Keeping Students Safe, Productive, and Engaged in the Classroom at CNUTO

Technology is transforming education. If you step back and think about it, the pace of change is astounding. Ten or fifteen years ago, PCs in the classroom and exchanging emails were a big deal. Today, we're teaching with digital whiteboards, and our students are bringing personal smartphones, tablets, and laptops to school. Also, text messaging, chat, and social media have largely supplanted email.

Today's youth have grown up online. Thanks to their mobile devices and ubiquitous wireless access, they have a world of information at their fingertips, 24 hours a day, in school and out. The learning potential of always-on internet access is staggering, but this tremendous benefit also comes with significant risk. As educators, we must protect children from inappropriate content and guide them toward resources that will help them grow as individuals and as students.

Convitto Nazionale Umberto Primo—CNUTO for short—was founded in 1848 as a school for the children of public servants and military personnel. It is now a state-run educational institution that incorporates a primary, middle, and high school, and serves students ages six to 19 across two campuses that are a couple of kilometers apart.

CNUTO's 300-plus teachers, educators, and support staff work with some 1,500 students from Italy and around the world, including 100 who are part of our boarding school. This community relies on our wired and wireless network to gain access to educational resources and, in the case of our residential students, to connect with family members here and abroad. 

Providing Digital Tools to Teachers and Learners

As CNUTO's IT coordinator, it is my job to ensure that our students and staff have the tools they need to get online, but due to budget constraints, mine is a part-time position. I spend most of my time teaching math and physics, and although I am well-versed in IT, it is not my primary specialization. For this reason, I rely on the expertise of a partner contractor to help select, set up, and manage our infrastructure.

For the past 12 years, this partner has been NSC, a Torino-based network security and architecture consultancy that understands the organic growth and the educational mandate of an organization like CNUTO.

About three years ago, it became clear that our existing network infrastructure was inadequate. We were—and still are—piggybacking on a gigabit connection operated by the University of Turin that provides us with ample bandwidth, but we started to realize that our security hardware and software were wanting.

Although this network connected our two buildings and left us room to grow, we were facing two critical issues. The first was a lack of uniformity. We were using switches and Wi-Fi hot spots from different vendors, and this made IT management a chore, so we needed to source all our equipment from a single supplier.

Our second issue was inadequate network security and permission management tools. We needed a flexible solution that allowed us to filter online content for a student population that ranges from first graders to adults. Due to Italian privacy laws, we cannot set specific parameters for individual students. As a result, we started looking for robust software that allowed our instructors to implement different types of restrictions for students based on their respective ages without compromising their identities.

To further complicate matters, the rise of the HTTPS protocol made it impossible to inspect encrypted traffic, so we could no longer filter websites on the fly based on specific content. To counter this issue, we tried to create whitelists rather than blacklists. Sadly, it proved impossible to whitelist both HTTP and HTTPS sites because our network connections repeatedly failed when we tried to access websites that used the new encryption protocol. 

Adopting Cisco Switches, Access Points, and Firewalls

To standardize our hardware layer, NSC installed Cisco switches and wireless access points across our entire network, at our two campuses, and our student residence. Once we had a stable, easy-to-manage infrastructure, we turned our attention to network security.

Here again, NSC recommended Cisco, so we went with the company's Firepower intelligent firewall technology, a robust security solution that automates threat management and provides dashboard-based network configuration tools.

It took a couple of years to retool our infrastructure. As of now, 80% of our switches are Cisco, as are all 64 of our wireless network access points and the wireless network controller at our data center. Our new infrastructure is not only far more stable and secure, but it is also more affordable than our previous mixed-vendor architecture.

Our next step was installing Cisco Firepower intelligent firewall technology and setting it up to authenticate users on the Microsoft Active Directory platform. Right now, there are 1,300 accounts on this system and 250 networked PCs. Users can log in to any of these machines, or they can access our wireless network with their personal devices.

After our initial tests, we were able to transition 100% of our students and teachers from our previous authentication platform and the old infrastructure to Cisco Firepower. The process took less than four months, and there were no service disruptions. At this moment, roughly 40 administrators remain on our old system, but we'll be moving them over in the next four months.

Powerful and Flexible Permission Management

NSC did a fantastic job integrating Cisco Firepower and Microsoft Active Directory. From our end, everything is smoother, and security is far simpler. We can now assign user profiles to specific groups, including administrators, teachers, and students (based on age and grade-level). We can also set access privileges by content and location. This latter functionality is especially valuable to our foreign students.

We can establish permissions by group, whitelist appropriate educational content, and blacklist unsuitable material. We can also block or access HTTPS traffic without a problem. Much of the process is automated, but it is also easy to make changes that are requested by our teachers and students.

For example, we initially used Cisco Firepower to prevent students from accessing all social media content during school hours, but our teachers protested that they often used YouTube in their lessons. As a result, we rolled back the restriction and whitelisted the video-sharing site. Ultimately, our educators know what’s best. That’s why it’s important to combine technology with human intuition. 

Thanks to the resolution of our HTTPS connectivity problems, our students now have access to the online tests and study materials introduced by the Italian government earlier this year. Also, using Cisco Firepower, we can prevent them from accessing other online resources while they are doing these tests, thus ensuring that the examination process is fair.

Putting Technology at the Service of Education Today and Tomorrow

In the coming years, we'll be further upgrading our network bandwidth to 10 gigabits, but we are already starting to see the benefits of our new infrastructure.

Cisco’s solutions have given our students reliable and secure connectivity. And without the benefit of a large IT team, we’ve relied heavily on NSC and will continue to do so. Their expertise and flexibility have been invaluable. As we look to build upon this solid foundation, we know NSC will be at our side every step of the way. 

Now, at every stage of their education, students can access a world of information on their own, and I can guide them to cutting-edge resources. There are incredible educational options on YouTube and through MIT's online lessons. 

As educators, it’s our job to provide our students with the best options to learn. We can now do that better than ever before. And I can rest easy knowing they are safe, focused, exploring appropriate content, and using technology to get the best possible education. The last 10–15 years have changed how we teach. Now, we’re prepared for the next decade and beyond.