|
| |
|
The following is an example of an I/T assessment for a K-8 school.
This assessment was completed on Feb. 15, 2003. |
|
|
Assessment Sections
- Current environment per category
- List of issues and goals
- Recommendations
Categories
 | Desktop |
| Private Network |
| Internet |
| Server |
1. Current Environment
Desktop:
| 80 desktop PCs comprise the desktop environment,
broken down as:
|
| Desktop O/S |
Count |
|
Location Density |
Count |
| Win95 |
32 |
|
Library |
22 |
| Win98 |
30 |
|
Computer lab |
20 |
| WinME |
16 |
|
6th grade |
8 |
| WinXP |
0 |
|
7th grade |
10 |
| LinuxRedhat |
2 |
|
8th grade |
12 |
|
|
|
Other |
8 |
| Total |
80 |
|
Total |
80 |
|
Desktop Models:
 |
> Dell Optiplex 1st year model (PII):
20 |
|
> Dell Optiplex 3rd year model (PIII):
30 |
|
> Dell Optiplex 4th year model (PIII):
20 |
|
|
|
|
Standard Desktop Image:
|
> Office 98 (Full Suite) |
|
> IE 5.5 |
|
> Proxy client 2.0 |
|
> Acrobat reader |
|
> McAfee AntiVirus (run at every boot) |
|
> Mathlearn 1.0 |
|
> Typelearn 1.0 |
|
> Image composer |
|
> Desktop tools: Explore, Paint, Calculator |
|
|
|
Functional Description: All student accessible desktops use a controlled configuration
that prohibits changes to the wallpaper, desktop settings, display settings and
software installation. Command prompt is
not available. BIOS password is configured on all desktop PCs. All
student desktops require a user logon for access to the local PC.
All students, teachers and administrative staff each have their own
unique user account. All Win98 PCs
require domain server user signon validation for local signon.
The newer WinXP desktops require domain signon validation but can be used
locally if the LAN connection or domain server is unavailable. The
Linux desktops are used for testing only, but all LAN, Internet and desktop
functions work well. There are three primary models of desktop PC, all Dell Optiplex, that are
maintained via the Norton Ghost O/S imaging product.
One image for each model desktop is retained and used to quickly repair a
corrupted desktop or to install a new PC.
Private Network
The school has a single LAN on one campus, in one
building. There is no remote access or dial-in access to any point of the
network. The only external network connection is to the Internet.
|
LAN (96 switch ports)
|
> all desktop connections are 100Mbps FDX
ethernet |
|
> server connections are 100Mbps FDX ethernet |
|
> approximately 250 LAN jacks, distributed
throughout the school, all terminate in the "switch" room into
a Cat 5 patch panel |
|
> IP addresses are assigned, no DHCP used from
desktops |
|
> one 3Com SuperStack II core switch w/matrix
mod (24 port) |
|
> three 3Com SuperStack II downstream switches
(24 port each) |
|
|
|
|
Printers (8)
|
> three color HP printers, one on LAN |
|
> five black/white HP printers, four on LAN |
|
|
|
|
LAN Port Breakdown and Ports Available:
|
| LAN Connected Device |
Number of Ports Needed |
| Desktops |
80 |
| Servers |
2 |
| Printers |
8 |
| |
|
| Total ports in use |
90 |
| |
|
| Ports from switches |
96 |
| Available Ports |
6 |
Functional Description: The LAN uses ethernet with one VLAN/subnet using IP addressing
in a class C subnet mask. There are at least two LAN jacks in each
classroom and at least one LAN jack in each administration staff office or
room. There is no file or printer sharing installed on any student
accessible desktop.
Internet
There is one DSL connection used for Internet access.
|
All students and parents are required to read, sign and
abide by the established Internet usage agreement |
|
Internet DSL provider: Megapath |
|
Uplink speed: 256Kbps, Downlink speed: 256Kbps |
|
Firewall features:
|
> Outbound connections allowed: 100 |
|
> Inbound connections allowed: 0 |
|
> All outbound access requires school domain
logon |
|
> Only web browsing and email protocols are
permitted |
|
> DSL router has direct ethernet connection to
Server |
|
|
|
|
Email
|
> 25 Internet email IDs provided by Megapath |
|
> No students are permitted to use email and are
blocked by protocol to user group permissions |
|
|
|
|
Web site/content broswing filter
|
> CyberPatrol server version |
|
> CyberPatrol subscription service provides
daily update to restricted sites list |
|
|
|
|
School web site
|
> Supported via ISP separate from DSL provider
ISP |
|
> Frontpage is used for publishing and
administering the web site |
|
Functional Description: All access to the Internet from desktop PCs is directed through
the domain controller server. This server is normally the primary server
and is specified as the primary gateway on all desktop PCs. No inbound
connections are permitted on the DSL router or on the server. Only web and
email access is allowed and only teachers and school administrative staff have
email access. M/S Proxy server is used to facilitate Internet protocol
access.
Server
There are two servers at the school used for all logon,
file sharing, printing and Internet access by students.
|
Two Dell PowerEdge 2400 servers, duplicate hardware:
|
> single 733Mhz Pentium III processor |
|
> 1GB RAM |
|
> three 9GB SCSI drives |
|
> one 36GB SCSI drive |
|
|
|
|
Server1 configuration:
|
> WinNT 4.0 SP 6 |
|
> Primary Domain Controller |
|
> CyberPatrol |
|
> M/S Proxy 2.0 |
|
> Veritas Backup software |
|
> Replicates to BDC |
|
> User Shares |
|
> Standard NT logon processing |
|
> Printer spool |
|
> DHCP for printers only |
|
> Routes all Internet access |
|
|
|
|
Server2 configuration:
|
> WinNT 4.0 SP 6 |
|
> Backup Domain Controller |
|
> CyberPatrol |
|
> M/S Proxy 2.0 |
|
> Veritas Backup software |
|
> User Shares |
|
> Standard NT logon processing |
|
> Printer spool |
|
> DHCP for printers only |
|
> Requires cable switch to provide Internet
access, if the primary server fails |
|
|
|
Functional Description: The servers are configured in a standard PDC/BDC
environment, using the PDC for all logon, file sharing, student printing
and Internet access. All user logon shares are defined and mapped to the
student's or teacher's H: drive upon logon. PDC/BDC replication occurs
daily. Incremental backups of the student folders occur daily.
2. List of Issues and Goals
|
"I Need more LAN ports for additional PCs and
printers."
|
|
"Dell is sending new XP PCs to replace the old PCs
expiring from the lease. XP desktop configuration is complex. I
want to use XP, but I need it to work with my server network and the desktop has to
be locked down."
|
|
"All of the PCs in our school are used all of the
time. The students can't always finish their projects and there is no
where to put new PCs."
|
|
"Sometimes the network gets slow. The
Internet or student folders or printing will slow down and sometimes
stop."
|
| "The teachers and students are beginning to ask
about taking work home and bringing it back in. I don't know of a
reliable, secure way of doing this. I'm concerned about viruses." |
3. Recommendations
The Based on a site visit and review of the current I/T
environment, issues and goal, the following recommendations can be made:
| Desktop: The desktop environment is well
managed. Ghost is used to maintain different copies of each desktop PC
type
-
The Win95 and Win98 PCs should be upgraded to WinXP
(preferred) or WinMe. Win95 is no longer supported and Win98 may
be dropped from formal support soon.
-
Response to issue: "Dell is sending new XP PCs to replace the old PCs
expiring from the lease...
XP should be used since it offers the best
technology. But, XP desktop
control settings can be complex, based on the requirements.
Connecting XP to an NT server can be hazardous if configured
incorrectly. XP can be
deployed and used if the desktop lock-down control and network access
requirements are know. Configuration
testing is always needed and should be isolated for XP.
-
Response to goal: "All of the PCs in our school are used all of the
time...
|
Aside from having the students arrive early or stay
late to use the existing desktop PCs, there is only one simple solution that
would fit. Use a laptop cart with wireless access. The use of a
cart, full of wireless laptops, is becoming popular because it is a space
saver and does not cost much more that normal PCs. This makes the
justification effort less difficult, if new desktop PCs were budgeted for
already.
| Private Network: The
LAN is well defined and wired correctly.
CAT 5 cabling is used and all room jacks are terminated into a patch
panel in the same room that houses the servers.
Patch cables are used to connect the room jacks on the patch panel to
the switch ports.
All room jacks and corresponding patch panel ends are well marked
with a consistent naming convention.
|
- No
significant issues were found with the private network.
- Response
to goal: "I Need more LAN ports for additional PCs and
printers."
Additional
ports can be added to the existing LAN via a new switch connected to an open
port and any active switch. This
is a poor solution since it causes a bottleneck with the new switch; which
is essentially a hub in this configuration.
Another solution is to replace a SS II switch with an SS II switch
that has a GB Ethernet connection. This
switch GB connection is connected to another new SS III 48 port switch that
has a GB uplink connector.
|
Internet: The Internet connectivity,
firewall and content/site filtering is well constructed with little
available for improvement. Since no inbound connections are allowed
from the Internet, there is a very low probability that any hacking into the
school from the Internet will occur.
-
The proxy software should be upgraded when the
server O/S (Operating System) is upgraded.
-
If a full Internet security assessment is required,
a third party evaluation company should be employed.
|
|
Server: The server environment is
constructed per M/S standards and is at the current service pack. The
PDC/BDC is replicated and backups are run daily.
-
The WinNT server should be upgraded to Win2000 or
Win2003. WinNT is not formally supported for bug fixes
anymore. The M/S recommendation is to upgrade to Win2003.
-
There is no recovery plan for failover, system
restoration or disaster. The development of a at least a server
disaster recovery plan should be completed and tested. it is
crucial to know how long it would take to recovery from a complete
server or network failure.
-
The secondary server should be configured and
tested to support Internet access. This should be completed with
assistance from the DSL provider.
|
|
Recommendations to other Issues and Goals:
|
|
-
Response
to issue: "Sometimes the network gets slow...
This is a common issue that is sometimes difficult
to determine the cause of. If the Internet is the common issue,
the DSL provider can be contacted to validate the bandwidth allocation
and to get a report on traffic utilization. Often, this type of
problem, if chronic, requires on-site monitoring, logging and
network traffic tracing.
-
Response
to issue: "The teachers and students are beginning to
ask about taking work home and bringing it back in....
There are several solutions to safely sharing files
between home and school. When developing this process, the
following should be considered:
> Use a file share on a staging PC as a pool for
the files to be transferred
> All file transfers should be processed
manually. Files should always be virus scanned before loading into
any location on the server.
> Create a request form that allows the approval
and scheduling of files to be transferred. This ensures parent
approval and that only the specific, required files to be transferred.
> Set up specific times during the day that
files will be transferred in and out.
|
|
