When you add 1,000 devices to any system you would expect to see a significant impact on any bottlenecks or points of stress. These are some of the issues we’ve discovered and how they’ve been over come or how we plan to tackle them.
Prior to iPads being added to the network, we had a BT fibre providing a 50Mb link for about 650 devices and it was ticking along ok. We’ve now upgraded the line to a 1Gig bearer throttled back to 400Mb. You can read more about this here.
Previously we had 1 Windows 2003 Domain Controller provided by RM running most of our curriculum and admin network services including DHCP, DNS, WSUS and file and print sharing. This was supplemented by a Windows 2008 R2 x64 server to share some of the increased load as a stopgap to migrating away from RM’s CC4 solution. Watch this space for a future blog post on how and why this was necessary.
As well as this we’ve had a number of issues with Apple’s AirPlay and AirPrint not being reliable enough on a large network. You can read more about this here.
We have 13 edge cabinets with 40(ish) switches all connected back to the server room and our core switch by 1Gig fibre links. Prior to the iPad project this wasn’t an issue but as we’ve added more devices this has become a noticeable bottleneck.
Thus far the situation has been mitigated using link aggregation and stacking the edge switches but over the summer break we will start a phased migration to 10Gig fibre connections and HP Pro Curve managed switches to key areas around the school initially but rolling out to everyone over three years.
Security and BYOD
Once the lower school were issued with iPads, we allowed bring your own device (BYOD) for our sixth form students. This included a dedicated wireless network on its own VLAN which just provided a connection to the internet without compromising the security of the network. Using RADIUS authentication to control who could or could not connect we were able to provide a good managed service without any additional expense. Students are able to access their files through our VLE from anywhere so we didn’t have any issues with file access.
The same approach was taken for guest users and mobiles and tablets owned by staff.
The student network is secured with a security key that is distributed using our MDM solution followed by RADIUS authentication to work out who each student is. This combination avoids us providing an internet connection to most of the student’s phones etc.
We’d outgrown our existing proxy server and while you were able to get a managed iPad working using an IPS file (most of the time, if the wind was in the right direction!), this was going to cause a number of head aches.
We settled on a Rocket Appliance from Lightspeed which has been in and working for just under a year now. The RADIUS authentication on the WiFi works out who it is and from there the web filter applies rules accordingly. It does exactly what it says on the tin!
This is by no means an exhaustive list but it should provide a fairly good idea of the scale of the challenges we’ve over come.