Catlin Gabel serves Portland and the world as an educational catalyst, drawing together dedicated educators, motivated students, superb curricular resources, and thoughtfully applied technology, in a beautiful and functional setting, all for the purpose of forming bold learners who become responsible action-takers for life. Catlin Gabel is an independent, non-sectarian, progressive coeducational day school serving 730 students from preschool through 12th grade. The school emphasizes small class sizes and strong student-teacher relationships to not only build competence in students, but also to build a capacity for them to ask their own questions, think deeply, and work effectively.
Catlin Gabel offers shared computing facilities for its entire campus, as well as a unique approach to a one-to-one laptop initiative. Upper School families purchase the laptop from the school, and it is then managed by Catlin Gabel’s Information Technology department. This hybrid approach allows the school to secure and configure each laptop and have it prepped for the school year with network access, anti-virus protection, and software and programs requested by teachers. At the same time families retain administrative rights and ownership.
The school’s first attempt at deploying network access control (NAC) was less than ideal. After spending three years and thousands of dollars in consultant and support fees with their previous network access control provider, the solution didn’t perform to Catlin Gabel’s basic requirements and expectations. Obtaining support for the product was difficult at best – spending hours troubleshooting issues with product representatives—for inconsistent results. Forced and unannounced patches from their provider were problematic. For example, during the first day of school and after a summer of lengthy manual maintenance for the IT department, the company pushed down a patch and no one could log on, making for a hectic and unsettling start to the school year.
“Our previous network access system was very costly, and we had an extremely hard time getting it to do what we wanted it to do,” said Richard Kassissieh, director of IT for Catlin Gabel. “Even after three years we weren’t able to get it working right. We never had the confidence to move to the next step and really tap into the benefits that network access control can bring since we struggled so much with the basics.”
When the previous NAC provider announced a required upgrade in order to continue to receive support, it became more than apparent that a change was necessary.
Catlin Gabel began evaluating other NAC vendors, and the IT department was impressed with Impulse Point’s value, ease-of-use, and vested interest and experience in education deployments.
Upon adoption of SafeConnect, Catlin Gabel saw immediate results. Fewer machines infected with viruses and malware were coming to the IT staff. Most importantly, the school was able to finally meet its goal of saving time over previously manual checks and updates.
“We are especially looking forward to the reduction of our annual maintenance load,” said Kassissieh. “Every year we manually check for required software on all 600 machines. SafeConnect does this in real time, making this chore less onerous and providing ongoing protection instead of checking only once a year. This is a huge benefit for us!”
Previously, four staff members worked full time over approximately six weeks (about 960 hours) to perform the annual maintenance check. SafeConnect’s ability to automate standard security posture assessments will allow Catlin Gabel to simplify this time-consuming maintenance (a 30-step process for each of the 600 computers).
SafeConnect automates the process of consistent and reliable posture checking, a crucial element of network access control that the previous provider was unable to deliver. In addition to checking the level of anti-virus, anti-spyware, and operating system updates, Catlin Gabel is now able to ascertain the status of personal firewalls. The school has also written specific policies to check for the presence or absence of certain required files and use SafeConnect to audit their deployment process.
The reaction from students and faculty since the deployment of SafeConnect has been positive. One of the largest pain points now relieved is with network logins. The previous system required a login each and every time, whether it was a shared computer or a personal laptop. Catlin Gabel’s IT department has gained the flexibility to allow student and faculty laptop users Single Sign-On (SSO) capabilities and to not be constantly notified that they need to login over and over again. At the same time, shared facilities are assigned an individual log-in each time the machine is accessed to ensure security with known users.
Previously, if a security issue popped up, Catlin Gabel’s former network access solution would immediately send an unfriendly error message and deny network access completely. Now, if a security condition is failed with SafeConnect, the school can still allow network access depending on the level of vulnerability. They can also deliver highly customized and friendlier warning messages and remediation instruction pages using the Catlin Gabel website template.
“This approach is consistent with the goals and purposes of an educational institution: to teach and guide rather than just block,” said Kassissieh.
“It’s terrific, on so many levels, to communicate with our constituents like this. Instead of a cold ‘error’ page, we can now provide friendly messages or advice and steps on what may need to be fixed,” continues Kassissieh. “What’s wonderful is that we have the control to decide the conditions and levels of warning too. It can be just a warning, a warning for a certain number of times, or access lost immediately if there is an extreme situation. With this warning flexibility, we don’t need to disrupt our students and faculty unless it’s necessary. They can continue their work and learning.”
SafeConnect™ offers an easy to implement and support endpoint policy management solution that allows organizations to control access to their networks based on an end user’s compliance with security policies, while seamlessly connecting to their existing multi-vendor infrastructure. Although not required, SafeConnect is also compatible with 802.1x, providing the flexibility to quarantine users at the router, switch, or endpoint device.
SafeConnect™ is supported by the NAC industry’s only proactive maintenance support offering. Impulse Point provides continuous proactive monitoring and support that includes hardware server and software problem determination and resolution, as well as upgrade protection to future software functional releases. Impulse Point prides itself on the quick, efficient, and accurate implementation of the SafeConnect NAC Solution and is available to provide personalized advice and support throughout project planning, installation, and deployment. All necessary Policy Appliance hardware, software licenses, and the following support services are included in the initial first year price of the SafeConnect solution:
The ability to maintain up-to-date support for the most current anti-virus, anti-spyware, operating system, and other endpoint security software is a major benefit of Impulse Point’s Managed Services Offering. Impulse Point owns the responsibility of identifying, supporting, and updating customers within 48 hours as a standard component of its managed support service.
The endpoint policy management capabilities shown to the right are included:
The SafeConnect solution performs both pre- and post-admission security checks in real time without any network traffic degradation. SafeConnect functions out-of-line and provides continuous security assessment and enforcement across wired, wireless, and VPN networks with no performance bottlenecks, maintenance-driven network outages, or as a single point of failure.
SafeConnect features a Single Sign-On (SSO) authentication capability that allows existing Active Directory-managed users to maintain their existing login process user experience.
The SafeConnect NAC solution helps drive a substantial reduction in help desk calls because it is intuitive and user friendly for both the end users and IT support management teams. Users not in compliance receive individualized policy notifications regarding the reason for non-compliance (e.g. out of date anti-virus protection) and are guided through the remediation process with instructions and a link to an internal or external source where the appropriate software or virus definition can be downloaded. Because the remediation process is simple and straight-forward, users follow through to regain compliance and access to the network. This results in fewer instances of non-compliance and ultimately fewer Help Desk calls.
School campuses need to quickly notify students and faculty in the event of an emergency situation. SafeConnect has the ability to broadcast an information or emergency message on-demand to everyone whose computer is authorized to access the campus network. SafeConnect can also send messages to specific devices, specific user groups (staff, faculty, students, etc.), or individual users. Notification can be made quickly and administrators can track the acknowledgements of receipt for compliance purposes.
Policy Administrators can define and change endpoint computing policies and enforcement rules by network segment or directory services policy group from a centralized policy management interface despite the number of remote or distributed locations. The solution also delivers real-time and historical policy status reporting that provides valuable insight into group or individual policy compliance to Policy Administrators and Help Desk personnel.
The following SafeConnect Endpoint Policy Management capabilities can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures.
Catlin Gabel serves Portland and the world as an educational catalyst, drawing together dedicated educators, motivated students, superb curricular resources, and thoughtfully applied technology, in a beautiful and functional setting, all for the purpose of forming bold learners who become responsible action-takers for life. Catlin Gabel is an independent, non-sectarian, progressive coeducational day school serving 730 students from preschool through 12th grade. The school emphasizes small class sizes and strong student-teacher relationships to not only build competence in students, but also to build a capacity for them to ask their own questions, think deeply, and work effectively. For more information, visit www.catlin.edu.
Richard Kassissieh’s personal education technology blog is at www.kassblog.com
6810 New Tampa Highway, Suite 400 Lakeland, Florida 33815
Copyright , Impulse Point. All Rights Reserved.