The Linux Team provides two options for setting up and handling machines. The details for each are explained below:
Unmanaged Self Managed (Tier 2)
| Note |
|---|
Please note that due to a recent decision by Dean Banks, most Tier 2 scenarios will need approval by the Dean’s office. |
All Devices
In both cases, the Linux Team installs the following as part of a base installation:
Centrify: allows NetID logins. In most cases, you or your research lab decides who is allowed access to the machine.
Endgame: a powerful antivirus / anti-malware program that doesn’t rely on signatures.
...
.
...
Basic Linux command-line utilities
The gcc compiler
A base suite of software (on Workstations)
Firefox
Emacs and Vim
LibreOffice
Thunderbird
TeX Live
...
This is the preferred option because it ensures the highest level of security and requires almost nothing from the end-user. We will assist with any problems that arise and generally help in any way that we reasonably can. Security patching happens automatically, and users are required to reboot once per semester (between semesters) to guarantee that kernel updates have been applied. Reboots may be required during a semester if a severe enough vulnerability is announced.
For software installation and removal, the Linux Team offers self-service package management. This allows non-privileged users to install and remove most packages from the system’s repositories. Self-service software management can be requested by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable).
...
We do not provide users root access to managed systems. However, users generally only need this access to install software, which can be achieved through the self-service feature. If you need this feature, then you should request that it be enabled to start the approval process. Users are free to download, compile, and install software into their own home directories, as most of the time this does not require any special access (see Compiling and Installing Programs in Your Home Directory).
What We Need From You
When we take over the management of a machine, it will be installed from scratch to establish a baseline. We will need the following information to install and set it up:
List of NetIDs which will have login rights
An initial list of software to be installed
Name of the machine (if not provided by your department or group’s IT)
Name of the primary researcher for the lab (PI)
Whether you want CentOS 7 Ubuntu 20.04 or Ubuntu 18.04
In general we prefer CentOS 7 because it is an enterprise OS that is much less likely to have breaking updates and generally has fewer security issues and bugs.
If requesting Ubuntu 18.04 is the preferred release. This release has newer versions of software and better support for newer hardware.
Ubuntu 16.04 might be possible, under special circumstances, when approved by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable)Preferred OS is Ubuntu 20.04 at this time.
CentOS 7 may be available when there is a requirement by a specific software need.
Note: Tier 1 machines should remain on at night to allow nightly security patching.
...
Under this new policy, you will be required to submit a request with a valid, detailed justification for Tier 2 management to the Engineering IT Linux Team. Only very specific circumstances will be allowed. If your request is approved by the Linux Team, it will be forwarded to the Chief Information Officer and Chief Engineering Information Security Officer of the College of Engineering for approval. Additionally, Tier 2 exceptions must now be approved by the Dean’s Office. Should your scenario be approved by all of these, you will be permitted to have a Tier 2 computer. Please note that as a result of these changes, there will be much more scrutiny regarding your reason for requesting Tier 2 management, and consequently there will be fewer Tier 2 approvals than in the past.
...