Hi Everyone,
First let me tell you a bit about me and my company, (well I wish it was my company, unfortunately I am but a humble employee who loves their job), I work for a large IT company in N.Ireland and we supply IT services (Hardware, software, support, security you name it, we do it) to every School in N.Ireland as well as some schools in England. My role is as a Solutions Development and Implementation specialist. (Sounds fancy, but i'm really only learning!)
Anyway more about Symantec's role in our organisation. As you can imagine securing a managed network which supports one of the largest ADs in Europe is no mean feat in itself, however what happens when unruly pupils (Sorry about my generalisation! i myself was once an unruly pupil and somewhat expect every school going teenager to be just like me, which i'm sure isn't the case) bring Linux, MAC and Windows based notebooks and netbooks to school, fully loaded with malware, filesharing tools, 1337 haxing tools (Sorry just trying to get down with the language of kids these days) and undesirables and let them unlesh these evil devices onto the network?
"Tell them to keep their devices at home and off my network!" was my response. Unfortunately this didn't go down too well at all.
Now i've finished my ranting and blatent stereotyping of the youth of today, I will tell you what we did.
We researched, investigated, held meeting after meeting to see what we could do to allow integration of unmanaged and potentially dangerous devices onto our managed network. Having already had a SEP 11 infrastructure in place it soon became clear the smartest, and most obvious route to take was to employ SNAC, and we did this in two ways, and for reasons which I will explain.
As our clients are educational institutions it was clear cost was always going to be a contributing factor. Ideally having a 6100 Enforcer appliance in each school would have been ideal, however this was not feasible in the 1000+ school networks which we needed to secure. Symantec helped us by suggesting the use of Symantec NAC for Microsoft DHCP servers which could be installed on each DHCP server, drastically reducing costs. AH I hear you say, but what about all those Linux devices and Mac Devices (Everyone knows all the coolest people use Macs, well that's what my web designer brother tells me anyway). With our current infrasctucture it was explained, by Symantec, we could have one centrally located Enforcer appliance to handle Macs and Linux devices. And that we did.
Problem Solved!
Now we have the potential for some seriously happy kids, who can bring their latest devices to schools all across the country, they can access their work stored on our managed networks and during our pilot schemes to 2 schools, teachers have told us this has already produced more productive classes, all the while our network and security team are happy as they can now monitor what was once a rogue device which caused panic, and can restrict what pupils can do on our network while not having to make any changes to the pupils devices.
We have implemented all this with no down time on our machines and no disruptions to any of the schools we have piloted.
All along this design and implementation we have had constant support from Symantec. Top notch quality service, without sounding too much like an advertisement, I am genuinely thrilled to see this work. It shows a complete shift in the learning environment and SNAC makes it all possible. Before now it has been impossible to allow such devices on the network, simply due to security issues, but now we can fully monitor everything that happens on our network and can allow pupils to learn and access their own material via machines and devices they are happy with and are not shoehorned into using specific devices or having major changes made to their own personal property.
Symantec was the best choice for us as it simply just works. It does exactly what it says it does. And the massive backup support we had from tech support, and all you guys on the forums made the choice even easier. Particular people at Symantec (You know who you are) have been more than helpful along the way, giving us remote desktop support and the confidence to go on with the project knowing if any hitches did arise the support was there if we needed it.
I can't say that the Symantec software and hardware we employed has made me more succesful (although I have learned a lot about computer security along the way and used technologies that I wouldn't other wise had access to), but the change it has made in the pupils lives are what we have done it for. And as far as I am concerned that is a great success, and I look forward to a country wide roll out come September time.