General Guidelines For Expanding Or Modifying The Network

Transcript

General guidelines for expanding or modifying e-Learning Network (Ver. 1) The computer networks installed in high schools under the e-Learning Project is intended to provide an environment where computers can be used for the planning, preparation and delivery of educational content to students in individual classrooms or in a computer lab environment. Network connectivity is provided as a means to; • • Firstly access content centrally from a source at the school, at the Ministry or from the Internet. Secondly provide centralised control for managing access, virus and other threat mitigation, software patching or updating, inventory as well as failure detection and resolution. Adding Nodes; At some point the schools may wish to add new or existing computers to expand the network. The general rule to follow is to ensure that any computers added to the network needs to be included under the same management and control of the initial e-learning network. This means; • • • • • • Adding them to the Active Directory domain and applying the appropriate group policies Adding them to DNS and DHCP scopes Installing and Configuring Symantec Endpoint managed client Following node naming conventions Updating inventory information Ensuring any licensing requirements are met Adding applications; In adding applications to workstations one should ensure; • • Application is an approved application for the school Software and hardware requirements of application are met without impacting on the performance of existing software applications such as Microsoft Office or CSEC application resources. Remember that the workstations were sized based on the requirements of the software that the project provided. Upgrade of the workstations Memory or Disk storage may be required to run any additional applications properly. In adding applications to the server one should note that the servers are mainly designed to manage the computer network. Any other application will most certainly require upgrading of Disk space, Memory and in some cases additional Processor. Adding application software to the server can easily compromise reliability by creating conflicts and security holes. We generally advise that a separate server be added to the network for hosting any significant application especially if it has nothing to do with network management. e-Learning will not provide support for servers with additional applications installed. Adding network devices such as switches, routers, firewall, wireless; In most schools there is a small amount of additional network ports for expanding the network but at some point you may wish to increase connectivity over the existing capacity. Adding devices such as; switches, routers and firewalls to the network can quickly bring down the entire network if one is not careful. You should plan to make sure that any such expansion; Is Necessary Preserves network performance Does not connect an unmanaged network with the e-learning network Routing considerations are met to ensure access to existing resources is not affected We are not introducing security holes • • • • • Wireless connectivity provides a great deal of flexibility as well as risks. Management of wireless access can be a bit tricky. There are few things you should consider; • • • • • • • Try to identify hotspots that keep your wireless signal area inside the school compound Use a separate wireless access point for accessing school resources from the one used for more open access to the internet and other open resources. Keep the networks physically or logically separate from each other Ensure that the access point for accessing school resources do at least MAC address filtering and issue network addresses from the central DHCP server base on the approved MAC address. Don’t broadcast the wireless access point name (SSID) for one accessing the school resources. Ensure there is a warning message for unauthorized users on either access points Constantly check to make sure the wireless access points are behaving as configured These should be considered the minimum required considerations and are by no means tamper proof. There are a number of other security features that can be used some of which will depend on the capabilities of your wireless device. Please contact e-Learning for further assistance in this area.