Tony Burrus relies on a Juniper Networks–based infrastructure to keep Union County Public Schools’ network secure and performing at its peak.

Apr 03 2014

Improved Security and Network Capacity Prove Essential in One-to-One Rollouts

District IT leaders share the stories behind their efforts to build a network that won’t impede or compromise instruction.

It's clear that students can't create content and freely leverage online resources to do research, collaborate and complete assignments — the hallmarks of modern teaching and learning — without the proper technology in place.

When Union County Public Schools in North Carolina hired Tony Burrus as its chief technology officer four years ago, his primary task was to future-proof the infrastructure and prepare the network to support one-to-one computing.

"The administration wanted anytime, anywhere learning — for students to have access to the Internet and educational tools wherever they are," he recollects. Today, all of the district's 42,000 students have ubiquitous access to the technology they need.

The first step in making that ­happen, Burrus says, was to improve the efficiency and capacity of the equipment in the UCPS data center and all of the district's schools.

Two years ago, following some extensive research, the district's Technology Services department tested Juniper Networks equipment that ran with a utilization rate of just 1 percent.

"We knew that we were about to bring a lot more traffic on to the network with the one-to-one program," he explains. "If the equipment could handle our existing traffic at 1 percent utilization, we reasoned that the Juniper switches would probably be ­sufficient for us."

They ultimately installed new switches in the data center and wiring closets at each of the district's 53 schools. At the same time, IT staff continued the rollout of Aruba Networks wireless access points that began before Burrus joined the district.

Preparing the Welcome Mat for Chromebooks

UCPS took a significant leap forward at the start of the 2013–2014 school year when it rolled out close to 24,000 Lenovo ThinkPad X131e Chromebooks to students in grades 6 to 12 — a feat it accomplished in 28 days with the help of the IT staff and student workers.

Students in the district's 30 elementary schools rely on netbooks that the middle school students used before the Chromebooks were issued.

Burrus says the district opted for a one-to-one program for two main reasons. First, UCPS leaders didn't want students feeling left out if they couldn't afford some of the more expensive tablets. Second, IT staff can more easily support Chromebooks than the variety of personal devices students own. With a bring-your-own-device (BYOD) program, he explains, "it would never be possible to have all the devices look the same."

To filter district-owned devices, Burrus and his team installed a proxy auto-config file on each device that sends all web queries or searches through a Sophos content filter before
they go out to the Internet.

As part of the infrastructure upgrade, the district also deployed a Juniper intrusion detection system/intrusion prevention solution in the data center. The device, which was deployed within the past year, allows Burrus and his team to detect and remediate threats. "Once we saw all the new traffic coming on to the network, we knew we needed the added protection," he says.

Organizations expect their wide and local area networks to grow 74% over the next year to support increased use of smartphones and tablets.

SOURCE: "BYOD: Infrastructure Requirements and the Effect on Business Processes" (Nemertes Research, September 2013)

John Burke, a principal research analyst at Nemertes Research, says security remains a top priority for school districts, especially as they bring more devices on to their networks.

"Security is clearly a primary focus, but I also understand why so many districts have become hesitant to ­support BYOD," he says. "As price points come down, BYOD may be more of a practical possibility for many districts. But even $200 for one of the less expensive tablets may be more than some people can afford."

More of the Same

Like UCPS, South Carolina's Lexington County School District One chose the one-to-one model to ensure equity and standardization.

"At the time we made the decision to embrace one-to-one, BYOD was in its infancy and developing into an acceptable concept," says Debra Huggins, Lexington One's enterprise information technology officer. Given the unknowns back then, she adds, "we felt that BYOD created the risk that each child wouldn't receive the same level of support. And quite frankly, the district didn't have the IT infrastructure in place to support BYOD."

Lexington One's Cisco Systems–based network includes Cisco 5508 wireless controllers, Cisco Aironet 3500 access points and the Cisco ASA 5585-X security platform (which runs mainly as a firewall).

This infrastructure made it possible for the district to provide 7,000 tablets to high school students and 1,000 tablets to administrative staff, principals, assistant principals and high school teachers. A similar number of devices were later provided for middle school students, staff, principals and teachers.

"Our students have access to information for research and collaboration," Huggins says. "Teachers have developed a good workflow that allows students to have more effective and efficient communications and exchanges of information."

Meanwhile, Anne-Marie Fiore, executive director of technology and information services for Chelmsford Public Schools in Massachusetts, says her district has a "mixed environment" — one in which teachers can participate in the one-to-one program (IT leaders have distributed 700 tablets districtwide) or let students bring their own devices. "Especially in the middle schools and high schools, teachers have made a commitment to use the tablets," she says. "But students certainly have the option of bringing their own devices."

The IT staff supports the district's 5,200 students and 850 staff across nine buildings with Extreme Networks switches and wireless access points. The switches were installed in 2008, the wireless equipment in 2011. The district also uses Sophos anti-virus and other products to secure the network.

Now that it has a more secure infrastructure in place, the district can more easily support the online assessments issued by the Partnership for Assessment of Readiness for College and Careers for students in grades three through 11. "We have options now, and not everyone has to take the tests on desktops," Fiore explains.

The fortified infrastructure also makes it easier for Chelmsford to deliver on its core mission. "Our job is to provide teachers and students with the technology tools they need," Fiore adds. "The tablets are used widely in the English language arts, and the business department uses the tablets in every period so students can check Bloomberg reports and stock information."

Tallying the Tech Overhaul

The one-to-one rollout at Union County Public Schools, near Charlotte, N.C., took much more than provisioning Chromebooks and getting the wireless network ready.

According to Chief Technology Officer Tony Burrus, district leaders invested heavily in a Juniper Networks–based switching and security infrastructure that can securely support more than 27,000 new devices on the network. The following products made it happen — and keep it functioning safely:

— Lenovo ThinkPad X131e Chromebooks (for students)
3,000 — Lenovo ThinkPad X1 notebooks (for teachers)

AirWave Network Management 3,424 — Aruba AP-105, AP-93, AP-92 and AP-61 access points
56 — Aruba 3600, 3400, 3200 and 650 mobility controllers

Network Devices
Juniper STRM2500 security threat response manager
17 — Juniper EX4500, EX4200 and EX3300 data center switches
125 — Juniper EX4200 and EX3300 switches (for middle and high schools)
73 — Juniper EX4200 and EX3300 switches (for elementary schools)
2 — Juniper SRX1400 gateways
2 — Juniper MAG4610 security gateways
2 — Juniper IDP8200

Peter Taylor