A 24×7, but also bullet-proof, IT service for all at King’s College London

SUMMARY:

One of the world’s top universities, King’s College London, has completed a major network security upgrade for the thousands of its scholars in need of safe technology

Ensuring uptime and availability is seen as a core requirement for a technology service in a commercial or even public sector environment.

But for a University? Surely none of the students see the light of day before 11am, right?

If you still harbour such quaint ideas about modern student life, you’re pretty out of touch – as Richard Dormer, Compute and Storage Manager at King’s College London, will tell you.

That’s because he has no less than 80,000 user accounts he needs to look after – and demanding research teams who really do need to work round the clock to use his resources to crack the problems they’re working on.

An equal priority, though, for Dormer and his IT colleagues, is to keep all members of the University community, from eager first year Undergraduate through to the most senior member of faculty, just as well served as any medical or physics researcher.

Service uptime and service availability, and the need to support true 24×7 access, has been defined as of the highest priority by our leadership.

It’s also now something students not just expect as part of their college experience, but they genuinely want to be able to use our services at any hour of the day.

Robust and better protected

King’s College London (KCL), whose alumni include poet John Keats and DNA research pioneer Rosalind Franklin, has been taking IT reliability seriously for some time as a result. But that commitment has been deepened after an extensive upgrade of the functionality it can get from a key network management tool called Infoblox.

Via work started in February and completed just in time for the early September arrival of the 2017 student body intake, King’s has both improved existing use it was making of the product, but also turned on for the first time a range of security functions, he says.

The product’s been with us since 2011, and was doing a great job; it’s a very useful and stable piece of technology.

What we’ve done over the summer, though, is to take advantage of last of a lot of the more advanced features that were always there so as to make our network even more robust and better protected.

That work centres on the University’s DDI function, which lies at the heart of all its IT provision.

DDI at King’s stands for DNS, DHCP and IPAM, with all three being crucial to what we can give to the user community here.

What Dormer means by that is that the three form the core of his team’s network. DNS is, obviously enough, his Domain Name Service offering, which performs a name resolution service to keep the University’s main Internet presence, but also that of a number of related sister-sites, up and running.

Next up is his Dynamic Host Configuration Protocol function, which handles the dynamic allocation of IP (Internet Protocol) addresses to devices around the numerous KCL campuses (from central London’s Strand to Denmark Hill and other more outlying sites).

This helps ensure a mobile or other student device is always able to join our wireless network, with IPAM, our IP address management, completing the picture by allowing DNS and DHCP to work best together.

Not welcome here: ransomware and malware

As stated, then, Infoblox had been a part of the management of DDI for some time. So what changed to prompt another look at what King’s should be using it for?

Easy: the very different threat landscape all of us, in University halls or not, now have to deal with.

While we also looked at changing the way we were using it for things like delegation of access and a general overhaul of what we were running, this was a project about expanding our usage in the area of security.

We knew it was time to start providing extra protection for the network and the users inside it, as DNS has become more and more an attack point for hacking.

Dormer points to the global chaos caused by ransomware WannaCry (see our coverage here), which entered so many UK public sector sites, especially NHS ones, thanks to the use of malware that took advantage of DNS issues on organisational networks.

WannaCry just made us even more aware of the need to really secure the DNS side of all we do here as much as possible. We wanted to block and protect the King’s network from any danger of that sort, protecting our internal network and all the other networks that sit on it.

A key part of the upgrade was the adoption by the University of the supplier’s DNS Firewall and Advanced DNS Protection products, he says. Indeed, Dormer is very clear on the route of travel he’s taking here:

This is a story of not just network management improvement at King’s, but of a major step up in terms of security and protection of our users.

Dormer says that the supplier was an important part of the upgrade project, participating in many of the planning and strategy discussions starting in the early part of the year, once the need for beefing up capability had been decided internally.

We now think we can serve students better, as both the reliability and ease of management of what we offer has been so improved.

As the 2017-18 academic year powers on, the University, whose roots stretch back nearly two centuries, then, is in a much more secure position, he believes.

The job’s not done, though.

In terms of what we’d like to do next, that has to be about turning on more and more of the automation features the product offers.

That would be useful for automating routine network administration tasks and so reducing any chance of human error in running the tasks, as well as making it easier to manage DDI at King’s overall.

Image credit - Image sourced via author

    Leave a Reply

    Your email address will not be published. Required fields are marked *