1
E2BN Direct - Network Services for Schools and Academies
E2BN Direct provides internet, web filtering and other services directly to Schools and Academies. We use proven products backed by dedicated support, to ensure that your school receives a quality service.
E2BN Direct is a managed service and we will work with you in order to optimise your school’s use of the features and facilities provided.
We offer two options for schools and academies under the banner of E2BN Direct:
E2BN Direct Broadband: A complete broadband package including internet connectivity,
Gateway Server, web filtering, firewall, mail-delivery, remote access, NEN access, E2BN Membership and more.
E2BN Direct Gateway: All of the above minus the broadband line. Where the school has
purchased its own broadband connection from another provider, we install our Gateway Server to give you all of the facilities that are available on the full package.
1 Who we are and what we do
E2BN and its associates provide a wide range of services to Local Authorities, Schools and Academies on a non-profit basis. We do not have any shareholders and pay no dividends. E2BN – (The East of England Broadband Network) is a regional consortium of Local Authorities based in the East of England. Our Board of Directors is made up of officers who work in senior roles on behalf of Schools and Academies in those LAs.
Schools and Academies in the East of England that are connected via their LA to E2BN have always benefited from a number of “members only” deals and services.
Until 2014, E2BN had provided regional connectivity and high speed internet only to the “front- door” of Local Authorities; E2BN Direct is a response to the changing marketplace and is now offering direct connectivity and E2BN membership direct to Schools, Academies and other educational settings.
2
If your school has already procured its own broadband line via another provider you can still take advantage of the E2BN Direct Gateway service and other associated benefits such as web filtering, E2BN Membership, access to NEN the Education Network and discounts on E2BN products and services. See sections 6 onwards or request the E2BN Direct Gateway Brochure from [email protected]
2 Broadband Line
E2BN Direct can provide the broadband line for your school at a competitive price using business class products from a range of providers.
There is a range of technologies for delivering Broadband. E2BN will discuss these with you and provide quotations for the available options.
2.1 Copper Lines
The following types of service are delivered in to the building over traditional telephone lines. Each has different performance capabilities. Because the service is delivered over metallic pairs of wires from a street cabinet or all the way from a telephone exchange there are variations in the line speed that can actually be achieved. This is mainly due to distance from the street cabinet or exchange but can also be due to other characteristics associated with bundled pairs.
We normally provide new telephone lines (PSTN) for any copper-based services we provide. In certain circumstances and with your agreement we will use your existing telephone lines. 2.1.1 ADSL
ADSL Services are delivered over a single telephone line and provide a maximum 20Mbs download with very low upload speeds. We would not normally provide this type of service as a primary broadband connection. They can however be a useful option as a back-up service.
ADSL is a contended service meaning that the service uses “shared” elements of the
provider’s network. The service is therefore liable to performance fluctuations caused by the number of connected premises and their associated usage demand.
2.1.2 Superfast Broadband
The most cost effective products currently available are based on Fibre-to-the-Cabinet (FTTC) also know as Superfast Broadband. This service uses optical fibre to get from the exchange to a street cabinet and then fed in to the premise over a telephone circuit. A single telephone line can support two available product specifications:
a) 40Mbs download and 10Mbs upload b) 80Mbs download and 20Mbs upload
3
Superfast Broadband is a contended service meaning that the service uses “shared” elements of the provider’s network. The service is therefore subject to performance fluctuations caused by the number of connected premises and their associated usage demand.
Where FTTC is available in your area we will perform a check of the predicted achievable speeds and provide a quote for either the 40/10Mbs or 80Mbs/20Mbs service. Your quote will show the best and worst predicted speeds.
The speed of the line will be tested during the installation and Go Live processes. We will inform you of the results of these tests so that you have a record of the actual speeds achieved.
Where FTTC is not available or the predicted speeds are very low we will work with our suppliers to provide alternative quotes for dedicated fibre-to-the-exchange and/or bonded copper products (Ethernet First Mile or EFM)
FTTC can also be used as a back-up service where a site has a dedicated fibre service as its primary line.
2.1.3 EoFTTC
Ethernet over FTTC (EoFTTC) uses the same technology as Superfast Broadband from the exchange to the premise. In contrast to Superfast Broadband, EoFTTC provides a dedicated circuit to the internet and is essentially an uncontended service. Speed-wise EoFTTC is still subject to the metallic pair characteristics and distance between the street cabinet and the premises. We will be offering this service as an option from September 2015.
2.1.4 Dedicated Fibre
Dedicated fibre circuits are the best available in terms of performance and consistency. Compared to “copper” circuits, optical fibre is installed into the premises and connects directly to the telephone exhange or provider’s Point of Presence (POP). Download and upload speeds are symmetrical ie the same in both directions. Because the service uses optical fibre, distance has no practical affect on performance and the service will consistently provide the configured bandwidth.
Service is provided over a “bearer circuit” and may be “throttled” to provide the required bandwidth.
Bearer Speed Supported Bandwidths
10Mbs 10Mbs
100Mbs 10Mbs to 100Mbs – typically 20,50 or 100
4
3 Virtual Private Networks
The standard E2BN Direct service provides what is known as Direct Internet Access or DIA. This allows your school a high degree of autonomy compared to schools connected via Local Authority Wide Area Networks (WANs). With E2BN Direct your school has its own internet connection and your internet traffic is not forced through a central filtering service or firewall.
We also recognise that many schools are collaborating or have multiple sites and campuses with a desire to link internal networks. E2BN Direct has two main options for Virtual Private Networking over the internet.
3.1 Site to Site VPN
Where two school sites each have the E2BN Direct standard service we will configure a site-to-site VPN that will link the internal network at each site via a “tunnel” over the public internet. There is no additional charge for this.
3.2 Multi Site VPN
If a cluster of schools is intending to purchase broadband with E2BN Direct it is possible to implement a multi site VPN using an industry standard know as MPLS VPN. This is
essentially a managed private network that sites can be “plugged” into as they come on board. There may be an additional charge for this service.
4 Router
A managed router will be installed into the school; this will connect to the broadband line. The make and model will vary according to the products selected.
5 Public IP Addressing
By default, the E2BN Direct broadband service offers a single public IP version 4 (IPv4) address to be used by the school for inbound routing purposes. This address may be used to route specific services onward to the school’s internal network from the internet, for example remote desktop, vpn or mail web access. Port-forwarding techniques allow the same address to be used to support multiple inbound services.
If the school requires additional public IPv4 addresses a range of 5 usable addresses is normally free of charge. We will help with completing the paperwork that is currently required by the RIPE internet registry.
5
6 E2BN Direct Gateway
The E2BN Direct Gateway is a managed server that sits between the broadband router and the school internal network. This will be installed into a server cabinet or communications cabinet within the school, usually near to the broadband router. The E2BN Direct gateway has three physical ports:
WAN port - connects to the router
LAN port- connects to the school main network
DMZ port – flexible use but typically used for a Guest network.
The following services are provided via the gateway server.
6.1 Content Cache
The cache stores downloaded content on a temporary basis whenever users are accessing the internet via the built in filter/proxy. When a URL or “object” is requested by a user’s browser the cache checks to see if there is a stored item it can serve to the browser instead of going to the internet to get it. Caching of content makes efficient use of internet bandwidth by only requesting data that it does not already have available.
6.2 Firewall
A firewall protects the school network from unwanted inbound connections from the internet. It also blocks some outbound connections such as raw/unfiltered internet access. A special Admin trust group will allow remote management of the gateway server from specific locations on the internet. (See - Remote monitoring and management) The firewall configuration is managed by E2BN under your service contract.
6.3 Inbound Services, Port Forwarding and NAT
The E2BN Direct gateway can be configured to allow inbound access from the internet to the school network. Configuration is managed by E2BN under your service contract.
6.4 SMTP Mail Relay
The gateway server provides an SMTP email relay service with greylisting, AntiVirus filtering and spam filtering. This service can be used where the school has a mail server on site. Where applicable E2BN Direct will deliver mail for your school’s email domain via the gateway server relay where it will be filtered and then queued for delivery to your internal mail server.
6
Additionally the gateway server can be used by internal devices that need a smtp relay for outgoing mail, for example servers that send alerts to remote support agencies.
6.5 Web Filtering
Ofsted requires that students are provided with filtered internet access in order to protect them from inappropriate content. E2BNProtex Local Web filtering is included in your service.
See http://protex.e2bn.org
The filtering service is highly flexible and provides tailored filtering on a location, port and user/group basis. It can be integrated with Active Directory.
E2BNProtex Web filtering is a managed service and as such requires no additional configuration by the school.
Management of the filtering lists by school staff is optional; E2BN will provide a login account to enable your school ICT administrator to make block/unblock changes to the filtering lists and generate log reports if required.
The Protex Local service is delivered as a Virtual Machine hosted by the gateway server. It requires its own dedicated IP address. In order to use the filtering the school’s devices proxy settings must be configured either manually or via Group Policy, MDM tools, or WPAD/PAC files.
It is possible to filter http requests “transparently” without the need for proxy settings but in this mode https traffic is allowed direct to the internet. We recommend this mode is only used for guest access.
By default separate student and staff filtering profiles will be available via the IP address of the filtering service on different tcp ports.
Filtering list requests can be made by using the teacher/user comment button if a Block Page appears or via http://protex.e2bn.org/listrequest
E2BNProtex Local can be easily configured to integrate with a school’s Active Directory system. This configuration option opens up several useful features such as per user logging, dynamic profile allocation and time-banding.
E2BN Protex employs content-check on both http and https traffic. When used in default configuration it will be necessary for every filtered device to install a special browser certificate. See http://protex.e2bn.org/certs ; if your school is not already using E2BN Protex web filtering we recommend the certificate is installed onto all devices in advance of the service commencing.
It is possible for additional filtering profiles to be configured with https content inspection switched off and therefore the certificate install will not be necessary. This is useful for guest networks and Bring Your Own Device. (BYOD)
7
6.6 Additional On-Site Services
The E2BN Direct gateway is a feature-rich product that enables a school to perform many functions via a single box. Some additional services are listed below and may be of interest to your school. If there are any extra charges required this is indicated.
6.7 OpenVPN - Site to Site VPN
The gateway server has OpenVPN installed by default. OpenVPN can be used in two modes. The first mode is site-to-site. Site-to-site Virtual Private Networks (VPNs) are useful where two schools need to link all or part of their private networks together via the public internet. There is no additional charge for setting up a Site-to-Site OpenVPN.
6.8 OpenVPN – Remote User
OpenVPN provides a method for remote access to the school network for a variety of purposes. In simple terms an OpenVPN profile is first created by an administrator. Users that require network access download the OpenVPN client to their device and then download the Profile to their OpenVPN configuration folder. The remote user launches the client and once connected they have full or partial access to the school network as required.
6.9 Backup Server
The E2BN Direct gateway server offers a local backup service with up to 2 TeraBytes of storage space. External USB and Network Attached Storage (NAS) devices can also be incorporated into the available backup storage space. There may be an additional charge to upgrade the E2BN Direct Gateway to include this option.
6.10 File Server
The gateway server can be used to set up and host Windows File share(s)
6.11 Voice Services – chargeable option
The E2BN Direct gateway contains a fully feature Voice over IP (VoIP) PBX. VoIP offers the possibility of reducing the cost of ownership of an onsite telephone system together with reduced line rental and call charges.
8
7 Network Services
In addition to the on-site services listed above, E2BN Direct provides the following Network Services.
7.1 Domain Services
E2BN operates its own public facing Domain Name Servers (DNS). These are physically located at separate sites in order to maintain a resilient service.
Managed Domain services are included in your basic contract; E2BN can host and
administer zone files for any domain that is delegated to it. A login for your domain can be provided should you require it.
E2BN is a Nominet Registrar and as such can act as a “tag holder” for most .uk domains. Where E2BN is the tag holder for a domain other than .sch.uk then we will normally charge a fee for domain renewals.
7.2 Backup Mail Relay
E2BN Direct Broadband provides a backup Mail Relay service “in the cloud”. This service is available for your school if it needs an alternate inbound route for email.
The E2BN backup service should be configured only as an alternative choice (backup MX record).
In the event that the first choice route for mail is unavailable e.g. your internet service is “down” and inbound mail cannot reach your normal mail server, mail will be sent to the E2BN back up relay. The mail will be stored here and queued until it can be delivered properly via the first choice route.
8 Management and Support
8.1 Configuration Backup and Central Management
The configuration of the E2BN Direct gateway and the E2BNProtex Local web filtering system are both backed up nightly to central management servers. This provides peace of mind and a swift restoration of service should it be necessary to change any physical components of the system.
Additionally, if software patches or updates are required, these can be rolled out automatically from the management servers to your site without the need for local intervention.
E2BN Support Staff will have programmed access to the important areas of the software in order to assist with remote configuration and support of all aspects of the on-site services.
9
8.2 Monitoring and Availability SLA
For both services ( Full package or Gateway only) E2BN will remotely monitor the service 24 x 7 x 365 at 5 minute intervals to measure the level of availability, and trigger alerts to key support staff if the E2BN gateway server cannot be reached from the internet.
Where E2BN has provided the broadband service the target for service uptime is 99.00% for a rolling 12 month period.
Where the school has the Gateway Only package E2BN is not responsible for the performance and availability of the broadband line.
8.3 Support
E2BN will act as the first point of contact for support requests, problems, or queries about any aspect of the service. We operate a help desk ticketing system that will automatically generate a unique ticket for each request made via e-mail to [email protected]
Telephone support and remote desktop assistance are provided via standard geographic telephone number.
Helpdesk Hours – 08:00 to 16:30pm Mon to Friday excluding Bank Holidays Typical response and fix times:
Helpdesk Telephone answered within 30 seconds during working hours Simple gateway configuration change – 8 hour fix
Web filtering block/unblock – 4 hour fix DNS record change – 4 hour fix
8.4 Local Management
Certain features and functions are more suitable for a Local Administrator. These include: • Backup administration – backup of local devices onto the gateway server
• User administration – onboard mail server, OpenVPN, VoIP PBX • Web filtering list management
E2BN will provide the appropriate Local Administrator logins where these are required by the school.
10
9 E2BN Membership
As an E2BN Direct connected establishment your management team, staff and students will benefit from membership.
Here are some of the highlights:
a) Reduced rates for delegates attending the two-day E2BN Annual Conference and Exhibition
b) Reduced rates for CPD, E-Safety Training and other training courses
c) 100% discount on E2BN Myths and Legends Story Creator, Museumbox ( worth £118pa)
d) Access to a number of framework contracts for services and software, resulting in competitive pricing and reduced tender overheads
e) Free access to Flashmeeting video conference services
f) Exclusive, free access to NEN The Education Network Resources such as Audio Networks and History of Computing
g) E2BN IsItMe? Single Sign on Service (SSO)
10 Ordering and Lead Times
To obtain a quote please call the E2BN office or e-mail [email protected].
We will be happy to discuss your requirements and will then send you a quote including options that you are interested in. Once you are happy with the quote and wish to place an order we will require a school Purchase Order and a contract signature.
The lead times below are provided as a guide only:
• Full Package over telephone lines ( FTTC, EoFTTC) 30-60 days • Full Package over dedicated fibre (10Mbs,100Mbs,1Gbs bearer) 60-100 days
• E2BN Direct Gateway only 20-30 days
Our standard contract length is 3 years. Any setup charges and the first year’s annual charges will become due when the provider’s line is handed over to us. This date could be prior to your E2BN Direct service coming into full operation.
11 Contacts and Further Information
Telephone 01462 834588 (4 lines)
Sales [email protected]
Web Site www.e2bn.org
