LGfL Update

Stewart Duncan

LGfL Technical Manager

Ian Lehmann

LGfL Operations Manager

SophosSophos anti-virus via the LGfL is available for all schools within an LEA who has bought into the scheme.

The licence agreement includes Sophos Enterprise Manager and Sophos Remote Update

Remote update can be used at home for any teacher working in a LGfL connected school.

The current version of Sophos will be no longer supported in February 2006

Version 5.05 is now available via LGfL

The old version of Sophos Remote Update and Enterprise Manager will be switched off 1st March 2007

To upgrade your version of Sophos visit:

http://sophos4.lgfl.org.uk

SophosTimeline

September 2005 – Migration and New Install documentation availableSeptember 2005 – Additional Sophos servers go liveOctober 2005 – Letters to all LEAs reminding of upgradeFebruary 2006 – Sophos ends support for current versionMarch 2007 – Old Sophos servers removed from service

Telephone and email support are available for Sophos Remote Update and Enterprise Manager:

08700 636465 option 3

accounts@lgfl.org.uk

User documentation and installation guides are available at:

http://sophos4.lgfl.org.uk

LGfL Authentication and Single Sign On

During July the way you log into the LGfL resources changed.

The most noticeable change to end-users is the additional screen you see when you log in. This is called the WAYF screen

Note: Some users use a lgfl.net username and others use an USO username. It really doesn’t matter which one you use

LGfL Authentication and Single Sign On

Some of the problems LGfL faced:

• Users have to manage multiple usernames and passwords for different resources

• More and more online resources becoming available requiring yet more usernames and passwords

• We need the ability for teachers and pupils to access LGfL resources from home

• We need a secure online authentication system that will not expose any personal information.

Implementing a Shibboleth solution will: • Ensure no personal information is exposed unless

necessary • Minimise the number of IDs and passwords a user needs

to remember • Minimise the administrative burden imposed on

institutions and on the content provider• Enable user tracking only for services that specifically

require it, such as for e-assessment and e-portfolios • Be transparent to the user (excluding the WAYF screen)• Enable access from any location at anytime.

Shibboleth AA ProcessR

eso

urc

e

WAYF

Identity ProviderService Provider

Web Site

1

ACS

I don’t know you.Not even which home

org you are from.I redirect your request

to the WAYF32

Please tell me where are you from?

HS

5

6

I don’t know you.Please authenticateUsing WEBLOGIN

7

User DB

Credentials

OK, I know you now.I redirect your requestto the target, together

with a handle

4

OK, I redirect yourrequest now to

the Handle Service of your home org.

AR

Handle

Handle8

I don’t know theattributes of this user.Let’s ask the Attribute

Authority

Handle9AA

Let’s pass over the attributes the userhas allowed me to

release

Attributes 10

Res

ou

rce

Man

ag

er

Attributes

OK, based on theattributes, I grant

access to the resource

LGfL SupportLGfL services are developing more and more and the need for a central area for technical support has become very apparent.

How can you get support for your LGfL services:

1.. Telephone – 08700 63 64 65 (Option 1 – Equinox, Option 2 – Digitalbrain, Option 3 – Atomwide)

2.. Via the web – www.talk2equinox.com for Equinox support, http://support.lgfl.org.uk for FAQ about other services not provides by Equinox

3.. By email – support@equinoxsolutions.com or lgflsupport@digitalbrain.com or support@lgfl.org.uk

How do you know where to go or who to talk to:

We are centralising all the support procedures, help sheets, guides and FAQ at:

http://tech.lgfl.net

LVCNet and London Live 2005•Video Conferencing within London’s Schools has been going well since October 2003 when LGfL introduced Click-to-Meet

•Click-to-Meet is used extensively to video conference all over the world every day by schools. This service is completely free for all LGfL connected schools

•Many schools and CLCs have purchased H323 video conferencing equipment.

• For some time users have been unable to use H323 VC end-points over the LGfL due to firewall restrictions.

To resolve these problems LGfL along with Equinox have introduced a new service called ‘London Video Conferencing Network’ (LVCNet).

So how does LVCNet work……

LVCNet WWW

London GridMPLS Network

VC L3 VPNPrivate addressing

CiscoProxy

Gatekeeper

PE Router

Layer 2Aggregation

switches

CPE

Schools DataNetwork

AdminNetwork

CurriculumNetworkVC Network

LEAVPNLEAV

PN

VCVPN

School

LEA L3 VPN

10.X.X.X

212.85.X.X

PrivateAddress

Internet Peers (INET0)ASN 20762

212.85.0.0/19

Privateaddress

Click2meetServers

UKERNA

AP

Privateaddressing

Core FW

VC ClientPolycom

On Demand VC Bandwidth Allocation

Connection Queue Size* Typical Call Matrix

2M 1M1 x 768k or 2 x 384k

5M 2.5M1 x 1.92M or 2 x 768k or 5 x 384k

10M 5M2 x 1.92M or 5 x 768k or 10 x 384k

100M 20M8 x 1.92M or 20 x 768k or 40 x 384k

* Bandwidth queue size includes 25% IP overhead.

LGfL Update

Ian Lehmann

LGfL Operations Manager

Stewart Duncan

LGfL Technical Manager