All aspects of enterprise networking require quite specific expertise. Schools employ network professionals to maintain and manage the networks installed and they also retain outside network professionals including engineers and technicians to design and install network upgrades (both hardware and software) and extensions (for example adding wireless capacity).
Planning and Installation
An information technology network is much like other technologies as the expertise needed to design and build it is much more specialized and expensive to than the expertise needed to manage and operate it once it exists. Consider how an IT system in a school is similar to an automobile. Planning and building each requires engineers and designers who have detailed expertise and expensive tools, but they are not needed after the automobile exists. Technicians who keep them operational have lesser (but still considerable) skill and tools. Users can take some minimal steps to keep both operational.
When designing new networks or major upgrades, most technology managers in schools will contract the services of network engineers. Typically, these professionals work for companies that also sell, install, and service the devices included in the engineer’s plans; so, installations and upgrades tend to find schools entering into extended contractual relationships for service and repair work on the infrastructure. While these services are very expensive, after school leaders consider the cost of the devices and the potential liabilities of insecure networks, they recognize the value in this expense.
Network installation and upgrade projects are laborintensive and may cause interruptions in network availability and usually necessitate technicians work throughout the building. To minimize the disruptions caused to teaching and learning, network projects can be scheduled during the times when the school is largely empty of students. The vendors whose engineers plan the installations and upgrades will also have large numbers of technicians available, so projects that require many hours of labor can be accomplished in small lengths of time through many workers.
Engineers design and technicians build IT networks. System administrators operate and manage the networks once they Efficacious Educational Technology 108 are installed. Serious problems are brought to the attention of the engineers who have more complete knowledge of the system to identify a solution, but most functionality can be sustained by individuals who have been properly trained and how have adequate resources.
A key aspect of planning and installing a network is mapping and documenting the network. IT networks are very interesting systems. From the inside (when connected to the network on a computer that has network sniffing software installed and running), the network addresses of devices can be located with precision and very quickly, but the physical location cannot be easily determined. From the outside (when looking at the physical device), there is no way to know with certainty its network address or the purpose it serves. A good network map will identify both the network address and physical location of devices (the devices will also be labeled with appropriate information). Most network devices (switches, routers, security appliances, access points, printers, and most other devices which are given static IP addresses) include a web server installed on a small computer in the device. By pointing a web browser to the devices’ IP address, system administrators can log on to a web page located on the device to monitor its operation, change its configuration, update its software, and otherwise mange its operation. This interface can be used to supplement a network map, but it does not replace network documentation.
Network planning, including mapping, is an important part of managing IT resources is schools, but it is often not given the attention that it needs. IT professionals are typically overworked, so they spend much time addressing technology problems that are very pressing; the work of documenting the network can be left undone. While this is seemingly a necessary approach to resolving technology problems in schools, it can lead to greater difficulties later. When outside agencies need to access the network (perhaps because the system administrator is unavailable) or when the school seeks to document network resources and budget for network replacement, a network map can save many hours of work that is billed at a far greater rate than is earned by an IT professional employed by the school.
Managing Users, Resources, and Data
Once IT infrastructure has been installed, IT professionals hired by the school adjust the configurations of devices installed by the engineers and technicians so the network is secure, robust and reliable. They configure settings to authenticate users; give them access to servers, printers, and other devices; and adjust addressing and security functions as devices are added to and removed from the network. Often these are established before the network is installed (network planning is a vital part of upgrade and replacement projects and finds school IT professional and network engineers meeting for many hours to devise and refine the planned installation).
Accounts are granted permissions according to the users’ role in the school and the resources each is authorized to use. The accepted network management practice is to provide individuals who are responsible for managing the school network with two types of accounts; they log on with standard user accounts when simply using the network, but then they log on with an administrator account when they need to change network settings.
In schools, most standard users accounts are assigned to groups such as “school administrators,” “teachers,” and “students.” Student groups are further grouped into organizational units such as “high school students” or “middle school students.” With users being assigned to well-planned organizations units, network administrators can quickly and easily deploy changes by applying them to organizational units.
One commonly used practice for managing user accounts on the network is to avoid recording users’ passwords. If it becomes necessary for a network administrator to log on as a specific user or to restrict a user from the network, then a system administrator can change the user’s password. The user regains control over the account by using a one-time only password from the system administrator, and reset her or his password when first logging on to the system. This step is taken to preserve the user’s privacy and to properly account for all the activity using the account. When my password has been changed by the administrator then I am locked out of my account and I cannot be held responsible for changes done under my account. Once I regain control of it, then I am responsible for it.
In addition to managing user’s access to the LAN through user accounts, IT administrators can control devices that are connected to the network by adjusting the network configuration. For example, they can send operating system updates to desktop computers, install and update applications, install printers, and set other configurations from one location. Just as user accounts are placed in organizational units to facilitate management of individuals’ account who have similar needs, computers can be assigned to organizational units, so (for example) all of the computers in a particular computer room can be adjusted by applying changes to the OU to which the computers belong.
One often-used feature of operating systems connected to network that is used to manage devices is remote access. When this is enabled, an individual who knows the IP address (or host name) of a device can use client software to log on to a computer or server from a different location on the network. This feature allows, for example, technicians at one LAN location (perhaps even in a different building) to take control of a user’s computer to troubleshoot problems or observe symptoms. In rural schools that are separated by many miles, but that are connected via a single LAN, this can be very useful as an IT professional can take control of a computer without the need to travel to the site. This increases the efficiency of technicians and minimizes travel expenses.
A well-designed network built with devices of high quality that are properly configured will typically be reliable and robust with little input from IT managers. Of course, networks are systems, so they degrade over time. IT managers in schools spend time and other resources to slow the rate at which networks degrade. One important job in keeping systems operational and secure is updating software, including operating system software, applications, and drivers (which is the software that allows computers to communicate with peripherals such as printers). Sometimes these updates introduce conflicts to the system, so those must be identified and resolved as well.
Occasionally, and despite the best work of IT professions, devices fail in sudden and very noticeable ways; this type of sudden degradation is rarer than the on-going degradation that can make introduce gradual degradation of performance and ultimately failure, but they do happen. System administrators will troubleshoot malfunctioning systems and repair or replace devices that have failed. A well-documented network map will facilitate the work of configuring replacement, so IT managers can restore a robust and reliable network quickly.
Managing the resources and protecting the data on a network also includes ensuring a disaster recovery plan is articulated, familiar to multiple technology and school leaders, and properly followed when (not if, but when) a disaster strikes. A fundamental aspect of disaster recovery is ensuring data and systems are backed-up to servers that are off-site. Many school IT manager contract with services that specialize in backing up the information in organization’s LAN’s on redundant servers.
Managing network resources also includes investigating proposed changes and upgrades to the system to ensure existing functions are preserved and that new systems are compatible with existing systems. Incompatibilities most often become apparent when operating systems reach the end of life, so they must be replaced. Small schools and early adopters of particular technologies are populations that encounter problematic incompatibilities as well. Small schools tend to purchase student information systems, accounting software, and similar data management applications from publishers whose products are less expensive than others, but that are less likely to be updated. The effect is that these users are locked-in to less than optimal systems by the expense of converting records to new systems.
Perhaps the most important function of a school IT administrator is ensuring the network is secure. There are many potential threats to the IT infrastructure installed in a school and the data stored on it, thus network security is multidimensional and necessitates the participation of all members of the IT planning teams. In general, network security is designed to ensure only those who are authorized access systems and data (confidentiality), that the systems and data are accurate and unaltered (integrity), and that those who need access can get it (availability). These three aspects of security are somewhat contradictory; confidentiality and integrity can be ensured by limiting availability, but unfettered availability poses threats to confidentiality and integrity.
Confidentiality is especially important for school IT professionals. The Family Educational Rights and Privacy Act (FERPA) was enacted to ensure sensitive information about students and families are kept confidential. Much of the data about students and families that are stored on school-owned or schoolcontrolled IT systems are covered by FERPA protections; school and technology leaders may be found liable for failing to take reasonable care in protecting this data.
When designing network security measures, IT planners and managers take steps to prevent threats from damaging the system or its data. For example, they limit the individuals who have access to administrator accounts on computers and network devices to those who are trained and authorized, they deploy unified threat management devices which scan network traffic for malware, and they block access to sites know to distribute malware. They also prevent unauthorized incoming network traffic from gaining access to the network.
Securing networks can be a particularly challenging endeavor in those schools where devices owned by students and teachers, and other guests in the school, are allowed to connect their own devices to the network. This is necessary in those schools that have deployed a bring your own device (BYOD) initiative, but there are other situations in which devices not controlled by the school are added to the network. Typically, IT managers provide a “guest SSID” that provides very limited service and others’ devices connect to that wireless service.
Network operating systems, and software added to networkconnected devices, can monitor and log network traffic and other unusual events; reviewing the logs generated by this software is a regular task for IT professionals in schools. If threats are detected, the IT managers will take steps to remediate damage. This may include, for example, removing a virus infected computer from the network, increasing the settings of threat detection, or restoring data from back-up copies.
It is even possible for IT managers to prevent particular devices from accessing the network. If a student brings a personal laptop to school, for example, and it is known to contain viruses and other threats to the network, then IT managers can use network sniffer software to identify it, then add it to a “black list” on the DHCP server, so whenever that device is prevented from obtaining and IP address, thus switches can neither send no receive data over the network to that computer. (Take a look again at this final paragraph. If you are a teacher or a school administrator who understands what it means, then this chapter has accomplished my goal for you.)