Versions Compared

Version Old Version 6 New Version 7
Changes made by

Margie Athol

Margie Athol

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Revising content, adding a few new questions, adding / replying to comments

...

  • Identify any devices connected to the UT network and record hardware and contact information. This includes (but isn't limited to) computers, printers, sensors, firewalls, local switches, networked instruments, and AV equipment.

  • Assess the state of computers by reviewing inventory information and discussing with PIs and / or lab staffthe device owner. For research labs, this is the PI or a lab member they identify. CNS OIT techs will ask questions that help determine the compatibility between the computer's required functions and management.

  • For computers already enrolled in management, they CNS OIT techs will check the status of data backups using CrashPlan and help configure backups if needed.

...

  1. Enrolled into management 

  2. Removed from the network 

  3. Exception from management approved by the Dean and filed with the ISO and Dean, in combination with additional security measures.

    1. Note: This option requires a technical justification approved by CNS OIT, the ISO Dean, and the Dean. It is only valid for 1 year and must then be either enrolled in management, or refiled with required approvals. The exception is the responsibility of the owner of the device.

...

    1. ISO. For more information about exceptions, see the FAQ What qualifies for an exception from management? What does an exception entail?

Using the information from Stage 1 and through discussions with the device owner, a plan will be made to identify what actions need to take place. Then, steps will be taken to address the computer and make it compliant. No steps to address a computer will be made without approval from the device owner.

This is an example of a computer that qualifies for an exception from management and what compliance looks like:

  • Situation: The computer is an instrument controller provided by the vendor. Enrolling the computer in management is a violation of the service agreement with the vendor and would cause issues with the software used to control the instrument.

  • Security measures taken to meet compliance: A hardware firewall configured by CNS OIT is installed in front of the computer. The computer is then only able to connect to a select number of devices in the lab, UT Box, CrashPlan, and an IP address range supplied by the vendor used for remote support including updates to the instrument and software.

  • What these measures accomplish: The computer will be protected against attacks from external sources that would have been mitigated by management. The computer is still able to control the instrument and receive support from the vendor. Data can be automatically backed up to a file server, UT Box, or CrashPlan, making it easy to access from another computer for analysis and decreasing the chance of data loss.

Going forward

Once CNS OIT has completed inventory identification (described under Stage 1 above):

Purchase of ALL devices must go through CNS OIT and computers must be enrolled in management

Every IT device purchased with UT funds (including grant-funded and ProCard purchases) must be vetted by CNS OIT prior to purchase and must be delivered to CNS OIT to enroll into management. This is defined in IRUSP standard 19.6.

Network access and design requires collaboration with CNS OIT

Any device will only be permitted on the wired network after CNS OIT completes an inventory survey and verifies the device meets policy requirements. Any devices that connect to the network without CNS OIT approval will be quarantined.

For new labs or renovations, CNS OIT needs be brought into discussions early on to help design and implement the infrastructure.

Network access will be limited to devices that must be on the network. If the device does not need network access to perform work, it is best to leave it off the wired and wireless network. 

Please submit a Network Connectivity request through the CNS OIT Help Form to create a ticket directly with our CNS OIT Network team.

Personal Computers

We are using the information collected to identify all possible options to address the use of personal devices for University business.

We don't yet have a timeline of when a plan will be developed or what that may look like. As options are identified, they will be communicated to those impacted. At this time, we are also not sure how that communication will be sent.

If you will be onboarding new staff who typically supply their own computer (such as graduate students, TAs, and undergraduate research assistants), please contact CNS OIT so we can assist with identifying options to address your need. 

Non-computer networked devices (e.g. printers)

No action is planned at this time. Once the ISO identifies a need, CNS OIT will create a plan and communicate it to CNS. Requests to connect new devices to the network will be reviewed and only devices that need to be networked and meet security requirements will be allowed online, as mentioned above.

FAQs

Overall Process and General FAQs

...

minLevel1
maxLevel7
locationtop

Who does this impact?

All faculty, staff, and graduate students in CNS. Undergraduate students conducting research, working with research data, or who are student employees will also be impacted.

You will be impacted if one of more of the following criteria applies to your role:

...

funded by UT and / or external grants,

...

involved in research that is funded by UT and / or external grants,

...

requires you to use (including produce, share, access, store) UT data,

...

Going forward

Once CNS OIT has completed inventory identification (described under Stage 1 above) in a building:

Purchase of ALL devices must go through CNS OIT and computers must be enrolled in management

If an IT device will connect to the network (e.g. computer, printer, WiFi-connected sensors), it must be vetted by CNS OIT prior to purchase and all computers must also be delivered to CNS OIT to enroll into management. This is defined in IRUSP standard 19.6.

If a device will not connect to the network and cannot store UT data (e.g. keyboard, monitor), then purchase doesn’t have to go through CNS OIT. We are happy to assist in verifying compatibility.

Please contact CNS OIT by sending an email to help@cns.utexas.edu. If you don’t have a specific item in mind, CNS OIT can assist. We’re also able to create quotes and assign them to your purchasing agent.

Network access and design requires collaboration with CNS OIT

Any device will only be permitted on the wired or IoT wireless network after CNS OIT completes an inventory survey and verifies the device meets policy requirements. Any devices that connect to the network without CNS OIT approval will be quarantined.

For new labs or renovations, CNS OIT needs be brought into discussions early to help design and implement the infrastructure to ensure your needs will be met. Infrastructure changes such as adding new ethernet ports are almost always needed and are faster (and less expensive) when identified from the start.

Network access will be limited to devices that must be on the network. If the device does not need network access to perform work, it is best to leave it disconnected from the wired and wireless network. 

Please submit a Network Connectivity request through the CNS OIT Help Form to create a ticket directly with our CNS OIT Network team.

Personal Computers

We are using the information collected to identify all possible options to address the use of personal devices for University business.

We don't yet have a timeline of when a plan will be developed or what that may look like. As options are identified, they'll be communicated to those impacted. At this time, we're also not sure how that communication will be sent.

If you will be onboarding new staff who typically supply their own computer (such as graduate students, TAs, and undergraduate research assistants), please contact CNS OIT so we can assist with identifying options to address your need. 

Non-computer networked devices (e.g. printers)

No action is planned at this time. Once the ISO identifies a need, CNS OIT will create a plan and communicate it to CNS. Requests to connect new devices to the network will be reviewed and only devices that need to be networked and meet security requirements will be allowed online, as mentioned above.

FAQs

Overall Process and General FAQs

Table of Content Zone
minLevel1
maxLevel7
locationtop

Who does this impact?

All faculty, staff, and graduate students in CNS. Undergraduate students conducting research, working with research data, or who are student employees will also be impacted.

You will be impacted if one of more of the following criteria applies to your role:

  • funded by UT and / or external grants,

  • involved in research that is funded by UT and / or external grants,

  • requires you to use (including produce, share, access, store) UT data,

  • instructional with direct student interaction and access to FERPA data.

Many people at UT have multiple roles and there are certain instances where your UT-related activities are outside the scope of this project. Only roles that meet the criteria described above are in scope.

...

You will only be impacted in the ways that are listed under the FAQs “Who does this impact?” and “What computers and devices are included?” It can be helpful to ask yourself, “What roles do I have? Which role is asking me to participate in this activity?” to determine how you may be impacted.

Our current efforts will primarily be with research labs. For more information about this, please see the FAQ Why is this mainly affecting research labs?

How long does the inventory identification take?

...

How can I coordinate the process with CNS OIT? Are there options to schedule an appointment?

What if CNS OIT never comes to my lab?

Endpoint Management (EPM) & Enrollment in Central EPM

Why is this mainly affecting research labs?

Almost all computers used by faculty for instruction and by administrative staff have already been enrolled in management and brought into compliance. Research labs have unique needs and more complicated requirements. The current approach is designed so CNS OIT is able to give the needed focus and time to each lab.

What if CNS OIT never comes to my lab?

Endpoint Management (EPM) & Enrollment in Central EPM

Table of Content Zone
minLevel1
maxLevel7
locationtop

...

Windows computers:

  • Must be compatible with Windows 11, or compatible with Windows 10 with a replacement plan identified (Windows 10 reaches End of Life in October 2025 and will not be allowed after that date).

Linux computers:

  • with Windows 11, or compatible with Windows 10 with a replacement plan identified (Windows 10 reaches End of Life in October 2025 and will not be allowed after that date).

Linux computers:

What if my computer isn’t compatible with EPM?

If your computer isn’t compatible with EPM due to a technical business justification, and exception from management can be requested. More information about exceptions are in the FAQ What qualifies for an exception from management? What does an exception entail?

If incompatibility is due to hardware or software limitations such as not being able to run a supported version of the operating system, there are two main options: taking the computer offline, or purchasing a new computer.

CNS OIT will work with the device owner to understand the situation and identify options.

What qualifies for an exception from management? What does an exception entail?

An exception requires a technical justification approved by CNS OIT, the Dean, and the ISO. Additional security measures must be taken to ensure the security and compliance of the computer. It is valid for a maximum of 1 year and must then be either enrolled in management, or refiled with required approvals.

The exception is the responsibility of the owner of the device, but CNS OIT will assist with certain aspects of the exception process and alternate security measures. As each case is unique, CNS OIT will discuss the division of responsibility with the device owner.

Here is an example of a computer in a research lab that qualifies for an exception from management and what compliance looks like:

  • Situation: The computer is an instrument controller provided by the vendor. Enrolling the computer in management is a violation of the service agreement with the vendor and would cause issues with the software used to control the instrument.

  • Security measures taken to meet compliance: A hardware firewall configured by CNS OIT is installed in front of the computer. The computer is then only able to connect to a select number of devices in the lab, UT Box, CrashPlan, and an IP address range supplied by the vendor used for remote support including updates to the instrument and software.

  • What these measures accomplish: The computer will be less vulnerable to attacks from external sources. If the computer were to become infected or be compromised, it’s ability to infect or other computers on the network or compromise UT data is limited. These are protections that EPM provides through a combination of firewall rules, system configurations, and anti-virus software. The computer is still able to control the instrument and receive support from the vendor. Data can be automatically backed up to a file server, UT Box, or CrashPlan, making it easy to access from another computer for analysis and decreasing the chance of data loss.

Do you have access to my data?

...

No. CNS OIT does not look at nor monitor the data anyone has on their computer. The only time we intentionally touch data on a computer is if we are assisting in data recovery or if we are legally required to do so such as during a FOIA request. In these cases, CNS OIT does not open, look at, nor review any files beyond verifying the data is not corrupted. CNS OIT also ensures data storage and transmission is secure and accessible only by those authorized to do so.

Inventory Identification

...