Growing School District Automates Infrastructure Operations, Enhances Security

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:July 8, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:July 8, 2021
 

 

The Douglas County School District is Colorado's third largest, serving almost 70,000 students from preschool through 12th grade. The district includes 89 schools spread across an area of 850 square miles. Support and coordination take place at the district level, but each school has the flexibility to build its own instructional programs, giving parents a variety of educational choices. For more information, visit dcsdk12.org.

 Executive Summary

Customer Name: Douglas County School District

Industry: Education

Location: Castle Rock, Colorado

Number of Employees: 70,000 students

Challenges

  Reduce infrastructure and application deployment time
  Improve data segmentation and security
  Standardize device configurations

Solutions

  Application-centric, software-defined network
  Integrated, multi-layer security
  Centralized, policy-driven management and automation

Results

  Standardized and automated infrastructure deployments
  Integrated network management for VMware
  Increased protection of student data

 

Douglas County School

Challenge: Increase automation to stay lean

Douglas County School District has a small IT team tasked with a big job. The infrastructure and application environments are more dynamic every year, and security threats to schools everywhere continue to mount. The team needed a way to reduce deployment time, stop configuration drift, and better protect personally identifiable information (PII) while limiting IT headcount growth.

“There are a lot of days when it’s just hard to keep up,” says Nick Morgan, director of IT operations at Douglas County School District. “If a teacher wants to use a new learning tool, we have to quickly figure out the best way to provision it—and integrate it as part of our operations.”

 

“Cisco ACI makes our students’ PII much more secure. We can now isolate databases and protect sensitive applications, segmenting the data center with different security zones that tie into our firewall architecture.”

Dustin Bench, Lead Network Engineer, Douglas County School District

Automating with infrastructure as code

Faced with a move to a new data center several years ago, the Douglas County IT team had an important decision to make. Should they continue using legacy networking or move to Cisco ACI, the industry’s leading software-defined networking (SDN) solution? At the time, few public sector organizations were using SDN.

“We had a strong understanding of what an SDN-based data center could offer us,” says Dustin Bench, lead network engineer at Douglas County School District. “We really needed to automate our operations to get more bang for the buck. After reviewing SDN products from various vendors, we decided Cisco ACI provided the most robust solution. This said, the data center move was the opportune time to adopt Cisco Nexus 9000 Series Switches and Cisco ACI and put ourselves on a path to programmability and automation.”

Today, the IT team is cultivating a DevOps mentality and working to program the entire data center using an infrastructure-as-code approach. When a network configuration change is needed, an in-house program uses open APIs to push the configuration to the Cisco Application Policy Infrastructure Controller (APIC). Changes take effect immediately without disrupting production. Tasks that used to take a week are often completed in five minutes or less. Many routine tasks take just seconds.

“Our ability to optimize and automate operations using Cisco ACI is one of the main reasons we’ve been able to remain a lightweight team, even as we manage more heavyweight tasks,” explains Morgan. “This allows us to allocate capital to education needs versus spending on infrastructure and operations costs.”

 

“Our ability to optimize and automate routine operations using Cisco ACI is one of the main reasons we’ve been able to remain a lightweight team, even as we manage more heavyweight tasks. This allows us to allocate capital to education needs versus spending on infrastructure and operations costs.”

Nick Morgan, Director of IT Operations, Douglas County School District

 

The programmability of Cisco ACI has been the catalyst for additional automation efforts. The IT team now uses Python scripts to push configuration changes to 2,000 legacy switches across the district, and load balancers are also programmatically configured. The goal is a single program that will do all the necessary infrastructure configuration for a new application, including networking, load balancers, and spinning up VMs.

“Approaching infrastructure as code is changing our mindset. We are starting to speak in application development language instead of just IP addresses and ports. This enables us to work more effectively with our developers and improves team collaboration,” says Morgan.

Streamlining VMware operations

A new VMware cluster was also deployed during the data center move, combining Cisco ACI with hyperconverged infrastructure. Cisco ACI gives VMware servers automated access to data center infrastructure. ACI virtual machine manager (VMM) domain integration enables the networking team to configure all connectivity policies for the VMware cluster.

Fifty percent of the applications in the VMware cluster, including critical education applications such as Infinite Campus, have migrated to application-centric operations, eliminating the need to manually configure network devices.

“We’ve taken the burden of managing VMware networking off the system engineering team’s hands, making life easier for everyone,” says Bench. “Endpoint groups (EPGs) now have names that are meaningful to VMware admins. This makes it easy to drop a server into the correct port group and get the right networking and security policies automatically.”

Enhancing security and protecting PII

Douglas County School District relies on Cisco ASA firewalls, Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS), and the isolation and segmentation that Cisco ACI provides to help ensure security and data privacy.

A legacy subnet architecture, with different applications sharing the same subnets, made it nearly impossible to segment applications from each other using traditional methods. Cisco ACI makes it easy to segment these application environments while keeping the impact minimal for application and system engineering teams. Contracts are used to segment applications that run only in production. Applications that have both development and production environments are protected with microsegmentation.

“Cisco ACI makes our students’ PII much more secure,” says Bench. “We can now isolate databases and protect critical applications, segmenting the data center with different security zones that tie into our firewall architecture.”

Products

·         Cisco® Application Centric Infrastructure (Cisco ACI™)

·         Cisco Nexus® 9000 Series Switches

·         Cisco Firepower® Next-Generation Intrusion Prevention System (NGIPS)

Learn more