Secure and restructure network infrastructure.
Being somewhat involved in the school and through some conversations, we became aware of some growing frustrations regarding the IT infrastructure of the school. We then had an initial conversation with the new leadership of the school and offered to do a free assessment on what the state of their IT infrastructure was.
After the initial assessment, it became clear that they did not have any real structure to their IT infrastructure and as we began to delve into the details it became more clear that they have been experiencing many infrastructure-related problems.
A big part of the current state of their network was that the infrastructure has been passed down from one IT technician to the next without any real planning or structure.
What we discovered next however really shocked us!
Given the value we place on the safety of our Kids, the fact that there was no firewall or any type of traffic control to protect the children or restrict the content they could access through the internet, was dangerous and we could do something about it.
Under the great leadership of the new principal and his deputy principal, they realized the urgency and importance of the situation and we immediately got to work.
In the defense of the IT technicians, they did the best they could within the given context up to that point and with the budgets available, but IT WAS CLEAR, IT WAS TIME FOR CHANGE.
The state of the network:
Other than the lack of firewall protection already discussed, there was 1 managed switch in the network, that was not configured and placed randomly in a chain of switches where the general setup was that switches were just daisy-chained together without the consideration of proper network topology. A simple example of this was that there was one needless Daisy-chain of 4 switches linked with around 70 devices that all connected to one cheap little 8 port switch that then connected to the main unmanaged core switch.
As we started with a network discovery we quickly realized that the network had constant broadcast loops without any way of mitigating it. There were also multiple DHCP servers running on the same network, with the same IP Subnets assigned, and caused havoc on the network.
The wireless router setup was also quite strange and caused some problems.
Sometimes it can be difficult to decide where to begin when stepping into a network that is in this state, with so many different factors influencing the overall network infrastructure. It is further complicated that there is not much downtime available and needless to say there was no real budget for infrastructure improvements.
One thing was clear though, the first and most important goal was the safety of the children.
We are extremely proud to be part of the Fortinet Partner program, and Fortinet proved once again that they are exceptional in providing security solutions. With some help from the Regional Sales Director for Fortinet Southern Africa and Andre, the Fortinet – Senior Channel Account Manager, they provided the school with unmatched pricing on a device that would aid in protecting the school.
This was our starting point and started to route all traffic through the firewall with security measures in place.
From here we proposed a new network topology with VLAN’s and proper segmentation. We also proposed to implement Active Directory as this would greatly aid in the management of such a network with all the different user roles in this environment. Active Directory would also help with regards to the bandwidth usage by centrally deploying Windows updates rather than each computer having to download their own updates.
We started piecing all the VLAN’s together and placing all the different groups, or users in their respective segments.
We also started to address the wireless problems that they have been having by setting in place a plan to cover the school grounds with a quality solution but that was simple to manage, which turned out to be Ubiquiti wireless routers.
We also assist the school in putting governance and policies in place to aid them in the future.
This project is an ongoing, 2-year project and we are still in the process of achieving what we set out to.
Some of the key results expected (and some already achieved):
- Ensuring that all network traffic is routed and validated through an industry-leading Firewall solution provided by Fortinet.
- Establishing a clear infrastructure restructuring plan for this 2-year project.
- Establishing the school site as an Active Directory site.
- Establishing a stable and secure network and wireless network environment.
- Establishing a proper and reliable backup solution.
- Ensuring that devices have security protection installed such as Anti-Virus.
- Implementing governance policies.
Establishing a cost effective and efficient IT support structure.
We see ourselves as being privileged to be part of this pro bono project and are proud that we can play a role in serving our community.
It is a pleasure to work with this team and school leadership. Here is one example of where good leadership really does make all the difference!