County Technology Guidelines
version: 1.0
|
Version |
Primary |
Description |
Date |
|
Draft |
GS |
Initial |
9/4/07 |
|
Preliminary |
Don Frederick Lumbert Mary Diegan |
Second |
|
|
Final |
First |
||
|
Revision |
Revised |
||
|
Etc. |
TBD |
TBD |
Contents
New paragraphs formatted as
Heading 1, Heading 2, and Heading 3 will be added to the table automatically.
To update this table of contents in Microsoft Word, put the cursor anywhere in
the table and press F9. If you want the table to be easy to maintain, do not
change it manually.
Contents
1. Overview
1.1 Why Guidelines?
1.1.1
Obsolescence
1.1.2 Hardware
Repair
1.1.3 Software
Integration
2.2 County
Computers
2.3 Other
Computers
2.5 Peripherals
2.7 Warranty
Support of Personal Computers and Peripherals
3. PC Software
3.1 Supported
software (Operating System & Utilities)
3.2 County Image
3.3 Supported
Installation of Software (Desktop Applications)
3.4.1 Web
Browsers
3.6 Guildlines
for County elements when purchasing Unsupported Software
4. Hand-held
Devices (working draft)
4.1 Hardware
4.2 Software
5. Printing
5.2 Printer
Support
6. Network
6.1
Responsibility
6.2 Wiring
6.3 Servers
6.4 Network
Switches and Routers
6.6.1
Point-to-point or point to multi-point:
6.6.2 Mobile
wireless: (Working for the future)
6.6.3 Fixed
wireless:
6.6.4 Security
requirements when installing wireless technologies
6.6.4.1 Point to
point or point to multi point
6.6.4.2 Mobile
wireless
6.6.4.3 Fixed
Wireless
8. Security
8.1
Responsibility
8.2 Passwords
8.2.1 Network
passwords
8.2.1.1 Password
Standard
8.2.2 Application
passwords
8.2.2.1 Resetting
Passwords
To have a password reset please call the
INS at 445-7555
8.3 DMZ
(Demilitarized Zone) Security
8.3.1 DMZ Access
8.3.2 School
Websites
9. Backups
9.1 Backups
9.1.1 Individual
Personal Computers
9.1.2 School,
department data
9.1.3 Data stored
on a County maintained server
9.1.4
Development, Quality Assurance and Production servers
Router and Switch Host Names
11. IP Addressing
11.1 IP
Addressing
11.1.1 Business
Office Schema
11.1.2 IP Schema
11.1.3
School Schema
11.2 VLANS
11.2.1 VLAN Names
11.3 Patch Cables
1. Overview back
1.1 Why Guidelines? back
Guidelines
are created to allow the support organization (Technology) to maintain both the
hardware and software infrastructure within the County.
1.1.1 Obsolescence
All
computer equipment has an expected lifespan when created by the manufacturer;
further defining this lifespan is the ability to run the operating system and
ancillary software that enables the device to perform its required
functions. As an example, a
four-year old PC may be within its lifespan as dictated by the manufacturer,
but be incapable of running the present operating system.
As
hardware ages, the basic components (circuit boards, fans, power supplies,
etc.) begin to fail and finding replacement parts becomes more difficult. Repairs that may have taken two hours
with "off the shelf" parts now take three weeks while INS staff attempts to
find a reseller of old parts (which in turn may be close to failing if they are
salvaged parts). Both County and
District resources suffer through a machine’s outage.
Both
hardware and software age at approximately the same rate; however, non-standard
software creates different problems. Obsolete software has problems integrating with newer software or
hardware: As an example, the Windows 95 operating system is incapable of
recognizing many DVD drives presently installed on computers. Frequently, software failures present
misleading messages which imply other software or hardware components have
failed; tracking down these false leads takes time.
1.1.2 Hardware Repair
An
additional burden is born by the support organization when attempting to repair
equipment from a non-standard vendor. Approved vendors supply the supporting department with repair manuals,
Web sites and phone support faster and in more depth than experienced by the
general consumer. When
attempting to repair equipment from a non-standard vendor, the support
organization receives the same response a home-user may receive.
1.1.3 Software
Integration
Software
systems create documents, spreadsheets, and other "items" in a format
recognizable to themselves. In some cases "items" created in earlier versions
of the same software types are also recognized but forward compatibility is not
always possible. Additionally,
many software components require certain operating systems to function: A
document program from one vendor may not be sophisticated enough (or current
enough) to read a document from a different vendor.
For
a support organization to be successful, they need to have familiarity with the
software they help maintain. The
support team is required to trouble-shoot, install and answer questions about
standard County software. There
are far too many possible software selections for the support team to be
familiar with all of them.
2. Personal Computers back
A
personal computer (PC) is a hardware device, possibly connected to the County
network, which consists of a keyboard, mouse, monitor and CPU. Personal computers include laptops and
most desktop systems (both Intel and Macintosh). Hand-held devices (Pocket PC, Handspring, Palm, etc.) are not
considered personal computers. Personal computers for the County fall into two categories:
( County – Purchased through the County using a
vendor contract
( Other – Anything else, including donated or
purchased "Used"*
o Used: Refurbished or rebuilt by any organization other
than Humboldt County Office of Education
o *Donated: For large donations, INS will develop a
Service Level Agreements (SLA) to provide some level of support.
2.1 "County"
vs. "Other" back
For
support purposes, computers within the county are segregated by their origin,
rather than their use. As an
example, a new computer may be deployed to a PC Lab in a school and is still
supported by INS; a donated computer (regardless of age) is not supported by
INS unless an SLA has been specifically written by INS. In short, computers purchased from the
County contract, are "County" machines; those not purchased from the contract
are in the "other" category unless an SLA has been written by INS.
The
following are general guidelines for determining if a PC should be County or
Other:
( PCs running County applications (Fin2000, Minisoft,
Reflections, etc.) must be County machines.
( Students may use either County or Other PCs.
( A stand-alone (not connected to the network) machine
may be either a County or Other PC.
2.2 County Computers back
The
present County contract for PCs (including laptops) is with Dell Computer
Corporation; this contract will be evaluated every three (3) years. The present
contract supports a three-year onsite warranty, preinstalled operating system
and standard licensed software.
|
Model |
Supported |
Should be replaced in next school year |
|
(General) |
2.4Ghz processor and faster |
Less than 2.0Ghz processor |
|
Desktop |
Dell MAC |
Dell G Series or Below Power mac 5200 or Below |
|
Laptop |
Dell Power Book |
Dell Lattitude or lower |
2.3 Other
Computers back
Any
County entity that acquires computers in the "other" category must provide
support for them. These computers
must meet minimum requirements to be connected to the entities network. These
devices may be connected to the entities local area network (LAN) or not,
depending on their use. If the PC
is to be used to access county applications, then it cannot be an "other" PC.
Due
to the licensing agreements from Microsoft, all used computers must have an
operating system license purchased, or the license must be provided with the
PC. This is also true for
Microsoft Office if it is going to be used on the PC. If the machine came with MS Office or other software
pre-installed on the machine, it must be erased, and a new copy purchased.
Exceptions to operating systems software are:
( A Windows
Operating System (OS) book accompanied the PC and it has a certificate.
( The PC has a 3D
Microsoft Windows sticker attached.
( If the PC was
donated, the machine is eligible for a free copy of Windows 98 or 2000 per
Microsoft’s Fresh Start program. Schools and departments are required to notify Microsoft once a year
listing the number of PCs that are utilizing this program.
2.4 Component
Requirements back
When
replacing, or adding components to County or "other" PCs, that are connected to
the network, the PC must have a minimum level of hardware and software.
|
Component |
Comment |
|
TCP/IP Network card, capable of 100mb transmission; |
If the machine is to connect to the network, its |
|
Operating System |
Either Mac OSX 10 or Windows XP pro operating All |
|
PC CPU: Core2, 2.4Ghz MAC |
2.4 Ghz or higher recommended, |
|
PC Memory: 2Gb MAC |
1 Gb minimum supported however this may limit |
|
PC and MAC: CD ROM is required |
CD/DVD writer |
|
PC Anti-Virus Software |
The current release of McAfee, Norton or AVG Free |
2.5 Peripherals back
Peripherals
are the miscellaneous equipment attached to a PC (excluding printers and PDA’s
which are covered in separate sections); this includes scanners, cameras,
external hard drives, high compression/capacity drives (Example: ZIP drives),
etc.
The
INS department supports the standard peripherals that are "bundled" with a
County computer (keyboard, monitor, mouse and potentially speakers). If a County computer is purchased with
other options, then INS will also support these devices (microphones, scanners,
etc.).
2.6 Support
of Peripherals back
INS
will support additional hardware purchased to connect to County PCs. The user needs to have the latest
software drivers readily available for the support person to install the
device.
INS
will install the drivers required to make the supported equipment operational;
however, they will not support any other software that is bundled with the
hardware.
( For example, if INS installs the device drivers to get
a scanner working, they will not install or configure any software used to scan
or edit images on the device.
2.7 Warranty
Support of Personal Computers and Peripherals back
INS
will support county business offices in resolving issues with County personal
computers and peripherals. If
systems are under warranty, INS will work with the vendors to replace defective
parts at no cost to the department.
3. PC Software back
The
County supports the installation of standard suite of applications that go on
all County PCs. This does not include
supporting the application itself. Software installed on "other" PCs is not supported (see "unsupported
software").
3.1 Supported
software (Operating System & Utilities) back
|
Software |
Versions |
Notes |
|
Microsoft Network Client |
Any |
|
|
Microsoft Outlook Client |
10.6823 SP3 |
|
|
Macintosh Operating System |
10. and above |
|
|
Windows Operating System |
Windows 2000, Windows XP Professional* |
|
|
Ghost (used to create a software image of a computer |
10.x and above |
|
|
Anti-Virus (McAffee, Norton, AVG Free |
McAffe 8.x and above |
*Schools/Departments
need to maintain a copy of installation CDs.
3.2 County
Image back
The
County builds standard images [1] for all County PCs with the latest
supported operating systems (OS). Entities that choose to build their own image are required to use the
County image as the base. This allows flexibility to install additional
applications while maintaining the County core OS. This will ensure that INS
can still support all County PCs and image them if necessary.
County
Core Image
The
County Core Image contains the following but not limited to:
a. Operating System
b. Office Suite XP
c. Antivirus Suite,
currently McAfee
d. Microsoft Outlook
mail client
e. Symantac Ghost 10
3.3 Supported
Installation of Software (Desktop Applications) back
|
Software |
Versions |
|
Microsoft Office Professional* Includes: |
Office 97, Office 2000, Office 2002 (XP), Office |
|
Visio* |
Visio 2000 and Visio 2002 (XP), Visio 2003 |
|
Microsoft Project* |
Project 2000, 2002, 2003 |
*Entities
need to maintain a copy of all installation CDs for software installed.
3.4 Application Software back
Software
developed by the County (such as Directory Management System) or purchased by
the District (such as Financial 2000) fall into a separate categories. These applications are available only
on County machines; installation of this software on "other" PCs is not
permitted.
|
Software* |
|
Financial 2000 |
|
Mainframe connectivity (Reflections/Minisoft) |
Special departmental software
may not appear on this list, contact INS if you are unsure about installation.
3.4.1 Web Browsers
Applications
created by INS for use on the Internet (external to the County) or intranet
(internal to the County) will support the current level of Microsoft Internet
Explorer Web browser and Safari
|
Browser |
Versions |
|
Microsoft Internet Explorer |
Version 6.0 and above |
3.5 Unsupported
Software back
County personnel installing
"unsupported" software do so at their own risk. INS will not assist staff members with operation,
integration and use of software not on approved list. Machines that fail and have to be restored from an image
will have standard software restored; INS will not reload any unsupported
software.
Some software is dangerous to
the Counties network and will not be allowed. Most of these software packages
(listed below) have known faults that will compromise the security of district
data and applications.
|
Software |
Reason |
|
Email Clients (Eudora, Outlook, Outlook Express, |
Can be a security risk. |
|
Windows ME |
Home version of windows OS that has too many |
|
AOL Client Software |
Creates security holes through the district |
|
Instant Messengers (AIM, |
IMs become a portal for virus to be passed. |
3.6 Guildlines
for County elements when purchasing Unsupported Software back
( Determine if software runs on a PC or is client
-server based.
( Identify on which operating systems the software is
certified.
( Review the minimum hardware specifications for the
software.
( Test one copy of software to see how it runs on County
PCs.
( Contact INS for recommendations.
3.7 Anti-virus
software back
The
County requires that Antivirus software be installed on all PCs (County and
"other"), and automatically update the virus definition files. Please contact INS if you are unsure
how to do this. The current county
vendor for anti-virus software is McAfee.
4. Hand-held Devices (working draft) back
( There are two types of Personal Digital Assistants
(PDAs) supported by INS: Those running the Palm OS and those running Microsoft
Windows CE.
4.1 Hardware back
INS
will troubleshoot connectivity for all hand-held devices purchased by the
county. The company that sold the device to the user should provide support for
personal devices. Hardware support
includes assisting a user with installing the cradle used to connect the
hand-held device with their PC.
4.2 Software back
Support
for the following software is provided:
|
Software |
Version |
|
Palm OS |
4.1 or |
|
Microsoft |
3.0 or |
|
Microsoft |
3.0 or |
5. Printing back
Unlike
personal computers, the decision on type of printer is left to the
department/school; however it is recommended that department/schools consult
INS before selecting any printer. INS recommends the following brands:
|
Printer |
Vendors |
|
Laser Printer |
Hewlett-Packard |
|
Ink-Jet |
Hewlett-Packard |
It
is the department/school’s responsibility to verify that the printer selected
will operate efficiently. Address
the following items before selecting the printer:
( If the printer is attached to the network, does it
include a Network Interface Card (NIC)?
( Does your PC’s operating system support this printer?
( Is this printer to be used by more than one person
(see section on networked printers below)?
( What is the rated capacity of the printer (pages per
month) as opposed to the amount it is required to print?
( Limited help is available on non-HP printers.
( Cost per page consideration, please contact INS for
more information.
( Hardware warranty.
5.1 Networked
Printers back
If
a printer is used by more than one person, it must be attached to the
network. Network printers require
the following:
( The printer must have a network card contained within
the device, or a INS approved Jet Direct box must be attached to the
printer. The Jet Direct box is the
only external device supported by INS for connecting printers to the network.
( A print queue will be setup by INS on your local
file/print server; a service request must be created for this to occur.
( The printer is not recommended to be "shared";
Microsoft Windows allows a person to "share" a printer physically attached to
his/her PC with others. Printer
sharing increases network traffic, as the "shared" device is continually
broadcasting messages to other PCs, clogging the network with unnecessary
messages.
( The printer needs to be compliant with TCP/IP printing
and support HP emulation.
5.2 Printer
Support back
INS
will work to troubleshoot printer problems on all supported printers with the
following guidelines:
( Printer maintenance (ie, toner replacement, cleaning)
is the responsibility of the individual entity.
( Repair of hardware problems are the responsibility of
the entity. INS maintains a list
of local repair vendors that is available upon request.
( Limited help is available on non-HP printers.
6. Network back
The
County consists of several Local Area Networks (LANs) connected to the district
Wide Area Network (WAN).
The
County WAN is connected to the Internet through our connection with the K-12
High Speed Network (HSN). All
Internet traffic for the county entities travels down this link regardless of
the originating location (department or school).
6.1 Responsibility back
County
personal computers – INS is responsible for ensuring connectivity from
the PC to the wall-jack (RJ45), from the wall-jack to the Server room, and then
out to the district WAN.
"Other"
personal computers – INS is responsible for ensuring connectivity from
the wall-jack, to the Server room, and then to the WAN; they are not
responsible for the connection from the PC to the wall-jack.
County
policy – The County sets various policies for network, intranet and
internet access. Please reference
the Application for Educational Internet E-mail Account and Individual Use of
Computer Networks and Internet.
6.2 Wiring back
( All new and existing County wiring will comply with
the IEEE Category-5e (Cat-5e) standard for voice and data connectivity. No new wiring using Category-3 is
permitted.
( Within a Server room, all wiring will terminate at a
universal transport.
( Connectivity to the network switch from the transport
will be through approved Category-5e patch panels. Authorized location personnel may attach devices to the
switch; however attaching labs or building supported servers to the LAN will
not be allowed without first consulting INS.
( INS staff will connect switches to routers (or
CSU/DSU’s); location staff will not perform this function.
( All wiring will
be terminated using the TIA/EIA 568B (AT&T 258A) standard.
6.3 Servers back
The
present district contract for Servers is with Dell Computers Inc.; this
contract is evaluated every four (4) years. The present contract supports a
three-year onsite warranty, preinstalled operating system and standard licensed
software.
|
Model |
Operating System Supported |
Hardware Supported |
Should be replaced/upgrade in next school year |
Supported by |
|
File Sharing or Print Services |
Windows 2000 Server Windows |
N/A |
INS or building support staff |
|
|
Electronic Mail |
Microsoft Exchange 2003 |
N/A |
INS |
|
|
N/A |
INS |
|||
|
WEB Servers |
IIS Version 5 and 6 |
N/A |
INS or designated support staff |
|
|
Network Appliances* |
Linux |
N/A |
N/A |
INS |
*
Network appliances are small, task-specific hardware devices purchased by INS
that provide various networking functions (i.e., Security Appliances, Backup
Appliances).
6.4 Network
Switches and Routers back
With
the sole exception of switches placed in schools, all network devices
(including network appliances) are maintained by INS. These mission-critical devices ensure connectivity to the
WAN, and in some cases within separate sections of a building.
Location
staff will not perform maintenance on these devices without consultation from
INS.
|
Device |
Brand |
Model Supported |
|
Switches Routers |
Cisco, HP, Extreme |
Summit X250e 24t & 48p X450e 24p-48p BlackDiamond 8810 & 8806 Switch 8212z, 8100fl, 6400cl, 6200yl, 5400zl, |
|
CSU/DSU |
ADTRAN |
|
|
Patch Panel |
Various |
*
Hubs are being decommissioned throughout the world; schools considering
purchase of new network equipment for a Lab should only purchase switches.
6.5 School Lab Switches back
Below
is a list of approved switches for classroom and school labs. The purchasing school or department
supports these switches.
|
Company |
Model Supported |
|
|
Extreme |
Summit X250e 24t & 48p X450e 24p-48p BlackDiamond 8810 & 8806 |
|
|
HP |
Switch 8212z, 8100fl, 6400cl, 6200yl, 5400zl, 3500yl, 5300xl, 3400cl, |
|
|
Cisco |
All ME Series |
|
6.6 Wireless
Networks back
Wireless
networks can come in many forms. At the end of this section lists the security concerns of INS and
minimum guidelines that need to be enforced to ensure the edge of our network
is being protected. The edge of
the County network is defined as areas where staff other than INS staff can add
networking devices to the County network without the knowledge or approval of
INS.
|
Company |
Model Supported |
|
|
Cisco |
Air AP-1230b & Air LAP-125Ag-A-k9 |
|
6.6.1 Point-to-point or point to multi-point:
Point-to-point
or point to multi-point is used to link physically different buildings on the
same campus that are within range of the wireless access point. For example, this would be used to
connect a portable classroom to the main school building on the same
campus. These connections are
installed by a vendor and supported by INS. These connections are not designed to support more than one
or two PCs in a given location. Computer labs should never be setup in the remote building that utilizes
point-to-point or point to multi-point wireless connection for network access.
|
Item |
Scale |
|
Support |
Reviewed by IT Director |
|
Security |
Minimum of 40bit Encryption |
|
Complexity/Setup |
Difficult |
|
Complexity/Manage |
Average |
|
Expense |
Expensive |
|
Use |
Specific |
6.6.2 Mobile wireless: (Working for the future)
Mobile
wireless most often refers to a movable computer storage cart with laptops and
a wireless access point that can be moved from classroom to classroom as
needed. This type of system is
used in schools where there are not enough classrooms to setup permanent
computer labs. When the mobile
wireless lab is rolled into a classroom, the wireless access point is plugged
into a wall jack connected to the network. This access point then provides network access to the
laptops on the cart within range of the wireless access point. Although this type of connection does
not provide the speed of computers plugged directly into a switch, this
connection works well for basic web surfing and classroom education, for about
15 laptops using the 802.11b protocol. The faster protocol, 802.11g provides better speeds and more
simultaneous connections.
Several
schools in the future will receive grants that provide wireless labs. In these cases, INS will help to
provide limited support but ultimately, the equipment needs to be supported by
the individual location. Support
issues should be addressed at the time of applying for grants
|
Item |
Scale |
Notes |
|
Support |
INS (limited) |
Standard equipment |
|
Security |
Minimal |
|
|
Complexity – Setup |
Simple |
|
|
Complexity – Manage |
Average |
|
|
Expense |
expensive |
|
|
Use |
Wide range |
Used when permanent computer labs are not an option |
6.6.3 Fixed wireless:
Fixed
wireless refers to wireless access points physically located throughout an
entire school building or in a selected area of a school (example: wing, pod,
floor, hall or designated zone). With this design, wireless devices, such as a laptop, can be moved
throughout an entire wireless area or building (within range of the wireless
access points) without loosing connectivity to the network. These wireless access points can be
managed individually or centrally*.
*
Requires a Radius server, time & FTE to manage the server.
|
Item |
Scale |
Notes |
|
Support |
INS |
|
|
Security |
Average |
|
|
Complexity – Setup |
Above Average |
|
|
Complexity – Manage |
Above Average |
|
|
Expense |
Minimal (Site Evaluation can cost in excess of |
|
|
Use |
Wide range |
Used to provide connectivity to wireless devices |
Several
schools have purchased fixed wireless access points or have been awarded grants
that supply fixed wireless equipment. INS will help to setup and configure these systems however maintenance
is the responsibility of the location. In the future, a standard will be developed and supported by INS.
6.6.4 Security requirements when installing wireless
technologies.
6.6.4.1 Point to point or point to multi point
The
equipment is installed and maintained by the vendor. It is proprietary and secure. INS supports this equipment.
6.6.4.2 Mobile wireless
Schools
and departments need to follow the wireless standards outlined here to help
ensure the security of the Counties network.
( Access points must be purchased from a list of
approved equipment (listed below)
( All wireless access points need to be physically
turned off after hours and on weekends, this may performed manually or with an
automatic timer.
( The following security measures must be applied when
configuring a wireless access point
o Specific MAC address list must be setup
o Encryption must be turned on (needs to be defined)
o Authentication enabled
|
Device |
Company |
Models Supported |
|
Access Points |
Cisco |
Wall |
|
Switch |
Netgear |
Router/switch/firewall that supports printing |
More
specifics will be coming
6.6.4.3 Fixed Wireless
Fixed
wireless must be evaluated on a site by site basis. Recommendations of security will be established with the
proper entity prior to purchase. INS will in the future provide a standard minimum standard configuration
that will be supported. INS will
be can be responsible for the management of these devices provided funding will
allow. The scope of this project
is still not defined.
7. Internet Access back
The
Internet, while a very informative and exciting venue, is also very
dangerous. To protect the counties
resources, INS has a firewall network device, which will protect the county
from most kinds of attacks. However,
it is the responsibility of all entities to ensure that they:
( Know exactly what they are downloading from a Web
site; many hacker attacks and most viruses come from downloaded files.
( Understand that email attachments may not always be
"clean" and exercise discretion when opening attachments.
o Currently INS maintains Postini, a spam blocker for
Microsoft Exchange mail. This does not block Web based email such as Hotmail,
AOL and Yahoo mail.
( Realize that any Internet traffic (streaming video,
streaming audio such as radio stations, downloading large files, etc.) uses
network bandwidth and slows down traffic for schools and County Intranet
applications.
( Internet use is for County functions only; personal
use of these services takes network bandwidth away from schools.
( County policy for Education Internet E-mail and
Individual Use
8. Security back
Various
levels of security are required within the County to prevent unauthorized
access to County devices and data.
8.1 Responsibility back
The
following chart outlines the levels of responsibility and accountability for
individual school and departments:
|
Item |
Responsibility |
Comments |
|
Hardware (PCs, network devices, etc.) |
School/Department and INS |
Locations securing hardware by a locking mechanism Locations |
|
School/Department Servers |
School/Department |
The server must be set up with a local administrator |
|
Software Licenses |
School/Department and INS |
Each department or school is responsible for |
|
Passwords |
School/Department |
Individuals at the location are responsible for |
8.2 Passwords back
8.2.1 Network passwords
Network
(Microsoft and Outlook) logins are setup by per a user request to INS to grant
access to system resources. These
IDs and passwords must be kept secure to protect the Counties information. At the present time, network passwords
are not set to expire; however this policy will be changing in the future
forcing all users to change their passwords on a routine basis.
Network
login and passwords are not to be shared between staff and especially between
staff and students.
8.2.1.1 Password Standard
Passwords
are case sensitive and must be at least 5 characters long. Password must consist of letters and
numbers. Passwords are generated by the user via Individual Use form and keyed
in by INS.
8.2.2 Application passwords
With
the conversion of all Web-based applications to the single security model, INS
will no longer be privy to user passwords. The new system allows both users and the INS to reset
passwords; INS will no longer be able to give a user their password.
Application
login and passwords are not to be shared between staff and especially between
staff and students.
8.2.2.1 Resetting Passwords
To have a password
reset please call the INS at 445-7028.
8.3 DMZ
(Demilitarized Zone) Security back
The
Counties Internet servers reside in a separate network area, referred to as the
DMZ. Access to the DMZ is
restricted because this is the area frequently attacked by external hackers.
8.3.1 DMZ Access
Users
are granted access to devices in the DMZ on a case-by-case basis. Before granting a staff member access
to a DMZ device, the following must take place
1. The location
requesting this access will request via email to the Director of INS
2. INS network staff
will meet with the individual requesting access. In this meeting, the restrictions and responsibilities of
DMZ access are reviewed, as is the specific access required.
3. INS will work
with the individual to test out file-transfer protocol (FTP) access to their
section of a machine in the DMZ.
4. Applications
(program executables, DLLs, etc.) will only be installed on a DMZ device after
testing on a secure development machine.
8.3.2 School Websites
5. Maintained by
school. Pages are uploaded through
an FTP process.
( Access is granted on a case-by-case basis as outlined
above
( These sites are strictly static pages, no additional
software is installed to support unique application or processes.
9. Backups back
Data
backup needs to occur at all levels. Data backup should be completed on all levels daily however the district
does not have the resources to currently accomplish this task.
9.1 Backups back
9.1.1 Individual Personal Computers
Individuals
should consult their support person; data maybe saved in the staffs User
folder.
For
mission critical systems, departments/schools may consider the use saving data
to their User folder which is automatically backed up.
INS
support is available to provide staff with information and basic training on
backing up a PC to a server.
9.1.2 School, department data
Schools
and departments are responsible for backing up their own data. When a school or department builds and
supports their own server, they are responsible for backing up the data if they
so choose.
9.1.3 Data stored on a County maintained server.
Any
data stored on a server should be backed up with an attached media drive. The software user account will need to
have full rights to the server.
9.1.4 Development, Quality Assurance and Production
servers
These
servers reside at INS and are backed up by the INS staff. All tapes are stored off-site. Tapes are rotated on a two-week cycle
with one set each month stored off-site for a year.
10. Naming Conventions back
Router and Switch
Host Names
The Router and switch host name
standard is as follows:
First 8 characters of the
building or department plus, "MDF" or "IDF & IDF#" plus, "_" plus, switch
number in rack from top to bottom
Examples:
OrickMDF_3 = Orick Elementary
School, MDF, Switch #3
Glenn_PaulIDF1_2 = Glenn Paul,
IDF #1, Switch #2
10.1 User Names and Passwords back
Username: Will be the last two numbers of the
calendar year plus the animal of the year from the Chinese calendar. The two parts of the username change
with each calendar.
Example: 99rat
99 = 1999 rat = Year of the rat.
Passwords: The first two
letters in the name of the school plus a phrase to be determined every year.
Example: orgr82bme
or = Orick gr8 = great 2 = to b
= be me
Example: glgr82bme
gl = Glenn Paul gr8 =
great 2 =
to b
= be me
11. IP Addressing back
11.1 IP Addressing back
The
communication protocol used to communicate between two different entities will
use the following schema
11.1.1 Business Office Schema
11.1.2 IP Schema
Business Office Primary:
###.###.###.001-002 Routers
###.###.###.003-009 Servers
###.###.###.010-199 DHCP
###.###.###.200-229 Static
###.###.###.230-239 Printers
###.###.###.240-and
up Risk Management, Camera’s,
Misc DHCP
###.###.###.253and
down Switches
###.###.###.254 Always
Open
School/Lab:
###.###.###.001-002 Routers
###.###.###.003-009 Servers/Static
###.###.###.020-029 Printers
###.###.###.030
and up DHCP
###.###.###.253and
down Switches
###.###.###.254 Always
Open
School Secondary or Lab
(Sub-netted by 128(low)):
###.###.###.001-003 Routers
###.###.###.004-009 Printers
###.###.###.010-029 Servers/Static
###.###.###.030
and up DHCP
###.###.###.126
and down Switches
###.###.###.127 Always
Open
School Secondary or Lab
(Sub-netted by 128(High)):
###.###.###.128-129 Unused
###.###.###.130-133 Routers
###.###.###.134-139 Printers
###.###.###.140-159 Servers/Static
###.###.###.160
and up DHCP
###.###.###.253
and down Switches
###.###.###.254 Always
Open
11.1.3 School Schema
11.2 VLANS back
11.2.1 VLAN Names
VLAN Names are As Follows: Name
= VL plus, VL #
VLAN Numbers are as follows:
Back Bone VLAN 100 = VL100
Inbound Provider VLAN 101 =
Reserved
Data & Staff VLAN 201 =
VL201
Video VLAN 301 = VL301
Students/Labs VLAN 401 = VL401
Phones VLAN 501 = VL501
Extra VLAN 601 = VL601
Extra VLAN 701 = VL701
Security VLAN 13 =VL13
11.3 Patch Cables back
Patch cable standards are as
follows:
Color Utilization Example
Yellow Outside to Inside Provider
to Switch
Green Servers Switch to Server
Orange Internal Switches Switch
to Switch
X-over
Orange with Red tape Switch
to Switch
Red Hood or Label
Blue, Grey Workstations/Printers Switch to port, or wall port to computer
RACK
STANDARDS
( Top Fiber
/ FDU Tray
( Under Fiber Cross
connects / Punch down block
( Under Punch block Switch
( Under Switches Switch
( Under switches Monitor
( Under Monitor Servers
( Under Servers Monitors
( Bottom UPS
[1] An image is a compressed version of a working operating system preconfigured to a specific model of PC. Installation of an image takes about 15 minutes where
as, an installation from scratch can take several hours.