.. vim: syntax=rst .. include:: ../global.rst .. _policy-policy_docs-machines: ================================== Policy for Oden machine management ================================== Systems in the Institute (desktops, workstations, and servers) fall under two domains, managed and unmanaged. This policy describes how Sysnet maintains systems on both managed and unmanaged networks. .. warning:: Effective January 24, 2019: All new desktops and group servers will be placed on the NAT network. A FAQ will follow soon. ---------------- Managed machines ---------------- Policies for managed desktops - User permissions will be access-controlled. - All authentication, authorization, and security will be centrally controlled through LDAP authentication service. - Licensed software will be covered by site license only. Individual licenses will not be allowed to system space. - SSH access only, no other services will be allowed. - Home directories will be NFS-mounted - Mac clients will use network accounts to authenticate to our LDAP server. Home directories are local to the system only. NFS shares of users home directories for Linux boxes are available on Mac clients. Backups services will use Crashplan. Policies for group servers or clusters - Sysnet will provide support for managed group servers that run variants of Linux. Sysnet does not have the staff to support or maintain any type of Windows server on the managed network. - Sysnet will work with the group to determine whether this system needs to be on UT's public or private network. - Sysnet will investigate if the system needs to use the authentication service. - Sysnet will determine whether NFS shares should be mounted. Advantages - Automatic nightly network backups - Full software support - Site-licensed software access - In case of hardware failure, a replacement can be quickly deployed to an identical configuration - Static IP and hostname Disadvantages - Software installation may take some time to be optionally packaged (OS X) and processed. - Slightly more restrictive atmosphere due to enforcement of proper permissions - OS X users may be unfamiliar with a workgroup environment. Allowed operating systems: MacOS 10.12 and up, OpenHPC for clusters, CentOS 7. ------------------ Unmanaged machines ------------------ - Users must agree to the new `Device Administrative Account`_ policy - Support will be limited to wiping and reinstalling. - Sysnet requires an administrative account on all Oden Institute owned machines. - Software installations for Oden Institute owned software shall be installed by Sysnet where applicable. Example, Matlab. - Machines will be placed on a static NAT network. Machines on the NAT network are not publicly routed and can only be accessed off campus using UT's VPN service. Advantages - User's needs cannot be satisfied due to restrictions of being managed. - Any operating systems Disadvantages - No network file storage - Less software support - No publicly routed network, systems are on the DHCP NAT network, no exceptions. .. _Device Administrative Account: http://users.oden.utexas.edu/~stew/docs/policy/administrative.html