ICAlert Network Infrastructure Requirements

To correctly function, the ICAlert equipment needs to be installed in the correct location in your school network and with access to the necessary network services.  The information that follows is provided as both a ‘simple’ explanation and a more technically detailed one.  If you do not have the expertise ‘in-house’ to confirm if your schools’ networking infrastructure will support the ICAlert service then you will need to seek advice from your usual IT/networking support.

ICAlert is a network monitoring service which is inserted in-line between your Internet connection router and the rest of your network.  The simplest arrangement is as shown below:

ICAlert Network DIagram

The installation method requires the network cable that currently connects your school network to the Internet router to be disconnected (often simply labelled and then unplugged at each end – this allows for quick network restoration if there are any issues during installation).  The ICAlert box is then connected in between the Internet router and your network.

Important Requirements

  • Power is needed for ICAlert (small plugin power supply).
  • Two 2m cables are provided to provide connection from the router-ICAlert and from ICAlert-school network; if this cable length is insufficient, ensure you have spare cables of the appropriate length before commencing installation.
  • If you are installing ICAlert in a rack cabinet, ensure you have 1U of space – ideally with an air gap for cool operation.Similarly, if placed on top of other equipment in a freestanding arrangement, ensure appropriate ventilation.
  • The unit must sit in-line between the router and school network.It is not sufficient to simply plug the unit into a network switch socket.
  • The unit must be able to receive an IP address via DHCP (it is not possible to fix the IP address on the ICAlert unit itself).Some school environments may not allow for DHCP to work in the link from the school network to the router.You can use a static DHCP assignment if this is desired (the unit’s MAC address is shown on the LCD screen if no IP address is assigned).
  • The unit must be able to make outgoing connections to our servers in order to receive updates and report alerts/status.If your network requires a proxy for outgoing connections, this must be configured on the unit.We are able to pre-configure the unit providing the appropriate information is provided when purchasing the service (IP address/domain name of the proxy server and port if needed).
  • Once installed, there should be no other connections to the Internet router from your school network (these could be carrying traffic that ICAlert cannot see).

More detailed technical information

DHCP

The monitoring system must be placed on a link that has access to a DHCP server. If the link cannot access a DHCP server, it will not be able to connect to the Internet and, as a result, will not transmit any monitoring data to the icalert server.

If the link cannot access a DHCP server, the ICAlert unit will display the MAC address on the LCD screen to help with diagnostics.  Once an IP is acquired, the display will change to show the assigned IP (this may take some time – you can power cycle the unit if needed).

Proxy/Firewall

The monitoring system must be able to make outgoing port 80/443 connections to external hosts (for reporting/testing/updating etc.).  The unit can be configured to direct ougoing connections through a proxy, but, the proxy must be contactable from the location of the unit.  I.e. if the proxy is located within the school network, the ICAlert unit (located between the switch uplink and the Internet router/gateway) will need to communicate with the proxy server.  It may be necessary to provide specific rules relating to the ICAlert unit.  The unit makes TCP port 80/443 external connections only and these are all HTTP/HTTPS connections.

To utilise a proxy, this is normally pre-configured as part of the purchase/commissioning process.  When purchasing, simply provide the IP address or FQDN for the proxy server together with the port number (if required).  If the proxy is fully transparent, no configuration is necessary.  A simple test is to place a non-school device in the relevant network position (with no proxy config etc.) and see if a) a DHCP address is obtained; and b) the device can web browse.

Aggregation/link trunking/VLANs

The monitoring system must be placed on a link that aggregates all the network traffic.  The system will not be able to monitor and report if connected to a trunk link (a trunk link is a network link that transports frames from multiple VLANs using VLAN tagging; a trunk link requires switches and routers to communicate properly, it does not allow direct connection of an end system, such as a computer). If the system is connected to a trunk link, it will not affect the existing traffic, but it will also not be able to communicate with the icalert server to transmit any findings. On a trunk link, the system will also not be allocated an IP address from a DHCP server, the LCD screen should display the MAC address to assist with diagnostics.

Back to FAQ