After a couple of false starts, we successfully completed an upgrade of our internet service through the Iowa Communications Network (ICN) just over a week ago. The most substantial impact of this change is that our internet bandwidth has been expanded from 1Gb to 3Gb, a critical improvement (more on that below).
Why was this upgrade necessary?
Once we completed the upgrade, issues we had been facing with internet performance almost immediately vanished. Prior to the upgrade, we were seeing our bandwidth max out immediately at the beginning of the school day, and it would remain that way until school was out for the day. This means that – at any given time – we had more demand for bandwidth than our service could accommodate, resulting in slow performance and intermittent drops / loading errors. You can see this in the chart at right, which shows our demand and usage prior to the upgrade.
The impact of the upgrade
Now that the upgrade is complete, our available bandwidth has tripled, and we are no longer seeing 100% utilization at any point during the day (this is a good thing). In the chart at right, you can see that our utilization last Friday – a pretty typical day – peaked at about 58%, or at about 1.74Gb of our available 3Gb. Page loads and downloads are quicker and service disruptions / errors due to bandwidth issues have disappeared. Further, this gives us a little room to grow; we expect that bandwidth demand will gradually increase throughout the school year, continuing a trend from previous years.
Implementing a new firewall
One of the most substantial post-upgrade challenges has been implementation of a new firewall. Our previous firewall had reached the end of our service agreement and was not capable of supporting more than 1Gb throughput, which meant that we needed to upgrade firewalls.
After much discussion, we opted to move away from our Palo Alto firewall – a product we liked a great deal – and to move to a Fortinet firewall provided as a managed service through the ICN. While moving to a managed firewall product results in less control and agility in firewall management, the cost savings were substantial compared to the hardware and licensing costs for a beefier Palo Alto device.
We’re still in the early phases of the switch, and I’d say we have mixed reviews at this point. While we attempted to replicate our previous firewall policies with the new implementation, there are – as there will always be with this kind of migration – some growing pains where we’re still discovering services that are not being handled the way we want them to be. We’re working on these issues as they’re reported, and hope to have our network security back to its previous state soon.
While the new firewall is certainly a capable device, it has been a challenge for us to have to go through an extra step to make support requests for problems and oversights to be resolved. This has resulted in some implementation delays and problems that would’ve been unlikely to occur in our previous network security environment. That said, we are working to establish a framework upon which this work can be streamlined, especially once we are out of the initial deployment / cleanup phase that we’re in now, when firewall-related requests are coming at a much higher frequency than normal.
Why was the upgrade delayed?
This upgrade was originally scheduled to take place this summer, but had to be delayed due to problems at the ICN and with one of their subcontractors. Once it was apparent that the upgrade would need to take place during the school year, we wanted to limit outage windows to one hour to avoid disrupting the networking needs of our staff and students both during and outside of school hours. This resulted in a couple of false starts, where a problem after implementation would cause us to roll back the change and fix the problem before trying again. With this type of service upgrade, a “better safe than sorry” approach is always preferable.