Over the 6-9 months, the Human Resource Coordinator and myself have developed a new Acceptable Usage Policy for Staff. The big change in this document is the banning of social networking sites (ie FaceBook, MySpace, Twitter) during work hours. The draft has been circulated to all staff for comment...we'll see what sort of reaction we get.
Other than that, have been doing a lot of database development work. Seems like everyone wants something new / different in the system. Seems like rather than being an IT Manager, I am "simply" a database admin. Let's hope I can get the latest round of changes completed, then maybe people will stay off my back for a little while!
There has been some other interesting stuff going on though. NSSCF dictates that we must move to a 1:1 student:computer ratio by end 2011. This gives us 2 years to plan and implement some kind of 1:1 rollout for 800 students...gonna be a very interesting challenge.
I had a meeting with reps from HP ProCurve last Monday. Unfortunately, we can't get any "trade-in" for our existing wireless infrastructure if we choose to move to HP's newest "MSM" technology. Very disappointing given the amount of money we'd spent only 6 months ago, when we purchased the best equipment available to us. Will have to re-visit the numbers to see how this affects the total cost of completing our wireless rollout.
Sunday, July 26, 2009
Sunday, July 5, 2009
Dodgy databases?
Hmmm...looks like I have a database problem. In our student records database (FileMaker) the Absence data is displaying "weirdly". 2 users in Admin are seeing different database records (related to the same student). I've also had report of other "dodgy" behaviour relating to absences. So, it looks like my absence table is corrupt.
The fix? Well, first I take a "known good" copy of the database file (from an earlier backup). Then I'll need to export the records from the old file, and import into my "new" file. Finally, stop the database server, replace the file and re-start the server. I should be doing this now (8:00pm Sunday), but for some reason I cannot be bothered. Hmm...might do it after I've made myself a nice cup of tea!
Fingers crossed that this works!
The fix? Well, first I take a "known good" copy of the database file (from an earlier backup). Then I'll need to export the records from the old file, and import into my "new" file. Finally, stop the database server, replace the file and re-start the server. I should be doing this now (8:00pm Sunday), but for some reason I cannot be bothered. Hmm...might do it after I've made myself a nice cup of tea!
Fingers crossed that this works!
NAC Next on the List
Now that 802.1x is up and running, and the policy stuff is starting to come together, I want to turn my attention to Network Access Control (NAC). Main reason for this, is I don't want any privately-owned computers connecting via an ethernet cable, giving themselves an IP address, and causing havoc on the network.
Basically, my plan is to use MAC address authentication, and to dynamically assign computers to VLANs based on their MAC address. College-owned computers will be placed in the appropriate VLAN (IT Staff, Administration, Staff and Student) wherever on campus they are plugged in to the network. Unknown computers (ie, those NOT owned by the College) will be dumped into a VLAN that allows them to go nowhere...regardless of what IP settings they give themselves.
Advantages of this are twofold:
1) Privately-owned computers cannot "steal" the IP address of any other network device. Currently, there is a potential for disaster if a student plugs in their computer and gives themselves the IP address of one of our servers, for instance.
2) When we move computers, they will automatically connect to the correct VLAN - giving us more flexibility in deployment, and less configuring of edge switch ports as computers are added / moved.
Apparently, I can do all this using FreeRADIUS. I shouldn't have the same problems with NAC that I had with 802.1x, since I'm not interrogating an OS X LDAP database for users....I can create a local database of MAC addresses which the RADIUS server will look to for NAC authentication.
I need to do some more reading...but I hope I can get this working soon. Will keep you posted! :)
Basically, my plan is to use MAC address authentication, and to dynamically assign computers to VLANs based on their MAC address. College-owned computers will be placed in the appropriate VLAN (IT Staff, Administration, Staff and Student) wherever on campus they are plugged in to the network. Unknown computers (ie, those NOT owned by the College) will be dumped into a VLAN that allows them to go nowhere...regardless of what IP settings they give themselves.
Advantages of this are twofold:
1) Privately-owned computers cannot "steal" the IP address of any other network device. Currently, there is a potential for disaster if a student plugs in their computer and gives themselves the IP address of one of our servers, for instance.
2) When we move computers, they will automatically connect to the correct VLAN - giving us more flexibility in deployment, and less configuring of edge switch ports as computers are added / moved.
Apparently, I can do all this using FreeRADIUS. I shouldn't have the same problems with NAC that I had with 802.1x, since I'm not interrogating an OS X LDAP database for users....I can create a local database of MAC addresses which the RADIUS server will look to for NAC authentication.
I need to do some more reading...but I hope I can get this working soon. Will keep you posted! :)
Subscribe to:
Posts (Atom)
