Needed to combine each school’s separately managed network into one
With E-rate funding, they deployed access points, switches, and security appliances
Future-proofed their network to improve student learning as the school’s grow
Ascend Public Charter Schools is a Charter Management Organization (CMO) focused on building, maintaining, and supporting charter schools in Brooklyn, New York. Their lower, middle, and high schools grow organically, starting at the lowest grade level, with new grades added as students graduate each year. Ascend is growing at an extremely rapid pace; they had 4 schools across 4 buildings in 2013, 10 schools across 8 buildings in 2017, and have plans to be at 13 schools in 11 buildings by the summer of 2018.
The Challenge: Three Networks Too Many
When Emeka Ibekweh, Managing Director of Technology at Ascend Public Charter Schools, started in 2013, he was responsible for managing four schools spread across four buildings, all with different networks. The network equipment was very outdated, and had separate wireless controllers and slow VPN connections, requiring Ibekweh to physically be on-site to manage upgrades, firmware updates, and configurations. “Just the complexity of managing four sites with four separate networks was a nightmare, to say the least,” said Ibekweh.
Beyond the complications of operating a separate network at each school, there was also very limited wireless coverage throughout each building. One of the six-story buildings only had 12 access points, which provided limited wireless access for students and staff. They also had no planned IT budget, making purchasing an entirely new network infrastructure a daunting prospect. Ibekweh desperately needed a solution that would streamline Ascend’s four networks into one, provide complete visibility into network usage, and allow for simplified management — all with a non-existent budget.
We wanted to be able to streamline and simplify configuration and management under one dashboard. To be able to make changes across the board, across all sites, without having to make the same configuration changes multiple times at each location.
Managing Director of Technology
The Solution: When E-rate Funds Pull Through = Magic Happens
After applying for and receiving E-rate funding, Ibekweh knew he had to spend it wisely to make his network refresh a reality. Having used Cisco before, he knew the products were reliable and built to last, with support that was always available when needed. So Ibekweh and his five-person IT team decided to demo Cisco Meraki access points, switches, and security appliances. After seeing how easy it was to make configuration changes, view network traffic, and create separate and secure SSIDs, all from a single dashboard, Ibekweh was sold. With their E-rate funding, Ibekweh was able to purchase the network infrastructure he needed to succeed.
Ibekweh started his deployment by ripping out all of his legacy switches and replacing them with MS420s at the core, and MS320s at the access level. Instantly, the switch features in the dashboard proved invaluable. Ibekweh can now quickly and easily run a remote cable test to pinpoint network issues and use the automatic loop detection to find redundant uplink ports. “The port-level granular visibility through the dashboard was definitely a game changer for us,” Ibekweh said.
The access point deployment took half the time it would have with a competitive product. With every MR42 and MR34 preconfigured in the Meraki dashboard, all Ibekweh and his team had to do was scan each access point’s barcode with their mobile phone, name it, plug it in, and mount it. That was it. In all, Ibekweh’s team has now deployed 257 access points across their eight buildings, with one access point in every classroom. By managing the access points through the dashboard, Ibekweh can easily troubleshoot a problem — he can quickly see which access points teachers are connected to and simply identify if there are bottlenecks or bandwidth hogging applications. He can also identify VLAN mismatching issues, see the amount of traffic on the network at any given time, as well as view the number of devices and clients.
Just seeing the amount of traffic, the type of traffic, and the number of devices and clients on the network – we weren’t able to see that before – that’s huge for us.
Managing Director of Technology
This past summer, Ibekweh and his team deployed a Meraki MX400 security appliance at each of their sites. With these security appliances providing protection for each site, the team could configure two secure VLANs to host two separate SSIDs: one VLAN dedicated to the primary, or staff, wireless network, and the second VLAN dedicated to a guest network. The staff network is used for all Ascend-owned devices, while the guest network is used for any BYOD devices. For the guest network, Ibekweh uses traffic shaping rules to limit the amount of bandwidth, single-sign on with Meraki authentication, SSID scheduling so the network is not available after hours, and content filtering to block inappropriate websites. Having a secure gateway to control all of their guest traffic, combined with site-to-site VPN and DHCP, has been a game-changer for Ascend.
Next Steps: The Deployment Continues
Moving forward, Ascend is continuing to future-proof their new and existing network infrastructure with new technologies and features to continue improving student learning. In the short term, Ibekweh plans to use the port scheduling feature on his switches to turn off certain ports at night and on the weekends to save on energy costs. Their biggest long-term decision is determining whether Ascend wants to implement a 1:1 student-to-device initiative. If they do, a separate student SSID would be on the horizon, since currently all student traffic is going through the primary network. They are also looking into deploying Meraki security cameras at schools that do not currently have cameras. Further down the line, they plan to evaluate Meraki Systems Manager for enterprise mobility management. Whatever Ascend decides to do next, Meraki will be there to continue expanding and future-proofing their network.