To ensure that faculty, students, and staff have access to high-performance and reliable network services such as Internet, voice communications, and email resources, ITS has implemented a comprehensive and redundant network infrastructure across the District.
The District’s WAN (Wide Area Network) interconnects three primary sites: Cañada College, Skyline College, and the College of San Mateo/District Office. In August 2018, ITS upgraded the District backbone from AT&T 1 Gigabit Opt-E-Man circuits to AT&T 5 Gigabit EtherSwitch Service, between District Office Main Point of Entry (MPOE) and each campus MPOE. This upgrade provides optimum bandwidth for file shares, Banner® access, backup services, as well as offering higher-availability toward technology services. In case of primarily service outages, the District-wide interconnection is also designed to route traffic via alternate campus, to regain Internet and Intranet network and phone services instantly.
During the Summer of 2018, the CENIC connections were upgraded from 1 Gig to 10 Gigabits, with two 10 Gig connections for redundancy. The upgrade allows each campus to individually connect to CENIC’s high-speed research and education network, which is ten times faster than the previous connection.
In addition to the wired network, ITS has deployed wireless access points (WAP) District-wide. As part of SMCCCD’s Capital Improvement Bond Project (CIP3), started in January 2016, a replacement and upgrade project was implemented in two phases. Phase I replaced existing and possibly added access points without extensive infrastructure upgrade and is complete. Phase II Expansion: Adding wireless access points in all classrooms as well as enhancing coverages in open areas such as student centers, learning spaces and centers, and libraries, is still in progress (80% complete – District-wide). Utilization of the wireless network continues to grow significantly.
Network security is provided using a variety of tools and techniques. During Spring 2017 college firewalls were upgraded to Palo Alto Networks Next-Generation Security Platform. These devices are a key part of the network traffic defense of the District and individual campus data networks. The current firewall, which, the industry references as the next-generation of firewall switches offers various functions, including enhanced perimeter protection from denial of service (DOS), virus, and malware attacks.
There are three primary VLANs in use within the District: Administrative, Instructional, and Public. The Administrative VLAN provides District employees who have appropriate authentication credentials access to Banner and other electronic resources and services within the District. The Instructional VLAN is for labs and classrooms where students use college-owned equipment to access instructional resources that are local or on the Internet. The Public VLAN allows campus guests and students with personal network devices Internet access, but they are prevented from gaining access to the other District VLANs and secure network resources.
| VLAN Name | Purpose |
|---|---|
| Administrative VLAN | Provides District employees who have appropriate authentication credentials access to Banner and other electronic resources and services within the District. |
| Instructional VLAN | Used for labs and classrooms where students use college-owned equipment to access instructional resources that are local or on the Internet. |
| Public VLAN | Allows campus guests and students with personal network devices Internet access, but they are prevented from gaining access to the other District VLANs and secure network resources |
In addition to the three primary VLANs, there are several other unique VLANs in use. Examples of these are the VoIP telephone system, ACAMS security system, Building Management Systems and environmental controls, Bookstores, and KCSM TV and FM radio station. Wireless access to all but the Public VLAN is protected with encryption and secure authentication through the use of certificates.
The District telecommunications system is a Voice over Internet Protocol (VoIP) telephone system. In June 2016, SMCCCD upgraded its phone and voicemail system to include service redundancy and failover between each campus site should there be any service outage as a result of power or service provider interruptions.
The District maintains a high-performance data network that connects the workstations and devices of the three College campuses and the District Office. The District Office contracts with AT&T to provide fast, redundant, and reliable connectivity for each of the college campuses and to the Internet. Internet services are provided by CENIC and have been upgraded many times over the years; currently, each campus has a 1-gigabyte connection to the internet. All buildings on campus have access to the wireless network for both public and administrative access. SMCCCD’s new Palo Alto Networks firewalls, in addition to blocking illegal peer-to-peer traffic, address URL Filtering which prevents users from accessing malicious or unknown URLs and to help prevent the illegal sharing of copyright material.
Securing college data is a high priority and some hardware and software tools are in place to protect and detect unauthorized access, including: