edunet2000.doc

Edunet 2000 Bradford Schools Intranet and

Internet Gateway

Network Services Guide

Edunet 2000 - Network Services GuideControlled by Legend Internet Ltd - NGfL Development TeamPrinted on 4/13/2023

- 1 -

DOCUMENT HISTORY

Issue Date Commentsdraft 16-Feb-1999 Released for comments1.0 19-Feb-1999 First issued1.1 23-Feb-1999 Maintenance issue only. Web publishing section

incomplete. Released to enable early commissioning of http filters. NOT FOR GENERAL RELEASE

1.2 02-Mar-1999 Web publishing section added. Instructions for configuring Internet Explorer to use the web proxy added. Quick start guide added

1.2.1 03-Mar-1999 Corrected automatic proxy configuration details1.3 17-Mar-1999 Added manual proxy configuration details and screen

shots. Troubleshooting section added

About this documentThis document covers all aspects of the use of the Edunet200 Trusted Network and Internet Gateway as supplied by Legend Internet as part of phase 1 of the NGfL Schools Internet project.

The document Includes:

An overview of the entire schools network

Instructions for the use and administration of

Users and permissions

Internal and Internet email services

Internet content filter and database

Administration of centrally hosted school web server

Not included:

Details of the schools LAN environment as installed by Dan Networks

Details relating to the WAN environment as provided by General Telecom

Connection to the 'SIMS' administration network


- 2 -

Document History___________________________________2

About this document.................................................................2

Audience___________________________________________5

Overview___________________________________________5

Objectives.................................................................................5

Security...............................................................................5

Community & Content.........................................................6

Network Overview.....................................................................6

Email System_______________________________________8

Overview...................................................................................8

Operating Instructions...............................................................9

POP3 Mail Client...............................................................10

Local Web Client...............................................................11

Remote Web Client...........................................................11

Administrators Guide...............................................................11

Internet System____________________________________12

Overview.................................................................................12

Administration...................................................................12

Web Proxy.........................................................................12

Operating Instructions.............................................................13

Configuration.....................................................................13

Dynamic URL Entry...........................................................15


All Users............................................................................18

Administrators...................................................................20

Hints and Known Problems...............................................24

Web Publishing System_____________________________25

Overview.................................................................................25


Example Command-Line Session...........................................26Edunet 2000 - Network Services GuideControlled by Legend Internet Ltd - NGfL Development TeamPrinted on 4/13/2023

- 3 -

Appendix__________________________________________27

Quick Start..............................................................................27

Glossary..................................................................................27

Troubleshooting......................................................................28

Technical Support...................................................................29


- 4 -

AUDIENCE

This document is primarily intended for the use of NGfL Administrators, responsible for the day-to-day supervision of the Edunet2000 Trusted Network and Internet gateway.

In addition, IT department heads, teachers, school administrators and users may find the system overview and background information useful for their understanding of the operation, benefits and limitations of the schools network.

Whilst excessive and unnecessary technical detail has been largely avoided it is assumed that the reader already has some knowledge of the Internet, World Wide Web and the concept, if not experience, of email. There are now a vast number of books available that can provide a far better introduction to these subjects than can possibly be achieved here. Terms that occur frequently or are considered to be fundamental to understanding the basics of the network structure are included in the glossary.

OVERVIEW

ObjectivesThe primary objective of the Edunet Intranet/Internet system is to provide information and communication.

Security

In an ideal world we could connect each site to the other and to the Internet without any form of restriction, users of the system could browse the world wide web and visitors from outside the network would be able to view our local web sites. In practice there are various reasons why this is not always possible. Some of the content (although probably not as much as we are led to believe) may be undesirable, particularly if we are to provide unsupervised student access to the Internet. On the other hand providing open access for the entire world to visit our local network can sometimes attract unwelcome visitors in the form of hackers, crackers and vandals. The issue really becomes a question of balancing the opposing requirements of unrestricted access and absolute security, and ultimately the latter can only be achieved by pulling the plug and removing all external network access.

Our security policy is one that attempts to strike a reasonable balance between these two opposing requirements and is configurable so that it is possible to modify this policy to better reflect the needs of the majority. Currently there is just one policy option and that applies to all network users which, no doubt, some will find somewhat restrictive whilst others (not many I hope) may feel that access is too liberal.


- 5 -

The key objective here has been to develop a system that delegates the issue of acceptable content to the user (teacher not student) and is flexible enough to respond to feedback from these same users now and in the future.

Community & Content

To some, 'computer community' is an oxymoron and yet those of you that have previous experience of the Internet will no doubt agree that it is the most apt description for the kind of relationships that are facilitated by the network.

From the initial conception one key objective has been to develop a number of environments that will facilitate the foundation of communities within the schools Intranet. These operate at various levels and are aimed specifically at various groups of users but include web-based bulletin board systems, local news groups, mailing lists and email services.

Internet content is filtered using and 'allowed-list' or 'white-list' system that excludes everything except that explicitly enabled via the dynamic administration system. This administration front-end gives users the opportunity to classify Internet content as it is added to the white-list, the information from which is then used to create an index by description, subject, curriculum area, age group etc. an thus provide qualified content advice to other users. The system maintains a permanent record of who added what - which, in association with the data supplied by users in their individual profile, provides yet another opportunity to build strong community links across subject or curriculum areas. Because the users thus build this resource, teachers and students, who use it can become a true education community resource, focusing on the needs of Bradford and district schools.

Network OverviewThe design is based on what is known as a 'dynamic walled garden' - the idea is simple and exactly analogous to the horticultural variety.

Surrounding the garden is a high wall, in our case just no external connections, so that no data can flow in or out except via the secure gateway which is the firewall and web proxy/white-list server. Since we are reasonably happy that no one can escape the high wall and strong gate, no unwanted data can flow in or out, it is then reasonable to allow the inside of the garden to be almost unrestricted. Data is allowed to pass freely between schools and the central network area with little or no additional security beyond that which is included as part of each host machine.

In the event that we inadvertently grow something nasty within our walled paradise there is help at hand in the form of the gardener and a bucket of weed killer. This is the Session wall security monitor. Not only is this machine able to track and record communications between all machines on the network it also has the ability to terminate communications that determines are unwanted or a security risk.

Connection to the Internet is via an IPsec-rated firewall server that is configured to allow only data traffic between specific machines and protocols and so provides a secure transport mechanism for external emails and access to the world wide web.


- 6 -


- 7 -

EMAIL SYSTEM

OverviewThe internal email network uses a system of distributed mail servers to improve overall system performance and delegate the management of local mailboxes to the individual school level. These in turn relay any mail external to a school to the central mail server located on the main Edunet hub from where it is either forwarded to the Internet or to other schools on the network.

Mail is usually retrieved by a user from their local school mail server and read via a standard POP3 mail client such as Outlook, Outlook Express or Eudora, or via a specially developed web interface. This will allow students to collect and read their email from any web-enabled host within the walled garden. In addition we have developed a web-mail system on the central mail server that will allow users to connect via the Internet and poll their local school server for new messages. In this way roaming users will be allowed to read and reply to their email from anywhere in the world with an Internet connection.

Consider a single email created on a host at one of the school sites. As the message is 'posted' it is received by the local server which decides whether or not to deliver it locally, in the case of mail internal to the school, or forward it to the central mail server. The central mail server, which is capable of processing many thousands of emails per hour, will then attempt to deliver the message either internally, in the case of inter-school mail, or via the Internet. Should the central server have problems with delivery (typically an incorrect destination address) it will send a warning message back to the originator.

Incoming email for the ngfl.ac.uk domain is received by the central mail server and placed in an incoming mailbox maintained specifically for each school. Periodically the local school mail servers poll the central server for new messages, retrieve them and sort them according to username (i.e. the name to the left of the '@' sign).

The system supports attachments, which enable users to add other data files to the text of an email. Typically word processor documents, spreadsheets or images, but it is also possible to attach audio, video or software applications to an email.


- 8 -

Operating InstructionsThere are three primary ways of connecting to the email system as detailed below. The following table will help you decide which mechanism is most appropriate for any particular situation.

Client

Profile

Regular Host

Always use the same host to send/receive email

Any Host

Send/receive email using any available host

Client Location

Internal

Connection via a host situated within the trusted network

POP3 Mail Client Local Web Client

External

Connection via the Internet

Remote Web Client Remote Web Client


- 9 -

POP3 Mail Client

This is the most common mechanism used world wide to send and receive email using applications like Microsoft Outlook, Outlook Express and Eudora. These applications usually provide excellent support for attachments and email customisation like adding signatures, filtering incoming mail and setting auto-responders. Once email is retrieved from the server is can be stored on the local host for faster access, security and offline reading.

Because this mechanism requires a certain amount of configuration on the local host machine it is only really appropriate when the user has regular and exclusive access to a single machine (or at least a unique user profile on that machine).

Whilst there a numerous POP3 client applications available, they all require the same basic information as part of the initial configuration. The following information should be sufficient to help you configure virtually any POP3 mail client:

Mail Server (mail host, POP3 host)

This is the name of the machine that stores your incoming email. In our case this is the name of the schools email server

schoolname.ngfl.ac.uk

where schoolname is the local domain name of your school. See Mail Server Information

Username

This is the unique username that the mail server uses to identify you and your email. Provided by your local administrator.

Password

This is the secret character string that authenticates you as the user with username (above). Initially supplied by your local administrator.

Account Name

This is your name and is often used in place of your email address to identify you to recipients of your email.

Reply Address (return address)

This is your email address that is used when recipients of your email click 'reply'. This will be of the form

[email protected]

(Note the use of lowercase letters in the email address - not compulsory but traditional)

Mail Gateway (SMTP host)

This is the name of the machine that accepts your outgoing email and attempts to deliver it. In our case it is the same as the mail server (above).


- 10 -

Local Web Client

In the school environment it is unlikely that students will always be able to connect to the email system using the same host machine. In order to cope with this situation we have devised a system that uses a standard web browser (Netscape, Opera, Internet Explorer) to connect with the local school mail server. This allows users to create, send, receive and reply to email directly from there as if there was a traditional email client on their desktop.

To use the system, launch a browser and enter the URL

http://schoolname.ngfl.ac.uk


A login screen will appear which will allow you to enter username and password details as described in the 'POP3 Mail Client' section (above).

Currently this mechanism does not work across sites within the trusted network so visiting teachers or students must use the ‘Remote Web Client’ (below) to send and receive email from outside their own school network.

Remote Web Client

Occasionally, it would be useful to read email stored on the local school server when away from any hosts on the trusted network. A system is in place that will allow users with Internet access to pass through the firewall and login to a server within the walled garden that is allowed to temporarily fetch your email from your local school server account.

To use this service, open a we browser on your Internet-connected host and enter the following URL

http://www.ngfl.ac.uk/cgi-bin/checkmail.pl

(or follow the links from the home page at mail.ngfl.ac.uk)

You will be prompted for a login as with the local system, but this time you will also need to supply the name of your local school server so that the system know where to find your mail. The name of this is the same as the one used locally i.e.

schoolname.ngfl.ac.uk


Be aware that because the remote mail system requires the resources of several machines including the central mail server, school mail server and two trips through the firewall, performance is limited. At this time it is not possible to use the remote mail system to read email attachments.

Administrators GuideThe administrator manages email accounts locally at each site. Please refer to the latest Mailtraq documentation for further details.


- 11 -

http://mail.ngfl.ac.uk/cgi-bin/checkmail.pl

INTERNET SYSTEM

Overview

Administration

Internet access is currently filtered based on an 'allowed-list' of authorised web sites. Often referred to as a 'white-list' (as opposed to blacklist) access to the Internet is allowed only for those sites explicitly enabled by 'responsible users' on the system. The system delegates responsibility for the content and indexing of this list to a distributed set of users including teachers and other education staff. The term user refers to use of the administration system and not the network as a whole, and it is not a requirement nor desirable that individual students have user status on the system.

Users are added to or removed from the system at each site by the local system administrator who's responsibility it is to appoint users according to their own discretion and the requirements of the local site.

Both users and administrators are required to log on to the administration system with a unique userID and password combination that is then used to record their activities as part of the routine operation of the trusted network.

A simple search system is in place that will enable staff to search profiles on the currently authorised sites. This system may be expanded in the future to include user and schools details and facilities to edit the URL database.

Web Proxy

An additional benefit of the Internet filter/web proxy is its ability to keep (cache) a local copy of web pages that have been previously visited. This local web cache is quite extensive and will currently store up to 18Gbytes of Internet files including any audio, video or software files downloaded via a web browser or embedded HTML.

Using a web proxy system can have a substantial impact on both end-user performance and the Internet bandwidth available to the schools network as a whole. Because previously fetched data can be served immediately from the central cache rather than waiting while yet another copy is fetched over the Internet, access times are noticeably reduced and the unused Internet connection is available for other users.


- 12 -

Operating Instructions

Configuration

1. Before using the Internet system for the first time you should ensure that the computer and browser (Internet Explorer) that you are using is correctly configured to use the web proxy. Incorrect configuration may result in poor performance or even total loss of Internet connectivity.

2. From within Internet Explorer click View on the main menu followed byInternet Options. Click on the Connection tab. You should see the following screen:


- 13 -

3. In the box titled 'Proxy server'. Tick the option 'Access the Internet using a proxy server'. Tick the option 'Bypass proxy server for local (Intranet) addresses.

4. In the box enter the following Address: http://protractor.ngfl.ac.uk and Port: 3128

5. Click on the button labelled 'Advanced' and tick the option 'Use the same proxy server for all protocols'.


- 14 -

This will cause all browsers thus configured to use the proxy server at this address and send all http requests for Internet data directly to the white-list/proxy server.

Dynamic URL Entry

1. As commissioned the system will deny all traffic from the Internet, all sites will be unlisted which by definition makes them unauthorised.

2. Any attempt to access an unauthorised site will present the user with a login screen to the URL entry system and in order to proceed the user must enter their userID/password combination.


- 15 -

3. Entry of a valid userID and password will allow access to the chosen site and generate a pop-up confirmation window. At this point the site is temporarily available to all users of the Edunet system (staff and students).

Note: Once a valid userID and password are entered, the requested site should be visible in the main browser window. If this is not the case, or the window displays yet another login prompt screen, it is likely that your browser is not correctly configured to use the proxy server and you should consult your system administrator.

4. Should the site prove unsuitable for use with students then the user should immediately click the 'deny access' link in the confirmation window. Doing so will immediately deny access to the site for the whole of the


- 16 -

trusted network. If, however, the site does appear suitable then the user should click the 'allow access' link to confirm their approval of the site.

5. Allowing access to the site will present the user with an index form. This requests information about the newly authorised site which are then used by the curriculum database and search system

6. Should the user fail to confirm or deny access then the site will remain temporarily available (not more than 24 hours).

7. Adding a URL to the allowed-list also allows sub-directories below in order that images and sub-pages are immediately available. In practice this means that it is not always necessary to vet an entire site link-by-link and create entries for each individual page. Bear this in mind when creating the descriptions for the URL database and, where possible, use descriptions that could apply to the entire site.

Administrators GuideThe administration system is a password-protected area that provides additional functionality to users and administrators. These include:

Managing user profiles and personal details


- 17 -

Changing passwords

Remote email access

A secure bulletin board area to exchange news and views with other users/administrators.

A web-based news client

All Users

1. To gain access to the administration system you will need to access the NGfL staff web site

http://protractor.ngfl.ac.uk

2. Access to this web site is restricted so you will need to enter your userID and password to see the title page. Proceed past the title page (by clicking on the grid) and select the administration link in the navigation section at the left of the main page.

3. You will then be once again asked for your userID and password before you are allowed access to the administration section. Most users will then see a page with a ‘your profile’ button, chosen administrators will have more buttons which we will deal with in the Administrator section that follows.


- 18 -

http://protractor.ngfl.ac.uk/)

4. Clicking on the ‘your profile’ button will display a form with your details and three blank password boxes. If you wish to change any of your details you can amend the entries and enter your current password before clicking the ‘make changes’ button that will update your profile and return you to the main administration page. To change your password you will need to enter your new password into the two boxes provided as well as your old password in the first box then click ‘make changes’. Your new password is required twice because the content of password boxes is hidden and the second entry is to protect against typing errors. You can make changes to your profile as often as you wish and you are advised to change your password regularly or in the event that it might have been discovered.


- 19 -

5. Currently your user details are used to track your use of the system but they may be made available to other staff throughout the Edunet system in the future. For example sites you have authorised using the URL entry system may have your details displayed with them in the search system so like-minded teachers can easily contact you. Bear this in mind when considering whether to put (and what to put as) contact details. Also note that the system ‘knows’ which school you are at and will have contact details for the school.

6. After using the administration system you should close the browser program you are using. Leaving it running will allow limited access to the administration system to anybody who uses the computer after you.

Administrators

Important tasks you must undertake on first using the system - don’t worry, they are straightforward and fairly intuitive.


- 20 -

1. When you first use the system you must enter your name and contact details in ‘your profile’. Also you should enter details for your school in the ‘school profile’ section. Don’t worry if you don’t have all the information to hand just complete as much as you can now and collect the remaining information to enter later. If you have taken over from another administrator, you may find your school profile is complete and up to date. But check it just to make sure.

2. You can gain access to the administration system using the method detailed for All Staff. However you will have more options when you arrive there. In addition to the ‘your profile’ button you will have ‘school profile’, ‘add a teacher’ and ‘delete teachers’ buttons. Editing ‘your profile’ is the same as for all staff so consult the All Staff section for more details.

3. To edit your school profile click on the ‘school profile’ button. A form will be displayed for you to enter information about your school into. Any currently known information will be displayed. If you are the first administrator your school has had then all the information will be blank except the pupil and staff numbers that will be set to 0. Enter all the information you can into the form and make a note to complete any unknown information at a later date. Click ‘make changes’ to update the information and take you back to the main administration page.


- 21 -

4. To enable a member of staff at your school to use the system and authorise sites you will need to add them to the system. Clicking on ‘add a teacher’ from the main administration page will allow you to do just that. You will be presented with a form that will request from you the staff


- 22 -

member's userID, password and name. You can also enter contact details and subject teach if appropriate. These details are not required and the user may wish to enter these themselves (which they can do through their ‘your profile’ option). Click ‘add’ to add the user and return to the main administration page.

5. You can allocate userID's and passwords as you see fit. Both userID's and passwords can be a combination of up to 12 letters or numbers.

6. A userID has to be unique so you may occasionally find you cannot add a particular userID because it is already in use (at another school perhaps). If this happens you will have to go back and enter a different userID

7. If a member of staff leaves, or a user forgets their password you will need to remove them from the system (and add them again in the case of a forgotten password). Click ‘delete teachers’ to accomplish this. You will be


- 23 -

presented with a table of all the teachers at your school (their userID's and names) each with a checkbox next to them. Selecting the checkbox next to the teacher(s) you want to remove and clicking ‘delete’ will remove them from the system and return you to the administration main page. In fact the teacher’s details remain on the system for future reference but they lose any authority i.e. they can’t authorise new sites or change details in the administration system. This means that their userID can not be reused so in the event of a forgotten password a new userID will need to be issued.

Hints and Known Problems

You hold the key to creating a really useful community-based information resource. Each time a new URL is vetted and added to the allowed-list you are given an opportunity to categorise the site that you have just reviewed. It is possible to click, click and away to the next location without adding a description or selecting a relevant curriculum area etc. It is in your own interest to take the time to add the best possible description to sites you add to the system. That way not only will you be able to recognise sites with good information that you have previously visited but other users on the network can benefit from your review.

To prevent the task of adding URL's from becoming too onerous and to improve the readability of web pages, it has been necessary to design the system in such a way that there is a small possibility of allowing access to unwanted material. Adding a URL to the white-list allows access to the entire directory in which the page resides (in order to allow embedded images, sounds, icons etc) and all sub-directories below it. Please bear this in mind when authorising sites, and try to avoid authorising generic sites that then sub-let web space to third parties. A good example is http://www.geocities.com which host thousands of 'free' web sites as sub-directories under the www.geocities.com FQDN, some of which are of a


- 24 -

dubious nature. Better to allow specific access to the site of interest such as http://www.geocities.com/websites/niceuser/index.html

Occasionally a page that you request will contain embedded hyperlinks to data or images held on other servers. This is very common on search engines and other high-traffic sites that effectively sell their popularity to banner advertisers. Unless the related site is already in the allowed-list (unlikely) the resulting display will include embedded 'Access Request' forms as generated by the white-list system. Although the display might look a little peculiar it is just a feature of the system and nothing to be alarmed about. If the embedded hyperlink contains an image or other data that you would like to be displayed then it is necessary to visit this site directly and add this to the allowed-list.

WEB PUBLISHING SYSTEM

OverviewThis system allows individual schools to publish html documents, video, graphic, audio and software files on the Intranet and Internet. Individual sites are allocated space on a central network server that has http access through the firewall enabled. Web sites hosted on this server are available both inside the walled garden and externally from the Internet.

Administrators GuideWhilst web content development and testing can be performed locally by virtually any authorised user, only the administrator has the necessary access permissions to publish on the central web publishing system.

Publishing documents on the Intranet/Internet is quite straightforward and is accomplished in the usual way using FTP (File Transfer Protocol) by following these simple steps:

1. Launch your preferred FTP client application. A basic command-line driven FTP client is included as part of the Windows operating system although it can be quite difficult and cumbersome to use and better alternatives are readily available. My personal preference is Cute FTP, which can be obtained via the web from http://www.legend.co.uk/software.html and installed on a machine you designate for the purpose of web publishing. Just in case you are in a rush or don’t feel happy about installing external applications there is an example command-line session at the end of this section

2. Make an FTP connection to your school web server account using the following details:

Host

www.schoolname.ngfl.ac.uk


- 25 -

http://www.legend.co.uk/~neilw/software/#ftp


Username

Local school mail server username.

Password

Local school mail server password (known only to the local site administrator).

3. Upload html document files to the directory named ‘htdocs’. The root document must be named ‘index.html’ (or index.htm). The directory named ‘logs’ is reserved for the temporary storage of server access logs, which can be enabled on request.

4. Close the FTP connection and test the newly loaded pages

Example Command-Line SessionThe following is an example command-line FTP session during which the file 'index.html' is copied from c:\documents\web\schoolsite (on the local machine) to www.oakdale.ngfl.ac.uk/index.html (on the central web server). The commands, typed within a DOS window on the local machine, are highlighted in red.

As you can see, it's not pretty and I would earnestly recommend the use of a windows-based FTP client like 'Cute FTP' in preference.

C:\documents\web\schoolsite> ftp www.oakdale.ngfl.ac.ukConnected to alphabet.ngfl.ac.uk.220 ProFTPD 1.2.0pre1 Server (Tangent) [tangent.ngfl.ac.uk]Name (www.oakdale.ngfl.ac.uk:nigelw): oakdale331 Password required for oakdale.Password:*****230 User oakdale logged in.Remote system type is UNIX.Using binary mode to transfer files.ftp> cd htdocs250 CWD command successful.ftp> put index.html150 Opening BINARY mode data connection for index.html (2701 bytes).226 Transfer complete.2735 bytes received in 0.0846 secs (32 Kbytes/sec)ftp> ls150 Opening ASCII mode data connection for file listtotal 0drwxr-xr-x 3 oakdale oakdale 1024 Jan 16 10:15 .drwxr-xr-x 4 oakdale oakdale 1024 Dec 23 15:25 ..drwxr-xr-x 2 oakdale oakdale 1024 Jan 16 10:15 images-rw-r--r-- 1 oakdale oakdale 2701 Jan 16 10:15 index.html


- 26 -

226 Transfer complete.ftp> bye221 Goodbye.

APPENDIX

Quick StartThe following information will be useful when adding new hosts to the network or re-configuring existing hosts whose configurations have been lost or corrupted.

DNS Servers 10.0.16.1

10.0.31.253

Web Proxy http://protractor.ngfl.ac.uk Port:3128

Bypass proxy server for local (Intranet) addresses

Mail Server Local - schoolname.ngfl.ac.uk

Central - mail.ngfl.ac.uk

Web Server School site - www.schoolname.ngfl.ac.uk

Central site - www.ngfl.ac.uk

News news.ngfl.ac.uk

Internet Administration http://protractor.ngfl.ac.uk

GlossaryDNS

The Domain Name System (DNS) is a distributed, hierarchical database whose primary function is to map user-readable domain names like "ryan.ngfl.ac.uk" into numerical IP address like 10.211.57.180.

FTP

File Transfer Protocol. The internet protocol used to provide a reliable transport mechanism for the transfer of data files between hosts.

FQDN

Fully Qualified Domain Name. This is the name of a host specified by its entire DNS name including all domain information back to the root. Thus the FQDN of a host named bilbo in the hobbit.books.com domain would be bilbo.hobbit.books.com.

Firewall

A network node set up as a boundary to prevent traffic from one segment of a network from crossing over to the other. Often used for security purposes when connecting sensitive networks to the Internet

Intranet


- 27 -

http://www.ngfl.ac.uk/

http://protractor.ngfl.ac.uk/

Commonly used to describe a mini-Internet whose use is confined to a single organisation or group of organisations protected by a firewall

IP Address

Every host on the Internet or any other TCP/IP network has a unique numeric address, the IP address. An IP address is a 32-bit number, usually written in "dotted-quad" form as four 8-bit decimal numbers (0-255) separated by dots e.g. 10.123.82.254.

The schools network uses a reserved 'private' network i.e. a network with a number range reserved for use on networks not directly connected to the Internet. Using 'net 10' addresses of the form 10.x.x.x for addressing hosts on the internal network allows us to create a large internal address space without reference to a third party for permission. A technique known as IP Masquerading or Network Address Translation allows us to transparently connect the entire schools network to the Internet via a secure firewall.

LAN

Local Area Network. A communications network made up of servers, workstations, a network operating system and a communications link that within a confined geographical area. In our case the local school network.

URL

Uniform Resource Locator. The standard address of a location on the Internet. For example: http://www.ngfl.ac.uk

WAN

Wide Area Network. An implementation of many site-oriented LAN's into a large internetworked system. In our case the entire Bradford Schools secure network.

TroubleshootingIt is inevitable that from time to time such a large and complicated network will experience some kind of failure. In order to identify when a failure has occurred, to isolate and rectify the fault as quickly as possible it is helpful to analyse the problem in a systematic manner. This short section aims to provide a few basic pointers and tools that should help locate the source of any problem and determine who is best able to rectify it.

The golden rule when performing network diagnostics of any kind is to start by checking things close to home before suspecting problems further afield. In this case start by testing the local school network, then the wider secure schools network and finally the Internet.

Symptom Test Possible Cause Action

Cannot connect to local school mail server

Is this is the only client machine on the LAN experiencing problems?

Yes - Problem with client machine

Check network configuration

Check proxy server configuration

No - Network or server Check network components and


- 28 -

http://www.ngfl.ac.uk/

problem connectivity

Check mail server status and restart if necessary

Local email functioning correctly but Internet mail is neither sent nor received

Is it possible to use the central web mail system at http://www.ngfl.ac.uk/cgi-bin/checkmail.pl

Yes - Local mail server configuration problem

Check local mail server configuration

No - Connection to the core network down or central mail server down

Check connectivity and central mail server status at http://www.ngfl.ac.uk/chk

No web access Is http://www.ngfl.ac.uk visible?

Yes - Proxy server or Internet gateway problem

Check Internet status using http://www.ngfl.ac.uk/chk

No - Connection to the core network down or bad browser configuration

Perform local email system test

Does the local email system work?

Yes - Connection to the core network down or proxy server down

If possible check proxy server status using http://www.ngfl.ac.uk/chk

Otherwise report WAN connection down

No - Bad client network connection or browser configuration problem

Check network configuration

Check proxy server configuration

Does http://www.ngfl.ac.uk/chk report all systems ok?

Yes - Remote web site down or moved location

Try again in a few hours time

No - Reports that some Internet sites are unavailable

Internet connection problem. Try again in a few minutes time

Technical SupportThe initial point of contact for all support issues relating to the Edunet schools network is the network support team who will co-ordinate support efforts and, where necessary, forward inquiries to the relevant external organisation.

If possible all support inquiries should be made initially via email

Edunet

Email: [email protected]

Telephone: 01274 751232

Contact: David James; Angie Smith

Legend Internet

For problems relating to the trusted network, Internet content issues, email delivery and the management of 'administrator' user accounts that have been previously logged with the Edunet support team.

Email: [email protected]


- 29 -

mailto:[email protected]




Documents

edunet2000.doc