Building a school network from the ground up

The Spyder

2[H]4U
Joined
Jun 18, 2002
Messages
2,628
Well, my job search has been fruitless as of late, despite that I have been applying for dozens of jobs. Thankfully my father put me in touch with my old high school principal who is starting a new private high school just blocks away from the university my father works at. He needs a IT Director/IT person and got in contact with me. I trained the IT director at my high school (yes trained, he barely could use outlook...) My old principal always liked me and seems to be very interested in getting me up here in the next months.

The school is temporarily (<5yrs) going to be located in a fire house/training facility. There is no existing network. The school will be ran off Powerschool, each classroom will have smart boards, students will have netbooks, and each classroom needs a projector. Initial count is for 12 class rooms, 100 students. This is a ground up, buy everything- racks, wiring, network, servers, desktops, software, ect. The equipment will reach EOL before the new building is done and we are on a budget. Mostlikly a Dell/HP house, Cisco/HP/Dell networking, and Microsoft everything.

As I am in the initial stages of this and being brought on to help design, implement, and support the system, I want to plan EVERYTHING out that I can. I figure this will be a fun project, I will post updates and look forwards to feed back from people here.
Wish me luck... I am going to need it! :D:cool:
 
Congratulations, this will probably be a life changing experience for you. Also, I just got a mazda 3 hatch, saw your sig, had to be said.
 
sounds awsome! a new network from the bottom up is always fun! pics when you get em!
 
sweet dude! But seriously... DETAILS!!!! how many users? What kind of traffic? Mcast video perhaps? Is this pretty much open to your suggestions?

Ill be watching this one. Besides myself I can think of about 4 other guys on this forum that are people extremely familiar with Cisco technology and a slew of others that know the applications that ride on top of the network... utilize away ;-)....
 
Here is what I can tell ya...

Ed. Tech Stuff--

Smartboards are a thing of the past now a'days--they pin the teacher to the front of the room, there are alot better alternatives you should look at, popular ones are Qomo Pads, eInstruction's InterWrite pads. If you are going to go with a Smartboard Promethian and InterWrite's boards are the leading...Don't get a Panasonic Panaboard, they are very clunky and have tons of features a school would never use.

Projectors--Stick with DLP, TI has a good site somewhere that documents how LCD pj's don't last in classrooms. They look like crap after a few years from the LCD panel yellowing. If you decide to go LCD by chance don't sway from Epson
Either way look for network connectivity so you don't have to give the teachers another remote to lose, they can turn the pj on and off with an app.
For the wiring I would recommend RapidRun cabling but your only going to be there for a short time so it may not be worth the extra cost.

Sound Field Enhancement--
This has been gaining traction alot--kids may have difficulty hearing the teacher and never want to say anything and get singled out. You will need a strong administration to pressure the teachers into using this daily otherwise it will simply replace their PC speakers. Audio Enhancement and CompuTrac both offer great solutions here.

Document Cameras--
Gone are the days of overhead projectors. Alot of stuff is powerpoint these days but some teachers still want to use a transparency or something similar which is where these come in Lumens and Elmo are your two brands to stick too.
IT Stuff--

Lots to cover here, but i'll stick to the stuff you need to keep inmind being that it's a school.

Content Filtering, a squid proxy with dansguardian works great I have personally deployed a number of boxes running ClarkConnect to do this. I have them get the paid version simply because it adds a few extras I didn't want to have to deal with -- automatic updates to the filter, and other stuffs. You can do your research here. If you use E-Rate for any Telecoms/Connectivity one of the fed. requirements is to have a filtering solution in place.

For the size of that school there is absolutely no need for a T1--you can get one of you wish but I've seen a ton of schools run off a DSL or Cable business connection just fine, your only sacrificing reliability--a few days out of the year there will be no internet boohoo, very few schools that small can foot the bill for a T1 for data. If money is no object go for it.

Wireless AP's I like 3Com's managed access points, very slick stuff, if you have cash Cisco's offerings are better but obviously more costly.

If you are putting pc's in place for the students apart from netbooks you need deepfreeze or very strict AD GP.

If your handing the kids netbooks you need Classroom Management software--something like CrossTec SchoolVue to let your teachers monitor what they are doing on them during class.

Too much typing...if you have specific questions about that stuff lmk I have tons of exp with this stuff.
 
Wow, sounds like a fun project! I do a lot of work with schools so if you need any insight on something feel free to ask. Working on a WiSM at a school district later on this morning, in fact. :D

Since its a school you should be able to negotiate some decent pricing on Cisco gear, just start hollering at your local Cisco rep and tell him you're looking at Xirrus wireless and Avaya phones. :D

You'll be REQUIRED to have some sort of CIPA filter in place to protect the kiddes from pr0n. I highly recommend Astaro Web Gateway for this. You can buy an appliance or install on your own hardware. You can even run it, supported, it VMware for HA. Fully integrates with AD so you can set different policies for teachers, students, IT, etc.
 
You've got a lot of work ahead of you but it is fun. There are a lot of us that have experience doing this, so just ask.

At my current job I rebuilt the network from the ground up (400 student boarding school) over the past few years. When I started, everything was EOL and there was not enough coverage. I ripped out all of the Cisco and replaced it with HP ProCurve, one of the best decisions I ever made; so give HP a good hard look.

Personally I am just starting another project like this. We just bought another campus and are leasing it to an elementary STEM Charter school. Right now I am dealing with the joys of trying to get about a mile of fiber run between campuses before the start of THIS school year. Then that campus only has a token ring network. I have to go from nothing to 100% wireless coverage in 4 weeks. It shall be fun. :D

What is the schools focus and age range? For example a STEM school has completely different requirements and needs then a standard school. Also is this private, Charter, etc? We as a private school don't have to follow all the regulations that the public and Charter schools do. So what you are required to have, vs what you can get by with is completely different. For example like Captain Colonoscopy said, you will need a CIPA filter IF you are a Charter or public school. Working at a private school, we are not required to have a filter and take a different approach.

One thing that I have learned is that you can never have enough Internet. We have a 45mb Fiber connection and that thing is running at 100% load most of the day with HTTP traffic. Fiber is relatively cheap these days and the commitment is usually only 3 years to get it run to the site.
 
I design these sorts of things (school networks) everyday, and implement at least one every few months.

Most basic design's are as follows:

Core: Cisco 45xx-E with single or redundant Sup6-E's (generally with a x4624-sfp and a x4548-gb-rj45 line cards)
Distribution/Edge: L2 2960's, L3 3560's
Wireless: 1142n for in ceiling or 1252n for remote antenna's
Wireless Controller: 4402 for <100ap's 4404 for >100ap's

Very basic design, but it really depends on the size and needs of the school. The ones that I've done in similar size seem to vary quite a bit. Some use modular chassis for expandability (4507) and others get away with a stand alone fiber switch (3750g-12s).

Really need to know how many closets (TR's or IDF's) and how many ports per closet. This will help determine how many switches and what type of switches.

EDIT: I should mention I work for a Cisco Partner, so every part# I mentioned is a Cisco part.
 
Last edited:
You dropped into a great position! Most of us here would consider this a dream job to get a chance to setup an entire network from the ground up, and then manage it.

Although this is chartered as a temporary setup, be very conscious that there is great real-world potential for this to become much more permanent and it may need to last for 10 years. Make sure you implement a life-cycle replacement schedule for the hardware which will indicate that if they continue to use the location beyond the anticipated 5 years that equipment will need to be upgraded, replaced, and budgeted for / considered when they decided what to do at the 5 year mark.

Cut costs where you can by purchasing used Cisco equipment from resellers ... make sure that any of your 'core' layer is smartnet eligible and have a tight replacement plan if the teaching is going to be very dependent on the technology. At the university where I work the attitude is 'we can still teach without computers/network" however, we are not doing near the number of smart classroom technologies.

Pull physical ethernet everywhere you possibly can, and get as much of it to terminate back at your core switch as you can. Try to stay under a 24:1 bandwidth ratio (less than 24 gig ports per 1 gig uplink back to the core). Physical ethernet is much more reliable than wireless, so use it for the smart boards, projectors, and pretty much everywhere possible. Pull more than you think you will need because it is much easier than adding it later. Leave service loops in all of the cable pulls at both ends to allow for flexibility / future proofing.

Bandwidth - Depending on your dependence on getting to the outside world, consider business grade cable / DSL (ideally both). A private line would be best, but explore other options such as an ICN network or Metro-E ring you can tap onto.

Wireless: 100 users over 12 classrooms ~ 8 people / AP is really minimal. I would suggest a wireless controller, but something smaller such as a 2112 for up to 25 APs or a 3750 switch with integrated wireless controller. Put an AP in each class room, and common / high density areas. More if you plan to support voice. At a minimum deploy AG wireless, N if you can afford it or need streaming media / VOIP on the wireless.

Servers - If you have the chance, start off virtual, and stay virtual for everything. Hit me up if you want more info on the virtual route.

Core switch - I like the 45xx-E for this situation as well. Access / Distribution - I think you could collapse everything back to the core with a small setup, otherwise 2960's are good switches.

Edit: curious, where is this taking place?
 
See, already some excellent suggestions from a few of the guys I was talking about :D

Ill throw in my .02 though most of my experience has been from designing hotel networks and now doing incremental service provider technology integrations.

I want to echo what archival said, develop a lifecycle but NOT only for hardware for the entire project. This is a very important step in making this project run much more smoothly. Before you sit down and consider any equipment/uses/users you have to make some good educated guesses:
What kind of traffic will be going over the network(Voice, video, data, etc..)
Which traffic must be secure?(encrypted)
How much traffic will traverse the core?
How many total users?
Which points of the network will be the most congested?
Where are your bottlenecks and choke-points?
Where are your points of failure?
How will you be dealing with the network congestion?
How will you be dealing with those areas of failure and which HA mechanisms?
What kind of filtering?
Physical or virtual servers? This will relate to what kind of traffic you're going to see on the network
Whats going to be at your SP edge? What SP?


There are so many more I could go on for awhile so Ill try and elaborate. Estimate the kind of traffic.. video and voice will obviously account for more than sending files as well as be much more brittle(UDP). Create yourself a ports and protocols list for ALL applications that you intend to see on the network, this will also aid in your construction of both written security policy as well as router/firewall ACL's.

Over-estimate the overall bandwidth that you will see in the core, you want something(router or switch) that will be able to handle the load accordingly and still be scaleable.

Archival mentioned creating a collapsed core, great idea and more bandwidth friendly but generally limited to single building deployments. Doing home runs might not be an option, and if so go with the traditional three layer design(core, distribution and access). The following should be implemented at each(general):

Core - Nothing for the most part, switch packets as quickly as possible. CoPP if you're peering all over the place or want to protect your core(you should want to). Routing protocols.
Distribution - QoS mainly, ACL's, aggregate vlans
Access - ACL's, port-security, VLANs(private), storm controls, general protection for your end users.

Identifying your congestion points will be absolutely crucial as you will need to allocate more bandwidth for those areas. Consider implementing security encalves to identify these areas as well(usually VLAN's will suffice for this) including consideration for more uplinks into the distribution layer where you can perform more QoS. This leads me to:

You're going to want to keep your overall PORT oversubscription to under 15:1 in all cases but it will vary. The areas in the network should be broken down into modules so controlling the port oversubscription will be easy and straightforward. Ex.

Fabric(people generally call it the switch backplane) oversubscription should never be more than 2:1 in any case..storage is going to be a bit different than IP so thats what I like to stick to. If you have a blocking switch and you're too oversubscribed then you're network is going to come to a hault. Try to keep fabric oversubscription to a minimum for links facing the core(the aggregration to core links), this is also extremely important and something lightworker will notice very shortly as his network load increases ;-)

Students and teachers module: 13:1 oversubscribtion( 13 gig ports per 1gig uplink to the distribution)

Datacenter module : 4:1 oversubscription as these services will be used more often by MORE people. Again, this comes back to estimation of bandwidth.

for the server aspect:

HA is also extremely important, from more than just a network standpoint... build out your servers in clusters always with multiple uplinks into the access layer. If you're considering virtualization(which you should) you can do this very easily.

Since this is from the ground up, UTILIZE THIN CLIENTS I cant beging to tell you how often these are not used and how simple it really is. Host all your student machines on a large HA vmcluster and revert to a snapshot every morning.

Ive been typing for awhile, so im going to stop... theres SO much to consider when doing this. I think you're in a great position to learn a lot...Remember, approach this with a PROJECT lifecycle and in modules.

Post up more information so we can help you along and give you suggestions. A lot of equipment decisions are based off of the little factors that aren't so little :D

my head hurts... lol :p
 
Last edited:
I just moved my district to Business FIOS through a Verizon reseller in our area, and it is the best thing we've ever done. Each building has 50 down 20 up with VPNs running over Cisco ASAs to connect them to each other, and its costing us only $250 per building per month (which includes extra IPs). Ditch the Verizon router they supply you and plug an ASA directly into the ONT.

The biggest advice I can give you is pretty basic - do things right the first time, or you'll end up hating yourself down the road. Every time I work on the first rack I ever built, I want to spend a day rewiring it. Read up on best practices - they exist for a reason. And if you're the only person doing this, automate as much as possible. Group Policy Preferences (well, it was Policy Maker when I started using it) saved my life. Build a good system image (use Windows 7 so you can have a nice universal image and don't have to juggle an image for each HAL) so you don't have to troubleshoot as much - if someone screws up a computer, wipe it and it is good as new. Use folder redirection or roaming profiles (I prefer redirection) so that nothing is permanently stored in local profiles. Do offsite backups (I back up each of our buildings to the other building).

Thats it for now, I'm interested to read more - you're where I was at 5 years ago when I walked into this place and found 3 separate Netware servers running 3 different networks, one of which was running on a box with a striped RAID with no backups. Starting from scratch is pretty fun as long as you don't get overwhelmed.
 
Wireless: 1142n for in ceiling or 1252n for remote antenna's
Wireless Controller: 4402 for <100ap's 4404 for >100ap's

EDIT: I should mention I work for a Cisco Partner, so every part# I mentioned is a Cisco part.

For what it's worth I would like to add my two cents about the wireless.

I've installed both 1142 and the 1252's and for the cost difference I don't mind the 1142 if you can deal with not having the external antenna's. I would also have to say that the wireless lan controller is a must for simplicity of management of multiple aps.

I subscribed to this thread. Pics will be a must ;). You have my dream job right now. I can setup a network in my lab, but I would die to see it in production.


Edit:

xphil3 said:
Since this is from the ground up, UTILIZE THIN CLIENTS I cant beging to tell you how often these are not used and how simple it really is. Host all your student machines on a large HA vmcluster and revert to a snapshot every morning.

Look into using something like 2x Thin Client Server. We are looking into virtualizing a desktop per person and then the 2x Thin Client server actually will do a couple of things.. We can do one to one mapping of the user to the virtual pc (so a ceo or someone important gets the same desktop everytime) or set them up in a resource pool and will pick them a desktop in the order of login. Really pretty slick setup all though we still have a couple of items left to iron out it might very well be a good idea to at least investigate it.
 
Last edited:
Subscribed.

I'm studying for my CCNA and I'm actually interested in doing just this sort of thing once I'm certified.

I went to a private school in middle school and since the school was cheap and they couldn't stop me winning science fairs (they ended up having to exempt me :p) they put me in charge of setting up a computer lab.

So I set up my first network, a small computer lab for the students when I was 12 (13 years ago now).

I've kept in touch with the school administrator / owner / principal, and as one of my co-workers left my office last year to work in that school, I've heard that they could use someone to upgrade their network.

I will be following this thread with great interest!
 
Wow, thanks for the great response guys, I havent had a chance to read everything but I will.

Some notes- I am just getting in to this project. Opensource+ OpenDNS= Portland Public Schools filtering and I think I will look in to the same thing for here. Users will be Number of Students + 50 faculty/staff. VMWARE will be my best friend and thin clients were a thought today for library/classroom/lab systems.

I spoke to one of the board members today regarding their technology plan. Technology is a HUGE draw for this school and they will spare no expense to keep it top of the line.

I cant wait... :evil:
 
Be careful, if technology is a huge draw, people often want to bring in technologies that are not manageable. Be sure to stand firm that anything implemented must be centrally managed and secure. Too many places buying Apple products without knowing how to integrate them into the present environment etc. I'm running into this right now. Sometimes the newest and "flashy" products aren't the best choice.
 
Once you've planned it all out, let's see a network diagram. I want to see how a network like this is properly designed, based on what xphil3 said.

Good luck with this project, keep us updated.

(subscribed) ;)
 
...Technology is a HUGE draw for this school and they will spare no expense to keep it top of the line...

Be careful, if technology is a huge draw, people often want to bring in technologies that are not manageable. Be sure to stand firm that anything implemented must be centrally managed and secure. Too many places buying Apple products without knowing how to integrate them into the present environment etc. I'm running into this right now. Sometimes the newest and "flashy" products aren't the best choice.

While Berg0 has a point, I still think The Spyder is a lucky S.O.B.
 
Wow, thanks for the great response guys, I havent had a chance to read everything but I will.

Some notes- I am just getting in to this project. Opensource+ OpenDNS= Portland Public Schools filtering and I think I will look in to the same thing for here. Users will be Number of Students + 50 faculty/staff. VMWARE will be my best friend and thin clients were a thought today for library/classroom/lab systems.

I spoke to one of the board members today regarding their technology plan. Technology is a HUGE draw for this school and they will spare no expense to keep it top of the line.

I cant wait... :evil:

Be sure to only get as much technology as the school is willing to pay to support. My current school had a 1 to 1 laptop program. Threw tons of money at it and got great computers, then didn't hire enough people to support them. After 5 years of that it failed completely. Great idea, bad execution.

Another vote for thin clients. I am running them all over the school. Use them where you can, but recognize their limitations and don't try to over extend them. The best thing I find about thin clients is the ease of support. We use cheap WYSe terminals. If one has problems I literally just throw it out and grab a new one from the stack I have in one of my storage rooms.
 
I havent read through all the pages on this post but may I suggest Tech Soup. I have had many clients that were non profit orgs and benefited from this greatly, You cant beat paying 300 or so odd bucks for a cisco ASA 5510 versus paying the retail 2-3 grand. Also software is super cheap and you can get Server 2003/2008 and CAL licenses for super cheap.
 
Just gonna throw this in here, I would have much preferred my high school using business class fios as opposed to the DSL and later comcast they used. Both the DSL and Cable would go down on the weekly basis, the DSL was ungodly slow and both were just as expensive as the fios alternative. Most schools are on main roads that should have fios if it is installed in the given area.
 
We have a fiber connection that goes from most schools to strategic hub sites. The hub sites create a semi redundant fiber ring. But I also work for one of the larger school districts in the country.
 
another vote on the thin clients. We work with serveral school districts around the country and the IT desktop admins love them on a Citrix or VMware View platform.

My only other suggestion to add would be to set up a "team" of manufacturer reps and engineers to design the environment for you. This is what they do day in day out. They know all the current hardware and see hundreds of different environments in a month. They quickly learn what works with their gear and what doesn't.

We often set up roundtable planning meetings for our clients with HP and Dell at the same meeting. This breeds some friendly competition between the manufacturers and gets you the best price and product in the end.

Let me know if you need help setting that up in your area. We do it all the time for our clients.
 
Quick Update and Good News!

The building lease was signed for 10 years. My first planning meeting is in a week and a half. Waiting on some numbers, but we are looking at initially 100 students/50 faculty and staff. The system needs to scale to 300 students and 100 faculty/staff over 5 years.

I will update more tonight, thanks for all the suggestions and offers guys! Once this gets started- I am going to need all the help I can get!
 
Got the actual numbers today!

Starting in Fall of 2010, we will be starting with 50 students and 20 staff. The school will grow 50-60 students a year to 250-300 students. Teacher to student ratio is 20:1. This is going to be fun :).
 
Not a very exciting update but I got the drawing for the renovations to the building so I can start planning ports, locations, and AP points. Its a 10-12" thick cement walled building. Darn it. Looks like multiple AP's every 60ft, haha!

Had my first in person interview today. It went well. The formal hiring wont be until this spring, but I was told to start house hunting in the area.
 
I ripped out all of the Cisco and replaced it with HP ProCurve, one of the best decisions I ever made; so give HP a good hard look.


Of all my years in networking and being on this forum and others, this could be the dumbest thing I've ever seen written.

Are you kidding me? You must have 0 clue about anything. Thankfully, when I took over at my current position, I ripped out the Pro-Curves and put Cisco in.

:confused:

Baffling advice my friend.
 
I don't think I'd rip out existing equipment just to replace it with my vendor of choice, but I do have to say that HP's offering is compelling. The feature set is similar, the warranty and post-purchase support is free and better than Cisco's, they cost less, and they're generally well regarded and reliable pieces of kit. Unless you need the high-end Cisco features or want Cisco at the core and a homogenous network, I don't see why you'd pay the premium so you can also pay a Cisco tax every year.

I mean, you'd be an idiot to rip out an existing install for no other reason than to replace it with a different vendor's gear (as long as it's not DLink or something), but I wouldn't chastise someone for choosing or recommending a different vendor.
 
Back
Top