Support Services : University Information Systems

Home | Login | For CAIT Staff | About UIS

	View Shopping Cart
	Printer Friendly Page


	About Us
	NEW Download JInitiator
	CAIT Remote Access Policy
	Desktop LAN Support (DLS)
	DLS User Support
	Help Desk
	New Staff Info/Tutorials
	NSS Service Portfolio & Rates
	Payroll Office Support
	Project ICE! New Email & Calendar System
	Radcliffe User Support
	User Accounts
	User Tips
	Contact Us

Support Services

W2 Duplicate Request by Web Form

Project ICE! Exchange Email & Calendar Info

Intermittent problems with Oracle Financials systems

ICE! Calendar-Jump Start Guide

ICE! Calendar-Online Tutorial

Welcome to ICE! Calendaring

5/13 Closeout Specials on MacBook Pro and iMacs

5/1 Purchase a New MacBook Pro and Get a Free iPod shuffle 1GB silver

4/29 NEW Apple iMacs

DLS Support Services and DLS Help Desk Policies for DLS Clients

Remote Access – Technical Policy and Practices – Central Administration
DLS Support Services and DLS Help Desk
Procurement Policy
Computer Equipment
Software
Desktop Backup
Peer-to-Peer Software
Software Update Server (SUS)
Equipment for Presentations
Data Jacks
New Users: Account, Computer Equipment and Network Access Requests
Computer Training
Passwords
Virus Protection
Home Personal Computer Recommendations
Microsoft Vista Support
UIS/Support Services DST 2007 Statement
Support of Microsoft Office 2007
PDA Handheld Device Policy
MeetingMaker DST Support
PGP Whole Disk Encryption Policy
Non-Harvard Owned Computers
Support Services Workstation/Laptop Policy

Remote Access – Technical Policy and Practices – Central Administration

The policy documented herein, aims to establish a structure; standardize expectations; and formally acknowledge support of authorized remote access to Harvard information in a manner that is cost-effective, and minimizes the risk of information loss. Individual employees and departments need to acknowledge ownership and responsibility for the Harvard information used on remote devices.

Policy and Practice – Target Effective Date October 1, 2005; Compliance Date – July 1, 2007

Overall considerations
For remote access to central web-enabled services
For authorized staff where remote access to central IT services and applications is a job requirement, or part of an approved tele-commuting or work-at-home arrangement (cost information)

DLS Support Services and DLS Help Desk

The Desktop and LAN Support Services group of Harvard's University Information Systems provides technology support to departments in most of Central Administration and throughout other Harvard departments and schools. DLS clients may contact the DLS Help Desk for assistance with hardware or software issues by calling 617-495-8411, or via email to dls@harvard.edu.

The DLS Help Desk business hours are:

Monday through Thursday from 7:30 a.m. to 8:00 p.m.
Friday from 7:30 a.m. to 6:00 p.m.
If you need immediate assistance after 6:00 pm, please call 617.495.8411,rather than emailing your issue.

The DLS Help Desk will attempt to resolve your problem over the phone. If your call requires a DLS technician to come to your location, every effort is made to respond to non-urgent calls within 4 hours of the ticket being opened by the DLS Help Desk.

If you are having an urgent issue, a DLS technician will arrive on-site to assist you. An urgent issue is any problem with your computer that impedes your job function. Urgent issues include the computer keeps rebooting, or the monitor has no power.

Procurement Policy and Life Cycle Management

DLS manages equipment on a 3-year cycle. Inventory is reviewed annually and replaced as needed. If necessary, purchases outside of either the standard replacement cycle, or the CAIT Desktop Standards listed below, will be reviewed by the local department manager and the DLS Support Services Manager prior to any equipment being ordered.

All requests for purchasing new computer equipment or software must be sent from the local department manager in writing via email to dls@harvard.edu. The request should include the billing code, any known hardware specifications for computer equipment and the name of the any standard or non-standard software needed.

At the end of the 3-year life cycle, equipment is returned to the vendor/leasing company or disposed of at the UOS Recycling Center. Before recycling or returning equipment to the vendor or leasing company, all data is completely deleted and irretrievable.

Support Services does not endorse or recommend that client departments engage in selling old computer equipment to employees and will not support such equipment in any capacity.

Computer Equipment

IBM is the preferred vendor for the University. Please refer to the CAIT desktop standards document at http://www.uis.harvard.edu/support_services/standards.pdf for more information on the IBM computers used throughout DLS Client Departments.

All Harvard staff members may also purchase IBM computers at the Harvard price for personal use. If you would like more information on personal purchases through IBM, please visit:

http://www.uis.harvard.edu/technology_services/

Software

A Standard Software Suite is installed on all new DLS client computers. It includes:

Adobe Acrobat Reader 7.0 (PDF file reader)
Microsoft Outlook 2003 (email)
MeetingMaker 7.5 (calendar)
Microsoft Internet Explorer 6.0 (web browser)
Microsoft Office 2003 (includes Access, Excel, PowerPoint, and Word)
Mozilla Firefox (web browser)
Symantec Anti-Virus 10
Windows XP (operating system)

Non-standard software is installed upon request and subject to the approval of the local department manager and the DLS Support Services Manager. Support for non-standard software is limited and is given a best effort attempt to help solve a client issue.

Note: All software requires that a license be purchased for each computer on which it is installed. All software is to be installed by Support Services Technicians and not end-users.

Desktop Backup

For a fee, DLS clients can have the Connected DataProtector Backup Client installed onto the computer hard drive by DLS technicians.

Connected DataProtector is a backup software application that is set to run automatically every day on your computer in the background eliminating the need to run a manual backup.

If you would like more information on Connected DataProtector Backup, please contact the DLS Help Desk at 617-495-8411, or via email at dls@harvard.edu.

If you are already a user, please click here to view an Adobe Acrobat file of some basic information about the Connected DataProtector Backup Client.

Peer-to-Peer Software

DLS does not endorse, support, or install any Peer-to-Peer software such as Kazaa, Morpheus, etc., on the basis that these types of applications effectively circumvent most enterprise security architectures in the same way that a virus or exploit does.

Software Update Server (SUS)

The process for distributing monthly SUS updates is:

SUS testers receive patches on the second Tuesday of the month
DLS clients receive patches on the third Monday of the month
Patches are sent automatically to all DLS computers on the network
DLS clients should log off, but leave computers powered on to receive patches sent at random intervals from the SUS server during the monthly 4-day patch period
Some DLS clients will see a Blue Globe in lower right system tray on the desktop screen
- Click on the Blue Globe to manually install patches
- Restart, if prompted, to complete install

For most DLS clients on Microsoft Windows 2000 and XP operating systems, all the patches will automatically be sent to and installed on your computer if it is powered on. Most updates are installed in the background requiring no reboot.

For some DLS clients on Microsoft Windows 2000 and XP operating systems, the patches will need to be manually installed because of the way the computers are configured.

During the monthly 4 day patch period, all DLS computers must be powered on to receive patches sent at random intervals from the SUS server. All DLS clients should choose Log Off instead of Shut Down from the Start Menu on your computer when leaving at the end of the 4 business days patches are sent each month. Updates cannot be installed when the computer is off, or is not on the network.

On all other non-patching period days, DLS clients are encouraged to turn off their computers at the end of the workday to assist Harvard University in saving energy and reducing greenhouse gas emissions.

If you need help with installing the monthly updates, or notice any problems after installing the updates, please call the DLS Help Desk at 617-495-8411.

Equipment for Presentations

24-hour advance notice is appreciated for help with the setup of presentation equipment, e.g. connecting a laptop to a data projector. If a non-DLS supported laptop is to be used, it must be checked well in advance of the presentation for the most current security patches and virus definitions. Computers that do not meet these criteria will not be allowed on the Harvard network.

Note: Rental of projectors and laptops is not provided through the DLS Help Desk. DLS clients should check within their department for any department-owned presentation equipment.

If a department needs to rent a data projector and/or a laptop, please call UIS Rental Services at 617-495-9060 or click the following link:

http://www.uis.harvard.edu/technology_services/contact.php

Note: Please allow a minimum of 2 to 3 days prior to your presentation when calling UIS Rental Services for equipment.

Data Jacks

An active data jack in the conference room being used for a presentation is required for access to any Harvard server or any servers on the Internet. Not every conference room has an active data jack in it. A DLS technician can check a data jack and activate it, when necessary.

To have a data jack checked or activated in a conference room for a presentation, please call the DLS Help Desk at 617-495-8411 well in advance of the presentation. Please provide your name, your office phone number, the room location being used for the presentation, and the date and time of the presentation.

New Users: Account, Computer Equipment and Network Access Requests

All local department hiring managers who have new staff members starting at Harvard should should complete a Create User Account Request Form in advance of the start date for:

Changes to existing computer equipment;
Creation of email, network and calendar user accounts; or
Requests for new computer equipment.

Requests for new user accounts and equipment must include:

New employee's name, office location, phone number
HUID number, if known (needed to create a Harvard email alias)
Location of computer for the new user, if a computer is needed
Network account permissions, including server, folders or files to which access is needed
Meeting Maker account setup, if needed
Eudora email account setup (requires 33-digit billing code for most departments)
Any special application setup needed on desktop computer

Note: The setup of a new Harvard email alias requires a Harvard ID.

Fileserver usage is for Harvard business purposes only. Periodic scans will be made for personal music or video files. Should these files be found, your Manager will be notified. These files take up too much storage space, increase departmental cost for SAN space and backup, and are often illegally copied or pirated materials.

Computer Training

For a variety of courses, seminars, and workshops, please see the listing on the Harvard University Center for Training and Development's website at:

http://www.atwork.harvard.edu/training/ctd/

Passwords

All DLS clients are required to change network passwords every 90 days. Users should change passwords as soon as receiving notification of expiration. Users who wait to change passwords could disable the network account.

Passwords should:

Be a minimum of 7 characters long for PC users.
Be a maximum of 6 characters long for Macintosh users.
Not be the same password used within the last 5 password changes.
Use random alphanumeric character sequences, e.g. ca23tlr.
Use unrelated words joined or intermixed with numbers, e.g. book2coffee.
Use phonetically spelled words mixed with numbers, e.g. gl008gun.
Special characters mixed with words, e.g. uos#$at.

Passwords should not:

Be shared with anyone.
Be written down or recorded, except to provide to your human resources manager in a sealed, secure envelope.
Include any part of your login name.
Include common words, notable dates, or predictable numeric sequences.
Use foreign words, colloquial terms, or book/movie terms.

Virus Protection

All DLS client computers are automatically protected from viruses by Symantec Norton Anti-Virus. New computers are configured to automatically receive new virus definition updates every 6 hours as the vendor makes them available.

The CAMail server is set to filter any viruses from suspect emails as they are received. The infected attachment will be changed to be a DELETED.TXT file that will not harm any computers.

Home Personal Computer Recommendations

Users should check their home personal computers for critical operating system and application updates to be sure that personal computers at home do not become infected.

All Microsoft operating systems and application updates are available at the Microsoft site below:

http://windowsupdate.microsoft.com/

Home users should also be sure anti-virus software is installed on their home PCs. Online downloads and purchasing is available at the Symantec Norton Anti-Virus link below:

http://www.symantecstore.com/dr/v2/ec_Main.Entry?SP=10007&SID=27674&CID=0&DSP=0&CUR=840&PGRP=0&CACHE_ID=0

Microsoft Vista Support

Microsoft has released a new desktop operating system (OS) called Vista. This OS is significantly different in look and feel from the current WindowsXP platform. At this time DLS is evaluating application compatibility, hardware, networking, licensing and support requirements of the Vista OS. Until DLS has fully assessed this new OS, Vista will not be supported or installed on DLS systems. Most importantly Vista uses Internet Explorer 7.x (IE7.x) as its browser which is not compatible with our current Oracle Enterprise applications.

UIS/Support Services DST 2007 Statement

Beginning in 2007, the Energy Policy Act changes the dates of both the start and end of daylight saving time (DST). As a result, DST will begin on the second Sunday in March (March 11, 2007) and end on the first Sunday in November (November 4, 2007), extending DST time. UIS/Support Services is committed to making this transition as seamless as possible for our customers. All desktop operating systems and applications listed in the CAIT desktop standards which require a patch to be DST 2007 compliant will be updated well in advance to assure a smooth transition. The latest standards can be found at http://uis.harvard.edu/support_services/standards.pdf. All necessary efforts are currently underway. For department-specific applications not included in the CAIT desktop standards, we strongly urge you to contact the software vendor to assure DST 2007 compliance, and to take whatever steps are required by your vendor. DLS can provide assistance with installing any necessary patches to your desktop software related to your department-specific applications. If you have any questions or concerns, please call the Help Desk at 617-495-8411 as soon as possible.

Support of Microsoft Office 2007

Microsoft Office 2007 suite was released on January 31, 2007 in several different variations. It’s release has introduced several changes and has a significantly different look and feel. Support Services (DLS) is in the ongoing process of assessing the application compatibility, licensing and support requirements of Office 2007. At this time, it has been determined that Vista does not satisfy these departmental support requirements. Two areas of concern exists: 1) a new file format introduced that is not compatible with older version of Office and 2) interoperability of the new Outlook client with Project ICE. As a result:

Windows Office 2007 is not a supported DLS departmental application and should not be purchased or installed.

Please contact DLS Support Services with any questions or concerns at dls@harvard.edu.

PDA Handheld Device Policy

In conjunction with Project ICE!, DLS will only support Harvard-owned PDA devices. The standard PDA devices for CAIT will be reflected in the standards document at http://www.uis.harvard.edu/support_services/standards.pdf

CAIT users will have until December 31, 2007 to migrate to a standard PDA device. As of June 30, 2008, non-standard legacy PDA's will no longer be supported by DLS. The Harvard University Information Security and Privacy policies at http://www.security.harvard.edu apply to the use of PDA devices and information stored on and/or accessed through these devices. Staff should avoid storing confidential data on PDA devices.

MeetingMaker DST Support

Support Services has performed extensive testing on the MeetingMaker program and determined that the changes in Daylight Savings will not effect the user population. The server operating system infrastructure has been patched. As a result, there are no plans to upgrade or change the MeetingMaker software.

PGP Whole Disk Encryption Policy

UIS Support Services has begun a strategic initiative to protect data while it is stored on workstation hard disks, especially on laptops. Going forward, planned laptop replacements and upgrades will include PGP Whole Disk Encryption as part of the standard installation. In addition to this effort, DLS will be working with local managers to identify computers that routinely access confidential information and target them for encryption as well.

Why is the use of PGP Whole Disk Encryption important?

The Harvard University enterprise security policy specifies that disk encryption must be used to secure data. In particular, laptops and other mobile devices are at higher risk than desktops and should be secured first.
http://www.security.harvard.edu/tech_security/transporting.php
The use of PGP Whole Disk Encryption does not authorize users to handle confidential data in a fashion inconsistent with the security policy. At no point should confidential data be present on any device such as a laptop, desktop, portable disk drive or USB thumbdrive regardless of encryption. In the event of loss or theft of a computer while a computer is shutdown, drive encryption will protect against the loss of data.

What does PGP Whole Disk Encryption do?

PGP Whole Disk Encryption protects against data theft while the computer is powered off. It transparently locks down the entire contents of a laptop or desktop drive ensuring that while shutdown the data stored on those systems cannot be exposed to anyone in the event of loss of the machine. This encryption runs as a background process that is entirely transparent, automatically protecting valuable data, even in hidden and system files, without requiring the user to take additional steps.

How does PGP Whole Disk Encryption change how I use my computer?

PGP Whole Disk Encryption requires you to authenticate with your PGP Whole Disk Encryption passphrase when you turn on your computer, before Windows even starts. Once you have authenticated, on-the-fly decryption and encryption is enabled and your computer will continue with the normal startup process, which will look and behave exactly as before.

Do I have to remember a new passphrase in addition to my Windows login password?

No. The PGP Whole Disk Encryption login process replaces the need for you to log into Windows when you turn on your computer, and your Windows and PGP Whole Disk Encryption passphrases are the same. In the event you need to change your Windows password, or visa versa, PGP Whole Disk Encryption automatically synchronizes the passphrases in the background.

Does PGP Whole Disk Encryption affect how I use any of my applications? Will it affect my email?

No. While you are logged into your system, all applications, including email and other network software, run unaffected. The encryption/decryption is entirely transparent to application activity.

Can I still put my PGP Whole Disk Encryption–protected system into hibernation or standby modes?

Yes, PGP Whole Disk Encryption supports Windows hibernation and standby modes. When you bring your system out of hibernation, PGP Whole Disk Encryption will require you to authenticate before you can access Windows.

What platforms are supported?

Microsoft Windows XP.

Whom should I contact with further questions or for assistance?

For further information about the rollout and use of PGP Whole Disk Encryption, contact the UIS Helpdesk at 617-495-8411 or email to: dls@harvard.edu

UIS/DLS Policy & Procedures for Support of Non-Harvard-Owned Computers

Updated by Henry Drew – 1/17/2008

Policy

UIS/DLS will not provide support for any non-Harvard-owned computer. Additionally, UIS/DLS will not provide support which would allow a non-Harvard-owned computer to access to Harvard’s internal computing resources or networks, with the exception of Harvard wireless networks. Any exception to this policy requires approval from the Director and/or Manager of UIS/DLS.

If a member of UIS/DLS detects a non-Harvard-owned connected to any of Harvard’s internal networks, except Harvard wireless networks, it is their responsibility to bring the violation to the attention of the Director and/or Manager of UIS/DLS who will deal with the issue accordingly.

Overview

With stringent security policies in place which protect confidential Harvard data, it is extremely critical that UIS/DLS does not allow or facilitate access or transfer of said data to a non-Harvard-owned computer. With the enactment of several laws to protect the privacy of individuals' health (HIPPA), financial records (GLBA), and student records (FERPA), data confidentiality has become a legal concern.

Exceptions

If an exception is granted for access to internal computing resources or networks access, UIS/DLS will validate that the non-Harvard-owned computer has an enabled anti-virus program with the latest virus definition files and is free of any viruses, malware, or spyware prior to connecting the computer to the internal network. This will require that UIS/DLS performs the following steps:

Confirm that virus definition files are less than one week old. Updating of the virus definition files will be performed without plugging directly into the internal Harvard network.
Run a full virus scan of all hard drives.
Run a current spyware detection utility.
Update Microsoft security patches by connecting to Microsoft’s SUS server. Updating of the Microsoft security patches will be performed without plugging directly into the internal Harvard network.

Support Services Workstation/Laptop Policy

Laptop Owner Do’s & Don’ts

Do:	Be certain that PGP full disk encryption is installed on your laptop. a. If not installed, call the Helpdesk at 617/495-8411 to request installation.
Do:	Be certain that virus definitions are up-to-date. a. If you aren’t certain if your virus definitions are up-to-date, follow these instructions. Click on Start > Programs > Symantec Client Security > Symantec AntiVirus. Symantec AntiVirus window will open up. Make sure that your Virus Definitions are less than one week old. If not, click on the LiveUpdate button.
Do:	Be certain that Windows patches are up-to-date. a. If you aren’t certain if patches are up-to-date, follow these instructions; Open Internet Explorer On your Menu Bar, Choose Tools > Windows Updates Internet Explorer will open a browser window called Microsoft Update. Under the Options Pane – Choose “Review Your Update History” Note the date of your last update. Your updates should be no older than one month. If the last update is more than one month old, call the Helpdesk at 617-495-8411.
Do:	Be certain that laptop is completely powered down when traveling.

Don't:	Leave laptop unattended in a car.
Don't:	Check laptop as baggage when traveling.
Don't:	Leave laptop unattended. Always carry the laptop with you, or secure it in a safe, locked location.
Don't:	Allow non-Harvard people, including family members, to use your laptop.

Stolen/Lost Laptop Policy

Laptop Owner needs to report incident to:
1. Laptop owner’s manager.
2. The Helpdesk (617-495-8411) and declare that a Harvard owned device has been misplaced, lost or stolen. A brief description of how the device has been lost or stolen should also be explained so that security remediation procedures can be initiated. Helpdesk/Operations will collect all user data from the workstation/laptop owner.
  1. Network Username
  2. Email address
  3. VPN accounts
  4. Any other account information (Advance, Avantis/Progress, etc).
  5. Any special applications loaded to the device. (PGP, Sygate)
  6. What personal or private data may have been on the machine such as HR personnel data, performance evaluations or HUIDs.
3. If theft occurred on campus, notify Harvard University Police:
  1. Phone: 617-495-1212 or 617-495-1215
4. If theft occurred off campus, file a police report in the city where the theft occurred.
  1. Note: You’ll need a copy of the police report in order for an insurance claim to be filed for the loss of the laptop.
5. Notify Harvard University’s Office of General Counsel by calling 617-495-1280 if your lost or stolen laptop contains high-risk data (see 5.c. below).
  1. If your lost or stolen laptop was powered down and was PGP encrypted, there should be no risk of data loss.
  2. If your lost or stolen laptop was PGP encrypted, but was not powered down, then there is a high risk of data loss.
  3. High-risk data is first name or first initial and last name of staff, students or faculty in combination with any of the following: social security number, driver’s license number, state issued identification card number, or financial account or credit or debit card number.
6. Report loss to Harvard University’s Insurance Department (617-495-8668). Be certain to include police report with claim.
Helpdesk/Tier 2 needs to report incident:
1. Helpdesk/Operations will open an Urgent ticket with all pertinent information, which will be escalated to Tier 2 for account management procedure (see item #8 below). In addition, the Helpdesk supervisor/manager will be informed as well as the Director of Support Services, so that they can conduct an internal review.
2. Tier 2 will evaluate what data could be vulnerable and will disable any and all accounts that the user may have accessed from that workstation or laptop. For example:
  1. NOC will disable VPN account (if applicable).
  2. SOC/NOC will monitor for any abnormal behavior that may appear on servers / databases to which laptop owner had access.
3. The user will be contacted with what steps were taken and what the new account information will be.
4. The Director of Support Services (617-495-9963) will be notified with final resolution.