County Technology Guidelines

version: 1.0

 

humboldt county of education

Revision Chart

Version

Primary Author(s)

Description of Version

Date Completed

Draft

GS

Initial draft created for distribution and review
comments

9/4/07

Preliminary

Don McCarty

Frederick Lumbert

Mary Diegan

Second draft incorporating initial review comments, distributed for final review

 

Final

 

First complete draft, which is placed under change
control

 

Revision 1

 

Revised draft, revised according to the change
control process and maintained under change
control

 

Etc.

TBD

TBD

 

Contents

New paragraphs formatted as Heading 1, Heading 2, and Heading 3 will be added to the table automatically. To update this table of contents in Microsoft Word, put the cursor anywhere in the table and press F9. If you want the table to be easy to maintain, do not change it manually.


 Revision Chart

 Contents

1. Overview

1.1  Why Guidelines?

1.1.1 Obsolescence

1.1.2 Hardware Repair

1.1.3 Software Integration

2. Personal Computers

2.1 "County" vs. "Other"

2.2 County Computers

2.3 Other Computers

2.4 Component Requirements

2.5 Peripherals

2.6 Support of Peripherals

2.7 Warranty Support of Personal Computers and Peripherals

3. PC Software

3.1 Supported software (Operating System & Utilities)

3.2 County Image

3.3 Supported Installation of Software (Desktop Applications)

3.4 Application Software

3.4.1 Web Browsers

3.5 Unsupported Software

3.6 Guildlines for County elements when purchasing Unsupported Software

3.7 Anti-virus software

4. Hand-held Devices (working draft)

4.1 Hardware

4.2 Software

5. Printing

5.1 Networked Printers

5.2 Printer Support

6. Network

6.1 Responsibility

6.2 Wiring

6.3 Servers

6.4 Network Switches and Routers

6.5 School Lab Switches

6.6 Wireless Networks

6.6.1 Point-to-point or point to multi-point:

6.6.2 Mobile wireless:  (Working for the future)

6.6.3 Fixed wireless:

6.6.4 Security requirements when installing wireless technologies

6.6.4.1 Point to point or point to multi point

6.6.4.2 Mobile wireless

6.6.4.3 Fixed Wireless

7. Internet Access

8. Security

8.1 Responsibility

8.2 Passwords

8.2.1 Network passwords

8.2.1.1 Password Standard

8.2.2 Application passwords

8.2.2.1 Resetting Passwords

 To have a password reset please call the INS at 445-7555

8.3 DMZ (Demilitarized Zone) Security

8.3.1 DMZ Access

8.3.2 School Websites

9. Backups

9.1 Backups

9.1.1 Individual Personal Computers

9.1.2 School, department data

9.1.3 Data stored on a County maintained server

9.1.4 Development, Quality Assurance and Production servers

10. Naming Conventions

 Router and Switch Host Names

10.1 User Names and Passwords

11. IP Addressing

11.1 IP Addressing

11.1.1 Business Office Schema

11.1.2 IP Schema

11.1.3 School  Schema

11.2 VLANS

11.2.1 VLAN Names

11.3 Patch Cables


1.     Overview back

1.1    Why Guidelines? back

Guidelines are created to allow the support organization (Technology) to maintain both the hardware and software infrastructure within the County. 

1.1.1                 Obsolescence

All computer equipment has an expected lifespan when created by the manufacturer; further defining this lifespan is the ability to run the operating system and ancillary software that enables the device to perform its required functions.  As an example, a four-year old PC may be within its lifespan as dictated by the manufacturer, but be incapable of running the present operating system.  

As hardware ages, the basic components (circuit boards, fans, power supplies, etc.) begin to fail and finding replacement parts becomes more difficult.  Repairs that may have taken two hours with "off the shelf" parts now take three weeks while INS staff attempts to find a reseller of old parts (which in turn may be close to failing if they are salvaged parts).  Both County and District resources suffer through a machine's outage.

Both hardware and software age at approximately the same rate; however, non-standard software creates different problems.  Obsolete software has problems integrating with newer software or hardware: As an example, the Windows 95 operating system is incapable of recognizing many DVD drives presently installed on computers.  Frequently, software failures present misleading messages which imply other software or hardware components have failed; tracking down these false leads takes time. 

1.1.2                 Hardware Repair

An additional burden is born by the support organization when attempting to repair equipment from a non-standard vendor.  Approved vendors supply the supporting department with repair manuals, Web sites and phone support faster and in more depth than experienced by the general consumer.   When attempting to repair equipment from a non-standard vendor, the support organization receives the same response a home-user may receive.

1.1.3                 Software Integration

Software systems create documents, spreadsheets, and other "items" in a format recognizable to themselves. In some cases "items" created in earlier versions of the same software types are also recognized but forward compatibility is not always possible.  Additionally, many software components require certain operating systems to function: A document program from one vendor may not be sophisticated enough (or current enough) to read a document from a different vendor.

For a support organization to be successful, they need to have familiarity with the software they help maintain.  The support team is required to trouble-shoot, install and answer questions about standard County software.  There are far too many possible software selections for the support team to be familiar with all of them.

2.    Personal Computers back

A personal computer (PC) is a hardware device, possibly connected to the County network, which consists of a keyboard, mouse, monitor and CPU.  Personal computers include laptops and most desktop systems (both Intel and Macintosh).  Hand-held devices (Pocket PC, Handspring, Palm, etc.) are not considered personal computers.  Personal computers for the County fall into two categories:

(       County – Purchased through the County using a vendor contract

(       Other – Anything else, including donated or purchased "Used"*

o   Used: Refurbished or rebuilt by any organization other than Humboldt County Office of Education

o   *Donated: For large donations, INS will develop a Service Level Agreements (SLA) to provide some level of support.

2.1 "County" vs. "Other" back

For support purposes, computers within the county are segregated by their origin, rather than their use.  As an example, a new computer may be deployed to a PC Lab in a school and is still supported by INS; a donated computer (regardless of age) is not supported by INS unless an SLA has been specifically written by INS.  In short, computers purchased from the County contract, are "County" machines; those not purchased from the contract are in the "other" category unless an SLA has been written by INS.

The following are general guidelines for determining if a PC should be County or Other:

(       PCs running County applications (Fin2000, Minisoft, Reflections, etc.) must be County machines.

(       Students may use either County or Other PCs.

(       A stand-alone (not connected to the network) machine may be either a County or Other PC.
2.2 County Computers back

The present County contract for PCs (including laptops) is with Dell Computer Corporation; this contract will be evaluated every three (3) years. The present contract supports a three-year onsite warranty, preinstalled operating system and standard licensed software.

Model

Supported

Should be replaced in next school year

(General)

2.4Ghz processor and faster

Less than 2.0Ghz processor

Desktop

Dell

MAC

Dell G Series or Below

Power mac 5200 or Below

Laptop

Dell

Power Book

Dell Lattitude or lower


2.3 Other Computers back

Any County entity that acquires computers in the "other" category must provide support for them.  These computers must meet minimum requirements to be connected to the entities network. These devices may be connected to the entities local area network (LAN) or not, depending on their use.  If the PC is to be used to access county applications, then it cannot be an "other" PC.

Due to the licensing agreements from Microsoft, all used computers must have an operating system license purchased, or the license must be provided with the PC.  This is also true for Microsoft Office if it is going to be used on the PC.  If the machine came with MS Office or other software pre-installed on the machine, it must be erased, and a new copy purchased. Exceptions to operating systems software are:

(       A Windows Operating System (OS) book accompanied the PC and it has a certificate.

(       The PC has a 3D Microsoft Windows sticker attached.

(       If the PC was donated, the machine is eligible for a free copy of Windows 98 or 2000 per Microsoft's Fresh Start program.  Schools and departments are required to notify Microsoft once a year listing the number of PCs that are utilizing this program.

2.4 Component Requirements back

When replacing, or adding components to County or "other" PCs, that are connected to the network, the PC must have a minimum level of hardware and software.

Component

Comment

TCP/IP Network card, capable of 100mb transmission; Ethernet

If the machine is to connect to the network, its network card (NIC) must be TCP/IP compliant.

Operating System

Either Mac OSX 10 or Windows XP pro operating systems.

All software purchased for the machine must be licensed.

PC CPU:  Core2, 2.4Ghz

MAC CPU: Power MAC 4400

2.4 Ghz or higher recommended,

PC Memory: 2Gb

MAC Memory: 1Gb

1 Gb minimum supported however this may limit performance and some features.

PC and MAC: CD ROM is required

CD/DVD writer

PC Anti-Virus Software

The current release of McAfee, Norton or AVG Free Antivirus software for either the MAC or the PC must be installed on the machine.

2.5 Peripherals back

Peripherals are the miscellaneous equipment attached to a PC (excluding printers and PDA's which are covered in separate sections); this includes scanners, cameras, external hard drives, high compression/capacity drives (Example: ZIP drives), etc. 

The INS department supports the standard peripherals that are "bundled" with a County computer (keyboard, monitor, mouse and potentially speakers).  If a County computer is purchased with other options, then INS will also support these devices (microphones, scanners, etc.).  

2.6 Support of Peripherals back

INS will support additional hardware purchased to connect to County PCs.  The user needs to have the latest software drivers readily available for the support person to install the device.

INS will install the drivers required to make the supported equipment operational; however, they will not support any other software that is bundled with the hardware.

(       For example, if INS installs the device drivers to get a scanner working, they will not install or configure any software used to scan or edit images on the device.

2.7 Warranty Support of Personal Computers and Peripherals back

INS will support county business offices in resolving issues with County personal computers and peripherals.  If systems are under warranty, INS will work with the vendors to replace defective parts at no cost to the department. 

3.    PC Software back

The County supports the installation of standard suite of applications that go on all County PCs.  This does not include supporting the application itself.  Software installed on "other" PCs is not supported (see "unsupported software").

3.1 Supported software (Operating System & Utilities) back

Software

Versions

Notes

Microsoft Network Client

Any

 

Microsoft Outlook Client

10.6823 SP3

 

Macintosh Operating System

10. and above

 

Windows Operating System

Windows 2000,  Windows XP Professional*

 

Ghost (used to create a software image of a computer system)

10.x and above

 

Anti-Virus (McAffee, Norton, AVG Free

McAffe 8.x and above

 

*Schools/Departments need to maintain a copy of installation CDs.

3.2 County Image back

The County builds standard images [1]   for all County PCs with the latest supported operating systems (OS).  Entities that choose to build their own image are required to use the County image as the base. This allows flexibility to install additional applications while maintaining the County core OS. This will ensure that INS can still support all County PCs and image them if necessary.

County Core Image

The County Core Image contains the following but not limited to:

a.     Operating System

b.     Office Suite XP

c.     Antivirus Suite, currently McAfee

d.     Microsoft Outlook mail client

e.     Symantac Ghost 10

3.3 Supported Installation of Software (Desktop Applications) back

Software

Versions

Microsoft Office Professional*

Includes: Word, Excel, PowerPoint, Access

Office 97, Office 2000, Office 2002 (XP), Office 2003

Visio*

Visio 2000 and Visio 2002 (XP), Visio 2003

   

Microsoft Project*

Project 2000, 2002, 2003

   

*Entities need to maintain a copy of all installation CDs for software installed.
3.4 Application Software back

Software developed by the County (such as Directory Management System) or purchased by the District (such as Financial 2000) fall into a separate categories.  These applications are available only on County machines; installation of this software on "other" PCs is not permitted.

Software*

Financial 2000

Mainframe connectivity (Reflections/Minisoft) – access to HP

 
 

Special departmental software may not appear on this list, contact INS if you are unsure about installation.

3.4.1               Web Browsers

Applications created by INS for use on the Internet (external to the County) or intranet (internal to the County) will support the current level of Microsoft Internet Explorer Web browser and Safari

Browser

Versions

Microsoft Internet Explorer

Version 6.0 and above


3.5 Unsupported Software back

County personnel installing "unsupported" software do so at their own risk.  INS will not assist staff members with operation, integration and use of software not on approved list.  Machines that fail and have to be restored from an image will have standard software restored; INS will not reload any unsupported software. 

Some software is dangerous to the Counties network and will not be allowed. Most of these software packages (listed below) have known faults that will compromise the security of district data and applications.

Software

Reason

Email Clients (Eudora, Outlook, Outlook Express, Incredimail)

Can be a security risk.

Windows ME

Home version of windows OS that has too many security holes.

AOL Client Software

Creates security holes through the district firewall.

Instant Messengers

(AIM, MSN, Yahoo, ICQ..)

IMs become a portal for virus to be passed.

3.6 Guildlines for County elements when purchasing Unsupported Software back

(       Determine if software runs on a PC or is client -server based.

(       Identify on which operating systems the software is certified.

(       Review the minimum hardware specifications for the software.

(       Test one copy of software to see how it runs on County PCs.

(       Contact INS for recommendations.

3.7 Anti-virus software back

The County requires that Antivirus software be installed on all PCs (County and "other"), and automatically update the virus definition files.  Please contact INS if you are unsure how to do this.  The current county vendor for anti-virus software is McAfee.

4.    Hand-held Devices (working draft) back

(       There are two types of Personal Digital Assistants (PDAs) supported by INS: Those running the Palm OS and those running Microsoft Windows CE. 

4.1 Hardware back

INS will troubleshoot connectivity for all hand-held devices purchased by the county. The company that sold the device to the user should provide support for personal devices.  Hardware support includes assisting a user with installing the cradle used to connect the hand-held device with their PC.

4.2 Software back

Support for the following software is provided:

Software

Version

Palm OS

4.1 or higher

Microsoft Windows CE

3.0 or higher

Microsoft Activesync

3.0 or higher

5.    Printing back

Unlike personal computers, the decision on type of printer is left to the department/school; however it is recommended that department/schools consult INS before selecting any printer. INS recommends the following brands:

Printer

Vendors

Laser Printer

Hewlett-Packard

Ink-Jet

Hewlett-Packard

It is the department/school's responsibility to verify that the printer selected will operate efficiently.  Address the following items before selecting the printer:

(       If the printer is attached to the network, does it include a Network Interface Card (NIC)?

(       Does your PC's operating system support this printer?

(       Is this printer to be used by more than one person (see section on networked printers below)?

(       What is the rated capacity of the printer (pages per month) as opposed to the amount it is required to print?

(       Limited help is available on non-HP printers.

(       Cost per page consideration, please contact INS for more information.

(       Hardware warranty.


5.1 Networked Printers back

If a printer is used by more than one person, it must be attached to the network.  Network printers require the following:

(       The printer must have a network card contained within the device, or a INS approved Jet Direct box must be attached to the printer.  The Jet Direct box is the only external device supported by INS for connecting printers to the network.

(       A print queue will be setup by INS on your local file/print server; a service request must be created for this to occur.

(       The printer is not recommended to be "shared"; Microsoft Windows allows a person to "share" a printer physically attached to his/her PC with others.  Printer sharing increases network traffic, as the "shared" device is continually broadcasting messages to other PCs, clogging the network with unnecessary messages.

(       The printer needs to be compliant with TCP/IP printing and support HP emulation.

5.2 Printer Support back

INS will work to troubleshoot printer problems on all supported printers with the following guidelines:

(       Printer maintenance (ie, toner replacement, cleaning) is the responsibility of the individual entity.

(       Repair of hardware problems are the responsibility of the entity.  INS maintains a list of local repair vendors that is available upon request.

(       Limited help is available on non-HP printers.

6.    Network back

The County consists of several Local Area Networks (LANs) connected to the district Wide Area Network (WAN). 

The County WAN is connected to the Internet through our connection with the K-12 High Speed Network (HSN).  All Internet traffic for the county entities travels down this link regardless of the originating location (department or school).

6.1 Responsibility back

County personal computers – INS is responsible for ensuring connectivity from the PC to the wall-jack (RJ45), from the wall-jack to the Server room, and then out to the district WAN.

"Other" personal computers – INS is responsible for ensuring connectivity from the wall-jack, to the Server room, and then to the WAN; they are not responsible for the connection from the PC to the wall-jack.

County policy – The County sets various policies for network, intranet and internet access.  Please reference the Application for Educational Internet E-mail Account and Individual Use of Computer Networks and Internet.

6.2 Wiring back

(       All new and existing County wiring will comply with the IEEE Category-5e (Cat-5e) standard for voice and data connectivity.  No new wiring using Category-3 is permitted. 

(       Within a Server room, all wiring will terminate at a universal transport. 

(       Connectivity to the network switch from the transport will be through approved Category-5e patch panels.  Authorized location personnel may attach devices to the switch; however attaching labs or building supported servers to the LAN will not be allowed without first consulting INS.

(       INS staff will connect switches to routers (or CSU/DSU's); location staff will not perform this function.

(      All wiring will be terminated using the TIA/EIA 568B (AT&T 258A) standard.

6.3 Servers back

The present district contract for Servers is with Dell Computers Inc.; this contract is evaluated every four (4) years. The present contract supports a three-year onsite warranty, preinstalled operating system and standard licensed software.

Model

Operating System Supported

Hardware Supported

Should be replaced/upgrade in next school year

Supported by

File Sharing or   Print Services

Windows 2000 Server

Windows 2003 Server

 

N/A

INS or building support staff

Electronic Mail

Microsoft Exchange 2003

 

N/A

INS

     

N/A

INS

WEB Servers

IIS Version 5 and 6

 

N/A

INS or designated support staff

Network Appliances*

Linux

N/A

N/A

INS

* Network appliances are small, task-specific hardware devices purchased by INS that provide various networking functions (i.e., Security Appliances, Backup Appliances).
 

6.4 Network Switches and Routers back

With the sole exception of switches placed in schools, all network devices (including network appliances) are maintained by INS.  These mission-critical devices ensure connectivity to the WAN, and in some cases within separate sections of a building.

Location staff will not perform maintenance on these devices without consultation from INS.

Device

Brand

Model Supported

Switches Routers

Cisco, HP, Extreme

Summit X250e 24t & 48p  X450e 24p-48p  BlackDiamond 8810 & 8806   Switch 8212z, 8100fl, 6400cl, 6200yl, 5400zl, 3500yl, 5300xl, 3400cl, 4200vl, 2900, 2800, 2810, 1800 & All ME Series

CSU/DSU

ADTRAN

 

Patch Panel

Various

 

* Hubs are being decommissioned throughout the world; schools considering purchase of new network equipment for a Lab should only purchase switches.
6.5 School Lab Switches back

Below is a list of approved switches for classroom and school labs.  The purchasing school or department supports these switches.

Company

Model Supported

Extreme

Summit X250e 24t & 48p  X450e 24p-48p  BlackDiamond 8810 & 8806

 

HP

Switch 8212z, 8100fl, 6400cl, 6200yl, 5400zl, 3500yl, 5300xl, 3400cl, 4200vl, 2900, 2800, 2810, 1800

 

Cisco

All ME Series

 

 

6.6 Wireless Networks back

Wireless networks can come in many forms.  At the end of this section lists the security concerns of INS and minimum guidelines that need to be enforced to ensure the edge of our network is being protected.  The edge of the County network is defined as areas where staff other than INS staff can add networking devices to the County network without the knowledge or approval of INS.

Company

Model Supported

Cisco

Air AP-1230b & Air LAP-125Ag-A-k9

 

6.6.1               Point-to-point or point to multi-point: 

Point-to-point or point to multi-point is used to link physically different buildings on the same campus that are within range of the wireless access point.  For example, this would be used to connect a portable classroom to the main school building on the same campus.  These connections are installed by a vendor and supported by INS.  These connections are not designed to support more than one or two PCs in a given location.  Computer labs should never be setup in the remote building that utilizes point-to-point or point to multi-point wireless connection for network access.

Item

Scale

Support

Reviewed by IT Director

Security

Minimum of 40bit Encryption

Complexity/Setup

Difficult

Complexity/Manage

Average

Expense

Expensive

Use

Specific

6.6.2               Mobile wireless:  (Working for the future)

Mobile wireless most often refers to a movable computer storage cart with laptops and a wireless access point that can be moved from classroom to classroom as needed.  This type of system is used in schools where there are not enough classrooms to setup permanent computer labs.  When the mobile wireless lab is rolled into a classroom, the wireless access point is plugged into a wall jack connected to the network.  This access point then provides network access to the laptops on the cart within range of the wireless access point.  Although this type of connection does not provide the speed of computers plugged directly into a switch, this connection works well for basic web surfing and classroom education, for about 15 laptops using the 802.11b protocol.  The faster protocol, 802.11g provides better speeds and more simultaneous connections.

Several schools in the future will receive grants that provide wireless labs.  In these cases, INS will help to provide limited support but ultimately, the equipment needs to be supported by the individual location.  Support issues should be addressed at the time of applying for grants

Item

Scale

Notes

Support

INS (limited)

Standard equipment

Security

Minimal

 

Complexity – Setup

Simple

 

Complexity – Manage

Average

 

Expense

expensive

 

Use

Wide range

Used when permanent computer labs are not an option or when it is more convenient to support educating

6.6.3               Fixed wireless: 

Fixed wireless refers to wireless access points physically located throughout an entire school building or in a selected area of a school (example: wing, pod, floor, hall or designated zone).  With this design, wireless devices, such as a laptop, can be moved throughout an entire wireless area or building (within range of the wireless access points) without loosing connectivity to the network.  These wireless access points can be managed individually or centrally*.

* Requires a Radius server, time & FTE to manage the server.

Item

Scale

Notes

Support

INS

 

Security

Average

 

Complexity – Setup

Above Average

 

Complexity – Manage

Above Average

 

Expense

Minimal (Site Evaluation can cost in excess of $1,500)

 

Use

Wide range

Used to provide connectivity to wireless devices without the need to move or setup wireless access points.

Several schools have purchased fixed wireless access points or have been awarded grants that supply fixed wireless equipment.  INS will help to setup and configure these systems however maintenance is the responsibility of the location.  In the future, a standard will be developed and supported by INS.

6.6.4               Security requirements when installing wireless technologies.

6.6.4.1            Point to point or point to multi point

The equipment is installed and maintained by the vendor.  It is proprietary and secure.  INS supports this equipment.

6.6.4.2            Mobile wireless

Schools and departments need to follow the wireless standards outlined here to help ensure the security of the Counties network.

(       Access points must be purchased from a list of approved equipment (listed below)

(       All wireless access points need to be physically turned off after hours and on weekends, this may performed manually or with an automatic timer.

(       The following security measures must be applied when configuring a wireless access point

o   Specific MAC address list must be setup

o   Encryption must be turned on (needs to be defined)

o   Authentication enabled

Device

Company

Models Supported

Access Points

Cisco

 Wall mounted, external power

Switch

Netgear

Router/switch/firewall that supports printing

       More specifics will be coming

6.6.4.3            Fixed Wireless

Fixed wireless must be evaluated on a site by site basis.  Recommendations of security will be established with the proper entity prior to purchase.  INS will in the future provide a standard minimum standard configuration that will be supported.  INS will be can be responsible for the management of these devices provided funding will allow.  The scope of this project is still not defined.

7.    Internet Access back

The Internet, while a very informative and exciting venue, is also very dangerous.  To protect the counties resources, INS has a firewall network device, which will protect the county from most kinds of attacks.  However, it is the responsibility of all entities to ensure that they:

(       Know exactly what they are downloading from a Web site; many hacker attacks and most viruses come from downloaded files.

(       Understand that email attachments may not always be "clean" and exercise discretion when opening attachments.

o   Currently INS maintains Postini, a spam blocker for Microsoft Exchange mail. This does not block Web based email such as Hotmail, AOL and Yahoo mail.

(       Realize that any Internet traffic (streaming video, streaming audio such as radio stations, downloading large files, etc.) uses network bandwidth and slows down traffic for schools and County Intranet applications.

(       Internet use is for County functions only; personal use of these services takes network bandwidth away from schools.

(       County policy for Education Internet E-mail and Individual Use

8.    Security back

Various levels of security are required within the County to prevent unauthorized access to County devices and data.

8.1 Responsibility back

The following chart outlines the levels of responsibility and accountability for individual school and departments:

Item

Responsibility

Comments

Hardware (PCs, network devices, etc.)

School/Department and INS

Locations securing hardware by a locking mechanism need to make available the keys or combinations to INS for support purposes.  These can reside in the school but need to be available to support staff at all times

Locations implementing password protection on devices need to make this password available to INS.

School/Department Servers

School/Department

The server must be set up with a local administrator account for the INS team to administer the server, (or set up an account allowing the INS team to administer the server remotely.)

Software Licenses

School/Department and INS

Each department or school is responsible for ensuring all software installed is legally licensed.

Passwords

School/Department

Individuals at the location are responsible for ensuring their passwords have not been compromised (see following section). 

8.2 Passwords back

8.2.1               Network passwords

Network (Microsoft and Outlook) logins are setup by per a user request to INS to grant access to system resources.  These IDs and passwords must be kept secure to protect the Counties information.  At the present time, network passwords are not set to expire; however this policy will be changing in the future forcing all users to change their passwords on a routine basis.

Network login and passwords are not to be shared between staff and especially between staff and students.

8.2.1.1            Password Standard

Passwords are case sensitive and must be at least 5 characters long.  Password must consist of letters and numbers. Passwords are generated by the user via Individual Use form and keyed in by INS.

8.2.2               Application passwords

With the conversion of all Web-based applications to the single security model, INS will no longer be privy to user passwords.  The new system allows both users and the INS to reset passwords; INS will no longer be able to give a user their password.

Application login and passwords are not to be shared between staff and especially between staff and students. 

8.2.2.1            Resetting Passwords

To have a password reset please call the INS at 445-7028.
 

8.3 DMZ (Demilitarized Zone) Security back

The Counties Internet servers reside in a separate network area, referred to as the DMZ.  Access to the DMZ is restricted because this is the area frequently attacked by external hackers.

8.3.1               DMZ Access

Users are granted access to devices in the DMZ on a case-by-case basis.  Before granting a staff member access to a DMZ device, the following must take place

1.     The location requesting this access will request via email to the Director of INS

2.     INS network staff will meet with the individual requesting access.  In this meeting, the restrictions and responsibilities of DMZ access are reviewed, as is the specific access required.

3.     INS will work with the individual to test out file-transfer protocol (FTP) access to their section of a machine in the DMZ.

4.     Applications (program executables, DLLs, etc.) will only be installed on a DMZ device after testing on a secure development machine.

8.3.2               School Websites

5.     Maintained by school.  Pages are uploaded through an FTP process.

(       Access is granted on a case-by-case basis as outlined above

(       These sites are strictly static pages, no additional software is installed to support unique application or processes.

9.    Backups back

Data backup needs to occur at all levels.  Data backup should be completed on all levels daily however the district does not have the resources to currently accomplish this task.

9.1 Backups back

9.1.1               Individual Personal Computers

Individuals should consult their support person; data maybe saved in the staffs User folder.

For mission critical systems, departments/schools may consider the use saving data to their User folder which is automatically backed up.

INS support is available to provide staff with information and basic training on backing up a PC to a server.

9.1.2               School, department data

Schools and departments are responsible for backing up their own data.  When a school or department builds and supports their own server, they are responsible for backing up the data if they so choose.

9.1.3               Data stored on a County maintained server.

Any data stored on a server should be backed up with an attached media drive.  The software user account will need to have full rights to the server.

9.1.4               Development, Quality Assurance and Production servers

These servers reside at INS and are backed up by the INS staff.  All tapes are stored off-site.  Tapes are rotated on a two-week cycle with one set each month stored off-site for a year.


10.                  Naming Conventions back

Router and Switch Host Names

The Router and switch host name standard is as follows:

First 8 characters of the building or department plus, "MDF" or "IDF & IDF#" plus, "_" plus, switch number in rack from top to bottom

Examples:

OrickMDF_3 = Orick Elementary School, MDF, Switch #3

Glenn_PaulIDF1_2 = Glenn Paul, IDF #1, Switch #2

10.1               User Names and Passwords back

Username:  Will be the last two numbers of the calendar year plus the animal of the year from the Chinese calendar.  The two parts of the username change with each calendar.

Example: 99rat

99 = 1999   rat = Year of the rat.

Passwords: The first two letters in the name of the school plus a phrase to be determined every year.

Example: orgr82bme

or =  Orick gr8 = great       2 = to               b = be               me

Example: glgr82bme

gl = Glenn Paul        gr8 = great       2 = to               b = be               me

11.                  IP Addressing back

11.1               IP Addressing back

The communication protocol used to communicate between two different entities will use the following schema

11.1.1            Business Office Schema

11.1.2            IP Schema

Business Office Primary:

###.###.###.001-002        Routers

###.###.###.003-009        Servers

###.###.###.010-199        DHCP

###.###.###.200-229        Static

###.###.###.230-239        Printers

###.###.###.240-and up   Risk Management, Camera's, Misc DHCP

###.###.###.253and down            Switches

###.###.###.254               Always Open

School/Lab:

###.###.###.001-002        Routers

###.###.###.003-009        Servers/Static

###.###.###.020-029        Printers

###.###.###.030 and up   DHCP

###.###.###.253and down            Switches

###.###.###.254               Always Open

School Secondary or Lab (Sub-netted by 128(low)):

###.###.###.001-003        Routers

###.###.###.004-009        Printers

###.###.###.010-029        Servers/Static

###.###.###.030 and up   DHCP

###.###.###.126 and down           Switches

###.###.###.127               Always Open

School Secondary or Lab (Sub-netted by 128(High)):

###.###.###.128-129        Unused

###.###.###.130-133              Routers

###.###.###.134-139        Printers

###.###.###.140-159        Servers/Static

###.###.###.160 and up   DHCP

###.###.###.253 and down           Switches

###.###.###.254               Always Open

11.1.3            School  Schema

11.2               VLANS back

11.2.1            VLAN Names

VLAN Names are As Follows: Name = VL plus, VL #

VLAN Numbers are as follows:

Back Bone VLAN 100 = VL100     

Inbound Provider VLAN 101 = Reserved                

Data & Staff VLAN 201 = VL201

Video VLAN 301 = VL301

Students/Labs VLAN 401 = VL401

Phones VLAN 501 = VL501

Extra VLAN 601 = VL601

Extra VLAN 701 = VL701

Security VLAN 13 =VL13

11.3               Patch Cables back

Patch cable standards are as follows:

Color          Utilization       Example

Yellow        Outside to Inside          Provider to Switch

Green          Servers Switch to Server

Orange        Internal Switches          Switch to Switch

X-over

Orange with Red tape          Switch to Switch

Red Hood or Label

Blue, Grey   Workstations/Printers  Switch to port, or wall port to computer

RACK STANDARDS

(              Top                                       Fiber / FDU Tray

(              Under Fiber                         Cross connects / Punch down block

(              Under Punch block                            Switch

(              Under Switches                                   Switch

(              Under switches                                     Monitor

(              Under Monitor                    Servers

(              Under Servers                     Monitors

(              Bottom                                                   UPS



[1]  An image is a compressed version of  a working operating system preconfigured to a specific model of PC.  Installation of  an image takes about 15 minutes where as, an installation from scratch can take several hours.