Barnet and Southgate College IT Support Case Study
Providing 21st century IT support for one of London's biggest colleges.
IT Support for Colleges, Schools, and Universities
Fuse is committed to bringing best practice into every sector, whether business, non-profit or education. An institution such as Barnet and Southgate College faces the same challenges as any small-to-medium enterprise, namely meeting the needs of staff who need to work in multiple locations, protecting confidential information about students, and providing the framework for users to work productively and efficiently on projects, all within an IT environment which has to scale up and down according to changing needs.
About Barnet and Southgate College
Barnet and Southgate College is one of the largest further education colleges in North London, delivering a broad range of courses across both academic and vocational training. It is recognised as having some of the best facilities in the UK, which includes the £50 million Wood Street campus.
The college maintains excellent contacts with local employers and regional industry, has many links with the local community, and participates prolifically within the 157 Group of the 27 most successful colleges in the UK.
Delivering A Cohesive IT Solution for Barnet and Southgate College
Barnet and Southgate College resulted from a merger of several colleges in North London, each of which had their own IT systems and processes. Fuse's experts worked with the College's in-house team to create solutions which brought staff and students into one effective and efficient IT framework that enabled productive working in a secure online environment.
Split into two main projects, Fuse introduced Multi-Factor Authentication and SharePoint integration, about which we go into more detail below.
Tackling The Concerning Cybersecurity Issues
Staff accounts at the college are frequently the target of phishing attacks, which try to fool users into entering their account details into fake websites posing as legitimate ones. Action was needed to be taken by the College’s previous IT provider to protect accounts several times a month.
The College also used a combination of services in the cloud and on-premises, using Active Directory Federation Services (ADFS) as a single sign-on solution for the majority of services. This enabled staff to login to systems easily from anywhere, but at the risk of exposing these systems to compromised credentials.
A solution was needed that prevented accounts from being compromised: The solution had to integrate with the existing services, without causing any interruption to those services. Moreover, it had to be simple for the staff to adopt and use.
The College was already using Azure Active Directory for Office 365, which includes a cloud-based multi-factor authentication service. The licensing for this service includes the ability to deploy it on-premises, where it can be extended to protect existing on-premises systems and integrating seamlessly with the authentication methods in-use.
Are you concerned about how phishing attacks are being handled in your workplace? Keeping your employee safe from phishing attacks is paramount.
Deployment of Multi-Factor Authentication to Enhance College Cyber Security
Together with the college, Fuse deployed the components of multi-factor authentication (MFA) into their environment. This consisted of the following:
MFA Server (in a highly available topology)
Runs the administrative components, allowing users and system components to be configured.
User Portal
A secure website allowing users to login and manage their MFA account, to update their registered device (phone) and preferred contact method. This includes the mobile device web service, which allows a mobile app to push notifications to the user.
ADFS integration
By integrating with the college’s existing ADFS infrastructure, the MFA service is extended to protect any cloud services using ADFS – which in this case included Office 365.
Exchange
We deployed MFA components onto the college’s Exchange client access servers, so that Outlook Web Access (the main target for attacks) was protected.
VPN/VDI
Added the MFA service as a RADIUS server, so it can then be used to protect logins to the remote access and VDI systems.
Email Integration
The MFA system can send out emails to end users to guide them through the registration process. Integrating the system with the college SMTP servers allows these emails to be sent from trusted addresses and customised with the college’s wording and materials.
All this was done within the live environment, with no interruption to services. Users were gradually added to the MFA service, allowing IT to assist with registering devices in a manageable way, and deliver training on how and why the system is being introduced. Fuse introduced prepared resources from Microsoft to assist with user adoption, including user guides and videos.
The challenge
The newly-formed Barnet and Southgate College inherited a 2010 SharePoint intranet, which had gained traction across the merged college as a way to share content and documents, particularly with staff spread across many campuses.
One of the key objectives was to make the SharePoint intranet available to users outside of the College, so staff could work from home and on mobile devices, but only if documents could be secured and performance improved. The 2010 environment was using a single front-end server, connected to a single database server. It had a number of performance and configuration issues, mostly caused by its migration from one active directory environment to another.
While SharePoint was the desired platform, due to its familiarity with staff and integration with Office, it was clear the 2010 system as it stood could not deliver the required availability or scale needed for a system that was intended to be the backbone of the college’s staff collaboration efforts.
Security was also a major concern. A lot of the intranet content pertained to highly confidential student and staff records, which requires the highest levels of data protection. While SharePoint was only accessible from the tightly-controlled campus PCs, the standard SharePoint platform security, operating procedures and good IT security practice were enough to ensure document security. Opening up the intranet to logins from devices off-campus, over the internet, represented a whole new set of challenges, that required guaranteed levels of security, regardless of how the document was treated.
The solution
Fuse began our engagement by building a new high-availability SharePoint 2013 farm, splitting server roles and components across the college’s two datacenters, to ensure high performance across all locations, and resiliency in case of a datacentre outage.
The existing intranet was then migrated to this new environment over the summer holidays, to allow the developers and content editors to take advantage of the new features in 2013. As part of the new SharePoint platform, we also set up an Office web apps farm, which allows devices without Office installed (such as Macs and mobile devices) to edit documents within SharePoint using just the browser.
To guarantee document security, Fuse integrated rights management services into SharePoint 2013, using the rights management service available as part of Office 365. The students at the College had been using Office 365 for a few years, but the staff never had. Our first action was therefore to synchronise the staff accounts in the existing Office 365 subscription, using the latest version of Azure AD sync – which has the added advantage of being able to synchronise password changes, eliminating the need for a complex Active Directory Federation Services set up.
This gave all staff an account in Azure AD that matched their on-premise credential, and enabled us to activate Azure rights management for the college. All that remained then was for us to set up a rights management connector within the on-premise infrastructure and deploy the configuration to SharePoint. This same connector infrastructure can also be used for extending rights management to the on-premise file servers and Exchange.
Providing A Secure, Adaptive, and Fit-For-Purpose IT College Environment
With no additional infrastructure beyond the virtual servers required for the new SharePoint platform, Barnet and Southgate College now have a secure collaboration environment available to them 24/7 from anywhere on any device.
Furthermore, they can share secure documents with partners and external bodies (such as employers) safe in the knowledge that they control how that document can be used. The solution is highly scalable, reflecting the rapid growth of the college, and maintains the ease of use and familiarity of the existing intranet.
Going forward, all staff will be able to use the features of Office 365, and IT are all set to be able to exploit the hybrid features of Azure, with MFA in place to increase the levels of data security among staff and students alike.
Interview with Alex Gimenez
Alex Gimenez is the IT Systems Manager in the Technology Innovation & Development Department at Barnet and Southgate College. They are the main contact between the College and Fuse.
How would you describe the overall quality of the service we provided?
Outstanding! I have been working with Andy for over 5 years now and always great!
Reflecting on the project, could you highlight three specific changes that had the most positive impact on the college?
- Migrated Exchange on-premises to O365 for over 1000 staff, enabling us to have a better and more reliable system on the cloud.
- Implemented Microsoft 365 Enhanced Hardening, enhancing our protection for students and staff against cybersecurity threats.
- Replaced on-premises ADFS with Azure AD, eliminating the reliance on on-premises systems for authentication.
Were there any aspects of our service that exceeded your expectations? This could include issues resolved, lessons learned, or any unexpected positive outcomes.
The consistent excellence in service, coupled with the resolution of issues and the continuous learning opportunities, has truly exceeded my expectations.
How satisfied were you with our communication throughout the project? Let us know if you felt adequately informed and involved in the process, and whether there were areas where communication could have been improved.
Excellent! We had a planner built by Fuse and regular meetings to discuss the project.
Do you feel that we completed the project in a reasonable timeframe, while still focusing on detail where necessary?
Absolutely, everything is on schedule.
In your opinion, did our involvement in the project add value to your existing team? If so, please provide specific examples or insights into how our collaboration positively impacted your team's performance or outcomes.
Yes, our team has gained valuable insights and knowledge through collaboration with Fuse. Their experience has contributed significantly to our learning and overall project outcomes.
Services Provided as Part of IT Support for Barnet and Southgate College
- Office 365 including SharePoint
- Multi-Factor Authentication (MFA)
- Exchange
- Helpdesk
- VPN/VDI
- User Portal
- Azure Active Directory
- Backup and disaster recovery
Benefits of using Fuse for Barnet and Southgate College IT Solutions
- Fuse planned timings to coincide with the summer holidays so there was as little disruption to the college as possible.
- The College is now set up to scale up and down their licenses according to changing needs, without needing to change their overall IT infrastructure.
- Andrew Walman, Fuse’s Head of Infrastructure, who led the project, has developed a good relationship with the IT team at the College. Both parties understand the other and communicate effectively.
- Fuse continue to provide essential training and resources to the IT team and staff at Barnet and Southgate college.
- Staff and students can rest assured that their data is secure and more protected than before.
- Not mentioned in detail but included with Azure is the ability to set up recovery and backups in case of a disaster.