Table of Contents
This document, agreed upon by the boards of the participating organizations, see Appendix 6, Cooperating Organizations, is a description of the policy for the network connected computer systems at these organizations. The aim of the document is to regulate the relation between the computer users and the system administrators and thus partly establish realistic expectations on the functioning of the computer systems and partly to enable rational operations. This is made possible through a description of rights and duties applicable to users as well as to system administrators. Properties of and rules for special systems such as data acquisition systems or other very research specific systems are not discussed here.
The implementation of the policy described in this document, except Section 3.1, “Central Services”, may not be maintained fully during long holiday periods like e.g. summer and Christmas holidays. The service mentioned in Section 3.1, “Central Services” are prioritized but how well they can be maintained during long holidays is depending on e.g. how much synergy can be gained by merging the computer operations at the former departments or if it can be solved in some other way.
The primary use of the computer systems described here is to promote research and/or education at the organizations involved. Limited private use of the systems (but not consumables) is allowed.
Activities illegal according to Swedish legislation as well as activity forbidden according to the rules of Uppsala University are not allowed. Rules and policies adopted by the university regarding computer usage also apply here as well as the rules of SUNET regarding network connection of computer systems.
The rules of the university can be found at http://www.uu.se, at present under “Internt, Användarstöd, Regler och riktlinjer, IT-frågor”. In addition there are rules at the Enheten för informationstekniskt stöd vid Uppsala universitet (ITS), at present at http://www.its.uu.se/aktuellt/, “Regler och riktlinjer”.
The rules of SUNET are at present found at http://www.sunet.se, “Aktuellt, Regler för anslutning och användning av SUNET” and “IT-säkerhetspolicy för SUNET”.
It is not allowed to make private copies of licensed software as long as nothing else is explicitly stated in the corresponding license agreement.
It is not allowed to log in to another users account. You must not give your password to anybody else. Your account is personal and it is meant for you and not for your friends.
If you detect that somebody has tampered with your files or has tried to log in to your account, please contact a system manager or send a mail to <system@fysast.uu.se>. Unauthorized persons trying to get system privileges will be reported to the Head of Security at the University.
The disks used for home directories should not be used for
large amounts of data. Disk quota will be used to enforce this. Ask <system@fysast.uu.se> for information on the
current cost of adding more disk space to the system.
Local disks should not be used for storage of important files or documents unless particular needs or performance problems are at hand. No central responsibility for data on them is taken, such as backup.
Printing of files is possible on different kinds of printers. Use the copying machines for printing whenever possible. There is no accounting done on the print jobs. Please do not print more than you really need. Please do not use colour printers unless necessary.
Always log out when you leave a public workstation or PC; lock the screen or log out from the workstation if it is your personal workstation.
In order to further keep disk usage for home directories at a reasonable level, account aging will be used in the following way. After a position has ended the user is responsible for storing his or her data on some medium and will be responsible for the storage of that medium.
After one year the data will be deleted.
For purchase and network connection, the following rules must be respected:
All purchase of network attached computer equipment and connection to the existing wired network must be preceded by consultation with a system administrator of the computer group. This includes network attached copying machines.
Network attached computers shall bought with a three to five year warranty.
Wired network connection and configuration must be performed by authorized personnel only.
Equipment connected to the computer network must fulfill the general requirements that are set by Uppsala University [ITS Policy] and the requirements described in this document. There may also be special rules defined at the campus level.
The central services currently provided are listed in Appendix 4, Supported Services.
This means that it should be possible for authorized users to login, make printouts, save data, use the network and get their data backed up.
In all cases, the computer group decides the exact type of server hardware and software and thus the protocols to support these services.
For the supported client systems the computer group will do its best to install and maintain hardware and software listed as supported, see Section 2.4, “Purchase and Network Connection”, Appendix 1, Supported Hardware, Appendix 2, Supported Operating Systems and Appendix 3, Supported Applications, solve basic problems with hardware and software listed as supported and connect auxiliary equipment listed as supported.
For detailed instructions on how to use the software the users are referred to the manuals and help files or to special support regarding certain questions, e.g. IT-stöd for questions on the basic e-mail service.
Support is given for client systems under the following conditions:
Client systems bought according to Section 2.4, “Purchase and Network Connection”,Appendix 1, Supported Hardware, Appendix 2, Supported Operating Systems and Appendix 3, Supported Applications, installed and controlled by the computer group are supported.
Client systems, bought according to Section 2.4, “Purchase and Network Connection”,Appendix 1, Supported Hardware, Appendix 2, Supported Operating Systems and Appendix 3, Supported Applications, installed by the computer group but controlled by the owner or user will have limited support, e.g. automatic reinstallation of the operating system.
No support is given to computers at home with the exception that software for home computers is made available if allowed by the corresponding license agreement. The installation and maintenance is made by the user.
Other client systems are not supported.
In addition to the duties to maintain services (Section 3.1, “Central Services”) and give support (Section 3.2, “Help and Support”) the system administrators of the computer group have the following rights. These should be executed only if deemed necessary.
Look into user files. In such cases discretion should be observed
Monitor the network and systems connected to it
Stop jobs and processes
Shut down systems
Disconnect systems form the network
Delete certain kinds of files like core files or temporary files
In order to maintain the services described, maintenance must be performed on e.g. central servers. This implies certain inconveniences for the users. In order to minimize these disturbances planned maintenance will be announced in a suitable way well in advance.
Maintenance of Windows desktop machines will be performed automatically, possibly every night. The contents of open files on Windows systems should thus be saved every day.
At present user data on central servers (i.e. not on local disks on desktops) are backed up regularly in order to be able to restore data in case of e.g. a disk crash. A general archive for longtime storage is not maintained due to the costs involved. Technically it is possible.
The main idea is to back up a small number of file servers with a large amount of data. Users must store the data on one of the available servers in order for the data to be backed up. The backup strategy policies are given in Appendix 5, Backup policies.
Local administration by users is in general not recommended due to the problems with assuring that systems are properly configured. In this way systems can be patched automatically from a central point. For the same reason dual boot systems are not recommended. Virtual machines constitute a similar problem if they are shut down for a period of time and are thus not properly updated.
Antivirus systems should be set up to use a central server in order to enable central monitoring and to decrease the network load.
For this to be possible all machines must always be turned on and the user preferably logged out when the system is not used. For the same reason computers will be automatically restarted at certain intervals, see Planned maintenance in Section 3.3, “System administrator's rights and duties”.
To save energy it is possible to turn off the screen.
Non-secure machines will be physically and/or logically disconnected from the network either by the computer group or by "Enheten för informationstekniskt stöd" (IT-stöd or ITS).
A firewall separates the network from the internet and the default policy for incoming traffic is that it is disabled.
Those who manage their systems themselves must manually update their virus definitions regularly and manually patch their systems regularly.
Those who bring in laptops must in addition do the following. Follow the basic rules in this document, i.e. nothing must be connected to the network without informing <system@fysast.uu.se>. All machines must be known by MAC address and user as well as the users
e-mail address. The laptops must be patched and have antivirus software with updated virus definitions and the user must see to it that the machines are not infected before connection.
Data stored in the common network will primarily be made available and authentic.
Data will have a normal protection against unauthorized access.
Apart from this no special actions will be performed to keep sensitive data
confidential.
The handling of such data is described at http://www.sunet.se, “IT-säkerhetspolicy för SUNET, Konfidentialitet och integritet”. Those who may have such data are asked to contact one of the system administrators or send mail to
<system@fysast.uu.se>.
This policy has been agreed upon by the boards of the Department of Physics and Astronomy (IFA) and the The Svedberg laboratory (TSL)
The list of supported hardware as defined in Section 3.2, “Help and Support” is updated approximately once a year and can be found here: ./supported_hardware.html
The list of supported client operating systems is updated approximately once a year and can be found here: ./supported_operating_systems.html
The list of supported applications is updated approximately once a year and can be found here: ./supported_applications.html.
Please always contact the computer group before buying software in order to find the most economical solution.
The list of supported services available to the user is updated approximately once a year and can be found here: ./supported_services.html
The current backup policies are the following: Backup is done on a daily basis primarily to be able to restore data in case of a disk crash and secondly to be able to restore files accidently deleted by a user provided that the deletion is discovered and reported as soon as possible. This means that no long term archive is maintained even though it is technically possible.
The policy (management class and schedule in the Tivoli Storage Manager (TSM) software used for backup and restore) used today (sep-2008) implies in greater detail that:
Backup is made every night
Existing files are saved in maximal three versions (1 active + 2 passive) The passive (older) versions are saved for 200 days
Files that have been deleted are saved in two versions for 200 days
The last version is saved for 300 days
No archiving is done
Interpretation:
You may lose a maximum of one day's worth of work
If you destroy a file three consecutive times you will lose the backup of the file, in the worst case within three days. (The typical example used to be corrupted Eudora files which should not be in use any more.)
It appears worthwhile to delete files now and then and then recreate them but it is not recommended
A deleted file is gone forever after 300 days
A deleted file is gone forever after 300 days
The above backup policy further means that the amount of data in the backup system may widely exceed that amount of data that is backed up. This should be reduced in one or more of the following ways:
Only make backup of data that really need to be backed up
Change the parameters mentioned above
Parameters that may be changed are:
How often backup is performed
Number of versions
For how long should they be saved
Is there a need for an archive
To be able to choose the right set or parameters we first have to measure how these parameters affect the ratio between the amount of data in the backup system relative to amount of data being backed up and thus the cost. This ratio for linux and windows data together at the previous TSL/IKP/INF cooperation was approximately 1.7.
The recovery time after a complete hardware crash on the central disk system is relatively long. An estimate from Engelska parken indicates that it would take of the order of 2 weeks after the hardware has been repaired to restore 2 TB of data if no special measures are taken.
The organizations that operate the computer systems together are at present the following.
Department of Physics and Astronomy (IFA), with the following divisions: Division of Astronomy and Space physics Division of Nuclear and particle Physics Division of Theoretical Physics Division of Applied Nuclear Physics and The Svedberg Laboratory (TSL).
To get help with the computer systems please contact the system administrators
using the e-mail address: <system@fysast.uu.se>.
The members of the computer group and their respective level of service are at present:
Ib Kôersner,60% Teresa Kupsc,100% Bertil Pettersson,70%