Shore School, an independent, Anglican school located in the busy heart of North Sydney, must meet the demands of 150 teaching staff and more than 1,600 students accessing their network.
With 10 percent of students and most of the teaching staff requiring Bring Your Own Device (BYOD) supported access, their network needed to be re-architected for speed, efficiency and growth.
“One of our main challenges with the increasing number of devices was not so much a question of security,” Richard Jones, ICT Manager at Shore School said. “It was the need to put in place a regime that provides appropriate access controls without ruining usability or stifling innovation. The tighter IT’s control, the greater the impact on users. People eventually get fed up with being blocked from doing things.”
For years Shore School had safeguarded children’s web use through a combination of WatchGuard and telco-managed firewall services. However, the telco service failed to deliver the visibility, reporting and responsiveness that Jones required to manage the school’s heavy browsing traffic. In addition, the incumbent web filtering solution was difficult to manage and unable to easily scale to handle a fully fledged BYOD load.
“We needed to increase Internet bandwidth, simplify design, and open up our network to student and staff devices,” he said.
The school is a keen advocate of technology as a learning support tool. The IT department manages 2,500 end points, roughly 90 percent of which include school-owned laptops, desktops and tablets. Although a formal BYOD programme is yet to be unveiled, the remaining 10 percent comprises a rapidly growing number and wide variety of boarding student and staff-owned devices. It’s this latter group of devices that has prompted Jones to rethink Shore School’s firewall strategy.
To solve the problems, he decided to consolidate firewall and VPN functionality, to drop the externally managed firewall and bring it all back in-house with the deployment of a new, more powerful appliance.
In their place, he selected a high performance, scalable WatchGuard XTM 2520 next-generation firewall. “When I looked at the options from WatchGuard, there were three different possible models. The one we chose had additional interfaces on it, which was very attractive to us and it had 10GB high-speed interfaces. The processing engine was also more powerful.”
Reduced costs and time savings of up to 50 percent were also evident through total network ownership. “I looked at other vendors, but having changed our LAN switch vendor earlier this year and our storage area network late last year, as well as putting in a new VoIP phone system, I was loathe to change another piece of the infrastructure without good reason. These had all been big projects that required the technical team to learn new devices,” he noted.
“My technical guys are very critical of things like this, but they like the WatchGuard technology and we already knew we were happy with their quality and reliability.”
The ease of transition to WatchGuard’s XTM 2520 has resulted in no downtime for upgrades, reconfigurations or changes in policy. With Active Directory integration providing reporting by user, Shore School now has complete visibility of their network activity and can better protect their students and manage online learning resources.
With technical assistance from Content Security, an IT security integration and consulting firm, the WatchGuard appliance was deployed and the old solutions were retired in mid-2014.
“Content Security has been our IT security partner for somewhere in the region of four years. We go to them for all things security,” Jones said. “In terms of deployment, the firewall itself presented no issues. It was a combined effort from WatchGuard and Content Security, which was quite reassuring for us as a client.”
Today, the WatchGuard appliance protects Shore School’s students and teachers by managing access to websites, blocking malware and questionable content. “We set controls on the sorts of websites they can visit based on categorisation of sites. Occasionally we also blacklist specific sites,” Jones says.
WatchGuard has given Shore School the scalability it needs, ensuring the availability of Internet services for the school. Access for boarders is controlled using time-based management functionality and the integration of WatchGuard’s single sign-on capability with Microsoft Active Directory provides fast, seamless authentication of students, staff and teachers.
Within the IT department, WatchGuard is proving to be an easy-to-manage solution that integrates all layers of network security. It has also vastly improved visibility of network traffic and utilisation. “The new environment, based on WatchGuard Dimension™, is a big improvement on what we had before,” Jones said.
Jones talked at length about how BYOD policies are a multi-faceted issue for any organisation. “Expanding the BYOD programme is a much bigger issue than just the technology. There’s a consultation process that needs to occur with teachers and parents. Teachers need to get used to the idea that they can use their own computer and then start to think about the way they will work in the classroom with technology. They need to understand how it might alter things when students start bringing their own devices into the classroom when they don’t have control over the software a student may use. Tasks may need to change to be less focused on the tool that’s being used and more focused on the outcome. The technology itself is not the main thing.”
The implementation of WatchGuard’s Dimension platform has provided greater visibility of Shore School’s network processes. Time saved of up to five hours per week spent on network troubleshooting and general management is allowing for more time being spent on other proactive IT projects.
By deploying WatchGuard, Shore School has enabled safe, secure and efficient BYOD network access for students and staff.
Jones believes the use of WatchGuard will be a core enabler for his BYOD vision. “The firewall introduces flexibility for us. We don’t have to heavily standardise endpoints, or dictate whether they are school owned or privately owned. We don’t feel as though we have to have tight restrictions if we can run access controls and rules about what users can and can’t do transparently in the background using WatchGuard. Without it, I don’t think I’d feel comfortable at all.”