Versions Compared

Old Version 10

changes.mady.by.user Donald Birnbaum

Saved on

compared with

New Version Current

changes.mady.by.user Jamey Walker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Linux Team provides two options for setting up and handling machines. The details for each are explained below:

Fully Managed (Tier 1)

Self Managed (Tier 2)*

Note

*Please note that due to a recent decision by Dean Banks, most Tier 2 scenarios will need approval by the Dean’s office.

All Devices

In both cases, the Linux Team installs the following as part of a base installation:

  • Centrify: allows NetID logins. In most cases, you or your research lab decides who is allowed access to the machine.

  • Endgame: a powerful antivirus / anti-malware program that doesn’t rely on signatures.

Info

Please note that Endgame is required by mandate from Dr. N.K. Anand and Dean Banks on ALL machines (Linux, Windows, and Mac).

  • Basic Linux command-line utilities

  • The gcc compiler

  • A base suite of software (on Workstations)

    • Firefox

    • Emacs and Vim

    • LibreOffice

    • Thunderbird

    • TeX Live

Backups

Users are responsible for backing up their own home directories. If the machine is managed, all installed software can be reinstalled exactly as is without any problems, but user home directory data must be backed up and restored by the user. If the machine is managed and a reinstall is necessary, we will make every reasonable attempt to preserve user (home directory) data.

Anchor
Tier1
Tier1

Fully Managed (Tier 1)

This is the preferred option because it ensures the highest level of security and requires almost nothing from the end-user. We will assist with any problems that arise and generally help in any way that we reasonably can. Security patching happens automatically, and users are required to reboot once per semester (between semesters) to guarantee that kernel updates have been applied. Reboots may be required during a semester if a severe enough vulnerability is announced.

For software installation and removal, the Linux Team offers self-service package management. This allows non-privileged users to install and remove most packages from the system’s repositories. Self-service software management can be requested by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable). 

Caveats

We do not provide users root access to managed systems. However, users generally only need this access to install software, which can be achieved through the self-service feature. If you need this feature, then you should request that it be enabled to start the approval process. Users are free to download, compile, and install software into their own home directories, as most of the time this does not require any special access (see Compiling and Installing Programs in Your Home Directory).

What We Need From You

When we take over the management of a machine, it will be installed from scratch to establish a baseline. We will need the following information to install and set it up:

...

Note: Tier 1 machines should remain on at night to allow nightly security patching.

Anchor
Tier2
Tier2

Self-Supported (Tier 2)

Info

As of January 2020, there is a new policy for Tier 2 computers.

Under this new policy, you will be required to submit a request with a valid, detailed justification for Tier 2 management to the Engineering IT Linux Team. Only very specific circumstances will be allowed. If your request is approved by the Linux Team, it will be forwarded to the Chief Engineering Information Officer and Chief Information Security Officer of the College of Engineering for approval. Additionally, Tier 2 exceptions must now be approved by the Dean’s Office. Should your scenario be approved by all of these, you will be permitted to have a Tier 2 computer. Please note that as a result of these changes, there will be much more scrutiny regarding your reason for requesting Tier 2 management, and consequently there will be fewer Tier 2 approvals than in the past. 

...

Note: no further assistance will be provided for the machine. In the event of a problem, we can only reinstall the machine from scratch, so we recommend maintaining current backups.

Caveats

All additional software must be installed by your group, and we will not assist any further with the machine. This means that if you run into problems after making changes to, or updating the machine, you will be on your own. If you get to a point where you cannot use the machine anymore, we can reinstall it from scratch. You are responsible for backing up your data prior to our reinstall.

...