...
Computers managed by Chemistry IT exhibit certain attributes. These represent the minimum configurations required to be on a Chemistry IT "trusted" network and to receive standard service level support from Chemistry IT. Chemistry IT may be able to support certain exceptions to specific attributes to meet other functional requirements on a case-by-case basis. Please let us know what you require and together we can determine if the computer can be set up using Chemistry IT's management t.
Manufacturer supported OS ( as of today Windows 7 or higher, OSX 10.10 and higher ) – this relates back to Cornell University Policy
All computers ( Windows, Mac, or Linux ) must be attached to Cornell’s Active Directory which means:
• Standardized computer name – This requirement comes from CIT, not ChemIT
• Windows PCs automatic installations/options by joining AD:
1. Installation of computer inventory and management software automatically on Windows PCs
2. Remote access to the machine by ChemIT automatically setup on Windows PCs
Macintosh machines must have ChemIT’s inventory and management software installed ( currently JAMF aka Casper ).
Users must run as non-administrators.
The chart below represent the minimums required for a system to be on a Chemistry IT network and for it to receive the standard service level support from Chemistry IT. Exceptions are possible through an agreement by Chemistry IT, in balance with the concern being addressed.
| Standard configuration's attribute | Reason for attribute | Instances when attribute is a problem | Options |
|---|---|---|---|
| System is on a secured network, itself more open to devices on that trusted, secured network. | Enables more trusted access to network services and protects systems on a shared network by preventing initiation of off-network access. | System has Systems which have server-like functions, such as web servers, ssh servers, file servers, etc. | Provision service elsewhere, such as CUBlogs, CIT file shares (SFS), managed servers, etc. Move machine off trusted network and instead use eduroam, AccessNet, or RedNet. |
| System is automatically restarted when required by OS and application updates managed by vendor, CIT, A&S IT, or Chemistry IT. | Some updates, particularly Windows monthly MS patching, require restarts to complete. | Systems in the middle of data collection or computational processes. | Spectrum of restart options, informed by risks, needs, technological capabilities, and human factors. Includes regular, manual-only updates and restarts. |
| System has a fixed, standardized name. | This requirement stems from CIT managing a university-wide service (Active Directory), and does not come from Chemistry IT. | A vendor-provided computer may not permit a change in its name. | ? |
| Characteristic or limitation | Why it exists | Consequence to group | Why this might matter to you |
|---|---|---|---|
| Computer is in Active Directory | Enables accounts using NetID credentials and use of other AD accounts auto-magically. This reduces local password management and recovery. Is required or makes more efficient use of other management tools, below. Facilitates inventory via a central and automatic collection of OS and other information. | Each computer has | A vendor-provided computer may not permit a change in its name. |
| Computer has system management software and associated configurations. | Installed system management software makes inventory information available to Chemistry IT staff via centralized tools. | Hopefully nonce since passive and does not collect any data within files. | Software not legally licensed may be detected. Out-of-date and/ or insecure software may be detected. |
| Computer has scanning software to identify sensitive data such as social security numbers. | To help users of computers comply with university expectations that certain types of private information of others do not reside on their computers. | Algorithmically interprets data within files to guide user towards suspected personal information for them to consider removing. | |
| Computer has scanning software to scan for malware. | Malware detection is reported to Chemistry IT staff via centralized tools. | ||
| Computer is configured to | |||
All of these minimums should be required to be on a ChemIT network and receive standard support. Any exceptions only with agreement of ChemIT, which is not withheld without cause.
Manufacturer supported OS ( as of today Windows 7 or higher, OSX 10.10 and higher ) – this relates back to Cornell University Policy
All computers ( Windows, Mac, or Linux ) must be attached to Cornell’s Active Directory which means:
• Standardized computer name – This requirement comes from CIT, not ChemIT
• Windows PCs automatic installations/options by joining AD:
1. Installation of computer inventory and management software automatically on Windows PCs
2. Remote access to the machine by ChemIT automatically setup on Windows PCs
Macintosh machines must have ChemIT’s inventory and management software installed ( currently JAMF aka Casper ).
Users must run as non-administrators.
Levels of service for research groups
...