Versions Compared

Old Version 24

changes.mady.by.user user-29411

Saved on

compared with

New Version Current

changes.mady.by.user user-29411

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Computer-specific service support

Computers managed by Chemistry IT exhibit certain attributes.

These attributes represent the minimum configurations required to:

...

Chemistry IT is often able to support provide exceptions to specific attributes to meet other a group's functional requirements on a case-by-case basis. Please let us know what you require and together we can determine if the computer can be set up and maintained by Chemistry IT or if a specific system or set of systems are best managed by the group or using other support options.

Summary of attributes associated with systems supported by Chemistry IT

...

.

  • Manufacturer-supported operating system (OS).
    • As of today, Microsoft Windows 7 or higher, Mac OSX 10.10 and higher, CentOS 6.x and higher.
  • Standardized computer name.
  • Computer is on a "trusted" Chemistry IT network at Cornell.
  • Computer has software and configurations which can automatically restart a system following automatic software patching.
  • Computer can be accessed remotely by Chemistry IT staff, and thus modified remotely.
  • Computer has software which provides Chemistry IT information on configuration and software, via a centralized reporting system.
  • Computer has software which can scan the system to alert user of the presence of confidential information, via a centralized reporting system.
  • Users must run as non-administrators.
  • Administrator accounts are available on PI's request for anyone in the group.
    • Admin accounts may not be used to install malware or illegally licensed software, turn on sharing, add new users, increasing another account's privileges, or for regularly running as Admin.

The chart below represent the minimums required for a system to be on a Chemistry IT network and for it to receive the standard service level support from Chemistry IT. Exceptions are possible through an agreement by Chemistry IT, in balance with the concern being addressed.Chart elaborating on select attributes

Standard configuration's attributeReason for attributeInstances when attribute is a problemOptions
System is on a trusted, secured network.

Enables more trusted access to network services and protects systems on a shared network by preventing initiation of off-network access.

Facilitates inventory management.

Systems which have server-like functions, such as web servers, ssh servers, file servers, etc.

Provision service elsewhere, such as CUBlogs, CIT file shares (SFS), managed servers, etc.

Move machine off trusted network and instead use eduroam, AccessNet, or RedNet.

System is automatically restarted when required by OS and application updates managed by vendor, CIT, A&S IT, or Chemistry IT.Some updates, particularly Windows monthly MS patching, require restarts to complete.Systems in the middle of data collection or computational processes.Spectrum of restart options, informed by risks, needs, technological capabilities, and human factors. Includes regular, manual-only updates and restarts.
System has a fixed, standardized name.This requirement stems from CIT managing a university-wide service (Active Directory), and does not come from Chemistry IT.A vendor-provided computer may not permit a change in its name.? 
Characteristic or limitationWhy it existsConsequence to groupWhy this might matter to you
Computer is in Active Directory

Enables accounts using NetID credentials and use of other AD accounts auto-magically. This reduces local password management and recovery.

Is required or makes more efficient use of other management tools, below.

Facilitates inventory via a central and automatic collection of OS and other information.

Each computer hasA vendor-provided computer may not permit a change in its name.
Computer has system management software and associated configurations.Installed system management software makes inventory information available to Chemistry IT staff via centralized tools.

Hopefully nonce since passive and does not collect any data within files.

Software not legally licensed may be detected.

Out-of-date and/ or insecure software may be detected.

Computer has scanning software to identify sensitive data such as social security numbers.To help users of computers comply with university expectations that certain types of private information of others do not reside on their computers.Algorithmically interprets data within files to guide user towards suspected personal information for them to consider removing. 
Computer has scanning software to scan for malware.Malware detection is reported to Chemistry IT staff via centralized tools.  
Computer is configured to   
    

...