SLG Customer requirements / Pre-Requisites for Schools hosting their own Sims Data

Non Technical

Each School needs to identify a lead user

This person should have a working knowledge of Sims and be able to lead the strategic development of SLG.  They should be able to instigate training for school personnel in liaison with the Scomis Consultant.

School Prefix

To ensure that accounts are unique on the SLG Platform we prefix accounts with a unique identifier for your school.  This prefaces your usernames, e.g. TH for Tiverton High School and means that your usernames are generated in the following format:

School Prefix	User Type	First Name	Surname	SLG Username
TH	Staff	Paul	Smith	THpsmith
TH	Student	Sam	Harris	TH04sharris
TH	Parent	Tracy	Harris	THPtharris

As you can see an additional prefix of P has been added to identify parents and students are identified by a 2 digit cohort year.

Technical

Important note: these do not need to be completed if your Sims data is hosted by Scomis on our Hosted Application Service

With your Sims data hosted on your own server there will be a need for the network manager to be involved with the implementation.  You need to be aware of or carry out the following as appropriate.

Hardware Specification

School server hardware must meet the minimum specification for SQL modules to function correctly.  Please note that Capita recommend schools replace administrative machines/servers on a three yearly basis.

Backup

As with any new software installation of major configuration change to your server it is essential a verified full backup has been taken.  We also highly recommend a full backup is taken the day before we are due to carry out the implementation remotely.

IIS with ASP

Windows Server

For the ADP (Active Directory Provisioning) Service to function the Sims server needs to be running IIS (Internet Information Services) with ASP.net and .net 3.51

• We recommend you run a windows update at this point to make sure you have the latest service pack and security hot fixes for the .NET framework, this may also require a server restart.

Sims Patches

2-3 Patches need to be applied to your Sims Database to activate & licence the SLG functionality within Sims.

Sims SQL Instance Encryption

To enable secure data transfer between your SQL server and the SLG platform we have taken the decision to require that you encrypt your SQL instance.  This does add a small performance overhead however we have tested this internally and found the difference to be insignificant.  This also gives you a further benefit that all data from your Sims SQL Server to the Client Applications on the workstations is encrypted.  This is an extra level of protection for your data which we believe is worth the overhead in light of the recent government data handling advice.  We have also thoroughly tested all custom LEA applications and found them to work perfectly with SSL Encryption enabled.

• Turn on SSL encryption for your SQL Instance, to do this;

o        Start > All Programs > Microsoft SQL Server 2005 > Configuration Tools > SQL Server Configuration Manager

o        Expand SQL Server 2005 Network Configuration

o        Right Click on “Protocols for SIMS2008” > Change “Force Encryption” to yes

• To apply the changes you need to restart the SQL service.  Although your clients will automatically detect the change this is best done outside of core hours in case any unforeseen issues arise.

Sims SQL Instance Fixed Port

To further secure the SLG platform we require that you use a specific fixed SQL port.  This change only requires action on your server; your clients will automatically detect the change and switch over to the new port.  This enables ease of firewall management for us and reduces the possible need for a change control request with the SWGFL.

• Change your SQL instance to use a fixed port of 32441, to do this;

o        Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL Server Configuration Manager

o        Expand SQL Server 2005 Network Configuration

o        Click “Protocols for SIMS2005”

o        Double click on TCP/IP (in the right pane) > click onto IP Addresses tab > Under IPALL

§         Delete the TCP Dynamic Ports value

§         Enter 32441 under TCP Port

• To apply the changes you need to restart the SQL service.  Although your clients will automatically detect the change this is best done outside of core hours in case any unforeseen issues arise.

SQL Server Browser Service

Because the SQL service has been changed to a fixed port you need to ensure the SQL Browser service is set to Automatic start up.

School Firewall Rules (SWGfL)

If your Sims server is behind a firewall the following rules need to be added to allow communication between your SQL server and the SLG platform:

tr>School Firewall – SSL SQL – INALLOW10.224.104.120*School Sims Server32441TCP

Owner	Allow / Deny	Source IP	Source Port	Destination IP	Destination Port	Traffic
School Firewall – ADP	ALLOW	10.224.104.117	*	School Sims Server	120	TCP
School Firewall – ADP	ALLOW	School Sims Server	*	10.224.104.117	1101	TCP
School Firewall – SQL Probe	ALLOW	10.224.104.118	*	School Sims Server	1434	UDP
School Firewall – SQL Probe	ALLOW	10.224.104.120	*	School Sims Server	1434	UDP
School Firewall – SSL SQL – IN	ALLOW	10.224.104.118	*	School Sims Server	32441	TCP
School Firewall – SSL SQL – OUT	ALLOW	School Sims Server	32441	10.224.104.118	*	TCP
School Firewall – SSL SQL – OUT	ALLOW	School Sims Server	32441	10.224.104.120	*	TCP

School Firewall Rules (Other ISP)

If your Sims server is behind a firewall the following rules need to be added to allow communication between your SQL server and the SLG platform:

Owner	Allow / Deny	Source IP	Source Port	Destination IP	Destination Port	Traffic
School Firewall – ADP	ALLOW	217.179.30.20	*	School Sims Server	120	TCP
School Firewall – ADP	ALLOW	School Sims Server	*	217.179.30.20	443	TCP
School Firewall – SQL Probe	ALLOW	217.179.30.23	*	School Sims Server	1434	UDP
School Firewall – SSL SQL – IN	ALLOW	217.179.30.23	*	School Sims Server	32441	TCP
School Firewall – SSL SQL – OUT	ALLOW	School Sims Server	32441	217.179.30.23	*	TCP

NAT Rules

If your Sims server is on an internal IP address (to the SWGFL) behind a NAT router the following NAT port forwarding rules need to be added:

Owner	External IP	Source Port	Internal IP	Destination Port	Traffic
School Firewall – ADP – NAT	School External IP	120	School Sims Server	120	TCP
School Firewall – SQL Probe – NAT	School External IP	1434	School Sims Server	1434	UDP
School Firewall – SSL SQL – NAT	School External IP	32441	School Sims Server	32441	TCP
For Example	45.60.12.10	32441	172.16.1.10	32441	TCP

SWGFL Firewall Rules

Depending on your internal network configuration it maybe necessary to complete a SWGFL change control request to allow communication between your Sims server and the SLG platform.  Unfortunately we can only advise this during the implementation if it becomes necessary and it may add a delay to the implementation.

Onsite Support

The agreement does not include onsite technician support as it is assumed the installation and subsequent support will be carried out remotely.  Onsite support where the school does not enable remote access for troubleshooting is available at the normal advertised Scomis rates if required.

Unforeseen Issues

The web service which is added to your server during the implementation uses standard Microsoft windows components.  It has been trialled and is now running on a number of schools successfully without any issues.  However it is possible configuration differences or corrupted files are brought to light having not been used previously during the implementation.  For this reason we reiterate the need for a full backup before carrying out any installation or significant configuration change to your server.  If any issues arise on your server following the implementation Scomis cannot be held responsible.

kb3580 3580