Replacement School Server Brief for ************* Summary What is required? Companies offering quotations are recommended to follow the brief as closely as possible but also highlight added value and innovation, pricing these details separately (e.g. extra warranty options on hardware). Labour charges should be for the job rather than open-ended day rates. The primary basis for comparison of quotations will be best value. Please treat the following school specific information and requirements as confidential School Description /** e.g. from your school prospectus/website, including numbers of pupils/staff. **/ Somerset ICT Network Each school in Somerset operates their local area network autonomously and connects to a Somerset private wide area network for onward access to the Internet and centrally hosted services only. School purchase support for their MIS system (SIMS) through ELIM. Schools in Somerset also collectively purchase into the Somerset Learning Platform: email and SharePoint services provided by ELIM where the infrastructure is centrally managed and maintained. SLP offers parents, carers, school staff and learners access to resources, online storage and tools for communication and management – not just during the school day, but beyond it too, over the Internet. How ICT is Used How do children access most computers? E.g. they may not have personal “home” network drives and instead use a variety of online tools to store their work. List storage locations (e.g.): P: drive “Public” (currently **GB utilised, *GB of which is learner data) is mapped as a public drive where work can be written to and read by all staff and learners. This share is stored on the server’s D: drive and is currently backed up to tape. O: drive “NetApps” (currently **GB utilised) is a general area for storing multimedia and other files that can easily be obtained if the server were to fail; the area is not currently backed-up. How do Office staff / teachers store their work? E.g. the school server is used by some staff where they have individual logons and profiles which include the following mapped drives: H: “Home” (currently **GB utilised) for personal secure folder, accessed by the individual only. O: drive “NetApps” – same as for learners above. P: drive “Public” – same as for learners above. Server Specification for ________ Date 1 S: drive “SIMS” linked to the share created as part of the SIMS installation for staff only. Total current storage in use that requires backup = **GB Total current storage that is not currently backed-up = **GB Server-based Software Windows Active Directory installation and configuration should be included as part of the quotation. Minimal migration of their current server settings should take place; a fresh domain installation is preferable. Both staff and learners’ control policies should be reviewed with senior school staff before apply any group policies to user groups. Migration of user account credentials will be of benefit to school staff, but access to existing shared areas is essential. Group Policy configuration settings for SLP, in particular Internet Explorer configuration, should be taken from https://slp.somerset.gov.uk/somersetipost/iPost%20Documents/SLP%20and%20Your%20Computer.pdf Printers should be made available to users through their network logon as prescribed by the school. To support third party support companies, Somerset schools generally use the following conventions for naming servers: server name is DC1234, where 1234 is the school’s DfE number, the domain name is SCH1234 and the server IP ends in 253, at the end of the IP subnet. Sophos Anti-virus has been purchased centrally for schools in Somerset. As part of the service, commissioned by ELIM and supplied by Southwest One, maintained schools will receive an installation of Update Manager Console once the server ready. Update Manager is used to update all client computers on the school network. School and academy technicians can also install the software independently by obtaining the license key from Southwest One. Installation instructions are available from the Sophos website. Capita SIMS (Management Information System) runs within a small SQL database installed on Microsoft SQL Express (licence-free version). SIMS can be installed by the server provider using instructions available on iPost (obtainable via school staff). ELIM can also perform the installation at no additional charge if required, however sufficient notice from the school will be needed and this is subject to availability of staff. SIMS includes a suite of applications that requires .NET Framework 2, 3.5 and 4. Current storage for SIMS is ?GB (SIMS area) and ?GB (SQL server MDB/LDF files). Solus 3 is an associated application that manages SIMS upgrades, currently requiring ?GB of storage. SQL Express utilises 1GB of memory in total (a limited of the free license). Regarding Capita’s Minimum Hardware Spec (Capita, 2011), Lesson Monitor and Assessment Manager are not used in school (?) and the concurrent user count is less than 10(?); an additional SIMS server is not required. The school’s use of Internet storage and applications also reduces the load on the server and therefore it should not be considered as a “whole school network” server. SIMS Learning Gateway (IS THIS USED?) software is also part of the SIMS suite but includes a component called Active Directory Provisioning (ADP). This software must be installed on the server after SIMS is published. The Southwest One ICT helpdesk will be able to arrange for the ADP installation once SIMS is available on the new server. This is also part of the SIMS installation notes. ADP requires IIS; a minor back-end web service that will run on the server utilising less than 50MB of memory. CentraStage is remote management software used by ELIM to support school applications, in particular SIMS. Installation of Centrastage is part of the SIMS Server Installation notes. Server Specification for ________ Date 2 Suggested Guidelines for Hardware and OS Windows Server 2012 or Windows Server 2008 R2 (64bit) with latest service packs and patches. Up to 3U Rack Case, with static fixtures One Intel Xeon E5-2407 2.2GHz Quad Core Processor (or equivalent) 8GB RAM - RDIMM1333 Minimum 1TB minimum actual available disk space – (at least hardware RAID 1 on two SATA 7200 RPM disks) Dual Power Supplies Two 1Gbps Ethernet Ports (minimum) DVD ROM Drive (minimum) No operating system licensing or CAL licensing No monitor, keyboard or mouse required If OS is preinstalled, Windows Server 2008 R2 Standard is required on a 200GB partition 1kVA (minimum) Universal Power Supply (for server and possibly local switch/routers if capacity exists). Suggested Partitioning of Disk Space: 200GB allocated to system partition (e.g. C: drive). 400GB allocated to network share storage and SIMS applications - securely backed-up (e.g. D:). 400GB non backed-up storage for multimedia caching and maintenance/software installation, e.g. “NetApps” - curriculum software installation, or Internet Backup Cache if required (e.g. E:). Backup Secure off-site backup is required and this should be set initially at a ?GB tariff. The service should run nightly and managed every day to monitor for failure, or a mechanism (e.g. email) put in place to alert the school technician to any faults or when the tariff limit is close. This backup will secure the school’s important data - like SIMS, office and other school work – which the school cannot afford to lose. Key elements of the server operating system and active directory should be part of the secure backup to ensure rapid recovery of user directory and server configuration in the case of complete failure or loss of hardware. An outline disaster recovery plan should be delivered as part of the installation with details of monitoring, testing and how recovery will be performed (with accompanying timescales). Quotas for Network Storage? E.g. H: drive “home” for staff should be limited to 2GB (a small number of key staff will require 5GB). P: “Public” should be mapped for all users and allowed to grow. O: “Netapps” should be mapped for all users and allowed to grow. Routine Maintenance All elements for the routine maintenance of the school network should be clearly handed over to the school’s technician, including sufficient administrative access and rules for use. Examples of operations: Adding or removing users and groups in AD. Resetting user passwords and changing profile details. Server Specification for ________ Date 3 Amendments to Group Policy at the request of senior school staff. Adding or removing computers to the domain. Adding or removing network printers and shares. Creating new network storage shares and access management. Monitoring and configuring backup (if not part of a managed service). Access to Microsoft licensing services. Network device auditing and access to fault logs. Monitoring and configuring Windows Server Update Services. Monitoring disk space with a view to advising the school on reaching disk / backup limits. (ADD ANY MORE THAT MAY BE RELEVANT) Third-line / escalation server support should be included in the quotation as a yearly charge which will support the hardware and software elements that are not deemed as routine above; e.g. hard disk faults, server recovery and AD configuration faults. Other Network Devices Cachepilot is a basic server device (running Windows XP or Linux) that offers Espresso content, managed by Espresso. Network clients can be configured to route Internet traffic through these devices (set in Internet Explorer proxy port 8080) to take advantage of the caching facility, but generally schools use this device for accessing Espresso multimedia content. The school has a contract with Espresso for hardware support. Network Printers – (installation software available online or from the school office) /** **/ All (count) Windows workstations should be joined to the domain once the server is in place. The school technician will be available to support this work on the installation day (to be organised through the school). IP Addressing IP addresses are provided through ELIM. The addressing system is managed throughout the Somerset network across all school devices. Additional IP addresses can be requested through the Southwest One ICT helpdesk. School IP Allocation: 10.**** – 10.**** /22 Subnet: 255.255.252.0 (1022 devices) The IP Range 10.****.200 to 10.****.254 should be excluded from the DHCP scope and reserved for static addresses: Current School Server IP: 10.****.253 (recommended new server address) School Router: 10.****.254 CachePilot: 10.****.240 DHCP should be a service run on the school server supplying IP addresses to the school’s workstations and other devices using the range 10.****.0 to 10.****.199 /22 255.255.252.0 Server Specification for ________ Date 4 The following devices are currently DHCP reserved but for clarity these should be moved to the static range after the new server is installed: /** **/ Being the only Active Directory server in school, the DNS service will be required to run on this server. Forward DNS lookup can be set to 10.80.11.235 and the upstream DNS can be set to 62.171.194.105 or 62.171.194.106. The IP address of the existing school server should be used on the new server to avoid further client configuration. Alternative proxy settings for client browsers should be set to RMCache / 8080 if the Cachepilot is not used. Data Security The new server should have all disk drives encrypted to 256 bits to minimise disclosure of sensitive data where physical theft takes place. Internet-based backups should also include secure encrypted transport and storage tied to EU policies. The old server data should be stored and made available if necessary for 3 months from the date of installation. Professional disposal of the data held on the old disks should be included in the quotation. For all policies relating to data security, ELIM’s advice, or for further information please see: https://slp.somerset.gov.uk/cypd/elim/somersetict/Site%20Pages/Data%20Protection.aspx Licensing E.g. The school currently licenses their Microsoft software as and when they purchase their software or alternative Microsoft assurance programme is in place? Microsoft Best Practice The guidelines given above for configuring the server are not exhaustive and it will be assumed with any quotation and subsequent service that the company will use current Microsoft Best Practice for domain server installation and management. References Capita 2011, SIMS Minimum System Requirements http://www.capita-independent.co.uk/files/independent/downloads/sims_minimum_system_requirements.pdf ELIM Data Protection Policies https://slp.somerset.gov.uk/cypd/elim/somersetict/Site%20Pages/Data%20Protection.aspx Server Specification for ________ Date 5 Server Setup for SIMS (available through the school office) https://slp.somerset.gov.uk/cypd/SomersetMIS/Site%20Pages/Infrastructure_Hardware/Server%20Setup%20an d%20Configuration%20for%20SIMS.aspx Server Specification for ________ Date 6