Diving in at the Deep End

The beginnings of my experiences working on a unique, and disorganised network.

Today is the second day in December, making it almost fou months since I started working as Ushaw College’s one man IT team. Over that time, it’s been a worthwhile learning experience, working on many different things. I think I’ve accomplished a lot, and everyone who I’ve worked with has been pleased with what I’ve been doing. I’m quite pleased with myself, given it’s my first substantial job of the sort.  Most of my work has been done in Ushaw’s server room, working with the network hardware. Either that, or I’ve been in my own office building PCs or configuring things.

Ushaw hadn’t had a dedicated IT person for quite a few years. The IT work being done was mostly by the commercial manager. With that ‘IT team’, things were running fairly smoothly, but unfortunately, if things went wrong, they weren’t getting fixed quickly. The equipment also wasn’t being kept organised, so it was very difficult to work on any of the equipment.

The Existing Setup

Sine the last dedicated IT manager had left, Ushaw has gone through some significant changes in what it does, and how it’s ran. Pretty much all the servers had been decomissioned, and a new, much smaller phone system has been installed. At the beginning of this year, Ushaw got a massive internet connection upgrade – a dedicated fiber line. Unfortunately, it’s only a 100 megabit connection, on a 100 megabit carrier but it’s super quick for what it’s being used for. And what it’s being used for really isn’t a whole lot.

The network at Ushaw is intended to provide a connection to 4 main groups of people – Ushaw’s staff, Ushaw’s studio holders, B&B guests, and those using Ushaw’s facilitied to hold meetings etc. All of these groups of people ideally need their network activities completely seperated from one another, to avoid any security issues.

When I arrived at Ushaw, there was no such security measures in pleace. All of the groups of people could interact with each other, with no regards to privacy and security whatsoever. As well as the security issues, there was also some issues with the reliability of the connection, whereby it would keep dropping out, and running much slower than it should be.

New Equipment

Some of the network equipment needed to be changed. The new equipment would solve the dropouts, and the security flaws. Ubiquiti’s UniFi line was my choice of new equipment. It gives the commercial manager the ability to manage the network easily. It’ll also let us quickly expand the network. Since Ushaw college has been around for over 200 years, some areas aren’t quite ready for 21st century technology yet. Just last month, Ushaw’s old infirmary building was reopened as an education and music space. The new network has been expanded to there with more UniFi equipment.

Aside from choosing UniFi as our new network platform, choosing the equipment from the line was easy. There’s only one suitable router from Ubiquiti’s line up. That’s the USG-PRO-4. I’ve got that plugged into the incoming fibre connection. Since its install, it’s been rock solid, and hasn’t failed us once. In the old setup, there was a 24 port switch after the router which was getting pretty full, so that’s been swapped out for a UniFi 48 port switch. Using the UniFi controller, I can seperate the network off for each group that needs access to it, which provides the necessary security features.

For my own servers, I was just using my own pfSense router, but now I’ve just made another VLAN and subnet on the UniFi network for our own equipment. This has made it much easier for things like port forwarding, which is very useful as Ushaw has its own static IP address.

The Upgrade Process

Since I had to manage this network, I needed to actually understand how it’s set up. The difficult thing in this case, is that there was very little documentation available to me. This meant, I had to spend a lot of time following cables, and connecting to IP addresses to work out how it was all connected together. You can see a picture of the old setup here:

As you can see it was quite a mess. There was a total of 5 switches in the Ushaw section alone. In the new configuration there’s only two. Four of the switches have been replaces with just one. The remaining old switch is a PoE model which is being used for any new access points we install. When that gets full, we’ll be replacing it with a UniFi 16 or 24 Port PoE alternative.

As well as just replacing equipment, I’ve had to tidy up the cabling, which will make it much, much easier to manage in the future. If there’s cables going in front of another piece of equipment, that then can’t be removed easily. In an ideal situation, you dont want any cabling going in front of a device it’s not connected to. In this case, I managed to to that with the new equipment. I used some extra cable management panels we had to keep it tidy. Now it’s pretty easy to remove any of the devices. Tracing cables is more difficult now, but with the right test equipment, it doesn’t slow things down at all.

Despite having a new VOIP phone system installed at the same time as the fiber internet connection, the old phone system was still in place. So after removing that, the equipment racks have become much more organised.

The Improvement

The difference between how the cabling looked before, and how it looks now is huge. it’s now actually possible to access the equipment in the racks. Since I took this photo I’ve improved it even more by swapping out some of the cabling at the bottom. Changing the cables to be more consistent with their colouring has made a huge difference to how it looks.

The leftmost rack is where most of the server equipment was being kept. There was one server just sitting on the floor behind the racks, and another in the middle rack. Now everything is in the leftmost rack. You’ll notice that there are now quite a few more servers there, compared to before. That’s because my own servers are now located in here, as it’s much better for their noise, and the cabling, given that they’re not in a proper rack. Before they were just stacked on the floor.

I’m currently in the process of writing about my personal interest in woking with servers. In my first year at university I bought two, and kept them under my bed. You can read more about that bizarre interest of mine very soon in another post. However, it’s probably going to get quite nerdy, long, and probably confusing.

Aside from Working with Network Equipment

Having only been working on the IT systems for four months, I’ve already made quite an impact on everyone who uses the systems, as their speed and reliability is now much improved.

As well as working on the network equipment, I’ve been working with the staff of Ushaw to keep things running smoothly. As you’d expect, this kind of IT support has resulted in me fixing printers, basic connection issues, and things like that. They aren’t the most exciting things to work on, but the fixes are almost always something quick.

There’s two main networks being run on Ushaw’s infrastructure – a university network, and the Ushaw network. The Ushaw network is the one I’ve been working on. Many of the desktops being used in Ushaw have been provided by the university and thus, are on the University’s network. Ushaw now want to move most of their staff over to Ushaw owned systems. To reduce costs, and increase support speed, I’ve been supplying, and building the systems myself. It means that the systems will be able to have the exact specifications we need, and be as fast as they can be.

So far, I’ve provided 4 systems. The staff who have been using them have been very happy, likely due to the fact I’ve built them as SSD only systems. In fact, oneof the staff who is still running on a university system is jealous of the new systems, due to their speed.

Ushaw plan to continue to expand their fleet of machines, including upgrades to the servers which host a variety of services for them.

Where Will Ushaw Take Me Next?

Ushaw is of course, just a client of mine. I still carry work for other people. There is a plethora of projects which I have planned for Ushaw in the future, this includes expanding the network to other areas of the building, and a migration of their cloud services from G Suite to Office.

However, I’m definitely pleased that I’m working with Ushaw, as it is giving me some valuable experience which will almost definitely be useful in the future, as well as just being a known client who can recommend me to others.

One Way to Stay Safe Online in 2020

It’s been ten and a half years since Microsoft released Windows 7 – their most popular computer operating system of recent years.

On January 14th of this year, Microsoft pulled the plug on the extended support service for Windows 7. It still remains on a whopping 32.7% of all computers, according to NetMarketShare. Given that it’s a 10 1/2 year old system, it’s impressive how well it’s held up. Unfortunately, due to the lack of support, that’s 32.7% of computers which are now vulnerable to security flaws which remain. Had the support still been in place, any found issues would be patched pretty quickly.

I think you know what I’m going to say here to help you stay safe online. That’s simply, just don’t use Windows 7. Upgrade your PC to Windows 10, or even 8.1 if you want to for whatever reason. Many of the 32.7% of users chose to stick to 7 due to some significant changes Microsoft made to Windows. Many also just won’t have thought to upgrade, or didn’t know they even could. When Windows 10 was released, it gained a bad rep for being buggy and having Microsoft do some shady things with your user data. The stability, bugginess and compatibility of the OS has now been much improved, and the vast majority of users have no issues at all.

There are of course people who still have issues with Windows 10. However, they often have specialised hardware or use an obscure piece of software, which have been designed around Windows 7. In these situations, a virtual instance of Windows 7 can be used to allow access to the hardware or software.

What Can Happen If I Don’t Upgrade?

Well, nobody can say for sure exactly what’s going to happen to your PC. However, we can say that you will be vulnerable to any security flaws which are found in Windows in the future, as they aren’t going to be fixed by Microsoft. Regardless of how careful you try to be onlline, there’s always a chance that something will infect your PC. Using anti-malware software will of course, help to keep infections and other bad things off your PC; but these won’t fix security vulnerabilities in Windows. It’s possible that infections would be able to hide from anti-malware and exploit these vulnerabilities. Of course, it’s very very difficult to make your computer entirely secure, even with the best protection software, and very careful use of the internet.

Interestingly, the big security risk isn’t with users’ individual PCs. It’s when a huge number of PCs get infected, and become what’s known as a botnet. A botnet is essentially a large number of computers which have been infected by a piece of malware which can then be co-ordinated by one person to attack websites to take them down, steal data, and other such malicious activities. This is, in some ways much more dangerous than individual cases of infection, as widespread damage can be caused.

How Difficult Is The Upgrade, and How Much Is It Going To Cost Me?

The upgrade process itself is straightforward. It’s just the case of downloading the installer and clicking next, next, etc. As long as you have a backup of your data, there’s nothing to worry about. In all likelihood, the upgrade will go smoothly and everything will be right where you left it afterwards. Windows 10 has even gotten pretty good at getting the drivers for your devices itself too.

According to microsoft you have to buy a license for Windows 10 directly from them. This will run you £120 for home, or £220 for the Pro version. There are however, places where you can find it much cheaper than that – Amazon is one such place. There are others, but their legality is questionable so I won’t discuss them here.

Aside from paying for it, it is still possible to get the upgrade for free, just like Microsoft was offering between 2015 and 2016. This may or may not work for you, and I’m not sure how legal it is, so I won’t say anything else on the matter. I will however, send you over to an article about it if you’re interested here.

That’s about all there is to say on the matter really. I hope you’ve managed to gleam some useful information which will keep you safer as the internet is a scary, scary place.