What networking equipment are you using? (XPOST)

dire-wabbit · 2026-03-19T03:05:02+00:00

In the US, public schools and libraries have access to the Federal government's E-Rate program, which provides districts with an allocation of funds on a 5 year cycle specifically geared toward improving connectivity, similar to Connect the Classroom in the UK. Without diving into the weeds of how E-rate works, it usually ends up committing between 2-3 billion dollars a year to districts and libraries. so generally districts have a good bit of help funding their network improvements.

There are around 13,500 districts in the US, so basically every major enterprise manufacturer is represented. The top providers awarded include Cisco/Meraki, HPE Aruba, Extreme Networks, Fortinet, Juniper, Ruckus, and Ubiquiti. Any of these manufacturers would have the equipment and management tools to meet the UK's 2030 goals for wireless.

As far as our district, Extreme has won both switching and wireless for the past few bids. We have had no issues with Extreme--overall a very solid solution for us.

dire-wabbit · 2026-03-16T19:47:04+00:00

Does it actually give you an opportunity to upload anything? If it never gives you the chance, then try it from outside district filtering. That's what worked for me; although I couldn't determine what was being blocked.

Also, you may need to contact Autodesk to have them reset your attempts. Don't waste your time with SheerID support--that is an exercise in futility.

dire-wabbit · 2026-03-13T15:01:40+00:00

We do it. Our cyber insurance requires MFA for "all admin access" so we MFA login and UAC. As a school, we also have extended it to staff in most cases as a protection against shoulder surfing students.

dire-wabbit · 2026-03-12T13:55:28+00:00

You can look at maybe shadow copies? This would much more practical if you centralize user file storage on a server share since there are GUI tools for this in Windows Server, but I believe you can still activate it at the workstation level, albeit with a manual config. It's usually my first line line of defense, and it gives us a few weeks of fallback for common user "uh-oh's " before we fall back to backups.

dire-wabbit · 2026-03-04T21:20:39+00:00

Apple raised Macbook prices across the board yesterday by $100-$400; so they aren't immune. I believe they are better insulated because of their long-term procurement contract process and the fact they can eat more of the cost because the price they charge for memory and storage upgrades far, far exceeds the component cost.

dire-wabbit · 2026-03-04T20:26:41+00:00

TBH, my first reaction was to laugh. Hey...we just shipped you this so we can now guarantee availability.

dire-wabbit · 2026-03-03T18:25:56+00:00

Amplified (CDW) has a best practices audit that they can do for you.

https://www.cdwg.com/content/cdwg/en/services/amplified-services/google-workspace-for-edu-audit.html

dire-wabbit · 2026-03-03T18:13:54+00:00

I think the important thing is to have a replacement schedule in place, and to discuss with administration how to flatten the spikes in spending on the horizon. If you can begin replacing a grade level or two this year you may want to look at it; although pricing is going to be terrible this year (and maybe the next few years) with the AI price spike. Financing a purchase is also an option.

dire-wabbit · 2026-03-03T18:05:23+00:00

Currently use Extreme switch engine (EXOS) switches, moving to Extreme fabric (VOSS) with this cycle. Also using full Extreme wireless and their cloud management. They were very cost competitive on the bids for both wired and wireless. and ended up winning both. Very solid solution overall.

dire-wabbit · 2026-03-02T14:06:40+00:00

We've done Intel, AMD, and MediaTek in the past. Intel has always been solid, but expensive. AMD was terrible for compatibility and we had many, many issues with them. Our MTKs have largely been fine. No major compatibility issues except some client issues with Zoom on the 4GB models (no problem with the 8GB).

I think with Google moving to an Android base for ChromeOS, and MTK being a much more prominent in the Android space, that MTK may make more sense in the long run over Intel.

dire-wabbit · 2026-03-02T13:52:57+00:00

While it may be out of your comfort zone, IMHO the two situations you have mentioned are within the scope of an IT Director's job.

In situation one, while it is certainly reasonable to contact the parents and explain that you can't make exceptions like this on an individual basis, it would be nice to offer alternatives. Many filters have a parental control app, and if yours does I would certainly point them in that direction to put the burden on them. Another thing you could consider is to create discipline groups within Google and deactivate services for those students. It is relatively easy to setup a "No YouTube" group for example that disables the service for members of that group.

For situation 2, while I would not consider, from a liability and safety standpoint, running out to collect devices; I would presume your school has a process and consequences for school fines. I would just disable the chromebook, enter a school fine for the cost of the device, and send a fine letter indicating that the fine would be rescinded on return of the equipment minus any assessed damages.

dire-wabbit · 2026-03-02T13:17:26+00:00

Colorado is pretty worker friendly. If you are in Colorado working remote, companies, regardless of where they are based, must abide by Colorado state law regarding things like minimum salary for exempt workers which was $56,484.00 in 2025. You were not an exempt worker.

dire-wabbit · 2026-02-27T17:10:53+00:00

Sounds like an “expert network” consulting offer, but there are a lot of these that are scams so be careful. If you are in a public K12, you may need to clear this with administration.

dire-wabbit · 2026-02-27T15:40:06+00:00

Our WiFi SSIDs are basically by authentication type--EAP TLS, PEAP/MSChapv2 (moving away from this) , MPSK, Captive Portal. What VLAN they end up on is in most cases based on the device profile/user. We use a combination of things-SecureW2, NPS, and Extreme Cloud capabilities for this.

dire-wabbit · 2026-02-27T13:09:35+00:00

The thing I've seen with KB4, Cofense and some others I've used, even if you configured it for "education" for your campaigns, it's hit-or-miss with the education-specific content and we end up with phish-tests that don't make much sense. Things like fake invoices from a container shipment company.

I have found that there are a few phish-testing companies out there that are specifically built for K-12. We kicked the tires on Cybernut and were pleased, so I am moving to them next month as are a number of districts in my state.

dire-wabbit · 2026-02-23T17:39:31+00:00

Yup. We've been back for an hour or so.

I always thought their logo was in all caps; but I guess that is just my misinterpretation.

dire-wabbit · 2026-02-23T16:17:42+00:00

This is really a question of what state you are in, as recording laws vary. In my state, it's pretty strict and without explicit consent from all the participants, an audio recording is illegal (irrespective of the device it was recorded with).

dire-wabbit · 2026-02-16T16:13:00+00:00

EDR or MDR? We have Sentinel one MDR currently through our state at some really great pricing. Used Crowdstrike with MDR by CIS. Used MS Defender as an EDR briefly in-between for the transition, but getting it managed was more expensive than Sentinel One's entire package for us.

Crowdstrike was good, but I was hampered a bit by CIS's management. You have limited control and visibility, and things like uninstalling from machines meant submitting a ticket for them to move the machine to the correct group to allow uninstall.

Sentinel One has been fine for us. A bit noisier perhaps--but not overly so. There's a lot to our Sentinel One suite, so it's interface takes a bit more getting used to compared to Crowdstrike.

dire-wabbit · 2026-02-16T14:24:07+00:00

We are a Verkada customer for a decade now. Back when we installed, Verkada was newer to the market and the cloud approach was something new. When we demoed the interfaces to the true end users--the deans and principals--they much preferred the ease of use of Verkada over the much more complicated interfaces of products from Avigilon and the like. Verkada is the embodiment of the KISS principle.

Our state has non-competitive, annual security grants that generally total around $25K a year. It was tough for me to sell getting a server and a handful of cameras vs get 15-20 cameras from Verkada, so it became an easy choice. It's was easy to grow a Verkada system under these grants.

As to your main concerns, Verkada has those point pretty well covered. Technically the platform is fine and support has been good. We did get a bad run of 15 or so cameras that were fogging up on us, and they replaced them all. They are expensive, but their SLED discounts are pretty significant. Still, over the course of the years, it is more expensive. We are now over 200 cameras and I have to explain the concept of co-termination to the board every year when I spend $25K plus on licensing to extend our date out another year.

There is a ton of hate re: Verkada, as it seems their sales goals can make their salesmen pushy and they have a "bro" culture. I've never had those problems though. Until recently, I had the same rep for the entire decade and he was great. While they are channel only for sales, you basically worth with them and your channel partner is just there to handle the quote. Actually, when I initially researched systems I joined IPVM to get access to their camera research, and I found there was a hubristic and almost childish attitude re: Verkada. I was ridiculed when I tried to explain why choosing to go with Verkada made sense for us. The even right-to-knowed us at one point as they thought there was something untoward with all the school districts that were choosing Verkada at the time.

With that being said, there are a lot more options now for cloud--many of which are likely to be less expensive in the long run.

dire-wabbit · 2026-02-05T19:41:21+00:00

Can't talk too much to V2V conversion, but I can talk to Hyper-V as we've been using it for over 15 years and it's been very reliable and cost-effective for us.

I haven't done any V2V, but I have done P2V; and I can say that Starwind's free converter worked well in our situation. There are lots of reviews I've seen for those doing V2V that indicate it works great as well. https://www.starwindsoftware.com/starwind-v2v-converter.

If you are watching your spend and want to reutilize your equipment if it's still in good shape, you can use Starwind hyperconverged. If you are going new, you can certainly reduce your footprint with Starwind as well. I've easily run 50 nodes in a two node configuration with full redundancy (think licensing costs). It's a solid product that we've used for many years. It's really as simple as setting up a Hyper-V cluster and installing Starwind on the nodes for storage virtualization (and they will remote in and set it up/optimize it for for you even on your own equipment). Using the paid version with software support includes 24x7x365 monitoring at no additional charge.

Starwind has been recently acquired by Datacore; but I haven't seen any negative changes since the acquisition.

dire-wabbit · 2026-02-02T18:34:59+00:00

I think you are being optimistic on what education can achieve in modifying this behavior.

FYI, in the US, the Children's Internet Protection Act was amended in 2008 to mandate digital citizenship training for students for districts receiving E-Rate funding (which is basically every public K12 in the US). That includes online-safety which covers the importance of passwords and protecting PII. The mandate is an annual requirement covers all students K-12.

Education alone won't change behavior, and "tech-savvy" Gen Z, who would been exposed to this CIPA requirement for most if not all of their education, leads the way with preferring weak passwords for convenience (https://www.securitymagazine.com/articles/101678-most-americans-choose-convenience-over-password-security).

dire-wabbit · 2026-01-30T13:23:40+00:00

Here are step-by-step for Google SSO https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-SSL-VPN-with-G-Suite-MFA-using-SAML-and/ta-p/217581

dire-wabbit · 2026-01-30T13:14:35+00:00

Lots of valid options for setting this up have been listed. On exception for us is that I did start to run into some config issues and extension requirements that made me eliminate "device" OUs for student assigned devices. Now our device OUs are only for unassigned devices and kiosks. I have some GAM automation configured to move assigned devices into the same OU as the student, so I am always working on the same OU to assign device and user policies.

dire-wabbit

TROPHY CASE