Thursday 22 September 2016

IT Technology: Setup IT Infrastructure / Facilities for A School

When you are giving an opportunity to setup the IT infrastructure / facilities for a school, what are the things that come up in your mind? For me, here are some of the questions that have popped up in my mind:
  1. Where should I start?
  2. Should I host the email service internally?
  3. Should I use Google Apps or Office 365?
  4. What type of devices should the pupils use?
  5. How should the staffs and pupils print?
  6. Should I install projector or interactive whiteboard?
  7. How do I know the bandwidth is sufficient for the school?
  8. What is VLE?
  9. How can I optimize my budget?
  10. How should I protect the staffs and pupils from cyber-attack?

Do you have the similar questions?

In this article, I will share my personal experience with you. I hope my experience can give you some hints on how to setup the IT facilities. Anyway, please feel free to correct me or share your experience with me.

Firstly, let’s categorize the IT facilities of a school:
  1. Email Service
  2. Shared Folder
  3. Server Design
  4. Wide Area Network (WAN) Design
  5. Local Area Network (LAN) Design
  6. WIFI Design
  7. Pupil’s Device
  8. Printing
  9. Audio and Video

<< Email Service >>
Should you host the email system on premise, use Google Apps or use Office 365?

Let’s reduce the options by taking away the on premise email system because you would not what to have the following concerns:
  1. Purchase and maintain the hardware
  2. Patch the email application
  3. Purchase the software and hardware licenses
  4. Hardware upgrade
  5. Increase storage space

However, please note that some of the organizations might need to host the data onsite because they have to meet certain requirements or compliance.

Now, let’s take a look at Google Apps and Office 365. When evaluating Google Apps for Education (GAFE) vs Microsoft Office 365 for education (O365), I find a very similar feature set at the end-user level for productivity, communication, and collaboration. In fact, when looking at the following chart, you can see many similarities down the line with each of the primary features.
Feature
GAFE
O365
Browser
Google Chrome
Internet Explorer or Edge
Email
Gmail
Exchange Online or Outlook
Spreadsheets
Sheets
Excel
Drive Storage
Google Drive
OneDrive
Word Processing
Docs
Word
Notes
Keep
OneNote
Third-party Extensions
Google Classroom
Teacher Dashboard
Instant Messaging
Google Talk
Skype
Social Network
Google Plus
Yammer
Pages
Sites
SharePoint
Presentation
Slides
PowerPoint
Video Conferencing
Hangouts
Skype for Business

After understanding the similarities of GAFE and O365, we will now discuss the difference between them. The main difference between GAFE and O365 is as follows:
  1. Google Form which is one of the products within the GAFE is a very powerful or convenient tool for you to gather information and do survey.
  2. Google Summit held every year in many different countries has really provided a forum for all the educators to share their experience on using GAFE at their school. At the same time, it is the best platform for Google to promote GAFE.
  3. GAFE has always been available for free – including teacher and pupil. The same cannot be said about Office 365, for which you have to purchase licenses for teacher.
  4. O365 offers the unique Student Information System (SIS) sync that gives you complete control over the student and teacher data. You can sync the data a single time for all their learning apps and allow them to cherish the single sign-on experience.
  5. Microsoft clearly has an edge with its lengthy tenure as an enterprise environment. This starts with Active Directory and directory services for identity and permission management at a very granular policy level.

In summary, determining which cloud productivity application to deploy for your school is very complex and based on many factors. The decision of GAFE vs O365 will likely come down to a few key issues:
  1. A school’s existing approach to user account management and identity services within the IT network.
  2. Existing email infrastructure and services
  3. Existing document management methodologies
  4. User adoption and skill level in using Microsoft productivity applications versus Google productivity applications
  5. School administration / IT team skills, resources, and philosophy towards IT and automation in general

As you can see, there are a lot of different points to consider when evaluating whether to use GAFE or O365. These can be complex areas of discussion, and extend far beyond the surface level of just which apps have which features. Based on your requirements, the purpose of use, consideration of costs, security and so on, you are likely to find one of them as your best option. With these two high-quality cloud services, there is no one-fit solution that will suit all educational institutes.

<< Shared Folder >>
As I have mentioned above, GAFE and O365 might be the good options for you. When I briefly compare both products without considering the non-technical perspective, I will lean towards GAFE because Google Drive provides unlimited storage space for all the GAFE user while OneDrive has the storage limit of 1TB. But, you might challenge me that 1TB is more than enough in your environment.

<< Server Design >>
There are so many things I can share in this section. Anyway, I will try to cut it short. If you need more information or further explanation, please feel free to contact me.

There are so many different designs or technologies that you can consider. Anyway, I will mainly focus on cloud computing and virtualization. Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. Cloud computing is comparable to grid computing, a type of computing where unused processing cycles of all computers in a network are harnesses to solve problems too intensive for any stand-alone machine. To implement cloud computing, you should take a look at the following technologies:
  1. Private Cloud
  2. Public Cloud
  3. Hybrid Cloud
  4. Software as a Service ( SaaS )
  5. Platform as a Service ( PaaS )
  6. Infrastructure as a Service ( IaaS )

You may simply google the keywords above for more information. The famous cloud service provider will be AWS, Microsoft Azure, Rackspace OpenStack, etc. However, if your company does not have enough bandwidth or the ISP in your country is not good, I recommend that you should forget about cloud computing because it might affect your school’s operation.

Other than cloud computing, one of the popular technologies of all time is virtualization. Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system, a server, a storage device or network resources. You probably know a little about virtualization if you have ever divided your hard drive into different partitions. A partition is the logical division of a hard disk drive to create, in effect, two separate hard drives.

Operating system virtualization is the use of software to allow a piece of hardware to run multiple operating system images at the same time. The technology got its start on mainframes decades ago, allowing administrators to avoid wasting expensive processing power.

In 2005, virtualization software was adopted faster than anyone imagined, including the experts. There are three areas of IT where virtualization is making head roads, network virtualization, storage virtualization and server virtualization:
  1. Network virtualization is a method of combining the available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. The idea is that virtualization disguises the true complexity of the network by separating it into manageable parts, much like your partitioned hard drive makes it easier to manage your files.
  2. Storage virtualization is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console. Storage virtualization is commonly used in storage area networks (SANs).
  3. Server virtualization is the masking of server resources (including the number and identity of individual physical servers, processors, and operating systems) from server users. The intention is to spare the user from having to understand and manage complicated details of server resources while increasing resource sharing and utilization and maintaining the capacity to expand later.

Virtualization can be viewed as part of an overall trend in enterprise IT that includes autonomic computing, a scenario in which the IT environment will be able to manage itself based on perceived activity, and utility computing, in which computer processing power is seen as a utility that clients can pay for only as needed. The usual goal of virtualization is to centralize administrative tasks while improving scalability and workloads.

To deploy a virtualization solution, firstly, you need to pick a virtualization software, for example VMware, Microsoft Hyper-V, Citrix Xen, etc. After that, you need to decide what physical server to use. To pick the right server, you need to think of the followings:
  1. How much resources do I need in terms of memory, CPU and storage?
  2. Do you want to consider hyper-convergence?
  3. Is the server certified for the particular virtualization software?What is your future expansion?
  4. When is the EOL of the server?

Furthermore, you need to think of the storage design as follows:
  1. Type of hard disk – Solid State Drive (SSD), Serial Attached SCSI (SAS), Serial Advance Technology Attachment (SATA), etc.
  2. Input / Output Operations Per Second (IOPS)
  3. Storage protocols - iSCSI, NFS, FC, and FCoE

Other than the items above, you will also need to consider UPS, virtual network, virtual firewall, KVM and so forth.

<< Wide Area Network (WAN) Design >>
When we are talking about WAN, the first thing that normally comes to our mind is Internet connections. The Internet service provider usually sells the connection based on SLA. That is where you will choose between leased line and broadband. Generally, leased line has very high SLA but it is very expensive, while broadband is very cheap but its support is based on best effort. So, you will need to make your decision based on your environment.

But, how can you choose a good Internet connection? Other than speed which you can usually test using Ookla, the following benchmarks can tell you how good is the Internet connection:
  • Latency
  • Packet Drop
  • Peering
  • Traceroute

For example, if you have decided to adopt Google Apps, you would need to make sure that your Internet connection has low latency, no packet drop, good peering, and less hops to Google server. In addition, jitter, BGP, geo-location and so forth can also be your reference to choose a good Internet connection. Anyway, the quality of the Internet connection or service provider varies in different countries.

To save your cost, you may want to adopt a technology called network load balancing. Network load balancing is where two or more leased line or broadband connections are connected to a dedicated load-balancing router. Load balancing provides increased resilience by maintaining an Internet connection even if an individual broadband connection goes down. A load balancing router attempts to route Internet traffic optimally across two or more broadband connections to deliver a better experience to broadband users simultaneously accessing Internet applications. As leased line is usually more expensive, with network load balancer, you can now mix the leased line and broadband. This allows you to have more bandwidth in lower cost while you can still route your important traffics to the high SLA leased line.

Next device you need would be a firewall. There are many names used to describe firewall for marketing strategy, eg. next generation firewall, layer 7 firewall, application aware firewall, proxy server, etc. Whatever the name is, make sure the firewall you pick can block or allow the following:
  1. Ports
  2. URL Categories
  3. Specific Domain
  4. Specific URL
  5. Apps Categories
  6. Specific Apps
  7. Protocols ( HTTP, HTTPS, FTP, etc. )
  8. VLANs
  9. Web applications
  10. Schedule based

Other components that you would like to consider in your WAN design are as follows:
  1. Network router
  2. Quota management
  3. Traffic management
  4. Caching server
  5. Dual-firewall architecture
  6. DMZ
  7. VPN

<< Local Area Network (LAN) Design >>
From LAN design, you might want to deploy the conventional three tier design which consists of core, distribution and access. Based on my experience, please take note of the following when you are designing your LAN:
  1. Choose the brand that you are familiar with ( be in Huawei, Cisco, Juniper, etc. ) in terms of maintenance and support
  2. Make sure you understand how the warranty of your chosen product works
  3. Select the backbone. 4G, 8G or 10G? Fiber or CAT6?
  4. Identify the position of patch panels and switches to avoid ‘network spaghetti’
  5. Choose your cable type ( fiber, CAT6E, CAT6, CAT5E, CAT5, etc. ) and cable management
  6. Divide your VLAN with buffer for future expansion
  7. Deploy the monitoring tools to monitor the switches and alert you if there are any error

<< WIFI Design >>
The first thing that comes to my mind if you ask me about wireless design is to choose between controller and controller-less based designs. I am currently still exploring controller-less access point ( AP ). I don’t think I need to talk much about the conventional controller based design. Let’s me share some information on the controller-less access point. Here are the pros and cons of controller-less AP:
For Pros,
  1. Do not have to purchase a physical controller as it is using the cloud based controller
  2. You may configure the controller anytime and anywhere since it is in the cloud
  3. Easy configuration – to me it is not true!!!
  4. Cost effective??? ( make sure you calculate the return of investment – ROI especially you are doing a migration from controller to controller-less )

For Cons,
  1. Less features compared to controller based WIFI ( it might be because controller-less based WIFI is still newer technology )

There are a few companies aggressively promoting the controller-less based WIFI, for example Cisco Meraki, Aruba and Ruckus. In summary, please make sure you make your decision only after you have compared both technologies in deep. Besides, don’t forget to calculate your ROI.

Other than choosing between controller and controller-less based WIFI, you may need to consider the following:
  1. What is the frequency or channel you should use? ( 2.4GHz - 802.11b/g/n or 5GHz – 802.11a/h/j/n/ac ) It also depends on your country.
  2. Identify and remove the interference and blind spots. Heat map is always useful to identify the blind spots.
  3. Positioning of the AP and antenna ( if you are using the AP with external antenna ) to increase the coverage
  4. Types of access point ( AP ), e.g. outdoor, indoor, with external antenna, etc.
  5. Use wired network as much as possible because it is the most reliable network

<< Pupil’s Device >>
If you have decided to deploy Google Apps, you may want to use Chromebook because it can be easily managed and controlled by the Google Apps Admin Console. Besides, it can be reimaged easily via the Internet. Other than Chromebook, the best alternative will be MacBook. Apple is really keen in education sector. They provide education discount for MacBook and iPad. Besides, they will organize conference every year to gather all the teachers sharing their experience using Apple in their classroom. For Windows devices, I have nothing much to talk about. Most of you should be very familiar with them. For your information, Microsoft is promoting their devices for education only in certain countries. They provide education discount only in those countries.

Let me also talk a little bit about anti-virus here. You might hear from your peers that Mac OS X is not vulnerable. Let me tell you here. It is WRONG! Nowadays, there are so many malware and adware infecting the Mac OS X. Thus, please install an anti-virus software into the MacBook. So far, I have never heard that Chrome OS is vulnerable. However, we might not know what will happen in the future.

No matter what device you have chosen, please make sure that you are fully supported by the management team. Besides, all the teachers must be confident and comfortable with the devices so that can focus on their lessons.

<< Printing >>
There are so many printers/copiers in the market. Which one is the best? How should I choose? To choose a suitable printer/copier for your school, please remind yourself with the items below:
  1. What are the features you need? Print, scan, copy and fax?
  2. Where would you like to place the printers? A printing room or all around the school?
  3. What is your monthly expected volume?
  4. Do you need a finisher for the printer? – stapling, binding, printing booklet, etc.
  5. How does the user’s device connect to the printer? Via print server, WIFI, LAN cable, USB cable, etc.?
  6. Do you need color printer or monochrome printer?
  7. Do you prefer Inkjet or LaserJet?
  8. Would you like to implement Print Anywhere which the user can collect their print job anywhere via an access card?
  9. What is the printing speed that you are expecting?
  10. What is the paper size that the user will normally choose?
  11. At last, it would be COST including the maintenance and cartridge costs.

<< Audio and Video >>
For AV, please try to organize a demo session for all the teachers to choose and agree to the most suitable product/brand because there are too many variables that can affect the quality of the image and sound:
  1. Building structure
  2. Screen
  3. Types of projector
  4. Seeing and hearing abilities of the teachers
  5. Weather
  6. Quality of the source file
  7. Cleanliness of the surroundings

Another technology related to AV is interactive whiteboard. There are mainly two brands you can consider – SmartBoard and Promethean Board. They used to have some difference. However, nowadays, they are more or less the same. Thus, I would recommend you to choose the product based on the teacher’s preference.

In conclusion, to setup the IT infrastructure for a school is a challenging job. However, it would be easier if you have the proper planning. As a reminder, please do not always depend on the system integrator ( SI ) because no one knows your environment better than you. As IT is always lacking of manpower, you may hire SI for deployment and maintenance, however please make sure that you always verify and monitor their work.
Posted by at 2 comments:

Tuesday 6 September 2016

Microsoft: How to Recover Domain Controller ( DC ) / Active Directory Server


One of the great things about AD is the mostly stateless nature of the DC. Aside from potentially holding one or more Flexible Single-Master Operation (FSMO) roles, a DC should generally be a matching replica of other DCs in the domain, except for some potential delay in replication depending on your topology. If a failure renders a DC inoperable, this stateless nature is fantastic because it will often remove the need to go through a complicated restore from a backup. Instead, you can simply reinstall Windows and use Dcpromo to promote the server to a DC and replicate all of the data back in—assuming your domain has more than one DC. If you only have one DC in your domain, you can greatly reduce your exposure to failure by deploying a second one.

Before you reinstall and repromote a DC, though, you need to clean up AD, which is a two-step process. The first step is to seize any FSMO roles that the DC might hold for another DC in the domain. If you’re not sure which DCs are hosting FSMO roles in the domain, run

 netdom query fsmo

 in a command prompt window to find out. You can then seize the FSMO roles using the Ntdsutil utility. Follow the instructions under the “Seize FSMO roles” section in the Microsoft article “Using Ntdsutil.exe to Transfer or Seize FSMO Roles to a Domain Controller”. It’s very important to note that when you seize a FSMO role, best practice dictates that you should never bring the original role-holder back online.

Because it isn’t possible to put the original FSMO role-holder back in service, the second step is performing a metadata cleanup of the failed DC’s configuration in AD. You can use Ntdsutil for this step as well. Follow the instructions in the Microsoft article “How to Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion”. Alternatively, if you’re using the Server 2008 (or later) version of the Active Directory Users and Computers snap-in, you can complete this step by deleting the DC’s computer account in the Domain Controllers OU.

Repromoting a DC over the network might not be feasible when the amount of data to replicate would place an undue amount of strain on the network. In this case, there are a couple of other options. The first option is to restore the DC’s system state from a backup and continue on. The second option is to use the Install from Media (IFM) functionality, which was added in the Windows 2003 release. IFM lets you take a system state backup (created with NTBackup in Windows 2003) or IFM media (created with Ntdsutil in Server 2008 or later) and point Dcpromo to the AD database in the IFM media. IFM media created by Windows 2003 must first be restored to an alternate location on the file system so that Dcpromo can consume it. The DC will make the necessary changes to the database in the media and replicate only the changes since the media was created over the network.
Posted by at 41 comments:
Subscribe to: Posts (Atom)