Physics Computer Workstation Policy

This document describes the levels of support offered by the Physics Computer Network staff for departmental workstations.  Many terms used in this document are defined in the Glossary section.  If you have any questions about what is covered in this document, please send mail to staff@physics.purdue.edu.

Network Access

The following rules apply to any computer connected to a PCN -administered network.

  1. PCN must have administrative access, but it need not be exclusive.
  2. PCN must have physical access to the computer.
  3. Laptops and personally owned desktop/misc hardware WILL NOT be permitted access to the physically wired network. Any network access must occur via PAL2.0.

The following networks are administered by PCN. Any computer whose IP number begins with the first three numbers of the following subnets must follow the above rules.

  • 128.210.67.0
  • 128.210.68.0
  • 128.210.69.0
  • 128.210.146.0

PCN Maintained Computers

Supported computers have the following traits:

  1. PCN provides services such as accounting, automatic software updates, network backups, security audits, and availability monitoring at no charge.
  2. PCN maintains exclusive administrative control over the computer.
  3. PCN must have physical access to the computer.
  4. The computer must be up, on the network, and running the same operating
    system at all times.  If the computer is off the network or running a
    different operating system than expected at a given time, we assume a
    hardware or software failure has occurred or security has been
    compromised, and we come and fix it.
  5. A user's home directory may reside on no more than one supported
    machine.  All other supported machines will network mount the home
    directory from this one machine.  This scheme simplifies technical
    support and file restoration for PCN staff.

Such computers are said to fall under the PCN Workstation Support Program.

Self-supported Computers

The only rules for computers that are not maintained by PCN are those listed above under Network Access, which apply if the computer is on a PCN-administered network. No
support other than a LAN connection and an IP address are provided by PCN. We do allow access to some network services (not including network backups),
but we don't configure or help with configuring them on the computer. 
If a configuration change is made on one of our servers, you're
responsible for staying on top of it and fixing it.

No services may run on a self-maintained system except sshd. (no telnet,
rsh, ftp, http, smtp, RPC, etc). This means no running your own
webserver, mail server, ftp server, etc.

Windows Based Workstations

PCN has detailed policy explanation for Windows based workstations here .

Printers

Printers are separate entities from workstations and fall under a different policy document dec scribed here

Glossary
accounting
A service that makes it easy to create accounts for users on any supported computer.
administrative access
Access required to install software, create accounts, and/or change
system settings on a given computer.  Usually, one must have the root or Administrator password to have administrative access. See also exclusive administrative access .
availability monitoring
An automated service that notifies PCN staff members in the event of a
system crash, power outage, or security violation. Upon receiving
notification via their alphanumeric pagers, staff members will attempt
to diagnose and fix the problem 24 hours a day, 7 days a week.
exclusive administrative access
Access held by only one entity. For PCN to have exclusive administrative access , no one else may have access to the root or Administrator accounts. See also administrative access.
network backups
A service that automatically backs up files on a supported computer
over the network in the middle of every night. Files lost to accidental
deletion or corruption due to power outage or natural disaster can then
be recovered from the backup tapes. Tapes are periodically taken out of
rotation and sent offsite for safe-keeping.
physical access
Access to the room or area where the computer resides, as well as the
internal components of the computer. For PCN to have physical access,
the computer resides must be accessible by a Physics Building master
key unless PCN is given a key that allows access to the computer. If
the computer's case or other components are locked, PCN must be given a
key or combination to those locks as well.
security audit
The act of scrutinizing a computer for potential security
vulnerabilities, based on either a routine schedule or reports of
recent security violations. This service, as well as damage control if
a break-in ever does occur, is provided for supported computers.