SYSTEM MANAGERS ANNUAL REPORT 2010
The year 2010 was another busy one for Matt and I (see Matt’s report for details on his busy year).
Unfortunately we did have a bump in the road this year with our Firewall. As our “Empire” grew bigger and bigger with the addition of many more PC’s, the overall bandwidth usage increased accordingly.
This caused our firewall to reach a point where it would fail momentarily (a couple minutes while it rebooted) or all together for certain libraries which required LION Staff intervention (clearing the translation table). This was caused by a defect in the hardware of the PIX which was unknown to us. Once it reached a certain amount of bandwidth usage, the PIX Firewall would “freak out” and force a reboot. This would cause all libraries to stop having Internet Access. A pain to be sure but some good did come from it.
LION purchased a new Cisco Adaptive Security Appliance Firewall. Our old PIX firewall was installed 7 years ago so it was out of date and time for a newer, faster one. In retrospect, I am surprised it lasted as long as it did. We had some minor difficulty getting the new ASA Firewall to work due to the new design of the OS code Cisco is now using. It didn’t “behave” the same way as the old code and didn’t want to play nice with the CEN equipment. With help from the CEN we were able to redesign the outside portion of our network and make it compatible with the new Firewall. All is right in the “network” world again.
During some troubleshooting of our Firewall issues, the CEN discovered we were maxed out on our existing CEN Fiber circuit. We were supposed to be set at 20 Meg but AT&T had only configured it for 15 Meg. This is the reason for some seriously slow times during the day. CEN had AT&T up our circuit speed to 50 Meg now. I routinely check it and we are averaging between 15 and 24 Meg during the peak part of the day. This means we have plenty to spare right now even with LEAP coming on and hopefully we will be on the new Dark Fiber before then anyway.
During our troubled times with the old PIX firewall, one of the ideas we had was to move as much of the Public Internet traffic off of the LION circuit to try and reduce the overall bandwidth usage while we waited for the new ASA Firewall to arrive. I asked the CEN if it was possible to create a virtual circuit on Wallingford’s Fiber to bypass LION and simple go straight out to the Internet. The CEN was very accommodating and created the circuit the next day. I built a router/firewall out of an old IBM and software called M0n0wall and moved Wallingford’s Public Internet off of LION. This did two things, first it got a big chunk of bandwidth usage off our circuit since it bypasses the LION network altogether, and second, it gave Wallingford a 100 Mbps line out to the Internet for their Public Internet. It was a win-win for everyone.
In yet another attempt to get even more bandwidth off of LION, I found a router that allows one LAN to share two Internet connections. It’s called a Dual WAN Router. We installed one of these at Bill Library – Ledyard since they had a Comcast Internet connection which they were not using. What this does is it routes any Internet traffic coming from the LAN to the Comcast Connection (i.e. public Internet) and any LION traffic (iii, email) up the CEN DSL circuit. This reduced the load on the LION network while giving their Public Internet Connection a huge boost in speed. Comcast tends to be in the 15 to 20 Meg range while the CEN DSL is at best 6 Meg.
Since this worked so well, when Branford recently got Comcast installed we did the same thing for them.
Essex had Comcast installed in January. I moved their public Internet computers over shortly after the install was complete.
I helped Norwich get their Public Internet moved from AT&T DSL to Comcast earlier in the year.
In case you haven’t guessed, Comcast offers free Internet for Public Libraries. The speed is roughly
15 – 20 Meg which is significantly higher than AT&T DSL. Hence the reason so many libraries are switching their Public Internet to them.
Guilford was having problems with their Comcast Internet over the summer and after repeated visits to troubleshoot the router, I told them to contact Comcast. They came out and replaced the modem and then I built them a M0n0wall router/firewall to replace the Linksys router they were using and that resolved the problem.
Things Other Than Network Issues
Installed new Dell Windows 7 PC’s at 9 LION Libraries – Reimage/Redeploy existing PC’s as PAC’s or additional Public Internet workstations.
Fixed countless Malware infected PC’s, fixed issues with wireless, light pens, receipt printers, network connections, printers, network switches, iii client problems, wireless printing, mass e-mailing program installs, reimaging public PC’s, etc, etc, etc, the list is endless.
Helped install new Copier/Scanner/Printer’s at two Libraries which required loading a new driver on every PC in the building that wants to print to it.
Next Year promises to be an exciting one for LION with the addition of the LEAP Libraries. That, and the (hopefully coming this year, I’ve heard from CEN that LION should be very early on in their project) installation of a new Dark Fiber CEN connection at the LION headquarters, Rathbun Free Memorial Library and Easy Lyme Public Library which will bring a unbelievable 1 Gigabit network speed potential to the libraries thanks to the Federal Government’s Stimulus Grant Program.
Along with the continued addition of more and more PC’s to the network it looks to be a strong growth year for our “Empire”
With new technology coming out all the time, it is my hope to hold at least a couple Technology Committee meeting this coming year to educate your staffs on new things which may be beneficial to your library and/or patrons.
Richard Widlansky, Systems Manager