This service allows schools to deploy an Internet service for which no proxy settings are required. All access through this service will be filtered by a chosen policy with the central WF1 policy still providing the baseline level of filtering. There are no additional charges for the service except for the cost of a router where one is required (see below).
The service is deployed by using a second port on your router and a separate subnet (it will be a 10. subnet rather than a 172. subnet). This makes it ideal for deploying for wireless Internet access with school laptops and tablets. Such a service could be used by staff and students to access the Internet from their own devices, including smart phones, whilst still receiving an appropriately filtered service. It might also improve your attractiveness for evening and weekend lettings where visitors could safely use the Internet without needing access to your computers … they could bring their own.
There will be no access between this service and other devices in your school which are on your original subnet unless those devices have been deliberately set up to allow access from the Internet. This means that your main school systems will be secure from your transparent proxy users but if staff and students can access certain services from home (eg RM EasyLink or your Moodle server) then they will also be able to access them through the transparent proxy service.
The Transparent Proxy Service can have any central web filtering policy applied to it or any of your own policies (if you are signed up for either or both of the IP Level and AD Integrated local filtering). But it is one-size-fits-all … all of the users will be filtered by whichever policy you choose to have applied to the service. Some schools have asked about the possibility of staff own wireless devices and student own wireless devices being filtered by two different policies. This is also possible but you will have to request two separate Transparent Proxy Services which will then be delivered on two separate ports on two separate subnets … but you can choose a particular policy for each.
Of course this service does depend upon you having a suitable wireless infrastructure. It also requires a router for which there will be a charge if your school is currently connected without one. The router will form part of your managed connectivity service and so needs to be ordered through the Service Desk. It will be installed in series between the Updata Zhone box and your main school switch and will require rack space and power.
If you are interested in using this then please discuss it with your ICT support provider and then contact the Service Desk if you would like to proceed. You will need to tell the Service Desk:
- How big a subnet you would like to be allocated to this service. (eg /24 for 256 addresses or /23 for 512 addresses … or whatever.)
- Which central web filtering policy you would like to be applied to the service.
- Whether and by how much you would like the service to be rate limited. (See below)
Update: 9th May 2012: How do I stop my Transparent Proxy users guzzling all of my bandwidth?
Some schools have asked if it is possible to limit the amount of their total available bandwidth which is available to the Transparent Proxy Service. This seems like a perfectly reasonable request because, after all, your Transparent Proxy Service users are likely to be an unknown quantity with an unknown number of devices and an unknown demand for bandwidth. They are also possibly not your highest priority users.
The simplest solution to this is to rate limit the port through which the Transparent Proxy Service is delivered. So if you have a total bandwidth of 100 Mbps then you could limit your Transparent Proxy users to, say, 30 Mbps. They would then never have more than 30 Mbps and the rest of your users, on the regular service, would always have 70 Mbps plus whatever part of their 30 Mbps the Transparent Proxy users were not using.