ICT Technician’s Update Conference 17 March 2008

Introduction Penny Patterson

You Tube and Schools Penny Patterson

Network Access Control Steve Hanna Juniper Networks

Network Access Control for Education By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted Network Connect WG, TCG Co-Chair, Network Endpoint Assessment WG, IETF

Implications of Expanded Network Usage As Access Increases Mission-critical network assets Mobile and remote devices transiting the LAN perimeter Broader variety of network endpoints Faculty, staff, parent, and/or student access Critical data at risk Perimeter security ineffective Endpoint infections may proliferate Network control can be lost Network Security Decreases

Network Access Control Solutions Control Access to critical resources to entire network Based on User identity and role Endpoint identity and health Other factors With Remediation Management Features Consistent Access Controls Reduced Downtime Healthier endpoints Fewer outbreaks Safe Remote Access Safe Access for Faculty, Staff Students, Parents Guests Devices Benefits Network access control must be a key component of every network!

What is Trusted Network Connect (TNC)? Open Architecture for Network Access Control Suite of Standards to Ensure Interoperability Work Group in Trusted Computing Group (TCG)

Security Infrastructure TCG: The Big Picture Desktops & Notebooks Applications Software Stack Operating Systems Web Services Authentication Data Protection Printers & Hardcopy Security Infrastructure Storage TCG Standards Mobile Phones Servers Networking Security Hardware

TNC Architecture Overview Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN Wireless PDP FW Wired Network Perimeter

Typical TNC Deployments Uniform Policy User-Specific Policies TPM Integrity Check

Policy Enforcement Point (PEP) Policy Decision Point (PDP) Uniform Policy Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Remediation Network PDP Non-compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall Client Rules Windows XP - SP2 - OSHotFix 2499 - OSHotFix 9288 - AV (one of) - Symantec AV 10.1 - McAfee Virus Scan 8.0 - Firewall Production Network Compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV – Symantec AV 10.1 Firewall Network Perimeter

User-Specific Policies Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) PDP Guest User Guest Network Internet Only Ken – Faculty Classroom Network Access Policies - Authorized Users - Client Rules Linda – Finance Finance Network Windows XP OSHotFix 9345 OSHotFix 8834 AV – Symantec AV 10.1 Firewall Network Perimeter

Policy Enforcement Point (PEP) Policy Decision Point (PDP) TPM Integrity Check Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) TPM – Trusted Platform Module Hardware module built into most of today’s PCs Enables a hardware Root of Trust Measures critical components during trusted boot PTS interface allows PDP to verify configuration and remediate as necessary PDP Client Rules - BIOS - OS - Drivers - Anti-Virus Software Production Network Compliant System TPM Verified BIOS OS Drivers Anti-Virus Software Network Perimeter

TNC Architecture in Detail Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) (IF-M) (IF-IMC) (IF-IMV) t Collector Collector Integrity Measurement Collectors (IMC) Verifers Verifiers Verifiers (IMV) (IF-PTS) TSS TPM Platform Trust Service (PTS) TNC Client (TNCC) (IF-TNCCS) TNC Server (TNCS) Network Access Requestor Policy Enforcement Point (PEP) (IF-T) (IF-PEP) Network Access Authority

TNC Status TNC Architecture and all specs released Available Since 2006 from TCG web site Rapid Specification Development Continues New Specifications, Enhancements Number of Members and Products Growing Rapidly Compliance and Interoperability Testing and Certification Efforts under way

TNC Vendor Support Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Endpoint Supplicant/VPN Client, etc. Network Device FW, Switch, Router, Gateway AAA Server, Radius, Diameter, IIS, etc. 17

TNC/NAP/UAC Interoperability Announced May 21, 2007 by TCG, Microsoft, and Juniper NAP products implement TNC specifications Included in Windows Vista, Windows XP SP 3, and Windows Server 2008 Juniper UAC and NAP can interoperate Demonstrated at Interop Las Vegas 2007 UAC will support IF-TNCCS-SOH in 1H2008 Customer Benefits Easier implementation – can use built-in Windows NAP client Choice and compatibility – through open standards

NAP Vendor Support

What About Open Source? Several open source implementations of TNC University of Applied Arts and Sciences in Hannover, Germany (FHH) http://tnc.inform.fh-hannover.de libtnc https://sourceforge.net/projects/lib/tnc OpenSEA 802.1X supplicant http://www.openseaalliance.org FreeRADIUS http://www.freeradius.org TCG support for these efforts Liaison Memberships Open source licensing of TNC header files

Summary Network Access Control provides Strong Security and Safety Tight Control Over Network Access Reduced PC Administration Costs Open Standards Clearly Needed for NAC Many, Many Vendors Involved in a NAC System Some Key Benefits of Open Standards Ubiquity, Flexibility, Reduced Cost TNC = Open Standards for NAC Widely Supported – HP, IBM, Juniper, McAfee, Microsoft, Symantec, etc. Can Use TPM to Detect Root Kits TNC: Coming Soon to a Network Near You!

For More Information TCG Web Site Juniper UAC Web Site Steve Hanna https://www.trustedcomputinggroup.org Juniper UAC Web Site http://www.juniper.net/products_and_services/ unified_access_control Steve Hanna Distinguished Engineer, Juniper Networks Co-Chair, Trusted Network Connect Work Group, TCG Co-Chair, Network Endpoint Assessment Working Group, IETF email: shanna@juniper.net Blog: http://www.gotthenac.com

Stuart Tilley Synetrix LGfL Network 2009 - 2012 Stuart Tilley Synetrix

Technician Conference – Network overview and proposed enhancement 2008 - 2012 17th March 2008 Presented by :- Stuart Tilley - Network & Systems

Overview Introduction Current Network Overview Proposed Technology Refresh Core Network Access Network Access bandwidth URL filtering Edge CPE Summary

Introduction Current Network Implemented in April 2002 Designed and Built by Synetrix a key LGfL service provider Emerging Technology (MPLS) and vendor choice has provided a platform for; Delivery of High availability and scalable Broadband services Secure and safe educational environment New service development and delivery Shared community network (LPSN) Network Refresh - keeping pace with technology to and beyond 2012 Foresight to utilise emerging technologies

The London Network – Physical Topology

The London Network Physical Network Topology 3 Core locations and 21 Aggregation Points serving 33 London Authorities Resilient dark fibre connecting core locations (10Gb/sec – OC192 SDH) AP’s connected to core by resilient nodal loops currently 1Gb or 100Mb capacity Resilient Service Hosting – SLB Resilient Tier 1 ISP’s (Thus, Abovenet, UKERNA, BBC) Total Internet Capacity 6Gbps All Broadband services delivered over fibre (scalable bandwidth)

The London Network – Logical

The London Network Logical Network MPLS core network Dedicated RFC2547bis Layer3 VPN’s Provides fully routed Virtual WANs per ‘customer’ (LEA or LA) Totally autonomous routing policy and access control per Virtual WAN – WMSv1 & v2 Virtual WANs distributed across complete physical network QoS Support

Network Statistics Total of edge bandwidth purchased 23Gbps Total traffic transiting network 3Gbps (average) Total capacity of Juniper access layer 228Gbps Total Capacity of Juniper core 480Gbps Total Internet Bandwidth - (Sept 2002) 30Mbps today averaging over 2Gbps HTTP traffic via URL service 1.5GMbps Requests served from Cache 400Mbps Its not just a case of capacity – more than enough – functionality

Proposed Core Technology upgrade Upgrade existing Juniper M160 with Next Generation MX960 Fully resilient chassis (redundant HW) such as; Power Supplies Cooling fans Routing Engines (RE) Switch Control Board Fully resilient design/configuration Dual Dense Port Concentrators (DPC’s) 10G + 1G Support resilient backbone and core switching JUNOS code – leading standards development Low risk migration High availability

Proposed Core Technology Upgrade Proposed MX960 core build

Proposed Access Technology Upgrade Replace Existing M10 with Juniper M10i Fully resilient chassis (redundant HW) such as; Power Supplies Cooling fans Routing Engine (RE) Forwarding Engine Board (FEB) Fully resilient Design/Configuration 2 x 1Gbps Nodal loop Interfaces 2 x 1Gbps Virtual switch uplinks (initial deployment) High availability

Proposed Access Technology Upgrade Replace Existing Extreme S48i aggregation switch with Juniper EX4200. Redundant Power supply Virtual Chassis Configuration (max 10) 48 port 10/100/1000 capability Architecture design based high end core routing products Packet Forwarding Engine Routing Engine

Proposed Access Technology Upgrade Fully resilient design\configuration Virtual chassis deployment Multiple 1Gbps uplinks (resilience)

Access Bandwidth Upgrade All current 100Mbps nodal loops upgraded to 1Gbps Merton – Croydon Merton – Earls Court Bromley - Croydon Bromley – Welling Lewisham - Welling Welling – Bexleyheath Romford – Bexleyheath Romford – Telehouse Waltham Forest – Camden Haringey – Camden Haringey – Barnet Hayes - Harrow Prevent degradation of service in the event of primary loop failure Enhanced Traffic Engineering capability

Access Bandwidth Upgrade

URL Filtering Platform Enhancements Evaluation exercise underway “Squid MkII” vs Bluecoat 8100. Scaled to 2.5Gbps (N+1 resilience total 5Gbps) Additional Active/passive F5’s deployed to scale beyond 2.5Gbps Current total filtered traffic 1.5Gbps Expect 500Mbps year on year increase URL core service

URL Filtering Platform Enhancements

Replacement CPE Extreme 24e3/S200 replaced with Juniper J2320 Features Forwarding performance IMIX 400Mbps 3DES performance 170Mbps 4 onboard 10/100 ports 3 Physical Interface Card (PIM) slots ES code Combines session state information/next hop forwarding MPLS support fast reroute (resilient fibre services) Also BFD for resilient services.

Summary High availability, scalable future proof infrastructure Low risk implementation/migration Continued delivery of existing Network Centric services such as; Securestore Desktop Content Control (DCC) Campus Monitoring Protection (CMP) High Definition Video Conferencing (HDVC) Secure Remote Access (SRA) Broadband Resilience Service (BRS) Enhanced distributed functionality – enabling new service developments such as: Virtual Private LAN Services (VPLS) Broadcast video High capacity Resilient Broadband Services Security Services JUNOS support Microcode

Per-User URL Filtering Stewart Duncan Technical Manager

Current URL Filtering LGfL URL Filtering Service is based around the NetSweeper Product Policies can currently be configured by IP address and time of day Reporting features are available to report on IP based sessions

What is required? Schools and LAs would like to identify end users for reporting Have the ability to setup different policies for individual users or groups of users IT Managers and Head Teachers need the ability to track URL traffic for an individual rather than a specific IP address

What are LGfL doing to help? LGfL working with Synetrix and Atomwide to enable the platform to offer Per-User /Group level Filtering Enabling the USO to link with the NetSweeper Platform Allow local management of User Policies through a web based front-end

Where we are so far A trial is currently taking place in various locations across London So far the trial is going well and bugs are being identified and cleared up

What does it Look like? The new front end allows configuration of multiple groups each with a separate policy.

What does it Look like? Here you can configure which users belong to which policy within the USO.

What does it Look like? Users are then prompted to log in when they run Internet Explorer and try and access the web.

What does it Look like? If users try and breach the policy they belong to, the standard deny page is displayed with details of the Group Name they belong to.

Summary Per User Level Filtering will be available for Schools and LAs soon. It is available from Synetrix Support is available on 08700 636465 (option 1) or by email. The service will cost: £145 setup and £225 per year

SIF The Schools Interoperability Framework Rupert Hay Campbell Barking and Dagenham

SIF in Barking & Dagenham Rupert Hay-Campbell 54

MIS Joke 55

Contents What is SIF? About Barking & Dagenham MIS systems in use Data requirements & issues SIF in Barking & Dagenham 56

What is SIF? In the UK SIF has developed out of a number of Government initiatives: Harnessing Technology School Management Information systems and value for money Recommendation 3 That Becta will establish a supplier-independent and open interoperability architecture to create the opportunity for improved interoperability at the school level and at the LEA or regional broadband consortium (RBC) level. Additionally Becta’s interoperability arrangements will draw, to the maximum extent possible, on ongoing work across Government on interoperability standards. School Management Information Systems and Value for Money, Becta 2005, p. 4 57

What is SIF? An open standard, launched in the USA in 1997 Over 300 software vendors, school districts and other organisations are members A standard, not a product Standards are developed by the members, not imposed by a central authority Clear governance model Certification of products 58

What is SIF? Hub and spoke model of data integration Zone Integration Server A software application that acts as the hub ensuring that data is routed to the correct applications SIF agent A piece of software that connects an application to the ZIS 59

SIF – Publish/Subscribe model 2. The ZIS works out which applications subscribe to the data items Data Data Data Data SIF Agent SIF Agent SIF Agent SIF Agent SIF Agent 1. A change is made to the data held in a publishing application Data 3. The Data is then sent to the subscribing applications 60

SIF – Request/Response model 1. An application requests data relating to an object SIF Agent 3. The provider responds with the requested data SIF Agent SIF Agent SIF Agent SIF Agent Req. 2. The ZIS identifies the default provider for the object and routes the request Data 61

What is SIF? What would a national SIF infrastructure look like? Multiple zones Hierarchy of zones What happens to school census? 62

Barking & Dagenham Small, but growing, London Borough 49 primary schools 9 secondary schools 1 special, 1 tuition centre Approximately 30,000 pupils Growing population Thames Gateway developments (11,000 homes in one development alone) Pupil number expected to rise to over 42,000 by 2016 Building Schools for the Future wave 4 authority 63

MIS systems in use RM Integris Classic SERCO Facility CMIS Used in 2 secondary schools, 44 primary, 1 special and 1 tuition centre Plan to migrate to G2 from February 2008 SERCO Facility CMIS Used in 7 secondary schools and 5 primary LA uses RM Centris as central pupil database SQL SEN used to collect data from Integris 3 times a week CTF used to collect data from CMIS 2 times a week 64

LA data systems Limited use of Centris Pupil data only Limited number of off the shelf applications Anite SWIFT – Children’s Social Care Arête Impulse – Admissions E-YS and eStart used in Youth Service and Children’s Centres Other teams use a mix of Excel and old Access databases 65

Data challenges Large number of data systems in schools and Children’s Services Data systems do not share information Inefficient working with large scale re-entry of data, data errors and inconsistencies ContactPoint and LDQT represent significant challenges Learning Platform developments 66

SIF in Barking & Dagenham SIF brings benefits to both LAs and Schools Focus is often on benefits for schools Building a SIF infrastructure in Barking & Dagenham Offer schools a SIF service as part of Learning Platform deployment Build a SIF zone to support the LA Have access to some funding in the DCSF “Harnessing Technology” grant 67

SIF in Barking & Dagenham A LA SIF zone will allow: Teams in the LA to chose best of breed applications – as long as they have a SIF agent Improved data quality and efficiency Integration of school data with the Learning Platform Future support for ContactPoint Challenges Persuading vendors to develop a SIF agent (both school and LA applications) Maturity of the UK version of SIF standard 68

SIF in Barking & Dagenham Possible proof of concept involving: SERCO Agents for Facility CMIS Zone Integration Server from Edustructures Arête Agent for Impulse Atomwide Possible agent for USO system RM ? 69

Further information Rupert Hay-Campbell MIS Adviser Tel: 020 8270 4880 Email: rupert.hay-campbell@lbbd.gov.uk Web sites: www.sifinfo.org/uk http://localauthorities.becta.org.uk/index.php?section=ndi&catcode=la_ndi_02 70

Ian Lehmann Operations Manager The LGfL USO Ian Lehmann Operations Manager

What is USO? Unified Sign On (USO) A term used by LGfL to describe an authentication system where the same username and password is used to gain access to a wide variety of systems. In this scenario it is necessary to enter the username and password once for each service that is accessed. However, a user can alter his/her password in one place and have that change propagate to all systems

What is the LGfL USO? A database of users within London and the UK A database of users which can be maintained by nominated contacts in schools and Local Authorities A system for authenticating against LGfL protected resources both Web (Shibboleth) and non-web based.

With ADSync and/or LASync options Service access illustration for LGfL USO User Account holders: LGfL Podcast service LGfL Weather Station monitoring system LGfL Premium content The Digitalbrain portal Click to Meet video conferencing system Sophos Anti-Virus update service Windows Update Services (WSUS) LGfL Support services and advisory web sites PAN London Admissions System Other VLE/MLEs, including: It’s Learning, Moodle, First Class Uniservity Adobe Connect web collaboration suite Atomwide WebScreen Atomwide Shibboleth enabled Email Filtering Atomwide VPN Remote Access Services Synetrix USO Integrated Filtering (UIF) Synetrix Email Systems’ Email Content Control Synetrix Remote Secure Access Service Synetrix E-Safety Service LGfL MLE (Fronter) LGfL StaffMail LGfL LondonMail LGfL MailProtect All Users USO Username Single Username & Password   With ADSync and/or LASync options Access to School LAN ‘Home’ and ‘Shared’ areas, and to applications authenticated via the local AD Access to LA AD authenticated applications inc.: Capita SIMS Learning Gateway

With ADSync and/or LASync  Service access illustration for Non Full-USO User Account holders: Digitalbrain Username For Digitalbrain Service, plus: Shibboleth-enabled services: LGfL Podcast service LGfL Weather Station monitoring system LGfL Premium content The Digitalbrain portal LGfL MLE (Fronter)  Fronter Username For Fronter Service, plus:   USO Username (Staff Only) For USO/Shibboleth services, inc.: Atomwide/LGfL USO-only Services: Click to Meet video conferencing system Sophos Anti-Virus update service Windows Update Services (WSUS) LGfL Support services and advisory web sites PAN London Admissions System Other VLE/MLEs, including: It’s Learning, Moodle, First Class, Uniservity Adobe Connect web collaboration suite Atomwide WebScreen Atomwide Shibboleth-enabled Email Filtering Atomwide VPN Remote Access Services Synetrix USO Integrated Filtering (UIF) Synetrix Email Systems’ Email Content Control Synetrix Remote Secure Access Service Synetrix E-Safety Service LGfL StaffMail LGfL LondonMail LGfL MailProtect  With ADSync and/or LASync Access to School LAN ‘Home’ and ‘Shared’ areas, and to applications authenticated via the local AD Access to LA AD-applications inc.: SIMS Learning Gateway SharePoint Corporate Services

What other advantages does the LGfL USO provide? The USO provides a school or Local Authority with one database of users for authentication against any service. The LGfL USO can provide authentication for the Per User Level Filtering service offered by NetSweeper. The LGfL USO can also be used to synchronize with the local school or LA Active Directory system.

What does ADSync Look like? The LGfL USO ADSync does provide one Username and Password for all services

How can you get the LGfL USO for your school or LA? Details of the LGfL USO are available from your LA or LGfL representative Alternatively see www.uso.lgfl.net for further information or contact lgflsupport@atomwide.com

LGfL Managed Email Services Brian Durrant Chief Executive London Grid for Learning

StaffMail

StaffMail For Staff, Governors and Admin Delivered in conjunction with Atomwide Dual Hosted (Telehouse and Park Royal) Fault Tolerant & Resilient Full Exchange 2007 Functionality 5GB Mailbox Limit Max 20MB Email Size inc. attachments Provided ‘free’ to LGfL Schools

StaffMail Features Personal and shared calendaring Personal and shared address books Accessible via: MS Outlook MS Outlook Web Access Outlook Mobile Access (compatible PDA or m’phone) POP3, SMTP, IMAP protocols supported, and mail forwarding

StaffMail Login Screen Access to StaffMail is via LGfL USO

StaffMail Outlook Web Access

StaffMail & MailProtect All email scanned for viruses, spam and inappropriate content by LGfL MailProtect. Staff can control spam including access to spam release, email spam digest reporting, and email in/out reporting.

StaffMail on-line identity & domains By default each user will receive an email address based upon their USO account name with a domain name of lgflmail.org For example, ‘John Smith’ may receive a USO user name of jsmit001.318 and an email address of jsmit001.318@lgflmail.org LAs may supply own domain (eg. lbwf.org) and this may be applied to all users in the LA Schools may supply their own domain name “schoolname.la.sch.uk” and to be applied to all of the users in the USO in their school

StaffMail Address Books Each user may add and delete entries from their own private address book a school staff member will see: all staff at their school - only all pupils at their school that are using LondonMail the LA shared list a LA staff member will see: school lists of staff

LondonMail

LondonMail A Microsoft Live@edu service, branded LGfL, offered as a turn-key solution for use by pupils. highly availability web-mail service for curriculum use inbound and outbound mail filtering by MicroSoft protects against viruses, spam and inappropriate content all inbound email also scanned for viruses, spam and inappropriate content by LGfL MailProtect. Exchange Functionality hosted by Microsoft in Dublin 5GB Mailbox Limit Max 20MB Email Size including Attachments Provided ‘free’ to LGfL Schools

LondonMail Features Personal and shared calendaring Personal address books Accounts will be accessible via: MS Outlook MS Outlook Web Access Outlook Mobile Access (compatible PDA or m’phone) POP3, SMTP, IMAP protocols supported, and mail forwarding

LondonMail Outlook Web Access

LondonMail - identities & domains each user is allocated an email address based upon their existing USO or new USOlite account name ‘John Smith’ receives jsmit001.318 and an email address of jsmit001.318@lgflmail.net As a Becta Accredited Internet Services Provider LGfL supports email address anonymity. As a requirement of accreditation, LGfL enables LAs and schools to reduce the risk to pupils by providing by default email addresses that protect pupils' anonymity An LA may choose to supply their own domain (lbwf.org) and this may be applied to all users in the LA

MailProtect

MailProtect Used in conjunction with LGfL StaffMail and LondonMail services MailProtect uses email filtering technology provided by Email Systems Dual Hosted (Telehouse and Park Royal) Fault Tolerant & Resilient

Service Documentation The most current versions can be found on the LGfL Support website (http://support.lgfl.net) LGfL Managed Microsoft Exchange Email Service for Staff (StaffMail) LGfL Managed Microsoft Exchange Email Service for Pupils (LondonMail) LGfL Email Content Control (MailProtect) USO Service Description USO Service Datasheet USO Service Pricing

Timelines 020 8255 5555 Support Number – Now! StaffMail pilot users – 17 March 2008 StaffMail first LA – 31 March 2008 LondonMail test users – 21 April 2008 LondonMail pilot schools – 2 June 2008 LondonMail first LA – 24 July 2008 MailProtect – 17 March 2008 Full Production All Services – 3 September 2008

Migration from @mail LGfL @mail will cease service 31.10.08 Contact lists will be migratable If full migration is required, use Synetrix Email Hosting sync utility

Future StaffMail RIM (Blackberry) Access LondonMail Shared Contact Lists

Finally…. New low-cost LGfL support number

020 82 55 55 55 Local call on 020 82 55 55 55 Same as 08700 63 64 65 (but cheaper!) 08700 63 64 65 still operational Help desk for StaffMail and LondonMail Services are via Option 3

Microsoft Dublin Data Centre

LondonMail & USO-lite LGfL USOlite accounts may be provisioned for certain individual services, such as LGfL LondonMail. Where these have been provisioned, the account is restricted for use only with those designated services In the event of non USO account holders subscribing to multiple services that are supplied complete with a USOlite account, then the user may be able to use the same credentials for each service. USOlite accounts cannot access LGfL Shibboleth services such as Premium Content Should a user’s account be upgraded from USOlite to a full USO account as part of a school or LA USO purchase, the user will be able to retain their ‘-lite’ on line identity, with its functionality simply being upgraded automatically as part of the process USOlite accounts cannot be upgraded individually

Microsoft’s European Mega Data Centre at Grange Castle, Dublin Previous slide -Rendering of the finished data centre £250 million mostly automated plant Total building footprint - 570,000 square feet 18.9 acre site

Similar Microsoft Data Centre under Construction

Mobile Learning Devices Paul Whiteman Merton

Paul Whiteman LB Merton Which Mobile Device? Paul Whiteman LB Merton

Is it really mobile? Who is going to carry it ?

Can we afford them? Can we afford to replace them? Are they insured? Value for money? Buy or lease?

How long do the batteries last? How long to recharge?

Will it survive the odd knock?

Is it compatible with other systems in the school?

How easy are they going to be to support?

How desirable is it? Will I find them on sale at the local?

Who owns the equipment? Who pays for it?

Is your solution future proof?

The London MLE (Fronter 81) Antony Moore Fronter

SRF and Technician’s Richard Allen Becta

SRF for Technicians London Technicians Conference 17th March 2008 By Richard Allen Title slide of presentation. Consultant – Learning Services

How are you doing? You’ve reduced the number of printer errors by upgrading printer drivers / replacing printers/ ensuring all same type of printers used / stopped people printing huge graphics ……. And so on At which point does your audience stop listening to you explaining all the great stuff you’ve done with drivers, software, networks, computers? Why – because they don’t get excited about computer stuff (no really they don’t!!!)

How to promote the good work you do Tell your customers the impact it has on them Inform your school leaders about the benefits in the classroom Show how improved ICT availability is increasing user confidence Demonstrate how enthusiastic the students are to learn when using ICT The best way to tell them – get them to tell you!

School staff understand assessments Use an environment familiar to your customers Ask them to assess the use of ICT using the self review framework to show how the school is doing Use the technical support assessment to check on how you are doing with ICT support Together you could achieve ICT Mark

What is it all about? “The self-review framework isn’t just about ICT and, interestingly, that is a key factor of its success. It focuses the mind on the whole spectrum of school development.” Steve Gater – Headteacher, Walker Technology College, Newcastle Focus on whole school improvement NOT just ICT 123

Self-review framework A jointly developed framework of standards describing progression through a model of institutional maturity in the use of ICT. ICT Mark An agreed set of standards, within the self-review framework, indicating that technology is being harnessed effectively and efficiently. The self-review framework was not created by Becta in isolation. Becta’s role was to co-ordinate the development of a common language and framework to describe whole school development using ICT. The usual suspects from other government agencies were also involved. In using the self-review framework you will find alignment between the descriptions within the Leadership and Management element and the policies and strategies of the National College of School Leadership; between assessment and the QCA; professional development and the TDA, and so on. This joining up between government agencies is one of the key strengths of the framework. The ICT Mark thresholds and standards have also been agreed by the same partners. 124

Maturity and effectiveness A maturity model for developing good ICT…… The self-review framework is a maturity model. It describes stages of development across 8 elements. Some schools will be here Self-review framework Mature Where are you? Maturity and effectiveness Systematic All good schools should be here 15% - 20% Strategic Where are you? Implementing The ICT Mark is not set at a level of excellence. The ICT Mark thresholds are set within each aspect at a level that any good school making effective use of technology should be able to achieve. This is the level all schools should be achieving. All schools should be making effective use of technology and improving. The challenge of the ICT Mark is to achieve this threshold in all the different elements and strands that make up the self-review framework. The benefit for schools and support providers of the self-review framework is as a tool to be able to position themselves within the model and the understanding and confidence in knowing where to go next. Developing ……using self-review to track progress 125

The self-review elements working together ..rather than actions changing the learning environment. The curriculum Schools tend to focus actions on staff and resources…. Impact on the Learner Professional development (People resource) Learning and teaching Assessment Resources Extending opportunities for learning Impact on the learner is the reason that we use ICT in schools. This effectiveness of the impact of ICT on the learner is directly affected by four elements: curriculum, learning and teaching, assessment and extending opportunities for learning. These four elements are reliant on well developed and robust resources (infrastructure and software) as well as people (professional development). The vision and the implementation for the whole system is underpinned by the leadership and management. Experience shows that schools often will feel constrained by the limitations that might exist in resources and professional development. Often these are seen as obstacles preventing the development of the learning environment and making the complex change that will impact on the learner. Actions supported by the leadership team determine improvement outcomes Leadership and management 126

Explain structure of self-review framework 127

Sources of self-review commentary Planning documents Data and analysis Discussions Observations This pie shows different sources of evidence that a school might think about in deciding which level has been reached. Experience shows that schools tend to over-emphasise documents and planning rather than having the confidence to make observations and listen to the views of stakeholders. 128

Self-review - people planning improvement Review practice not technology Focus on evaluating whole school improvement not auditing technology implementation Review your actions and progress as well as practice Use review to establish a consensus involving: All staff Pupils' views and insights Other stakeholders The self-review framework should not be used to just be reflective on the implementation of technology. The benefits of the tool are in the actions and planning that emerge from the discussions from all stakeholders. 129

130

Element 7; Resources – the strands 7a. Provision 7a-1 Physical environments 7a-2 Sufficiency and suitability of resources 7a-3 Digital learning resources 7b. Access 7b-1 ICT supporting efficient working practices 7b-2 Technical support 7c. Management 7c-1 Procurement 7c-2 Evaluation of ICT resources

Commentary - improvement across all elements Example - 7a-2 Element 7 – Resources Strand a) – Provision Aspect 2 – Sufficiency of provision L3 Might link to learning and teaching (element 3) commentary L2 Commentary might also describe improvement and link to impact on pupil outcomes (element 8) There are enough ICT resources to make a contribution to the current practice in learning, teaching and school organisation. L3 The school is well equipped with a good range of ICT resources and these are sufficient to make a significant impact on learning, teaching and school organisation. L2 What does a good meaningful commentary provide? It will demonstrate links in thinking and practice between the different elements and strands. It will demonstrate the improvement that is taking place. 132

The self-review framework.. “…. has enabled all the staff, not just the ICT specialists, to understand where we are going strategically. It has brought us together and consolidated the whole vision for the school.” Roger Whittall – Headteacher, Westwood School

Some Useful Becta Tools Self Review Framework Investment Planner (TCO) Functional and Technical Specs Framework Agreements FITS SIFA and UK Federation

Self-review benefits and outcomes Where are you in your whole school improvement and ICT development How does your school compare with others What are your schools aspirations What does good look like in your school How will your school progress further What actions will prioritise Where might your school need support Quick slide Experience in the field shows that these are the sorts of challenges the self-review framework helps support 135

Ofsted success for ICT Mark schools Schools accredited with the ICT Mark are considerably more likely to be rated ‘outstanding’ in all five measures. More specifically, ICT Mark accredited schools are: Four times more likely to be rated as ‘outstanding’ in the Overall effectiveness of the school category (ICT Mark schools: 40%, national primary: 9%, national secondary: 10%) Three times more likely to be rated as ‘outstanding’ in the Achievement and standards category (ICT Mark schools: 31%, national primary: 8%, national secondary: 9%) Three times more likely to be rated as ‘outstanding’ in the Leadership and management category (ICT Mark schools: 42%, national primary: 11%, national secondary: 12%) Four times more likely to be rated as ‘outstanding’ in the Teaching and learning category (ICT Mark schools: 29%, national primary: 7%, national secondary: 5%)

Ofsted reports on ICT Mark schools The large majority of Ofsted reports on ICT Mark schools contain positive comments in relation to a number of ICT areas, including: Use of interactive whiteboards; Development of pupils ICT skills; The use of ICT to raise attainment; Investment and level of ICT resources; Planning, assessment and pupil profiling using ICT; Teachers ICT skills; ICT raising pupil confidence; and ICT leading to involvement in community events.

Vision and aspirations What are your aspirations for how technology might be used to support wider school aims and learning environment. Classroom and teaching strategies Curriculum development Assessment for learning Extending opportunities for learning Parental engagement

Celebrate success Enables schools to recognise and celebrate their successes. When a school feels secure in its judgement that it has reached the nationally agreed standards in all the aspects of the framework, it may choose to apply for the ICT Mark. To gain the ICT Mark the school requests a visit from an accredited assessor, who will validate the school’s self-evaluation. The ICT Excellence Awards offer further recognition for schools that demonstrate evidence of excellent practice above and beyond the levels of the ICT Mark. Informs other schools and organisations that you are a potential partner for extending opportunities for learning through technology

Assessments, SRF and FITS links http://matrix.becta.org.uk http://schools.becta.org.uk/index.php?section=srf http://www.becta.org.uk/fits Register your results and be recognised Assessments, SRF and FITS links

Thank you richard.allen@becta.org.uk

BSF Anne Casey

Anne Casey anne.casey@partnershipsforschools.org.uk BSF ICT Anne Casey anne.casey@partnershipsforschools.org.uk

What we will cover in this session Fundamental facts of ICT in BSF What elements to consider as part of a managed service How the ICT funding is allocated How much input the schools have

What we wont cover in this session The specific ICT elements for your school The procurement process The scope of your school/LA managed service

The Golden Thread Procurement ICT Vision & Strategy ICT Output SfC SfC 1 ICT Vision & Strategy OBC Procurement 2 Spec ICT Vision & Strategy

And the ICT?

Computer says No?

What is a Managed Service? At its simplest a Managed Service consists of a single contract designed to deliver all ICT systems and services. This comprises provision of and support for: Learning Platform including MIS, VLE and learning content Wide area network – probably linking to the LA’s broadband service Institutional infrastructure (School LAN) All users’ equipment: access devices; peripherals, etc. Network services: user account management; e-mail; back-up; virus protection; Internet filtering and/or monitoring; curriculum software servers; video-conferencing; etc

And….. Anywhere, anytime access for all users Integration of legacy hardware and software Change management: operational training; pedagogical training ICT for school administration Helpdesk Technical support Refresh and sustainability Local choice

ICT Output Specification & OBC e.g. the facility for visually impaired students to be able to access their personal, adapted profile from whatever user device they may choose to use at any location

Output specification. Design and Installation Requirements (Learning platform, infrastructure and equipment) Transition and Implementation Requirements Operational Requirements Finance and Management Requirements

The ICT Supply Chain – how it works LEP Bidding Consortium inc. Construction, FM, F&E, ICT ICT Partner / key supplier ICT Output Specification inc. Local Choice Fund Active network kit Computer hardware Specialist hardware Services – AV, email Peripheral devices Curriculum software VLE MIS Tech Support Training central provision some school choice full school choice

How is a Managed Service financed? BSF capital: £225 per pupil place for passive network infrastructure BSF capital: £1450 per pupil place for equipment, software and services This is a way of describing the overall ICT funding envelope. It is NOT an allocation formula for schools. School revenue: annual contribution for the 5-year life of the ICT contract to fund on-going maintenance of the ICT managed service: ‘extra’ elements of local choice funds; the refresh pot; training.

What we advise LAs to do. Ensure schools understand scope of managed services Ensure schools understand current TCO Engage all technical staff in discussions Engage all relevant staff in development of the output specification Ensure current staffing position and levels of service are understood

ICT contract The Contract contains an acknowledgement that technological advances are likely to occur between the date of the Contract and the Implementation at each School. The Contract sets out a process whereby approximately 6-9 months prior to the Planned Services Commencement Date for each School, the Baseline Specification for that School will be revised

Helen Warner Kensington and Chelsea e-Safety Helen Warner Kensington and Chelsea

LGfL supporting e-safety Helen Warner Royal Borough of Kensington and Chelsea ICT Support Service

A class of 9 year olds are in the ICT suite A class of 9 year olds are in the ICT suite. The teacher gives them a research topic ‘Thailand’. Salil calls the teacher over to tell her that the search results include a link ‘adult sex’, he is told “Don’t click the link” and the teacher then moves away to talk to another group of children elsewhere in the classroom. The link was unlikely to work but had the teacher thought through the activity? Selected appropriate websites? Were they just using Google in safe mode? Teacher management issue – information literacy issue Do teachers know how to report an offensive website? Filter afterwards – block via LA / Synetrix / yourself How about use of screen saver such as Hector Protector?

Darren, a young Australian teacher, has his own MySpace area and has posted pictures of himself, his friends and lots of details of his life. There’s a video clip of him in Lanzarotte, very drunk, having fun. Some of his pupils have found it. Do staff and pupils know how to set the privacy settings correctly? Is there any thing on there which could bring the school name into disrepute?

A very high number of pupils have their own MSN Messenger accounts and brag about how many ‘friends’ they have. You overhear one of the particularly brash Y9 girls bragging about her ‘older boyfriend’, who she plans to meet. Having lots of friends is normal. But should be part of the education programme to make pupils aware of inherent risks. Worth telling tutor – the older boyfriend may be Y10 and all innocent banter. However, there could be a risk and a quiet word from tutor may be helpful.

http://www.esafety.lgfl.net/

Education Programme

Penelope, Head of Maths, has emailed some pupil reports to her hotmail account so she can finish at home. Policy on email? Should not be using hotmail for professinal purposes. Options in LA / LGfL. Could identify pupils – therefore data protection issue. Could be using private remote access into school network – Synetrix Service or possibly LA or private Fronter room.

Alan, a science teacher, has been using his open Blog to share his views about education, his school and the school’s leadership.

A teacher tells her technician she is upset because a pupil has posted a rude message on a Forum in the London MLE and asks him which child it was because she doesn’t know. Has child signed AUP? This is probably a childish a breach and thus a disciplinary matter. Have all the pupils got unique usernames and passwords?

Policy Resources Policy separated into sections and includes specific references for child protection and anti-bullying policies

Acceptable Use Policies

Mr Jones reports that a student has a pornographic image on his screen Mr Jones reports that a student has a pornographic image on his screen. The student says the “image just appeared and it’s the first time it’s happened”.

A 14 year old boy has taken his own life A 14 year old boy has taken his own life. There is an allegation of bullying and that the pupil had used websites that openly support suicide.

LGfL URL filtering Based around the NetSweeper filtering system Provides 4 levels of filtering Blocks all illegal content on the Internet Watch Foundation blacklist Global Deny list - contains other URLs deemed to be entirely unsuitable for access within LGfL network Category database - categorises URLs and blocks by category Local Deny list - allows blocking of individual URLs Local Allow list - allows access to an otherwise blocked URL

LGfL monitoring reports URL logging Every request made through the URL filtering service is logged, including: Date and time IP address of the user URL details Category of the URL Whether it was blocked or allowed All logs are kept for a minimum of 3 months and are fully searchable Logs are stored unprocessed, for forensic purposes Forensic software also available – contact Synetrix

NetSweeper Reporter Wizard

John, the technician finds evidence of a member of support staff gaining access to some pornographic videos. He tells the Deputy, Keith, who says, which computer? “Lets have a look”. Keith takes a look and agrees. They suspect its Danny, who’s part-time and wait until he’s in to challenge him. He denies all knowledge and then accuses the Deputy of harassing him. Danny has never signed an Acceptable Use Policy form.

Possible incident procedure in case of illegal content 1. Inform Head / senior leader and start an incident log. All staff must report back to the member of SMT who updates the incident log at each stage. 2. Don’t use the equipment. Photograph, bag and secure it – witness by 2 people from SMT. Suspend user’s network / computer access. 3. SMT decide if sufficient initial evidence / doubt to suspend member of staff pending investigation.

Possible incident procedure in case of illegal content cont: 4. Link computer name to IP address on LAN. If auditing enabled on server, link username to computer. Request Internet logs from Synetrix. SMT inform LA – eSafety officer (Personnel) etc. Gather evidence e.g. screen prints if have Forensic software, AUP form, CCTV footage, timetable, etc. 5. SMT decide whether to involve a Third Party Forensic firm. Start disciplinary action if necessary. In case of Child Pornography – immediately inform Police. 0808 100 00 40 at: http://www.met.police.uk/childpornography/index.htm

Useful Online Resources Penny Patterson and Gary Jelks

Useful Online Resources Penny Patterson and Gary Jelks

How would you use? School network Standalone in school At home only

http://www.tech.lgfl.net

http://audacity.sourceforge.net/

http://filehippo.com/download_hijackthis/

http://free.grisoft.com

http://housecall.trendmicro.com

http://www.edugeek.net/

http://www.intravnews.com/

http://www.lavasoft.com

http://www. microsoft. com/technet/sysinternals/FileAndDisk/PsTools http://www.microsoft.com/technet/sysinternals/FileAndDisk/PsTools.mspx

http://www.netstumbler.com

http://www.roboform.com

http://www.safer-networking.org

Social networking Facebook MySpace Bebo Piczo

http://www.skype.com

http://www.thinkfree.com

http://www.youtube.com

http://www.lgfl.net/lgfl/accounts/techsupport/techconf/menu/

ICT Technician’s Update Conference 17 March 2008