System Requirements

To install Schoolbox, there are a few system requirements that need to be met.

NOTE: The requirements of Schoolbox depend on the scale it is being implemented, but the following is relevant for a full-school implementation

On this page, you will find the following information:

Cloud Requirements

Server overview

Security, firewall and ports

Server specifications

Disks

Hard delete

Database Merging & Migration

Although Schoolbox Cloud is managed by the Schoolbox Infrastructure Services Team, the school must take certain steps to ensure the Schoolbox Cloud instances operate smoothly.

Email:

• The school must configure their DNS so that it includes the Schoolbox email server in its SPF record: "v=spf1 +include:spf.schoolbox.cloud ~all"
• The school must configure DKIM so that emails sent from Schoolbox are signed. To do this, the school should create a DKIM record inside its instance (Admin → System Settings → Email DKIM), and update the DNS with the provided public certificate. For more information, see https://help.schoolbox.com.au/homepage/3391

SIS Connector:

• Schoolbox must be configured to use one of the following SIS API connectors:
  • TASS API
  • Compass
  • Sentral
  • Wonde
  • Veracross
  • ISAMS
  • CSV
• Or Synergetic Cloud:
  • The school must advise Synergetic to provision access to Schoolbox Cloud. The database details must then be filled in the External DB page in System Settings and ensure the Database Encryption Level option is set to strict. 
• Or Synergetic self-hosted:
  • The school must setup inbound access to the IP addresses listed in Security, firewall and ports. This access is to be granted on the external port 33410. This is then to be forwarded to the internal port 1433. 
  • The school should then fill in the database details in the External DB page in System Settings. 
  • The school must also ensure a security certificate is installed on the MSSQL server for Synergetic. If this certificate is obtained from a certificate authority, the Database Encryption Level option can be set to strict. But if it is a self-signed certificate, the Database Encryption Level option must be set to true instead.

Authentication

Users must use one of the following to authenticate to Schoolbox

• SAML,
• OAuth, or
• native password.

Schoolbox Cloud does not support LDAP authentication. 

Digistorm

If the school uses the Digistorm application, the school must ensure Digistorm is configured to use OAuth (and not LDAP) for authentication. 

Production vs Staging

Every school runs two instances of Schoolbox:

• Production - Primary Server
• Staging - Used for troubleshooting and version testing.

Post server install

The following information needs to be provided to Schoolbox Support upon completion of the server set up as part of the Config Form provided to you.

• Internet-accessible IP Address of the server
• Internal and External host names for the Schoolbox installation
• Internet-accessible SSH Port Number
• SSH Username and password

HTTPS

Schoolbox will encrypt all connections using either TLS 1.2 or TLS 1.3 depending on browser support.  We will also automatically create a LetsEncrypt certificate for your chosen Schoolbox domain name.  The LetsEncrypt certificate will automatically renew every month. To ensure security best practices we no longer support user-supplied certificates for more information please read this article.

Backups

The school must ensure that any Schoolbox servers running on school-managed infrastructure have VM level or equivalent backups in place.

See Backups for further detail.

Schoolbox requires the following to be working for normal operation and access.

• Remote access via SSH set up successfully.
• Dedicated host name for each instance. E.g.:
  • Production - schoolbox.yourschoolname.edu.au
  • Staging - schoolboxstaging.yourschoolname.edu.au

Inbound Access

• Dedicated IP internally and externally
• Ports:
  • SSH - 22 only from:
    • 115.70.195.253 (gw-mel.schoolbox.com.au)
    • 52.64.48.128 (gw-syd.schoolbox.com.au)
    • 13.210.211.75 (gw-syd-alt.schoolbox.com.au)
    • 3.105.4.117 (Fleet management)
    • 13.210.31.254 (Fleet management)
    • 13.238.157.243 (Fleet management)
  • HTTPS & QUIC & ACME - 443 (Must not have HTTP filtering, SSL inspection, IP/Domain restrictions, proxying, bot filtering or Aus/US/Europe/Asia geographical filtering) (note that QUIC operates via UDP not TCP). 
    Please note that if you are using a reverse proxy, we cannot complete SSL verification via port 443, and hence port 80 will need to be open (with the same requirements) and forwarded to the VM.

NOTE: Please ensure that when opening port 443 that the port is opened as TCP and is not filtered to only HTTP traffic. Filtering to only HTTP traffic will break websocket connections.

NOTE: We highly recommend locking inbound SSH access to the Schoolbox IP addresses listed above. If you choose to not complete this step, be aware that this will allow public SSH access to your servers, conversely we will be limited in out ability to support you if you do not make ssh access available to all the addresses listed.  We cannot support additional layers of authentication as we are unable to manage certificates and secrets securely for 3rd party VPN services.

Outbound Access

• Direct (no proxy) outbound internet access
• HTTPS inspection is disabled
• Ports:
  • TCP/UDP 80 - HTTP
  • TCP/UDP 443 - HTTPS
  • TCP/UDP 8140 - Puppet/HTTPS
  • UDP 123 - NTP
  • TCP 11371 - Apt Key servers
  • TCP 2195 (optional) - Apple Push Notifications
  • TCP 5228, 5229, 5230, 443 - Mobile App Push Notifications (Firebase, especially for https://fcm.googleapis.com)

Server Requirements

VM Server or Dedicated Server (64bit x86)
Operating System: Ubuntu 22.04 LTS only - (must be installed as per our Initial Setup)

Server minimum CPU and RAM

Production (Less than enrolled 1000 students):

• 4 CPU cores
• 20 GB of RAM

Production (More than enrolled 1000 students):

• 8 CPU cores
• 32 GB of RAM

Staging server:

• 4 CPU cores
• 8 GB of RAM

Server recommended CPU and RAM

This depends on how many users you would expect to use the server concurrently during peak loads and may vary depending on what they are doing
The formula is:
(number of concurrent users / 50) = CPU's
(number of concurrent users / 50) x 3.6 = GB of RAM

So if you have a school of 1600 students, but only expect 800 of them to ever be using the system at the same time (like morning login or a whole year level assessment)
800 / 50 = 16CPU's
800 / 50 * 3.6 = 58GB of RAM
 

Disks

• Disk 1: System (OS) Disk - 100 GB - This must be on SSD
• Disk 2: Storage Disk - 150 GB (minimum) (expandable - this is for information stored/uploaded through Schoolbox) - We recommend this is also SSD, but HDD can be used if SSD is not available. Please note the use of HDD can have a significant negative performance impact. 

Hypervisors: VMware (including vSphere), Microsoft Hyper-V, KVM

ISO Download (Ubuntu 22.04 LTS): https://releases.ubuntu.com/22.04.1/ubuntu-22.04.1-live-server-amd64.iso

For Hyper-V, please use VHDX format disks to online expansion in future.

NOTE: If you are using VMware as your virtualization host, it may report that the install vmware-tools version is out of date. Please ignore this warning as we use a specific version of vmware-tools provided, updated and supported by the OS provider - Ubuntu.

NOTE: If you are using Hyper-V as your virtualization host, please disable Memory Ballooning (Dynamic Memory) for the Schoolbox VMs as there have been stability issues found using this configuration. Please also ensure you use VHDX format virtual disks to ensure easier future online disk expansion.

Amazon Web Services (EC2)

Marketplace (Ubuntu 22.04 LTS): https://aws.amazon.com/marketplace/pp/prodview-f2if34z3a4e3i

Example instance (< 1000 students):

• m7i.2xlarge  + EBS (General Purpose SSD)

Example instance (> 1000 students):

• m7i.2xlarge + EBS (General Purpose SSD)

Example instance (high load scenario):

• m7i.4xlarge + EBS (General Purpose SSD)

Example Staging instance:

• m7i.xlarge + EBS (General Purpose SSD) or m7i.2xlarge + EBS (General Purpose SSD)

Microsoft Azure (Virtual Machines)

Marketplace (Ubuntu 22.04 LTS): https://azuremarketplace.microsoft.com/en-us/marketplace/apps/canonical.0001-com-ubuntu-server-jammy

Example instance (< 1000 students):

• Dv5 series - Standard_D4_v5 (8 CPU, 32GB RAM)
• "Standard SSD" (SSD) for the system disk
• "Standard SSD" (SSD) for the storage disk

Example instance (> 1000 students):

• Dv5 series - Standard_D8_v5 (8 CPU, 32GB RAM)
• "Standard SSD" (SSD) for the system disk
• "Standard SSD" (SSD) for the storage disk

Example instance (high load scenario):

• Dv5 series -  Standard_D16_v5 (16 CPU, 64GB RAM)
• "Standard SSD" (SSD) for the system disk
• "Standard SSD" (SSD) for the storage disk

Example Staging Instance:

• Dv5 series - Standard_D4_v5 (4 CPU, 16GB RAM) or Standard_D8_v5 (8 CPU, 32GB RAM)
• "Standard SSD" (SSD) for the system disk
• "Standard SSD" (SSD) for the storage disk

NOTE: On provision Azure Linux servers may present with a /dev/sdb1 disk. This is volatile by nature, do not use it for storage as all data stored on it is deleted on reboot.

Schoolbox requires two disks - the operating system disk and the file storage disk.

We recommend the system disk is approximately 80GB in size. This should be located on fast SSD storage. You can expect that the 80GB capacity will accommodate all future growth of system components stored on this disk including logs and the database. The second disk is used for file storage.  File storage usage is expected to grow by 200-400MB per student a year.  This growth is due to student submissions, teacher resources and attachments to various posts.

This file storage can be located either on premise, or using our hosted storage solution.  If you select the cloud option, there are no limits on file storage. You will be billed yearly for your usage. 

You can see pricing info on this page: https://help.schoolbox.com.au/homepage/2967

Local storage

If you choose to maintain local file storage, we initially recommend you set up enough storage for your first 2 years.  To calculate this, complete the following calculation: students * 300MB * years = Initial storage. For a school of 800 students this will be around 480GB, with an expected growth rate of about 250GB a year.  We recommend using an SSD for this also. 

The Schoolbox filesystem automatically dedupes files as they are uploaded. So each use of the file is a pointer to an object in the filesystem.  When you delete a file, you are soft deleting by removing the reference, while the actual object is left behind on disk, even if it is no longer accessible via the Schoolbox interface.

In order to be able to comply with privacy regulations, and also support schools wishing to purge certain files, there is a hard delete function available via our support desk. In order to hard delete a file we need to have the ‘SHA1’ hash of the file.  

If you know the details of a file, or a list of files you wish to delete, please provide this list to our support team.  They will perform an initial run without execution to identify the places the file is currently being referenced. Please note this list is not exhaustive, and hard deleting files may result in broken links within Schoolbox.

Once you have confirmed you would like the file and its references to be deleted, we will completely remove the file and any hard references from disk.

Details

• Files may have both hard and soft links.  
• Hard links (For example - an image on a tile, or a file in the CMS - we specifically know that file is in use and what function is utilising it).
• Soft links (For example - a video that may be embedded - this creates a soft link to the video on that homepage).
• When we hard delete a file, we only check and purge hard links. Soft links will remain and become broken.

Please note that it is not possible to merge Schoolbox databases together. If you need to migrate your Schoolbox instance from one VM/Hypervisor to another, please raise a support ticket via support@schoolbox.education so we can help you ensure a smooth transition.