Infrastructure/Connectivity

  • Discussion of network settings A secure and reliable local and wide area network is required to deploy the applications that schools need and to meet national, state and district mandates. Guilford County Schools maintains a network of more than 130 schools and central office sites. Approximately 48,000 computers and more than 99% of all classroom space, have access to the Internet, email and other software applications using the network. It is the goal of Technology Services to provide a powerful and secure infrastructure for all classrooms that will enable high-speed access for current and future applications.

    This section includes information related to the infrastructure and connectivity installed in the district.

    Current Network Design

    Desktop Management

    Remote Control Software

    Deployment and Patch Management

    Inventory Management

    Network Access and Email Accounts

    Servers

    Wireless

    Network Improvements

    Disaster Recovery Plan

    Voice Communication Systems

    Network Policies

    Technology Design Specification

    Current Network Design

    The current network was built using industry-standard equipment and software. Sites are communicating in the district through a fiber-based Metro Ethernet solution, providing bandwidth speeds up to 10 Gb. This solution is provided in partnership with our area provider, Spectrum Business. Internet access for the district is currently provided via a 6 Gb connection to the North Carolina Research and Education Network (NCREN).  

    A central network operation center (NOC) provides a hub for data, servers, and security. All network traffic from schools return to the NOC for access to centralized services and the Internet. 

    Application servers, email servers, DNS servers, deployment servers, appliances (such as filtering devices) and the backup storage system, are all housed in the NOC.  Servers, such as web servers that are accessible to the public, are located within a DMZ.  Web-based access to email is routed through the DMZ and is available remotely.  Also in the DMZ, are application servers that are provided by outside vendors. 

    Other technology strategies employed by Guilford County Schools include:

     

    • Use of Active Directory as the single authentication source
    • Use of standard TCP/IP protocol
    • Use of domain naming services (DNS), dynamic host control protocol (DHCP) and network address translation (NAT)
    • A de-militarized zone (DMZ) for all public access devices
    • Cisco firewalls
    • Orion and What’s Up wide area network and server monitoring tools
    • Cloud-based ZScaler filtering for undesirable sites on the Internet
    • An Intranet with critical devices and custom applications available only within the Guilford County network to users with proper authentications
    • A Virtual Private Network (VPN) that allows secure access to the network including internal Intranet applications from remote sites
    • Email servers
    • Email filters to eliminate Spam
    • Desktops protected by antivirus software
    • Desktops “locked down” using Microsoft’s Policy Manager

    Sites have been cabled with category 5e, category 6, and fiber backbone cabling.  All schools have centralized wiring closets with backbone switches.  Most schools use Cisco switches 100/1000 mbps equipment in all closets.

    More than 400 classes in Guilford County are held in mobile units.  Fiber optic connections are being used for new mobile installations and, as budget provides, to replace many of the original wireless solutions. 

     

    Desktop Management

    Standardized software is provided for all computers in the district.  In addition to curriculum-based software for the particular grade/area, Microsoft Office Professional is used at all levels. All computers are connected to the wide area network and have access to the Internet and email. The district currently uses Microsoft Internet Explorer and Google Chrome. Updated directories of virus protection files are automatically deployed to all desktops nightly or on-demand in case of an outbreak. 

    All desktops are secured using Microsoft’s policy manager and require a user to log in to the network. Access varies according to the user identification and group. All teachers have a specific user identification and authentication. They are allowed to download from the Internet and save data to their OneDrive; however they are not allowed to load software or map drives. A help desk request ticket for a technician to install new software must be completed. Students also have access to installed software though unique logins and may save to OneDrive.

     

    Remote Control Software

    With the number of computers growing, and multiple applications increasing in complexity, Guilford County Schools purchased remote control management software to assist with the technical support of individual desktops. NetSupport Manager enables a technician to browse, diagnose and resolve technical issues using the network. Common problems can be addressed quickly, without the need for staff to physically visit a school site.  Another module, NetSupport Schools, is available in all computer labs.  It enables teachers to access and manage student desktops.

     

    Deployment and Patch Management Software

    Microsoft SCCM is used to enable mass distribution of software applications, upgrades, drivers and patches. The software allows mass deployment of an OS and base applications or configuration of school-specific software. Tasks can be initiated immediately, or scheduled for after hours. In addition, SCCM links directly to Microsoft for patch notifications and scans connected desktops to report missing security updates.

     

    Inventory Management Software

    SCCM also collects detailed configuration data about all Windows computers attached to the network. When changes are made at the desktop level, they are automatically reported to the central database. The software enables us to more easily and accurately answer budget and planning questions such as:

    • How many computers need additional memory?
    • Which machines are affected by a manufacturer’s recall?
    • Which schools have the necessary equipment to use a new software package with specific requirements?

     

    Network Access and Email Accounts

    Network access and email is established for all employees of Guilford County Schools. User accounts are automatically created for new employees at the time an employee is added to the Human Resource Management System. 

    The user’s legal name, as stored in the Human Resource Management System, is used to create network access and email accounts.  Individual users access the domain with their unique user identification. Each user has a password and a level of authority assigned. User identifications and level of access are correlated to the HRMS system employment assignment and stored in the Active Directory.  Intranet applications require users to be working on the Guilford County network (or have VPN access). 

    Employees must be familiar with and adhere to the Acceptable Use Policy (AUP). The AUP is included in the Personnel Handbook.

    Employees are routinely reminded that email is not necessarily private. North Carolina Public Records statutes apply to all use of the GCS email system. The use of email as a means of communication is also subject to all laws and policies that address the issues associated with the confidentiality of student and employee records. 

    The following statement is included in all delivered email.


    “This email is for the sole use of the individual for whom it is intended.  If you are neither the intended recipient, nor agent responsible for delivering this email to the intended recipient, any disclosure, retransmission, copying, or taking action in reliance on this information is strictly prohibited.  If you have received this email in error, please notify the person transmitting the information immediately.  All email correspondence to and from this email address may be subject to NC Public Records Law which may result in monitoring and disclosure to third parties, including law enforcement.”

     

    Servers

    Guilford County Schools operates more than 400 servers. The network architecture is Microsoft-based using Active Directory. As budget allowed, these systems have been replicated and secondary paths created.

    Servers include application servers, DNS servers, deployment servers, appliances such as filtering devices, the VPN concentrator and the backup storage system. Servers that are accessible to the public, such as web servers, are located within the DMZ. 

    The backup and recovery procedures for district servers are documented annually for the external audit of the general financial statements. In addition, the data on servers identified as mission critical, is also replicated to the centralized storage system for quicker recovery. 

     

    Wireless

    The growth of Wi-Fi networks has been extremely rapid in recent years. Users want to extend the same functions of the wired network to a wireless one. The push to wireless access brings new challenges. We need to meet the demands for “anytime, anywhere” network access without compromising security necessary to protect all users.

    Technology Services provides wireless access in all schools and sites. Coverage and density varies according to grade level and need.

    A “Guest Network” is available, on a limited basis, for non-GCS devices. 

     

    Network Improvements

    Managing the network infrastructure is becoming an increasingly complex task. The utilization of the network in education provides exceptional opportunities for users, but it also increases the associated risks. Technology Services must continually find new solutions that improve bandwidth, provide additional features and protect against new vulnerabilities.

     

    Disaster Recovery Plan

    As a part of the annual external audit of the general financial statements for Guilford County, auditors review internal controls and operating efficiencies related to the major business applications used by the district. Critical data systems and applications have been identified and assessed. As budget allowed, those systems have been replicated and secondary paths created. In addition, a complete Disaster Recovery Plan was written.

    Secondary iSeries 400 Guilford County’s centralized midrange computer is used for most of our major business applications such as Payroll, Purchasing, Financial, Human Resource and Child Nutrition.  A duplicate system is maintained for backup, security, and continued operation. The primary computer continually replicates data and programs to the secondary unit. Should the main computer have a disruption of service, work could resume as user files are retrieved from the smaller secondary computer. Daily backups of both systems continue to be maintained and stored in offsite vaults.

    Generators and uninterrupted power systems are maintained for critical sites. These systems have the capacity to provide power to each site for several hours.

    Backup Storage System Technology Services maintains backup storage systems at two sites. The solution enables us to backup critical data from a variety of sources onto centrally managed storage. In case of lost data, recovery is much faster and more reliable than using media such as tapes. Documents from individual desktops, data from various application servers, the data warehouse, public folders, web sites and email are all copied to one of the storage devices. The building systems are then replicated to each other for added security. Routine backups of critical data continue to be maintained in offsite vaults.

     

    Voice Communication Systems

    Major telephone system replacements are included in the Capital Improvement Plan. With the installation of the Metro Ethernet solution, Guilford County Schools' network has the available bandwidth to implement Voice Over IP (VoIP) standard for voice communications. VoIP uses the data network and equipment for voice services, rather than a traditional telephone system. VoIP has been implemented successfully in several school districts and universities. It offers many new features and can be very cost-effective. Along with offering a phone in each classroom/office, we are now able to unify email and voicemail into one media source. We have installed this system into new construction and renovation projects since its initial inception during the 2003 Bond Referendum. 

     

    Network Policies

    Updates and additions to the network must follow strict standards to insure interoperability, reliability and maintainability of the networking infrastructure. The Technology Applications Review Committee (TARC) is charged with reviewing, approving and setting standards for all hardware, software and network access.  These procedures and standards are outlined in the Technology Policies, Procedures and Standards Manual.

    Examples of issues addressed in the manual include:

    • Minimum standards for networked computers
    • Relocation of equipment
    • Computer donations
    • Personally-owned software
    • Email accounts for non-employees
    • Password resets
    • Use of email
    • Approved software lists

    To further ensure that uses of technology are consistent with the goals of the district, Board Policies EFE and EFE-P Acceptable Use of Electronic Transmission Capabilities (AUP) were modified. 

    The AUP states:

    “Technology Services is responsible for establishing and users are required to follow all standards, policies, and procedures related to the use of technology in the Guilford County Schools.” 

    “The user is responsible for his or her actions and activities involving the network.  Some examples of unacceptable users are: circumventing safety configurations, modifying setup policies, modifying settings on machines, attaching unauthorized devices…” 

    The complete Technology Policies, Procedures and Standards Manual can be downloaded by selecting the following link:

    Technology Policies, Procedures and Standards Manua

    Technology Design Specification

    Construction and Renovation projects are constantly under design in the district. The Technology Design Specification has been created to provide architects and engineers with information regarding the district's technology needs and goals. The Technology Design Specification is a generic document to create a standard technology level for all projects, while maintaining up to date materials and methods, future proofing, and cost effectiveness. An individual specification is created for each project during the design process. This insures the most up to date technology and provides for the unique requirements and situations of each site.

    Technology Design Guidelines

    Technology Design Specifications