Professional Documents
Culture Documents
AMP CIO Digest Article
AMP CIO Digest Article
CASE STUDY
Endpoint Matriculation
Hillsborough County Public Schools educates hundreds of thousands of students by protecting tens of thousands of endpoints
anaging the IT systems for a public school district that is the eighth largest in the United States and covers an area larger than Rhode Island requires just the right mix of technology, processes, and people. Get it right, and the learning curve is greatly diminished. Get it wrong, and the learning curve becomes very steep. We have approximately 85,000 endpoints supporting 27,000 faculty and staff and 190,000plus students, says Sharon Zulli, manager of the Customer Service and Support Department. Zulli has been with Hillsborough County Public Schools in Florida for more than 25 years, including the last 20 in IT (except for a few years at IBM as an education specialist). And shes been getting it right since she spearheaded an effort to roll out IBM PCs in a baseband network configuration in the late 1980s. It was one of the initial rounds for technology resource teachers in the schools and I applied, she remembers. It was truly a very exciting time, and it was a great opportunity to do something that had not been tried before.
PATRICK E. SPENCER
manager at the time came to me and directed that we do something, Zulli recalls. He told me to get something that could be managed centrally and that would automate a lot of our manual management processes. After looking at several different technology solutions, she and her team settled on Symantec endpoint security and its management console, mandating that all machines were to have the Symantec endpoint security client on them if they were to be on the districts network. But it was more than managing risk through standardization. We had staff going from one school to the next patching and updating machines, she describes. To automate this process and put the sneakers back in the IT locker, we began using Altiris Deployment Server. But this configuration had its limitations, too. We deployed the antivirus updates through group policy,
For assistance in planning and implementing the rollout, Hillsborough County Public Schools turned to Symantec Partner Advanced MarketPlace. Advanced MarketPlace helped with our initial Altiris deployment in 2003, Amato recalls. We were very pleased with their level of expertise and using them again for our 2007 rollouts made complete sense. In addition to making patching and updates intelligent, Client Management Suite enabled the Hillsborough County Public Schools team to improve their percentage of patched machines from 85 percent to almost 95 percent. This improves our risk posture, Zulli says. Further, hardware-independent imaging reduced the number of images from 20 to just two. This dramatically simplified the update process and eliminated instances where the wrong image or image version was put onto a machine. The software portal capability was also a real bonus, Amato adds. Managing the deployment of approved software titles was a real problem for us before. With Client Management Suite, we are able to take all of the approved applications that are commonly used and place those on a centralized software portal where faculty and staff so that they can download the software they need.
We have about 85,000 endpoints spread across an area the size of Rhode Island supporting about 27,000 faculty and staff and 190,000plus students.
Sharon Zulli, Manager, Customer Service and Support Department
antivirus, antispyware, firewall, intrusion prevention, and application control. Intrusion prevention gives us a proactive approach to endpoint security, Zulli states. With the large number of endpoints to protect, a proactive versus a reactive stance is crucial for us. The application control feature is proving quite beneficial to Hillsborough Endpoint security and County Public Schools. management facilitates learning while protecting Previously, we had 85,000 endpoints for no means to prevent Hillsborough County students from going Public Schools at go.symantec.com/ around our Web filter hillsborough-video. using ultra-surf proxybypass utilities, Amato says. With application control, we load a hash of the known files that we dont want the students to execute. As a result, when they attempt to execute those files, they are blocked from doing so. Amato actually took the solution a step further when he integrated
the Endpoint Protection application control database into the districts Microsoft SharePoint solution. This enables the Hillsborough County Public Schools team to track which students are trying to circumvent security controls and which applications they are trying to use and which websites they are attempting to log into. It shows us everything, including machine name, time stamp, and user name, Amato quips. The move to Endpoint Protection also allowed Hillsborough County Public Schools to reallocate 250-plus servers that had previously been used as domain controllers. Amato explains: We no longer need dedi-
cated servers for each site. Rather, we manage all of our endpoints from a set of four servers in our main data center. I was able to redeploy those 250-plus servers for a different function and thus avoid the cost that would have been required to purchase 250 new machines. In addition to the cost savings for the hardware and software, the IT team eliminated the time spent maintaining those 250 servers, at least associated with endpoint security.
VIDEO
host integrity check, then they are allowed into our production network. If they fail, then they are put into a restricted network zone where they cannot access information or use other applications. In those instances, we offer them services where they can download and implement our security standard and thereby gain access to our network. Offering network access control is important because third-party vendors are on Hillsborough County Public Schools campuses on a regular basis and require access to file servers and other IT resources. The network access control component in Symantec Endpoint Protection gives them the ability to access those. This wasnt always possible in the past, Mickelson says. In addition, access includes both wired and wireless networks.
symantec.com/ciodigest 53
CASE STUDY
HILLSBOROUGH COUNTY PUBLIC SCHOOLS
Zulli joined the Customer Service and Support Department in 2000 and worked in several different management capacities before assuming overall charge of the approximately 80-staff team in 2010. In this role, she reports directly to Hillsborough County Public Schools Chief IT Officer Dr. David Steele. Zulli summarizes her departments mandate with the following assessment: Administrators and faculty arent really interested in what were doing with different technologies and vendors. They only care if their IT systems are working
Sharon Zulli
Manager, Customer Service and Support Department
of the
Efficiencies of scale
Zulli and her team are quite excited about the different initiatives they plan to drive by leveraging the broader portfolio of Symantec solutions. Our first focus area is to replace our legacy Web security and messaging security solutions with Symantec Web Gateway and Symantec Messaging Gateway, Zulli notes. We will get closer integration with our broader security infrastructure while reducing the cost and time we spend in training and maintaining those two solutions. We also have some compliance requirements for protecting students while they are on the Internet, and Web Gateway gives us the ability to monitor and manage that activity more closely. A second area Zullis team is preparing to tackle is replacement of a legacy help-desk solution with Symantec ServiceDesk. Were looking forward to the efficiencies it will drive for us, Zulli cites. Michael Studenberg, a technology support advisor who oversees Hillsborough County Public Schools support center, indicates that remote control integration was at the top of the list of priorities in the selection.
Managing and controlling the amount of technology from outside of the school district on our network is becoming a growing challenge.
Art Mickelson, Technology Specialist
Schools team will engage Advanced MarketPlace for assistance. And as Zullis team implements Asset Management Suite, including asset tracking, Studenbergs team will be able to use that information when assessing help-desk requests. This will drive efficiencies such as faster resolution of support tickets. Were also beginning to experiment with application metering, adds Paul Richwine, a technology specialist on Zullis team. With the information we glean from it, we hope to reduce our overall software spend by reallocating licenses that arent being used or hardly being used to other machines. A third area that the Hillsborough County Public Schools team plans to address is mobility. We currently have almost 1,000 devices deployed across several schools but know that this number is going to rise quickly, Zulli relates. Being able to manage these grated with Symantec ServiceDesk and IT Management Suite, the Hillsborough County Public Schools team can manage the mobile devices from the same centralized console used to manage the remainder of the organizations endpoints. With some faculty and staff wanting to bring their own devices (BYOD) and connect them to the Hillsborough County Public Schools network, Zulli and her team are investigating the possibility of rolling Portions of the interview out a BYOD policy. It with Sharon Zulli and her Customer Service and Support doesnt make sense team at Hillsborough County for us to provide and Public Schools are available as an Executive Spotlight manage districtPodcast at go.symantec.com/ owned devices, she hillsborough-podcast. says. As a result, if we are going to allow them to connect their own devices to our network, we need to have the right solution in place to segregate district applications
working as an education specialist at IBM for a few years in the 1990s, Zulli has served in a variety of IT capacities at Hillsborough County Public Schools. The time at IBM gave me vendor experience, which Ive really been able to draw upon to build strategic, collaborative relationships with our technology providers here, she states.
and if student computers and mobile tablets are running. Our team works behind the scenes and makes all of this possible. And this isnt an easy feat, according to Zulli: We have about the same headcount as we did in 2002 but are responsible for nearly twice as many endpointsand we now have the added complexities of user demands for choice and mobile devices.
and data from those that are the employees. For this function, Zulli indicates that Symantec App Center might be a solution.
PODCAST
potential problems and efficient in how to tackle different projects. A good example of the latter is Symantec Endpoint Protection Assurance that comes with Patrick E. Spencer (Ph.D.) is the editor Business Critical Services. Last in chief and publisher for CIO Digest. year, we had an audit of our software deployment across EXCEEDING THE CURVE the entire organization, WITH SYMED TOTAL SOLUTION Zulli recalls. With Symantec Endpoint Protection Assurance, we > Symantec Protection Suite were able to generate a report of Symantec Endpoint Protection our licenses to the machine level Symantec Web Gateway that saved us substantial time. Symantec Messaging Gateway
CIO
PATRICK E. SPENCER
featured in
DIGEST
January 2013
PATRICK E. SPENCER
> Altiris Client Management Suite > Altiris Asset Management Suite > Symantec ServiceDesk > Symantec Mobile Management > Symantec Business Critical Services
symantec.com/ciodigest 55