Transparent Proxy performance issues

On Thursday afternoon, we were contacted by two schools who reported that they were experiencing intermittent browsing issues through their transparent proxy. Both schools are connected to the LD5 data centre. This was subsequently logged with Updata and their engineers investigated the matter further. Updata initially believed they had fixed this by clearing the CPU usage on one of the proxy servers. However from Monday, we were once again receiving complaints of poor performance from users of this service. Towards the end of the day, Updata failed over the LD5 transparent proxy traffic to LD4 and continued their investigations whilst the transparent proxy traffic was all going through the single data centre.

This morning performance seemed worse than ever and Updata came to the conclusion that the transparent proxy network was struggling because there can only be 65,000 sessions per public IP address. The short term plan involved Updata monitoring the sessions whilst manually deleting the older cached ones. The long term plan I am told, will involve an emergency change being raised so they can increase the public IP addresses for outbound web traffic. I presume when all the transparent proxy traffic failed over to the single data centre this made a bad situation worse and LD4 schools then would also have experienced problems – although to the best of knowledge no one contacted us. Updata, who are now monitoring the sessions have since failed traffic back and the load is once again shared between LD4 and LD5.

Those of you with a good memory will remember that earlier this year, Updata increased the public IP address range on the main network for outbound web traffic. It was changed from one public IP address per data centre to five addresses. At the time, this was necessary as when the network was failed over to a single data centre, it was struggling to cope. I’ll update you further within this post how this change pans out. In the meantime, please accept out apologies for any inconvenience this may have caused. In my opinion and no doubt Updata’s too, this should have been picked up proactively. We have previously asked Updata to carry out a ‘network health check’. This is where Updata monitor ceilings and limits at different parts of the network to see if we are approaching any of them. Being perfectly honest, progress on this has stalled, but I will be emphasizing how important it is that this is carried out.  Whenever we have a major service failure like this, I always ask Updata for a report consisting of what happened, what went wrong, what could be done better etc.

Thanks,

Kevin Crawley

Posted in Internet access, IP Addressing, Service, Service Improvements, Transparent Proxy | 1 Comment

Transparent Proxy browsing issues?

I have received two reports from two different schools advising me that they are experiencing intermittent browsing issues through the transparent proxy. Updata are investigating… If anyone else is having similar problems, can you please get in touch?

Thanks,

Kevin Crawley
01438 844809

Posted in Uncategorized | 1 Comment

Access to Team Viewer

Restrictions have recently been put in place for when users access the Team Viewer website and it is now only available through the WF1 filtering policy. It was recently brought to my attention that a pupil was accessing their home computer through the Team Viewer web interface and this is obviously a concern as it was being used to bypass the security aspects of the HICS network. Previously, I was always led to believe that if someone from inside the network wanted to access their home machine in this manner, they had to download the client from inside the School but that doesn’t appear to be the case.

I am aware that restricting access to this will inconvenience some of you for which I do apologise, however I am of course duty bound to protect users of the network and make sure that they are sufficiently protected. Team Viewer is used as a tool for support companies and that is why we haven’t barred the website entirely and have left access on WF1. WF1 as you no doubt will be aware, is the filtering level for the more trusted user. Most schools have WF1 available to them, if you are unsure if you access to WF1 then I suggest you email the SITSS Connectivity Service Desk on sitss.internet@lea.herts.sch.uk and they will advise accordingly. Please be aware that if it hasn’t been set up for your school, we can arrange the WF1 filtering level being made available but we will need authorisation from your head teacher. Once WF1 is available to you, it will be down to your IT Support to implement this, where appropriate in the school. Alternatively, another option is to arrange the school having their own filtering policies where these can be managed through a web based portal. Should you take up this option then theoretically you could have your own WF1/2/3 policies and make Team Viewer available on your WF3 policy (and everything would then be as it was prior to this recent restriction). If you would like to discuss any of this, please get in touch.

Thanks,

Kevin Crawley

kevin.crawley@hertsforlearning.co.uk

Posted in Websites | Leave a comment

RM SMTP feed

I am hearing that schools who use RM to deliver their email are experiencing problems and my understanding is that RM’s servers have been blacklisted. Just to be clear, this isn’t anything to do with HICS but a communication may prove helpful. Schools will have to contact RM directly to discuss this and they can be contacted on 0845 404 0000.

There is a specific design for schools using RM’s SMTP service. Updata do not provide any SMTP feeds/relaying in the Hertfordshire network. There is a VPN tunnel between the Updata core and the RM SMTP servers, in which traffic between the two parties is passed. RM use the public IP range of 217.181.4.0/28 as a dedicated SMTP feed for the Hertfordshire schools, and Updata simply provide the routing of traffic between the school and RM. There is no firewalling being done by Updata on this VPN and this setup has been duplicated from the previous ISP (Virgin).

After speaking to some schools, I thought it might be an idea to clear something up. Schools do not have to use RM’s SMTP feed and they are welcome to use other providers if they wish. Microsoft offer a ‘free for schools’ service called Exchange Online Protection. Three Hertfordshire schools now use this service and as far as I am aware, they are all getting on well with this. A very helpful network manager from one of these schools has emailed me over his step by step instructions as to how he set this up – which I am happy to share with anyone if they are interested.  These instructions may need to be tailored slightly but it certainly is a very good starting point. Please get in touch if you wish to discuss any of this in more detail.

Thanks,

Kevin Crawley
kevin.crawley@hertsforlearning.co.uk

Posted in Email | Leave a comment

Slow Internet?

We have had several reports of the internet running slow today. This has been logged with Updata and they are investigating..

Posted in Service | 3 Comments