So it’s nearly that time of year again..
The Connectivity Desk’s opening hours over Christmas are:
Monday 22nd December 8am-6pm.
Tuesday 23rd December 8am-6pm.
Wednesday 24th December 8am-12pm.
Thursday 25th December closed.
Friday 26th December closed.
Monday 29th December 8am-4pm.
Tuesday 30th December 8am-4pm.
Wednesday 31st December 8am-12pm.
Thursday 1st January closed.
Merry Christmas to you all and I hope you all have a peaceful break.
You may (or may not) have noticed that the HICS site now has ‘HICS Discussion’ added to the black menu bar. This is a forum that you are all welcome to use should you wish to interact with one another. Should you want to use this part of the site, you will need to sign in first. This is to avoid information being in the public domain – all registered users now need to be authorised by me.
On Thursday afternoon, we were contacted by two schools who reported that they were experiencing intermittent browsing issues through their transparent proxy. Both schools are connected to the LD5 data centre. This was subsequently logged with Updata and their engineers investigated the matter further. Updata initially believed they had fixed this by clearing the CPU usage on one of the proxy servers. However from Monday, we were once again receiving complaints of poor performance from users of this service. Towards the end of the day, Updata failed over the LD5 transparent proxy traffic to LD4 and continued their investigations whilst the transparent proxy traffic was all going through the single data centre.
This morning performance seemed worse than ever and Updata came to the conclusion that the transparent proxy network was struggling because there can only be 65,000 sessions per public IP address. The short term plan involved Updata monitoring the sessions whilst manually deleting the older cached ones. The long term plan I am told, will involve an emergency change being raised so they can increase the public IP addresses for outbound web traffic. I presume when all the transparent proxy traffic failed over to the single data centre this made a bad situation worse and LD4 schools then would also have experienced problems – although to the best of knowledge no one contacted us. Updata, who are now monitoring the sessions have since failed traffic back and the load is once again shared between LD4 and LD5.
Those of you with a good memory will remember that earlier this year, Updata increased the public IP address range on the main network for outbound web traffic. It was changed from one public IP address per data centre to five addresses. At the time, this was necessary as when the network was failed over to a single data centre, it was struggling to cope. I’ll update you further within this post how this change pans out. In the meantime, please accept out apologies for any inconvenience this may have caused. In my opinion and no doubt Updata’s too, this should have been picked up proactively. We have previously asked Updata to carry out a ‘network health check’. This is where Updata monitor ceilings and limits at different parts of the network to see if we are approaching any of them. Being perfectly honest, progress on this has stalled, but I will be emphasizing how important it is that this is carried out. Whenever we have a major service failure like this, I always ask Updata for a report consisting of what happened, what went wrong, what could be done better etc.
I have received two reports from two different schools advising me that they are experiencing intermittent browsing issues through the transparent proxy. Updata are investigating… If anyone else is having similar problems, can you please get in touch?
Restrictions have recently been put in place for when users access the Team Viewer website and it is now only available through the WF1 filtering policy. It was recently brought to my attention that a pupil was accessing their home computer through the Team Viewer web interface and this is obviously a concern as it was being used to bypass the security aspects of the HICS network. Previously, I was always led to believe that if someone from inside the network wanted to access their home machine in this manner, they had to download the client from inside the School but that doesn’t appear to be the case.
I am aware that restricting access to this will inconvenience some of you for which I do apologise, however I am of course duty bound to protect users of the network and make sure that they are sufficiently protected. Team Viewer is used as a tool for support companies and that is why we haven’t barred the website entirely and have left access on WF1. WF1 as you no doubt will be aware, is the filtering level for the more trusted user. Most schools have WF1 available to them, if you are unsure if you access to WF1 then I suggest you email the SITSS Connectivity Service Desk on firstname.lastname@example.org and they will advise accordingly. Please be aware that if it hasn’t been set up for your school, we can arrange the WF1 filtering level being made available but we will need authorisation from your head teacher. Once WF1 is available to you, it will be down to your IT Support to implement this, where appropriate in the school. Alternatively, another option is to arrange the school having their own filtering policies where these can be managed through a web based portal. Should you take up this option then theoretically you could have your own WF1/2/3 policies and make Team Viewer available on your WF3 policy (and everything would then be as it was prior to this recent restriction). If you would like to discuss any of this, please get in touch.