to the networks Postmaster, sysadmim, admin and administrator are redirected to the schools ICT manager.
        Many warnings are missed because no one is reading the system warnings.
      3. Free monitoring software: There is a set of good free monitoring software that will assist you in keeping tabs on your network.
        Spend some time setting up this software and let these systems monitor your network (see the Loop for help here).
      4. Keeping your network updated:
        • Most software vendors now respond very quickly to known threats ... the problem is that schools need apply these updates for them to become effective.
        • Make sure you monitor your virus and malware updates.
          Research has shown that schools anti virus can be off for months before anyone notices.Not a good idea ;-(

  1. Security
    • Remote Access: Remote access is the most vulnerable interface on your network.
      • Enable access from outside the school with RDP over VPN.
      • Ensure that your are running server 2008 on your terminal server machine.

    • Password Policy
      • Personal passwords ...
        • Ensure your passwords are renewed at regular intervals.
        • Make sure that the passwords are strong.
      • Network passwords ...
        • Ensure that the network and local administrator passwords are different.
        • Rename and secure the network administrative and guest user names.
      • The future ...
        • Try to establish a policy of only using accounts that can be matched to just one user rather than a general class (room) account.
          Rule: One person should be totally responsible for each account.
        • Staff: Multiple accounts are OK but make one of those accounts the 'real' or 'official' one they travel to other networks.
          This stops the need for multiple passwords and makes digital life so much easier.

    • Firewall security
      This is your interface to the world ... so make sure it is secure.
      • Make sure your firewall (or Smartnet server) has a secure password.
      • Enabling SNMP is also a good idea for the future. Make sure you use a standard community string that you document in your clearfile.
      • Contract a Loop engineer to manage your firewall. In that way you can obtain the maximum security, skill and knowledge at the best price.

    • Layer 3 switch security
      • Make sure you apply both hardware and route filters on your core layer three switch routes.
      • Make sure every managed switch has a secure password.
      • Enabling SNMP is also a good idea for the future. Make sure you use a standard community string that you document in your clearfile.