Archive for Network

Speed up Mac SMB connections to Windows

I am so glad that my colleague Johny told me this. Mac SMB connections to Windows file servers have been extremely slow to connect. It turns out that fully qualifying the server name makes the connection immediate! What a wonderful little tip.

Where Is My Network Folder?

I designed this activity to make the idea of a network folder more concrete to our fourth grade students. Annually, students struggle each year to understand where to save their files. The operating system does not provide much help. Local and network folders practically look the same. Sometimes, they even have the same name (for example, a Mac local and network home folders)!

Students started in their classroom, the school’s computer lab. They traced the path of an Ethernet cable out of the back of a computer, into the wall, and to the building network closet. There, they observed how the network switch transfers the signal from a copper Ethernet cable to glass fiber optic cables. They then traced the path of these cables from one building to the next, overhead and underground, until they reached the server room.

Students observed the many servers, noted their names, and looked at their network folders on a display attached to the servers. They collected notes on the experience and answered several questions seeking to assess their understanding of the experience.

More photos from the field trip

I’m glad we’re not in the cloud today.

Serious Internet slowdown today at school. Days like this make me really glad that our mail, files, student records, and website data are all stored on campus. School would shudder to a halt were this data and services in the cloud.

Start-of-year Announcements

I find that teachers are most receptive to new information at the start of the year. Each year, I make a series of presentations at the opening meetings of each division in our schools. This year, I focused on training, network changes, annual reminders, and examples of student and teacher online publishing. Here are my slides for this year. Please find presentation notes below.

  • Training: theme for the year (from IT retreat)
    • Thank you for attending Windows and Mac training sessions – want you to start well
    • Coming up: email strategies, teaching with interactive whiteboards, Mac Essentials
    • US only: department visits replace division visits
  • New network technologies implemented this summer
    • Wireless network: new standards for speed and security, adaptive access points, coverage maps
    • Network access: limit network to known computers, enforce minimum security policy, includes wired network, less intrusive
    • Antivirus: better detection
  • US Laptop Survey
    • Generally high level of satisfaction
    • Opportunity to address the student experience when asking for help
    • Uneven levels of use among departments
    • Survey of college students: prefer moderate amount of tech (not 100% nor 0%)
    • Effects of laptops on face-to-face communication: differences between faculty and student responses
    • Online cruelty: please continue to engage students in dialogue
  • Popular tips
    • Can use Entourage and Outlook from home
    • Connect mobile phone to CG email
    • Printing: how to troubleshoot
    • New Office file formats
    • Backup, backup, backup
    • Email etiquette
    • VM-only extensions
  • Website
    • Classroom page news feed
    • Athletics team pages
    • New HelpDesk, Technology blog
    • Moodle: how to post to the master calendar
  • Some highlights of online presentation from last year
    • US Spanish students in the community
    • Fourth grade newspapers
    • Herb’s video on AKOM nets the school an award
    • Election online discussions
    • Larry’s board notes online

Macs and the Enterprise Network

Credit: vitroid on Flickr

Configuring Mac laptops for our new 802.1x network is proving more difficult than expected. It appears that only OS 10.6 is compatible with WPA2 Enterprise networks, and even then, they don’t always connect all of the time. At the moment, we are looking at the following:

10.6 clients: 802.1x system profile with saved user credentials

10.5 and below: WEP with pre-shared key

On startup, the process that authenticates a user via 802.1x does not always launch at the right time, leaving the user in no man’s land. The user than has to turn wireless off and on to get it to try again. If the user brings the computer from home to school and wakes it from sleep, then the process is not running and then cannot auth to 802.1x. Fortunately, once connected, the system seems able to reconnect reliably when waking from sleep. We have provided a small, custom app for users to easily reset the wireless card.

Too bad that Apple has not yet got this right. It feels so 2001 to run WEP for some of our users, especially on our brand new wireless network. Our Windows client setup has been flawless.

New Network Access System

We have purchased a SafeConnect network access system to replace Cisco Clean Access at Catlin Gabel. This ends a rocky, four-year relationship with CCA, in which we dedicated a lot of money and staff time to CCA yet were unable to implement the full functionality we desired. Other schools using SafeConnect have spoken so enthisiastically about the ease of use and smooth function of the system. We hope we will have a similar experience!

We plan for SafeConnect to:

  • Limit both the wireless and wired networks to known computers
  • Authenticate dedicated computers by machine identity and shared computers by user identity
  • Store detailed access logs to help us investigate specific reports of cyberbullying
  • Audit the network for specific running processes (e.g. netbots)
  • Enforce minimum patch levels for all computers
  • Ensure that antivirus software is still enabled on all computers

Implementation cost is only one quarter of what we paid to implement Cisco Clean Access four years ago!

Network Access Control

Our IT team has been meeting regularly to determine new infrastructure projects for the year. The list includes network access control and wireless access controller systems. Our discussions reveal a common theme: how many of the components of an enterprise computer network should we acquire and maintain, considering their benefits and costs?

Network access control is currently up for consideration. Three years ago, we installed our first network access control system to bring the following benefits to our school.

Limit the campus network to known computers and users
If computers not known to the IT department get on the LAN, they may be infected with viruses or running a spambot or other malicious software. Network access control software ensures that only computers that IT manages can get on the network. They do this through different methods, including client login and MAC address filter.

Offer guests an open wireless network for Internet access
If we limit the campus LAN to known users, then we should provide an open network for parents, vendors, guests, and users’ personal wireless devices so that they may still get online. The guest network presents a welcome page (captive portal) to the user that includes terms and conditions. The guest network only provides Internet access, protecting the school’s file server, print server, and other network resources. Guests may still access the school’s websites.

Track network activity by user
Increasingly, division heads have asked us to identify one student who has bulled another student through the campus network. If users are required to log in to access the campus network, then it becomes easier to trace network activity to a specific user. We have also implemented DHCP reservations so that the IP address on record is a reliable indicator of what computer was used for each network activity. This works well for a computer with only one user and less well in shared facilities. Since client login lasts an entire day (to avoid bugging users with multiple daily login requests), users of shared computers are not required to logi in often enough to positively identify each user.

Check computers for minimum system requirements
Even computers that we manage may become infected or compromised over the course of the year. We would ideally like to keep such computers off the network in order to protect the school’s systems and to stop an infected computer from spamming the world. One method is to block computers that do not meet minimum system requirements and then provide the user with links to the necessary software updates.

Current status
We currently run a Cisco Clean Access system to provide network access control and a public wireless network. We also gained the ability to track network activity by user, except for shared computer carts and labs. Despite lots of consultant help, we had great difficulty setting it up properly to perform these two functions. On account of the effort it took to get this far, we never did implement requirements checking beyond a small test group. Now, we are required to either upgrade to a new server software version (at great expense) or move to a different system.

Requiring users to log into client software to access the wireless network has been pretty intrusive. Ideally, this would be integrated with operating system login, but we hear that this is difficult to configure in our current NAC system with Windows and not possible for our Macs. Our users do not much like the additional login window that pops up, especially when it misbehaves, and they cannot access the wireless network.

Lower-cost options
Could RADIUS meet our needs? It’s a bit more do-it-yourself than buying a NAC product, it probably would not require user login, and it would not check systems for minumum system requirements. However, it would limit the network to known computers, which would take us part of the way toward our goal.

Setting our target appropriately
How much network sophistication can a school like ours afford to purchase and maintain? In a recent survey we conducted, only one of 26 peer schools was running NAC client software to check computers for minimum system requirements. The cost and effort required may not be worth the promise of reduced workstation maintenance and a safer network. We may have discovered that enterprise-level network access control is really

We will continue our investigation of different combinations of systems that could meet our needs and stay within budget.

More Bandwidth!

We recently increased our bandwidth in response to increased utilization. Fortunately, we also changed pricing structure so that we don’t get penalized for increased use. We used to have a 3Mbps floor and 10Mbps ceiling, which kept out monthly rate down but incurred overages when our monthly 95th percentile use exceeded 3 Mpbs. We managed to negotiate a 12Mbps flat rate (no floor) for the same monthly rate as before. If utilization increases to high levels, we will experience degraded performance rather than seeing surcharges, allowing us to correct the problem without first paying a penalty.

Usage patterns suggest that students online before and after school are using most of the bandwidth. The first graph shows usage spikes at 8 a.m. and 4 p.m., and the second (you have to read it from right to left) shows increased use over time, except for a slight dip during summer.

On the one hand, we certainly do subsidize the recreational internet habits of our students. On the other hand, students learn best through experience how to manage their time. Adults adopt a teaching stance and hold students accountable for appropriate behavior online. This environment encourages responsible use in a constructivist manner. However, complacency comes easily — we must remember to keep paying attention to student use patterns, individual cases of imbalance, and perhaps most importantly, keep talking about these issues among ourselves and with students.