Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The Linux Team provides two options for setting up and handling machines. The details for each are explained below:

Managed (Tier 1)

Unmanaged (Tier 2)

Please note that due to a recent decision by Dean Banks, most Tier 2 scenarios will need approval by the Dean’s office.

All Devices

In both cases, the Linux Team installs the following as part of a base installation:

  • Centrify: allows NetID logins. In most cases, you or your research lab decides who is allowed access to the machine.

  • Endgame: a powerful antivirus / anti-malware program that doesn’t rely on signatures.

Please note that Endgame is required by mandate from Dr. N.K. Anand and Dean Banks on ALL machines (Linux, Windows, and Mac).

  • Basic Linux command-line utilities

  • The gcc compiler

  • A base suite of software (on Workstations)

    • Firefox

    • Emacs and Vim

    • LibreOffice

    • Thunderbird

    • TeX Live

Backups

Users are responsible for backing up their own home directories. If the machine is managed, all installed software can be reinstalled exactly as is without any problems, but user home directory data must be backed up and restored by the user. If the machine is managed and a reinstall is necessary, we will make every reasonable attempt to preserve user (home directory) data.

Fully Managed (Tier 1)

This is the preferred option because it ensures the highest level of security and requires almost nothing from the end user. We will assist with any problems that arise and generally help in any way that we reasonably can. Security patching happens automatically, and users are required to reboot once per semester (between semesters) to guarantee that kernel updates have been applied. Reboots may be required during a semester if a severe enough vulnerability is announced.


For software installation and removal, the Linux Team offers self-service package management. This allows non-privileged users to install and remove most packages from the system’s repositories. Self-service software management can be requested by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable). 

Caveats

We do not provide users root access on managed systems. However, users generally only need this access to install software, which can be achieved through the self-service feature. If you need this feature, then you should request that it be enabled to start the approval process. Users are free to download, compile, and install software into their own home directories, as most of the time this does not require any special access.

What We Need From You

When we take over the management of a machine, it will be installed from scratch to establish a baseline. We will need the following information to install and set it up:

  • List of NetIDs which will have login rights

  • An initial list of software to be installed

  • Name of the machine (if not provided by your department or group’s IT)

  • Name of the primary researcher for the lab (PI)

  • Whether you want CentOS 7 or Ubuntu 18.04

    • In general we prefer CentOS 7 because it is an enterprise OS that is much less likely to have breaking updates and generally has fewer security issues and bugs.

    • If requesting Ubuntu 18.04 is the preferred release. This release has newer versions of software and better support for newer hardware.

    • Ubuntu 16.04 might be possible, under special circumstances, when approved by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable).


Note: Tier 1 machines should remain on at night to allow nightly security patching.

Self-Supported (Tier 2)

As of January 2020, there is a new policy for Tier 2 computers.

Under this new policy, you will be required to submit a request with a valid, detailed justification for Tier 2 management to the Engineering IT Linux Team. Only very specific circumstances will be allowed. If your request is approved by the Linux Team, it will be forwarded to the Chief Information Officer and Chief Information Security Officer of the College of Engineering for approval. Additionally, Tier 2 exceptions must now be approved by the Dean’s Office. Should your scenario be approved by all of these, you will be permitted to have a Tier 2 computer. Please note that as a result of these changes, there will be much more scrutiny regarding your reason for requesting Tier 2 management, and consequently there will be fewer Tier 2 approvals than in the past. 

With this option the requested operating system will be installed for you, NetID access and Endgame virus/malware protection enabled, and root access provided.

Note: no further assistance will be provided for the machine. In the event of a problem, we can only reinstall the machine from scratch, so we recommend maintaining current backups.

Caveats

All additional software must be installed by your group, and we will not assist any further with the machine. This means that if you run into problems after making changes to, or updating the machine, you will be on your own. If you get to a point where you cannot use the machine anymore, we can reinstall it from scratch. You are responsible for backing up your data prior to our reinstall.

Root access is gained by using the ‘dzdo’ command instead of the ‘sudo’ command. It works the same way as ‘sudo’ and takes the same arguments, but ‘dzdo’ is provided by the 3rd party tool Centrify, which allows us to provide NetID-based logins.

NetID access via Centrify will only work when using TAMU DNS. If you switch your DNS to Google DNS or another provider, NetID logins will stop working and you may be locked out of the machine.


  • No labels