Without a secure, reliable, state-of-the-art network in place, it is virtually impossible to deploy the applications that schools want and to meet national, state and district mandates. Guilford County Schools has built a wide area network of more than 120 school and central office sites. Approximately 28,000 computers and more than 99% of all classroom space has access to the Internet, email and other software applications using the network. It is the goal of Technology Services to provide a powerful and secure infrastructure for all classrooms that will enable high-speed
This section includes information related to the infrastructure and connectivity installed in the district.
Current Network Environment
Current Network Design
The current cloud-based network was built using industry-standard equipment and software. Sites today are communicating in district through fiber-based Metro Ethernet solution providing bandwidth speeds up to 1 gb. This solution is provided in partnership with our area providers (AT&T, Northstate Communications, & Embarq. Internet access for the district is currently provided via 250 mb circuit provided by AT&T. Thanks to the North Carolina Research and Education Network (NCREN), GCS is also provided with a 100 mb circuit for DPI/other state institution directed traffic.
A central network operation center (NOC) has been established. All network traffic from schools return to the NOC for access to centralized services and the Internet.
Application servers, email servers, DNS servers, deployment servers (Altiris Management, McAfee AntiVirus), appliances (such as filtering devices) and the backup storage system are all housed in the NOC. Servers such as web servers that are accessible to the public are located within an area called the de-militarized zone (DMZ). Web-based access to email is routed through the DMZ and available remotely. Also in the DMZ are applications servers that are provided by outside vendors.
Other technology strategies employed by Guilford County Schools include:
Sites have been cabled with category 5e, category 6 and fiber backbone cabling. All schools have centralized wiring closets with backbone switches. Most schools use Cisco switched 10/100 mbps equipment in all closets.
More than 400 classes in Guilford County are held in mobile units. Many of these classrooms were originally connected to the wide area network using wireless technology. While a wireless solution is more cost effective than installing fiber optic cable, it provides slow access for some educational applications. Traditional wired connections are now being used for new mobile installations and, as budget provides, replace many of the original wireless solutions.
Standardized software is provided for all computers in the district. In addition to curriculum-based software for the particular grade/area, Microsoft Office Pro is used at all levels. All computers are connected to the wide area network and have access to the Internet and email. The district currently uses Internet Explorer 6.x with various drivers and plug-ins. Updated directories of virus protection files are automatically deployed using McAffee’s VirusScan to all desktops nightly or on demand in case of an outbreak.
All desktops are “locked down” using Microsoft’s policy manager and require a user to log in to the network. Access varies according to the user identification and group. All teachers have a specific user identification and authentication. They are allowed to download from the Internet and save data to their home directory; however they are not allowed to load software or map drives. They must complete a help desk request ticket for a technician to install new software. Students have access to installed software but have no download capabilities and may save only to a removable device.
Remote Control Software
With the number of computers growing and multiple applications increasing in complexity, Guilford County purchased remote control management software to assist with the technical support of individual desktops. NetSupport Manager enables a technician to browse, diagnose and resolve technical issues using the network. Common problems can be addressed quickly without the need for staff to physically visit a school site. Another module, NetSupport Schools is available in all computer labs. It enables teachers to access and manage student desktops.
Deployment and Patch Management Software
The district uses McAfee’s VirusScan antivirus software on all desktops. This product is integrated with McAfee’s ePolicy Orchestrator to provide centralized management. From a single console, policies are created that permit or force actions to all desktops. ePolicy deploys the latest virus updates to all desktops nightly or on demand in case of an outbreak. If an update is not yet available for a new virus, the response feature enables the district to take actions like port blocking or file blocking. The management system can also trace the IP address of endpoints sending malicious code.
Altiris Deployment Solution and Altiris Patch Management were purchased to enable mass distribution of software applications, upgrades, drivers and patches. The software allows mass deployment of an OS and base applications or configuration of school-specific software. Tasks can be initiated immediately or scheduled for after hours. In addition, the Patch Management module links directly to Microsoft for patch notifications and scans connected desktops to report missing security updates.
Inventory Management Software
Technology Services also purchased Altiris Inventory Management. The system collects detailed configuration data about all Windows computers attached to the network. When changes are made at the desktop level, they are automatically reported to the central database. The software enables us to more easily and accurately answer budget and planning questions such as:
Guilford County purchased IHateSpam Filtering Software for our email system. This is a software package that is designed to detect unsolicited email advertisements, known as SPAM. Those messages are moved automatically into a new Quarantine folder and periodically deleted if not moved. Statistics show that six of every ten email messages are SPAM messages and are being blocked by the software.
MetroEthernet – High Bandwidth Network
Prior to 2005, all wide area network connections to school sites used T1 communication lines (1.5 mbps speed). Network statistics indicated that the system continually operated at 80% or higher during regular working hours. When there was increased traffic or faulty equipment, the system was especially prone to slow downs and timeouts.
Recognizing that we were at the verge of “outgrowing” our current network, a contract was approved in February 2005 to implement a high speed network with local area Telcos called Metro Ethernet (Metro E). The new technology is a fiber-based solution that was installed at all sites over a two-year timeframe.
High schools are getting further bandwidth upgrades to provide each with 100mb dedicated with burst capability to 1 gb. Middle Schools are configured with a 50 mb dedicated and Elementary Schools a 10 mb dedicated MetroE circuit (both of which have burst capability to 100mb). Non-traditional school sites, such as Middle Colleges, are provided with what the hosting site (ie host college or university) allows.
Network Access and Email Accounts
Network access and email is established for all employees of Guilford County Schools. User accounts are automatically created for new employees at the time an employee is added to the Human Resource Management System.
The user’s legal name, as stored in the Human Resource Management System, is used to create network access and email accounts. Individual users access the domain with their unique user identification. Each user has a password and a level of authority assigned. User identifications and level of access are correlated to the HRMS system employment assignment and stored in the Active Directory. Intranet applications require users to be working on the Guilford County network (or have VPN access).
Employees must be familiar with and adhere to the Acceptable Use Policy (AUP). The AUP is included in the Personnel Handbook that each employee signs and receives annually.
Employees are routinely reminded that email is not private. The use of email as a means of communication is subject to all laws and policies that address the issues associated with the confidentiality of student and employee records.
The following statement is included in all delivered email.
Guilford County Schools operates more than 400 servers. The network architecture is Microsoft-based using Active Directory. As budget allows, these systems have been replicated and secondary paths created.
Email accounts are divided alphabetically and distributed to eight individual email servers. Additional servers include application servers, DNS servers, deployment servers, appliances such as filtering devices, the VPN concentrator and the backup storage system. Servers that are accessible to the public, such as web servers, are located within the DMZ.
The backup and recovery procedures for district servers are documented annually for the external audit of the general financial statements. In addition, the data on servers identified as mission critical is also replicated to the centralized storage system for quicker recovery.
School sites typically have a domain controller, an Altiris Management Server and an application server. Thirty-three servers are used exclusively for SIMS with Novell 5.1 or higher operating system. Backups for school application servers are the responsibility of the media specialist (or school contact) and SIMS Operators of that school. Individual servers use Veritas Backup Exec software.
The growth of Wi-Fi networks has been extremely rapid in recent years. Users want to extend the same functions of the wired network to a wireless one. The push to wireless access brings new challenges. We need to meet the demands for “anytime, anywhere” network access without compromising security nesessary to protect all users.
Technology Services is working to provide “wireless hot spots” in all of the middle and high schools. The “hot spots” would provide wireless access in the common areas of the school such as the media center and the administrative offices. The “hot spot” would be available to valid network users with laptops or visitors needing temporary access to the Internet.
As we segment our school networks into VLANs, we created a “Guest Network”. When a wireless laptop (or rogue computer plugged into an active Ethernet port) accesses the network, user authentication is required. If the device does not meet standards and have appropriate user identifications, that device will be isolated to the “Guest Network” and have only limited privileges. A student or visitor’s laptop will have temporary access only to the Internet and no other network resources.
Managing the network infrastructure is becoming an increasingly complex task. The utilization of the network in education provides exceptional opportunities for users but it also increases the associated risks. Technology Services must continually find new solutions that improve bandwidth, provide additional features and protect against new vulnerabilities. The following are network improvements that Technology Services is implementing:
Disaster Recovery Plan
As a part of the annual external audit of the general financial statements for Guilford County, auditors review internal controls and operating efficiencies related to the major business applications used by the district. Critical data systems and applications have been identified and assessed. As budget allowed, those systems have been replicated and secondary paths created. In addition, a complete Disaster Recovery Plan was written.
SmartRing AT&T now provides a SmartRing fiber ring connection between critical sites. The connection enters each building along a different route creating an alternate path if service is disrupted. The smart ring also provides faster access and data transfers than the typical T1-type communication lines. This better enables duplicate equipment to synchronize real time.
Secondary iSeries 400 Guilford County’s centralized mainframe computer is used for most of our major business applications such as Payroll, Purchasing, Financial, Human Resource and Child Nutrition. A smaller duplicate computer was purchased and put into service. The primary computer continually replicates data and programs to the secondary unit. Should the main computer have a disruption of service, work could resume as user files are retrieved from the smaller secondary computer. Daily backups of both systems continue to be maintained and stored in offsite vaults.
Backup Storage System Technology Services recently installed a backup storage system at Eugene Street and at the Technology Center. The solution enables us to backup critical data from a variety of sources onto centrally managed storage. In case of lost data, recovery is much faster and more reliable than using media such as tapes. Documents from individual desktops, data from various application servers, the data warehouse, public folders, web sites and email are all copied to one of the storage devices. The building systems are then replicated to each other for added security. Routine backups of critical data continue to be maintained in offsite vaults.
Voice Communication Systems
Major telephone system replacements are included in the Capital Improvement Plan. With the installation of the Metro Ethernet solution, Guilford County Schools' network has the available bandwidth to implement Voice Over IP (VoIP) standard for voice communications. VoIP uses the data network and equipment for voice services rather than a traditional telephone system. VoIP has been implemented successfully in several school districts and universities, It offers many new features and can be very cost-effective. Along with offering a phone in each classroom/office, we are now able to unify email and voicemail into one media source. We have installed this system into new construction and renovation projects since its initial inception during the 2003 Bond Referendum. Currently it is installed at 27 sites.
Updates and additions to the network must follow strict standards to insure interoperability, reliability and maintainability of the networking infrastructure. The Technology Applications Review Committee (TARC) is charged with reviewing, approving and setting standards for all hardware, software and network access. These procedures and standards are outlined in the Technology Policies, Procedures and Standards Manual.
Examples of issues addressed in the manual include:
To further ensure that uses of technology are consistent with the goals of the district, Board Policies EFE and EFE-P Acceptable Use of Electronic Transmission Capabilities (AUP) were modified.
The AUP states:
“The user is responsible for his or her actions and activities involving the network. Some examples of unacceptable users are: circumventing safety configurations, modifying setup policies, modifying settings on machines, attaching unauthorized devices…”
The complete Technology Policies, Procedures and Standards Manual can be downloaded by selecting the following link:
Technology Design Specification
Construction and Renovation projects are constantly under design in the district. The Technology Design Specification has been created to provide architects and engineers with information regarding the district's technology needs and goals. The Technology Design Specification is a generic document to create a standard technology level for all projects, while maintaining up to date materials and methods, future proofing, and cost effectiveness. An individual specification is created for each project during the design process. This insures the most up to date technology and provides for the unique requirements and situations of each site.