Proto School Setup

This page will outline a proto-school which will emulate the features of a larger school district.

Overview

This is a hypothetical discussion. I take no responsibility if you do something stupid after reading this.

This school district will be centrally based, with an active board office who provide IT services for the district in general. Schools will be geographically spread and will not be supporting themselves with internet connections but will instead be provided with links back to the board office which will have a high speed connection.

Overview (networking)

• • For our initial purposes, we'll have an elementary school called ElemSchool, a high school called HighSchool, a board office called BoardOffice. 

  • The three locations will be physically seperate and different in IP space. 

  • We will assume that schools have a direct link back to the board office, i.e. dedicated fiber or wireless, that will be used for internal purposes.

  • Each school will have their own file server storing files on redundant disks. This file server will share printers for the network. It will provide DHCP servers with static DHCP being used.

  • The firewalls at each school with provide SQUID caching, access control and logging. This logging will be reported upstream to the board office. Internet access will use user authentication (i.e. NTLM with fallback http) to confirm what level of access is allowed.

  • Each school will be made up of labs, classrooms and admin areas.

  • Firewalls will not allow outgoing traffic by default.

Overview (email)

BoardOffice will host email for the school district on redundant disks.

We'd like to use Zimbra for the board office staff but will probably end up going with a postfix solution. We're going to run seperate email servers for the staff vs the students so there's some segregation. Staff are going to use Thunderbird in IMAP mode by default. Students will use Squirrelmail webmail by default. Staff email, excluding spam/junk mail folders, will be backed up.

Overview (web)

Overview (inventory)

• • The board office will be able to provide inventories of the individual schools along with guidelines for replacement for budgetary purposes. 

  • A teacher will be able to call the help desk with a computer # and the help desk will be able to see maintenance records, computer inventory, etc.

  • Computers will be individually imageable and default configuration will allow machines to be quickly sysprepped so that labs, etc. can be rebuilt quickly as needed.

  • User configuration, i.e. home directory, profile, etc. will be stored on the local school servers wherever possible. We go on the assumption that teachers/students are not travelling between schools.

  • Inventory control will consist of the following two standards. Every computer will be labelled with a scannable barcode. Each computer will also be uniquely assigned a 4 character hexadecimal identifier which will be physically written on the case in permanent marker. This will be extended to any peripherals worth more than $50 - i.e. printers, scanners, monitors but not things like keyboards/mice/speakers. On the backend, the type of the devices will map uniquely into a 2 character hexadecimal prefix on the ID. The help desk will be able to take a call for the background of monitor 45ab and they'll be able to pick "monitor" from a drop-down and enter in 45ab and they'll get the history they're looking for. The barcodes will allow for quick inventories where available.

Board office will have a central copy of all school data up to a week out for redundancy purposes.

Network topology

First 10 class C's will be for Board Office / internal use. 10.57.1.0/24 will be for the Board Office LAN space. 10.57.10.0/24 will be for OpenVPN IP's. Each subnet 10.57.x.0/24 will have a 10.57.10.x associated with it as a convention. The remaining 8 class C's are reserved for further use.

Elementary schools will run from 20-50

High schools will run from 120-150

Centralized management

We're going to use LDAP as a centralized directory of users and machines. We're going to run a single master system from the board office with replication out to each of the sites. We're going to run the Samba3 schema. Computer accounts will also have objectClass=ieee802Device added to their attributes and a macAddress tracked. Computer accounts will also have objectClass=ipHost added to their attributes and an ipHostNumber assigned.