Nossal High School

Published: 30 June 2025

I was the on-site specialist technician at Nossal High School for just under three years. Across my time there I redesigned the cabinets, corrected core configuration issues, migrated the helpdesk, and contributed a lot to process modernisation and documentation. Most of what I built is still in use.

Context

Nossal is a small select-entry secondary school. Most Victorian state schools run on the Department of Education’s infrastructure. Nossal runs its own stack in addition, which gives the school more flexibility and capability to work with. What that looks like is closer to a small enterprise than to a typical school setup: Palo Alto firewalls and stacked core switches on a segmented network, 802.1X with SCEP-based device onboarding, Meraki wireless, a VMware cluster, Windows Server for AD and supporting services, Microsoft 365 and Intune for identity and endpoints, and Veeam for backup.

I worked in a small team alongside Tony, the IT Manager, and a part-time tech one day a week (Theara, and later Kavi). Tony is seriously technical and a great colleague I learned a lot from.

My day-to-day job was hardware and technical support for staff and students. The sections below highlight the rest of my contributions which happened around that.

The starting point

Documentation of the network and servers was minimal and well out of date. Cabinet layouts had drifted from any consistent schema. Labelling was partial or absent, so tracing a cable meant physically following it from end to end. A handful of core configurations had issues that had been lived with for years rather than fixed.

Cabinet redesign

I documented the existing state of each cabinet and drew up a new proposed layout. I tidied the patch panels and switch placement, removed legacy and unused connections, and segmented ranges of switchports by the type of network activity they carried. I staged the changes across off-peak times during curriculum days and across the school holiday periods.

Server rack before recabling — Rack recabling, before and after.

Server rack after recabling — Rack recabling, before and after.

Timelapse of the rack recabling.

Secondary cabinet before recabling — A second cabinet given the same treatment.

Secondary cabinet after recabling — A second cabinet given the same treatment.

Intune, imaging, and device onboarding

I made significant contributions on the device management and Intune side. I worked on Intune configuration, imaging and deployment, application and policy assignment, device compliance, and device onboarding flows across both managed and BYOD devices.

The school’s 802.1X setup links Intune-delivered SCEP certificates to NPS-backed RADIUS authentication. Tony led the NPS and RADIUS configuration work. I documented that side and assisted with the implementation and troubleshooting. I worked on the Intune side (profiles, SCEP delivery, compliance) and on the network-integration pieces that sit between the two ends. I handled VLAN and switchport allocations and put endpoints into the right segments for staff, student, BYOD, and IoT.

I also ran hardware support for student devices: intake, diagnosis, vendor warranty coordination, and return. Most student devices are BYOD, which meant a lot of different vendors and a lot of families. I kept a clear queue and kept everyone informed.

NetBox

I stood up a self-hosted NetBox as the network source of truth, covering sites, racks, devices, interfaces, cable plant, IP space, and VLANs.

I built the physical-layer documentation from scratch. That meant tracing cables, racks, and equipment by hand as we worked through the scattered and disorganised configuration.

I didn’t finish the project before Solution One pulled me across into an infrastructure engineer role. The work I had completed informed the cabinet redesigns and gave us a usable tool for tracing network issues without guesswork. Resolving an issue from one terminal beat running across the school to trace cables while a class sat waiting.

Self-hosted platforms

Outline

There was no proper wiki. I deployed Outline and filled it across networking, servers, Microsoft 365, device procedures, enrolment, scripting, automation, and runbooks. It ended up at 169 documents across ten top-level categories. That’s the documentation the school is still using now.

Zammad

I migrated the existing helpdesk into Zammad, including ticket history and queue setup. Cutover was clean. Live tickets continued working in the new system from day one.

Windows Server, VMware, and storage

The VMware cluster ran identity, file, print, monitoring, and application workloads, backed by enterprise storage and Veeam. I corrected configurations that had drifted, hardened security settings, and closed gaps that had built up. I contributed significantly to the new server configurations for a 2025 Lenovo server refresh.

Scripting and tools

I wrote scripts where they saved recurring effort, using PowerShell, Python, and the Microsoft Graph and Outline APIs for things like enrolment data flows, AD user maintenance, proxy address updates, ADFS service monitoring, MFA management, and device migration checklists.

One project got out of hand. The commercial helpdesk products I looked at were either too expensive for a public school budget or designed for very different environments. The school was underserved by the alternatives and I believed it needed better, so I started building my own in the evenings. That became Nosdesk, now a public open-source project.

What stayed with me

Some of what I’m most proud of was being there to help staff and students with any problem, no matter how big or small. Nossal is a genuinely wonderful school, and its motto, “embrace the challenge”, has stayed with me as I’ve moved on to bigger challenges since.

Resume
Nosdesk. The open-source helpdesk I started building while I was at Nossal.
Solution One Infrastructure Modernisation