ECS Policies

Purpose

This document describes the guidelines for academic software acquisitions and allocation of existing software resources.

Funding Source

Approved academic software capital purchases and annual software maintenance costs are funded by the student technology fee. The software maintenance budget is divided into system software (e.g. operating systems, compilers, backup software), utilities (e.g. FastX2, Ghostview, Acrobat), non-engineering-specific software including productivity tools (e.g. Visual Basic, Microsoft Office, Java), and commercial educational software (e.g. Creo, Matlab, Aspen).

Guidelines

ECS will consider purchasing software on an individual case basis.

To request software, fill out the software installation form and bring applicable media, documentation, and licensing information to ECS, 1253 SC.

Within two weeks of receiving the software, ECS will notify instructor if the software cannot be installed on the network.

Research Use

The cost-share model applies to the educational portion of any license agreement. When there is a differential cost between an educational version and research version of a software package, the ECS contribution will cover only the cost of the educational version. Departments and researchers interested in the research version must cover the purchase and annual cost differential.

Commercial Educational Software Acquisition and Installation

In order to maintain a secure and productive computer environment, software must meet the following guidelines to qualify for a network install and ECS funding.

Run under Windows 10 or 64-bit Linux
Run as ordinary user (not administrator)
- Does not need to write to protected areas (C:\Windows ,C:\Program Files, C:\Program Files (x86), etc.)
- Does not need to write to the local machine registry (HKey_Local_Machine store)
Allow the installing administrator to set the location of files the software needs to create and modify
Be IPv6 compatible
Have a licensing system that does not require administrative action on each computer (no web activation per host)
Have a silent installation method (no user interaction during installation)*
Not conflicting with existing applications and device drivers
Not require hardware security devices
Not require Netbios
Annual maintenance must be purchased for all commercial software. Annual maintenance must include phone support.
Software must support network licensing and must be able to be run from any machine on the College network.
Enough licenses must be purchased to adequately support the class (or classes) in which the software will be used. The College recommends purchasing a number equal to at least 20%-25% of the maximum number of students in the class (or classes).
Department(s) using the software are responsible for any reporting requirements (e.g., Ansys requires an annual usage report).
Software must be compatible with the supported engineering lab load to be installed on the college network.

If a purchased package does not meet these guidelines, ECS will not install it on the network. Such software may be installed on an individual faculty machine or in a research lab.

Annual Software Renewal and Installation

Academic software renewal processing coincides with budget planning for the new fiscal year. New funding requests will be accepted beginning March 1 and until the funding for that year is exhausted.

Donated or no cost software will be handled in the same manner as purchased software.

In general, the sooner ECS receives the software, the more likely it is that the install will be completed prior to the start of the next semester. Requests will be processed in the order they are received. Queue order may change if the requesters agree to the change.

Guidelines for Software Removal

DEOs will be notified of software that no longer qualifies for ECS funding. Software that does not get alternate funding will be removed from lab, classroom, and other public workstations prior to the start of fall classes. In addition, ECS will not maintain retired software that remains on individual faculty or research machines. New OS loads may render retired software inoperable.

Installation Requests

The Software Procurement and Installation Policy includes the deadlines for requesting software for installation on the ECN or the laptops used in SC.

Scope

All college of engineering students, non–engineering students taking an engineering course, and faculty and staff, including complimentary appointments, are given an access to engineering computer resources while they are associated with the college. This account gives a user access to information technology resources provided by the college. In addition to account holders, visitors who use information technology resources that belong to The University of Iowa or the college of engineering are covered by this policy.

The scope of the terms “user” and “information technology resources” are defined in the UI Acceptable Use of Information Technology Resources policy (AUP).

All users are responsible for knowing and abiding by the guidelines and responsibilities set forth in the University of Iowa's Policy on Acceptable Use of Information Technology Resources and in this document.

Account Owner Responsibilities

Beyond the requirements of the UI AUP, the following additional responsibilities are in effect for anyone accessing the College of Engineering information technology resources. Users should:

Use the computing resources solely to pursue the missions of the College of Engineering and in an efficient, ethical, and legal manner.
Contribute to a working environment that encourages effective study and work for all users. This includes, but is not limited to, an environment free from loud talking, loud music or sound from computer games, offensive graphics on computer screens, and graphic or vulgar language and gestures that demean individuals.
Maintain the integrity and security of your account by keeping your password confidential. Report any suspected unauthorized access to your account and change your password immediately.
Maintain the privacy of your account by not sharing it with anyone.
Abide by the “Usage Guidelines” below and IT Usage Guidelines and Good Practices to maintain equitable use of the resource for all users.
Use college-provided commercial software to support the educational and research mission of the College of Engineering.
Adhere to software licenses and those requirements as referenced in University AUP and software licensed to the College of Engineering on college or personally owned computers.
Appropriately use software that is subject to ITAR and similar government restrictions

ECS Responsibilities

As a provider of computing services, ECS is responsible for delivering a reliable, effective, and secure computing environment. ECS will provide the following:

Reasonable safeguards against unauthorized access to your account
Data recovery (when possible) in the case of ECS-managed equipment failure that results in a loss of information
Access to the computing resource 24 hours a day, seven days a week, year around to the best of our ability
Regular upgrades of hardware and software to support the college's computing needs
User assistance and consulting support

Guidelines

The IT Usage Guidelines and Good Practices describe specific practices expected at all times. ECS may take action when these guidelines are violated.

Users are encouraged to report suspected violations of this policy to the College of Engineering Chief Technology Officer or the Director of Engineering Computer Services.

Implementation

ECS will make every effort to evaluate individual user actions on a case-by-case basis. If a particular program or process is unduly reducing the availability of network resources, or is creating a disruption in the study climate of a facility, then this activity is subject to actions that will restore service to the larger community. Specifically, steps will be taken to protect the files of users and to maintain sufficient processing resources to allow persons to access and perform work with their accounts. Actions taken will be determined by current system load on the network, severity of the offense, previous misconduct history by an individual, and any extenuating circumstances. Actions may include, but are not limited to, email notification of the situation, requests for clarifying information, termination of processes, and account suspension.

Related Policies

The operation of engineering network and computing facilities shall be in accordance with the University of Iowa's Policy on Acceptable Use of Information Technology Resources policy. The UI policy covers security of computing resources and accounts as well as individual privacy and the limitations thereof.

Server and User File Backups

The Engineering Computer Network (ECN) as administered by Engineering Computer Services (ECS) includes file backup and recovery services for 1) the files servers run by ECS, 2) home directory and share directory files for any user account, and 3) local hard drives of ECS-administered computers, as described below.

1) Server backups of ECS and external client machines are described in the Disaster Recovery Policy and are not applicable to user files. Backups are created for disaster recovery only.

Server backups comply with the UI data backup policy.

2) Network Files. On Windows computers, older copies of home directory (and share directory) files are available by selecting a previous version of the document. You can restore modified as well as deleted files. See Previous Version for how to recover older versions or deleted network files.

Because user files are stored on a Windows file server, there is no Linux equivalent of Previous Versions. Linux users must login to a Windows computer to restore an older version or a deleted copy of a document.

3) Local hard drives of ECS-administered Windows computers (computers that ECS has named ENGR-d-xxx-y.iowa.uiowa.edu), are backed up. A backup of user files on C and the entire D drive is done three (3) days per week. To have a local file restored from this sort of backup, use the file restore request form. These restores are handled by ECS.

Note: For best results in recovering data, we recommend utilizing network drives. Backup retention is only between 60 and 90 day depending on system. For longer term archival, please contact ECS.

Compliance

The Engineering College complies with the UI Institutional Data Policy.

All Engineering computer account holders must abide by the Acceptable Use Policy as well as other pertinent policies and guidelines. When ECS is notified of the following sorts of violations, the computer account may be disabled.

Disabling an Account without Prior Notice

A user’s computer account can be disabled by changing the password without notifying the user for the following reasons:

There is evidence of activity that violates federal, state, or local law as enumerated in UI Acceptable Use Policy (AUP) Section 19.4.J.
The account shows activity that critically affects other's use of the system (e.g., security risk, network performance degradation, account break-in). See UI Acceptable Use Policy Section 19.4.

Process

Make a determination that immediate disabling of the account is necessary according to the reasons listed above.
Get authorization from ECS director. If approved, change account password. If it is not possible to get authorization, make a determination based on the seriousness of violation.
Notify all ECS staff. If appropriate, notify external personnel (e.g., ITS security, campus security).
Unless the situation warrants secrecy or has been turned over to external personnel, a designated ECS staff person will contact the user, explain the situation, and schedule a face-to-face meeting.
Following the face-to-face meeting with the user and receiving reasonable assurance that the user understands the situation and will modify account usage, re-enable account.
Repeated or serious violations of the UI AUP or Engineering Acceptable Use Policy can be referred to the appropriate disciplinary body for faculty, staff, or students as defined in the UI AUP Section 19.5.

Notifying User of Inappropriate Computer Activity

In the following situations, the designated ECS staff person will notify a computer account holder who is in jeopardy of his/her account being disabled.

The user has violated the UI AUP, Engineering AUP, or any other relevant AUP.
The use of the account poses some security risk.
The account activity has contributed significantly to some threshold of network performance degradation.

Process

Notify the user of situation (by email and/or phone). Explain how to modify the offending activity, or ask the user to come into the office for an explanation. Set a cutoff date after which time ECS will inactivate the account.
Depending on the seriousness of the offense, attempt to contact the user more than once and using multiple avenues (e.g., email, phone, letter) before disabling the account for non-responsiveness or failure to modify usage. If the user does not respond, disable the account on the cutoff date.
Following a face-to-face meeting with the user and with reasonable assurance that the user understands the situation and will modify account usage, re-enable the account.
Repeated or serious violations of the UI AUP or Engineering AUP can be referred to the appropriate disciplinary body for faculty, staff, or students as defined in the UI AUP Section 19.5.

Eligible Faculty and Staff

People eligible to receive allocated computers are in one of three categories:

Voting faculty
Permanent staff with a 50 percent or greater appointment in Org15
- report through the Dean’s Office (eg. Finance & Operations, ETC, HCC, eSST)
- and non-research staff in research units (eg. IIHR, ITI, NADS). Non faculty research staff are not covered.
Others as designated by the Dean’s Office

Program

The goal is to provide faculty and staff with office computers that are no more then five (5) years old. The computers are configured to be appropriate to the tasks and responsibility of the faculty or staff member. The actual number of computers replaced annually will depend on several factors, including funds available and the number of faculty and staff participating in the program.

Renewal Cycle

The cycle is annual, usually beginning in December.

Allocated Computer

This policy allocates and replaces only ECS-administered desktop computers. No portables or servers are allocated, and no substitutions of the hardware model are allowed.

Because these computers are meant to help employees be productive, the computer must be in the individual’s primary office for use by the employee. When the individual to whom a computer was allocated leaves the college, no longer uses the allocated computer, or prefers to use a departmentally managed computer, the computer returns to the college for reassignment. Faculty that opt out of the college computer renewal program must return the college-allocated computer if one was assigned to them and are not eligible to rejoin the program for one year.

Groups

The eligible faculty and staff form nine groups: the six academic departments (BME, CBE, CEE, ECE, ISE, ME), the research centers (IIHR, ITI, NADS) and the rest of the eligible staff. For allocation purposes, the administrative support staff of a department are treated as members of that department. Faculty may opt out of the program, reducing the size of the eligible group for that unit. When a faculty member opts out of the program, he/she is assigned inactive status. Faculty on the inactive list for at least one year can rejoin the annual renewal program during the next renewal cycle.

Allocation

As long as funding allows, the number of new computers available for each group will be equal to the number of computers that will be five years or more old at the renewal time. Each year college administration will inform the unit managers/directors of the number of new computers allocated to their unit. The renewal computers will replace the oldest computers in the group in any given year.

Security

ECS is very security conscious and enforces procedures beyond what other IT shops on campus impose. One result is that the ECS staff has spent much less time than other IT staff recovering from security breaches. Because the number and intensity of break-ins (mostly on Windows computers) continue to increase, new security precautions will, no doubt, be instituted as necessary. Here are some of the measures we use to improve the safety and availability of the computing environment in the College of Engineering.

Limit incoming traffic on some networks.
Connections using Remote Desktop must be secure. You can use the Junos Pulse VPN or Cisco AnyConnect to create a secure connection before launching Remote Desktop.

What You Can Do about Security

ECS runs a network that is as secure as reason and requirements allow. Most actions that make a computing environment secure are things that individuals do, not the efforts of the system administrators. Here are several things that users can do to maintain security.

Don’t leave passwords visible. Do not write down account passwords, we strongly recommend utilizing a password keeper (see UI password tools)
Don’t tell others your password(s). Passwords are meant to protect the information you have access to. If you have access to confidential data from a University, departmental, or private database, that confidentiality can be compromised by giving another person access to your account by sharing your password.
Screen lock your computer when you walk away from it. Locking your screen when you leave your computer unattended prevents others from using your computer account. On a Linux workstation, select Leave | Lock from the K/Start menu to lock your workstation. On a Windows computer, press Ctrl + Alt + Del and select Lock Workstation.
Log off or lock your computer at end of day. Just as you lock your screen when walking away from your computer during the workday, doing so at night is as important. One advantage to logging off when you leave is that on ECS-administered machines, ECS installs remotely (without being on your computer) operating system patches, and new versions of virus scanning files and software. This work, typically done on weekends late at night, proceeds more quickly and smoothly if you are not logged into your account.
Follow working remotely best practices (UI - ITS).

Rationale

ECS strives to provide a secure, highly functional, consistent environment across all platforms. This functionality can best be supported when the hardware and software remain consistent across the college. This support model has enabled us to provide superior service and functionality (e.g., home directory service, password synchronization across all platforms, backups).

The University of Iowa requires that each campus unit be able to verify that computers in its domain are appropriately patched, have anti-virus software installed with updated virus definition files, and comply with the enterprise password policy.

While ECS recognizes that the standard base load or limitations of college-managed systems may not meet the needs of all faculty, University regulations now require a level a management for all computers. This policy aims to provide a support model for faculty who choose to administer their own machines and those who want a managed environment.

Eligibility

All desktop computers on the Engineering Computer Network must participate in one of the programs described below. Windows, Macintosh, and Linux computers are covered by this policy.

For all of the options below,

Computer is joined to Iowa domain.
Management agent is installed to handle machine inventory, operating system (OS) and software updates
Password tool is enabled, allowing user to use Hawk ID and password
Locally Administered and Research Computers

Option 1 - Minimum support - no charge

Fee: none

Benefits:

The computer must be joined to the uiowa forest unless the owner can demonstrate how they will enforce university password policies and there is a compelling case that forest membership will result in operational problems.
The owner is given a local admin account for administering the machine.
The owner is responsible for obtaining, installing, and maintaining all software without any support from ECS. No software licensed through the College of Engineering or the UI will be made available through ECS.
If it is viable ECS will install a software agent to ensure compliance with University policies.
The owner is responsible for any interactions with the vendor for warranty support.
Engineering Help Desk will provide basic support at no cost, but for more complex issues will charge time and materials.

Option 2 - Intermediate support

Fee: $250 one-time for the life of the computer

Benefits:

The owner is given a local admin account for administering the machine (upon request).
Additional application software available from the various Engineering application pools is installed on request provided that no special research license is required.
Engineering IT staff will install research versions of Engineering supported applications upon payment of the relevant license fees.
Engineering IT staff will help the owner with software installs on request.
Engineering IT staff will deal with the vendor for any warranty support.
Engineering IT staff will create system restore image (upon request).

Option 3 - Full support with backup

Fee: $25 per month for the life of the computer

Benefits:

Local drive backup.
Benefits #3-6 from Option 2 above.
Engineering IT staff will provide troubleshooting and general assistance with software and hardware problems.
Engineering IT staff will attempt to minimize any downtime related to equipment failure or software issues.
Engineering IT staff will reload operating systems and applications as necessary and keep them current.
Locally administered computers can be added to the Engineering Computer Network by filling out the Request for an Additional Network Connection form.
Local computer administrators must follow University policies and standards as per the (ITS) Network Citizenship Policy as well as local policies in the Checklist for Locally Administered Computers.
The computer should be directly connected to the network and not behind a router.
If the system is compromised, the computer will be disconnected from the network until the OS has been reloaded and the vulnerability patched. ECS will try to notify individuals prior to a network disconnect.

Best Practices for all Locally Administered Machines

Install software and data on the local data drive.
Turn on automatic updates for applications.

Benefits to Local Administration

The individual can install his/her own software and external hardware.

Drawbacks to Local Administration

Computers are more susceptible to denial of service and root access attacks than ECS-administered computers.
ECS support for diagnosing and resolving software conflicts may incur a charge.

ECS Administered Computers

ECS installs, maintains, and manages all hardware and software on the system. Computers are rebooted early Sunday morning if there are operating system patches or software updates. Daily backups of the local hard drives are done automatically by ECS. The computer is connected to a secure network. Hardware and software purchased by the College are under warranty.

Individuals cannot install their own software or hardware. ECS will install hardware or software purchased by an individual; there is no charge for that service. Purchased software must be compatible with the supported OS. ECS will make every reasonable effort to resolve conflicts between purchased software and the OS.

Computer Naming Convention

ECS administers collegiate, departmental, teaching lab, and institute-owned computers under the following plans. Collegiate, department, teaching lab, and research lab computers are in the IOWA domain.

Collegiate Computers

Collegiate computers are named ENGR-D-COExxx, and are purchased by the Dean’s Office. There is no fee associated with ENGR-D-COExxx computers. They receive complete support, including local hard drive back up. These computers are replaced every 5 years.

Department Computers

Department computers are named ENGR-D-nnnxxx where “nnn” is the department abbreviation; e.g. ENGR-D-ISE007. Fee includes local hard drive backup.

Teaching Lab Computers

Teaching lab computers are named ENGR-T-nnnxxx where “nnn” is the department abbreviation; e.g. ENGR-T-ECE007.

Research (Lab) Computers, Full support

Research lab computers are covered under option 3 above and are named ENGR-R-nnnxxx where “nnn” is the name of the lab; e.g. ENGR-R-ECE007.

Others

Locally administrated and research lab computers covered by options 1 and 2 above are named (option 1) ENGR-N-nnnxxx where “nnn” is the name of the lab; e.g. N-ECE007; and (option 2) E-nnnxxx where “nnn” is the name of the lab; e.g. ENGR-E-ECE007.

This contingency and disaster recovery plan describes the College of Engineering Computer Services (ECS) computer environment that has been designed to prevent incidents and anticipate easy recovery from a disaster destroying all or part of the facilities. This plan is applicable to all College of Engineering Computer Services staff responsible for managing critical facilities, including server hardware, software, and data. The ECS director serves as the administrator of the core server infrastructure for the College of Engineering. In the case of an incident or disaster, the ECS director serves as the Recovery Manager.

The goals of this disaster plan are to:

Provide for the safety and well-being of people on the premises at the time of a disaster;
Continue critical business operations;
Minimize the duration of a serious disruption to business operations and resources;
Minimize immediate damage and losses;
Ensure organizational stability;
Ensure orderly recovery.

Causes

Situations that can interrupt or destroy computer, network, or telecommunication services occur under the following major categories:

Environmental failures include interruptions by fire, steam, flooding, and weather, of the air conditioning and electrical systems.
Hardware and software failures and malfunctions.
Application failures caused by sabotage, system malfunction, or an interruption of the computing infrastructure.

Recovery depends on the severity of the failure. This plan covers strategies for both partial and full recovery of critical and non-critical applications and data.

Who Is Affected

ECS staff, guided by the ECS director, handles the work of recovering from a disaster. Faculty, staff, and students in the College of Engineering may be affected by a disaster, as well as clients with equipment or data that is managed by ECS.

Disaster Planning

Prevention
Disaster prevention means reducing the impact of problems by minimizing recovery time and effort to keep an incident from escalating into a disaster. Preventive measures strive to decrease recovery time, as well as reduce the probability of a catastrophic event and reduce its impact.

Prior Planning
In preparation for a disaster, ECS

Has configured a virtual server environment that can suffer the loss of up to two host servers without loss of service. Servers and data storage devices are configured to recover automatically from errors and disruptions.
Can perform a restoration from the ground up.
Can restore a fully patched and compliant computing environment.
Provides central controls (e.g., virus blocking, port blocking) when applicable.
Identified other work units that would be affected if the incident were to spread.

ECS has documented the following:

Identified person(s) with the authority to declare a disaster (see “Recovery Manager”).
Identified multiple staff capable of restoring IT services (see “Recovery Manager”).
Process for retrieving backed up data.
Procedure for the annual review and testing of the plan, including educating appropriate staff to ensure they are aware of and understand the plan.

Security
Security for data involves protection from damage or attack, being stable, reliable, and free of failure. Securing information is guaranteeing its confidentiality (levels of privacy), integrity (being complete and true), and availability (being accessible).

Physical Protections

ECS has set monitors to detect to following conditions in the server room, network entrance facility, and disaster recovery site:

Fire or smoke
Overheating or lack of sufficient cooling
Power interruption
Server malfunction
Change in network operations
External (network) attack, network intruder(s)
Fire detection and suppression

When a monitor detects any of the above fault conditions, the system calls and sends email to the ECS director and the sysadmin staff.

The ECS server room, entrance facility, and disaster recovery site have:

Backup power with uninterruptible power supply backed by a diesel generator*
Heating, ventilation, and air conditioning controls
Secure doors and windows, and facility space
Video surveillance, intruder alarm systems, and motion sensors
Access control logging
Two-factor authentication required for entry: physical key and code

Technical Redundancies

Virtual servers configured to automatically take over the functions of a failing server.
Sysadmin staff receives on-going cross training.
Key employees have cell phones and Internet access from remote location.
VPN to allow key employees to have secure access from remote location.
Multiple server and data backups available. (See “Backups” below)
A contingency communication plan that assumes normal electronic communications, including telephones, will not work.

Backups

All systems are backed up periodically as described in the ECS Backup and Recovery Policy. Physical access to backups is restricted by access control and password security. Physical access to off-site storage is restricted by access control.

Emergency Procedures

Decision-Making Process - During an Incident or Disaster

In the case of an attack or emergency, the Recovery Manager or designated staff will:

Report the attack to the University IT Security Officer.
Block or prevent escalation of the problem, if possible.
Preserve evidence, where appropriate.
Change affected account passwords as necessary.
Change the status of accounts as necessary.
Stop the service, if necessary.

Recovery Manager

The ECS director shall be the Recovery Manager, who is the primary person expected to carry out the following basic roles after a disaster situation has been declared by the designated authority. The secondary person shall be the first available first responder from the sysadmin group.

The Recovery Manager will direct coordination, restoration, and communication activities. This manager makes command decisions as related to the disaster within the scope of the area, and is essentially in charge of the disaster recovery. S/he works with other staff and/or outside vendors to restore computers, or other technical systems, to a functionality needed for the area to operate, at a minimum, its critical services. S/he also handles communication with departmental staff and outside entities.

Actions
Equipment and Data Protection

Servers and storage devices are configured to automatically switch to another server or storage devices in the case of failure. If the disaster is caused by water, the designated staff will verify that the operations of the affected server or storage device have automatically moved to other equipment.

Data are protected by the security protections and back up policy described in the “Prevention” section above.

Damage Assessment

The Recovery Manager or designate should evaluate damage to the computing equipment, structure, electrical system, air conditioning, and building network. One part of a damage assessment is specifying what equipment must be replaced and in what order replacements will be done. Estimates of repair time should include ordering, shipping, installation, and testing time. After the assessment, the Recovery Manager should estimate and communicate when computing functions are likely to return to normal.

Emergency Procurement

The Recovery Manager is responsible for evaluating the necessity of purchasing replacement equipment. The Purchasing Department at the UI will determine the best source for the quick acquisition of hardware and other equipment.

Recovery

The servers and data storage devices are configured to automatically recover from errors. Should manual intervention be required, the process is known by several from the sysadmin staff and documentation is kept in the Server Room Operations Manual.

Information Sources

These documents include information on servers, storage devices, software, customers and services, and operating information relevant to the Engineering Computer Network.

ECS Wiki
Server Room Operations Manual
Backup and Recovery Policy (to be reviewed)

* Disaster recovery site in ERF does not have a diesel generator.

ECS Administered Computers

Individuals cannot install their own software or hardware. ECS will install hardware or software purchased by an individual. Purchased software must be compatible with the supported OS. ECS will make every reasonable effort to resolve conflicts between purchased software and the OS.

Computer Naming Convention

Collegiate Computers - Collegiate computers are named ENGR-D-COExxx, and are purchased by the Dean’s Office. They receive complete support, including local hard drive back up. These computers are replaced every 5 years.
Department Computers - Department computers are named ENGR-D-nnnxxx where “nnn” is the department abbreviation; e.g. ENGR-D-MIE007. Fee includes local hard drive backup.
Teaching Lab Computers - Teaching lab computers are named ENGR-T-nnnxxx where “nnn” is the department abbreviation; e.g. ENGR-T-ECE007.
Research (Lab) Computers, Full support - Research lab computers are covered under option 3 above and are named ENGR-R-nnnxxx where “nnn” is the name of the lab; e.g. ENGR-R-ECE007.

All College of Engineering students, staff, and faculty are eligible for an Engineering computer access. All access is subject to the College of Engineering Acceptable Use Policy as well as the University of Iowa's Policy on Acceptable Use of Information Technology Resources.

These guidelines describe specific practices expected at all times in private offices or public labs or spaces. Engineering Computer Services (ECS) may take action when these guidelines are violated.

Computing Resources

Computing resources, both physical machines and the virtual computing environment, are made available to support academic computing in the College. To ensure that computing resources are available equitably:

On a single shared workstation/computer, confine your access to one interactive¹ session and one background job².You can use one interactive session to check on the status of a background job. See Examples below.

Limit yourself to two concurrent background jobs on the entire network. It is best to start the two jobs on two different machines in order to distribute the load. All background jobs on engineering workstations must be set to run at a low priority.

Refrain from running server programs. Executing server programs is expressly prohibited when 1) the program continues to run after you log out; 2) the program is not related to the study of engineering; or 3) the program duplicates services already provided on the network (e.g., a web server). Please consult with ECS staff if this policy negatively impacts academic needs.

¹ “interactive session” is using the keyboard and mouse to communicate with the computer. All Windows sessions are interactive.

² “background session” is a job submitted that requires no keyboard or mouse input to complete the computation. You can submit background jobs/sessions on the Linux workstations, but not on the Windows computers.

Examples: If you are seated at and logged into a Linux workstation or a Windows computer, that is one interactive session. ; if you connect to another machine, that is the second session. If you submit a job to run without needing keyboard input, that is a background job, your second session. When coming into the ECN remotely via SSH, the SSH session is one active session; if you connect via SSH to another machine, that is a second session.

Use the nice command.

Data Integrity

If you store data outside a network drive, you are responsible for backup.

Email Good Practices

Never respond to an email asking for your account information (password). The University nor the college will never ask for your account information via email.

Software Licensing

Software that the university or the college licenses for academic or research use may be installed on personally owned computers only if the licensing allows.

While it is impossible to enumerate all situations that might require action, these usage guidelines illustrate acceptable conduct. If your situation requires deviation from these guidelines, or you do not know if an activity falls outside these guidelines, please consult ECS staff to coordinate any special requirements. These may include relaxed background job priority, extra process allowances, or extra disk space. Every effort will be made to coordinate with individual users and to accommodate the bona fide needs of study and research.

Computer Lab Guidelines

In order to promote a productive work environment, the following policies are in effect at all ECS IT facilities. Because security of the ECS computer labs, conference rooms, and group work rooms is critical to the success of 24-hour access, you are responsible for secure and orderly use of these facilities at all times.

Authorized Users

Only faculty, staff, and students currently enrolled in engineering classes may use the equipment. If someone who does not have an engineering computer account is discovered using the facilities, s/he may be asked to leave the facility.

Computers Not Being Used

ECS staff are authorized to logoff any computer left unattended for an extended amount of time.

Cleaning time

Custodial services have priority during their scheduled time and users are expected to leave the facilities promptly at cleaning time.

Complaints

Please submit any complaints to an ECS staff member, 1256 SC, or send a message to suggestion@engineering.uiowa.edu.

Food, drink, smoking, and vaping

Covered cups and mugs for liquids are allowed, but no other food, drink, tobacco, or vaping is allowed in the IT facilities at any time. Please leave food and uncovered drink on the tables at the entrances to the labs. Users that are found with food or drink at a workstation may be penalized.

Games

Use of the facilities for academic work always takes precedence over game playing.

People using game software may be asked to make that computer workstation available to students waiting to do homework. Limit game playing to those times when an IT facility is not crowded.

Hardware/software problems

Please report any problems you have with software or hardware to ECS staff, 1256 or 1253 SC, 319-335-5055. If equipment in the labs is broken, please don't attempt to fix it. Come to the Engineering Help Desk, 1253 SC, or send email describing the problem and naming the computer involved as soon as possible. Do not turn off the computers.

Noise

Keep the volume of computer speakers and other sound devices to a minimum. Avoid offensive language and loud speech.

Printing

If a printer is out of paper, report empty printer paper trays to a consultant, 319-335-5055, 1256 SC. If no consultant is on duty, send email. If possible, send your file to another printer. If no print options exist, you must wait until an ECS staff member restocks the paper.

Printing Reimbursement

Reimbursement is provided if the printer malfunctions. As soon as you notice a problem with your output from a laser printer, report it to the Engineering Help Desk, 1256 SC. Repeated printing in spite of equipment problems will not be refunded.

Resource Use

Do not leave workstations running programs overnight without permission from ECS staff. If permission is not obtained, the staff is authorized to logoff the workstation.

24-hour access

In the college of Engineering, there is always at least one computer lab open to Engineering students. There may be times when specific labs are closed for cleaning, maintenance, etc. In general the Elder (SC 1231) and Hering (SC 1220) computer labs are not locked, so if you have an engineering computer access, you can use those labs 24 hours a day. The SC 1245 computer classroom is locked after 7pm week nights and weekend morning and evenings. The Eltoft (SC 2301) lab is locked at 7:00pm until 7:00am. When the building or rooms are locked, you must use your access card to enter. your access card to enter.

Using /var/tmp, Linux local storage

ECS manages temporary local disk storage, /var/tmp, on Linux workstations. ECS suggests that some packages be run from the local disk storage area because these packages create very large scratch files, which do not fit within quotas and slow network performance when run from your H: drive. The local storage area must be cleaned out for system upgrades, machine failures, or when the disk fills up. You must make your own backups of files on the temporary /var/tmp space.

At the end of each semester (including the summer term) and for system upgrades, performance issues, or a full disk, ECS will remove files from /var/tmp. You must save files that you want stored in /var/tmp before our clean up. If we have to clean out /var/tmp in the middle of a semester because of unavoidable circumstances, those files will not be saved.

Schedule

/var/tmp will be cleaned out the first working day after grades are submitted to the Registrar for the fall, spring, and 8-week summer sessions, assuming that ECS has not needed to clean up /var/tmp for reasons noted in the paragraph above. The grade due date is published in the University calendar.

To maintain a secure computing environment, the College of Engineering has implemented the following policies for the stability, reliability, and security of information technology in the College.

Direct questions about the details of these policies and how they are implemented to the Engineering Computer Services (ECS) office 1256 SC, 319-335-5751.

Acceptable Use

All computer and network users are required to adhere to the University's Information Technology Resources Acceptable Use Policy (AUP) and the College of Engineering's Acceptable Use Policies for Information Technology Resources.

Computer Ownership

University-owned computers can be used long term in assigned spaces (offices). Personally owned portables may be connected to the College of Engineering network temporarily and used in unassigned spaces such as labs, classrooms, and public areas.

If you have a computer not managed by ECS, you are responsible for the physical as well as the electronic security of that equipment. You must adhere to the following:

IT Security and Policy Office (ISOP) – Network Citizenship
UI Core security standards - Endpoints (requires UI Sharepoint login to view)
Personally owned computers

Network Connections

The college provides a variety of network services. Each wired network port is configured to provide the desired service for the particular client that is plugged into it. When a new client (computer, networked printer or other wired network device) is added to the network, or an existing device is replaced or relocated, the network port(s) need to be reconfigured appropriately. Therefore wired network devices need to be registered with ECS. To register a device its hardware identity Ethernet physical (MAC) address, desired network name and location (room number and network port) need to be reported. Please note that some network jacks in some rooms are not connected and cannot be used unless a network cable connection is requisitioned. When you report a desired jack, ECS will let you know if it is available for use or will need a requisitioned.

You must register the computer’s Ethernet address and its DNS name with ECS. When a network connection has been requested and approved for a named computer in a specific location, ECS will:

Assign a circuit number. The computer’s network port will plug into the wall plate with that circuit number.
Assign an IP address to the registered computer. If the computer is changed, the person responsible for that network line must report the change to ECS.
Record the name of the faculty or staff person responsible for the computer and the network port. The named person will be contacted regarding all issues involving this computer. These issues include but are not limited to inappropriate use of the computer or the line, security problems, service problems, and billing.
Enter the computer name and IP address into the Domain Name Service (DNS).
Assign, configure, and activate a network port.
Configure any required DHCP service.

Security

All computers connected to the Engineering College network may be scanned for security problems by the Information Security and Policy Office (ISPO). When the ISPO has determined the security of a computer has been compromised or used for inappropriate purposes (see the AUP) the computer may be disconnected from the network without prior notice. To reconnect a computer to the network, ISPO must be assured that all security problems are fixed. ISPO may verify that the computer has been properly rebuilt by scanning it.

Domains

All domain name requests must be approved by ECS.

Engineering computers utilize HawkIDs & passwords. For more information on HawkIDs passwords, please refer to the University of Iowa Enterprise Password Policy for details.

Elevated Privilege System Accounts

An account with elevated privileges has additional requirements: you must change the password at least every 180 days and the password must be at least 15 characters long.

Changing Your Password

If you are logged into a college-administered Windows computer, press the Ctrl + Alt + Delete keys at the same time and select Change Password. You must enter the current password and your new password twice. If you are logged in remotely, on a Linux workstation, or on a self-administered computer, go to the engineering password tool page to change your password.

You can change your password to reactivate your account even if your password has already expired; go to the password tool, and select Change passwords.

You can change your password using the Pulse Secure VPN.

If you forget your password, please bring your UI student/faculty/staff ID card to the Engineering Help Desk, 1253 SC, to have your password reset.

You use the same password to log in to Window and Linux.

Check or Set Your Password

Use the HawkID Tools to verify your password. If you enter your password correctly but your account is locked or the password has expired, that information is returned and can be changed on the same page.

Password Life Span

Passwords have a maximum life span of 365 days. You will get email from consultant@engineering.uiowa.edu before your password expires. The subject line of the email will be "Your password will expire in 14 [7, 1, 0] days." That email message suggests the best way to change your password depending on where you are logged in. See the Changing Your Password section above for information on changing your password.

If you forget your password, bring your ID to the Engineering Help Desk, 1253 SC, to request that your password be reset.

What Makes a Good Password

Passwords protect your account from unauthorized access. For this reason, ECS implements password restrictions in order to deter password cracking. Passwords rules are listed above. In addition, we recommend that your password contain at least one non-alphanumeric character and that it not contain any portion of your name or another person's name as a part of your password. Because longer passwords are more difficult to crack or to guess, we recommend using at pass phrase of 15 characters or longer.

In general, if part of your password is a proper name or a word that appears in an English dictionary, it is not a secure password. If you have a dog named Ace, mydog=ace would not be a secure password.

Valid non-alphanumeric characters are: , + - $ [ ] * & ^ / % { } | " ' ? < > _ :

Do not use the characters : \ ! @ # [space]

Password Problems, Time Limits, Expired Passwords

If you try to enter your password but do so incorrectly 15 times, your engineering account is locked for 5 minutes.

Your password is valid for 365 days. Two weeks prior to the date that your password will expire, you will begin to see reminder messages to change your password each time you log in. Once your password has expired, the next time you log in the system will prompt you to change your password. After changing it, you will need to log back in immediately with the new password.

Engineering Webmail Password Problem

The Engineering Webmail system is ONLY for legacy engineering e-mail accounts. In 2009 a decision was made to outsource e-mail services to HawkMail and no new engineering e-mail accounts have been created since. The only users of the engineering e-mail system are people who have accounts that pre-date 2009. Any person who's Engineering account post-dates 2009 will get a login error if they try to use the Engineering Webmail system. This is an expected result as those people do NOT have an engineering e-mail account. If you are certain that you have an engineering e-mail account and are having trouble logging in to the Engineering Webmail system see the above tips. If you are still unable to resolve your problem contact ECS user services.

The primary mission of ECS is to support University-owned and managed computing hardware. Support of personally owned computing hardware will be left to the discretion of the ECS director, who has the right to refuse support of any and all personally owned computing equipment.

As time and resources permit, ECS will:

strive to provide limited, basic, non-warranty support for personal computers owned by faculty, staff and students.
assist with non-warranty diagnosis and troubleshooting of hardware problems.

The owner is responsible for all replacement parts, shipping, and other associated costs. ECS may help with hardware replacement. If support requires installing software, the owner must provide properly licensed copies of the media.

Procedures and Guidelines

The owner must contact the Engineering Help Desk by phone, e-mail, or walk-in prior to dropping off a system for service. This advanced notice may result in a quicker resolution to the problem. It will also allow us to inform the owner if we will not be able to work on the system in a timely manner.

The Engineering Help Desk has the right to refuse any computing hardware that may legally or morally jeopardize the integrity of the College of Engineering or the University of Iowa.

The owner must back up their critical data prior to dropping the system off. The Engineering Help Desk is NOT liable for any loss of data.

Any request to install software must be accompanied by a licensed copy of that software.

Turnaround times can vary widely, from one day to two weeks depending on the work load.

Bring all hardware to the Engineering Help Desk, 1253 SC.

Once the Help Desk has diagnosed or resolved the problem, the owner will receive notification by phone or e-mail.

The owner of the system may pick up the system at any time if they feel the Help Desk has taken too long to resolve the problem.

Contacts and Technical Experts

Engineering Computer Services, College of Engineering (319-335-5751) (consultant@engineering.uiowa.edu)
University of Iowa Information Technology Services (ITS) Help desk (319-384-4357). The ITS Help Desk offers software repair and troubleshooting.

Disclaimer

The Engineering Help Desk is NOT liable for loss of any data on or damage to personally owned computing hardware.

Questions

For questions about this printer support policy, please contact the ECS Director, 319-335-5751.

ECS Lab Printers

ECS handles all the installation, troubleshooting, and repair for printers in the students labs and computer classrooms (Elder, Hering, 2301, 1245, 2301). Problems with printers in those labs should be reported to the Engineering Help Desk, 319-335-5055, 1253 SC, or consultant@engineering.uiowa.edu

Departmental, Local, and Research Lab Printers

CSS will recommend appropriate printers to purchase. If requested ECS will troubleshoot printing problems and recommend repair as appropriate.

If a maintenance contract is purchased with the printer, hardware problems should be handled per that contract. If there is no maintenance contract or the printer’s warranty has expired, the Engineering Electronics Shop (EES), 2018 SC will attempt to repair printers. The owner must provide an account to which the Electronics Shop can charge the repair.

For help with a departmental printer, contact the Engineering Help Desk, 319-335-5055, 1253 SC,consultant@engineering.uiowa.edu

IT related purchases that meet one or more of the following criterion must be purchased through local University Shared Services staff in consultation with ECS.

Devices that have computing capability such as desktops, laptops, tablets and other mobile devices, etc.
Devices that have wired or wireless networking capability
Storage capacity over 128 gigabytes
Bulk (5+) purchases of Internet of Things (IoT) platforms such as arduinos, Raspberry Pis, compute sticks, etc.
Cost threshold over $100. (excluding consumables, e.g. toner)

ECS has been charged with handling the ordering, processing, receiving, and inventory of all technology equipment for the college. Among the ordering-related services that ECS provides are:

Consulting - Come to us with your functional needs and ECS staff will facilitate purchase.
Purchasing options - When there are options for equipment that fits the stated need, ECS will provide the purchaser with the various options.
Ordering - ECS will work with the vendor(s) and Purchasing to order the desired equipment.
Tracking of the order
Taking delivery of the order
Working with Inventory (Finance & Operations) as required
Setup
Delivery

For IT related procurement, contact ECS at 319-335-5751 or stop in to 1253 SC or complete the following workflow form.

Relevant Policies

Review the desktop Acceptable Use Policies for Information Technology Resources, the Academic Software Funding & Acquisition Guidelines, the Network, Security, and Cabling Policies and policies found on the ISPO website.

The Engineering Computer Network (ECN) software installation policy sets deadlines for ECS staff to receive software to be installed on computers. Software must be installed within security, licensing, and accessibility constraints following University Policies. Some software is not conducive for network installation, ECS cannot guarantee that all packages can be successfully installed. All software to be used in courses, labs, and required for job duties must go through the ITS Technology Review Process prior to installation. Contact ECS to help complete the review process.

Who Is Affected

All College of Engineering faculty, staff, and students.

Classroom and Lab Software Installation Policy

Please allow for multiple weeks lead time for software to be used in fall and spring courses. The ITS Technology Review Process takes multiple weeks to complete in addition to the time needed by ECS to install the software. Typically ECS will need around three (3) months before the start of fall classes to allow for the Technology Review Process and software installation.

Minimal changes will be made to the lab loads during the year.

Classroom laptop load changes to the user environment may be made during a semester. Classroom laptop load changes requiring a complete reload must be approved by the ECS Director. If you plan to use the classroom laptops, please check out one from ECS so that you can test the software you intend to use.

Software to be used in a special training session must be given to ECS 1 month before the start of the session. In addition, you must supply a technical contact with the software so that ECS staff can discussion installation issues.

Research or Other Software Installation Policy

Research software may be required to go through the ITS Technology Review Process prior to installation. Contact ECS to help complete the review process.

Some educational software may require additional licensing for research use. ECS will assist with software on demand as time allows. Any required funding is the responsibly of the researcher.

Verification that requested software compliance with University of Iowa policy (Export Controls, ITAR, etc. – as may be specified in grants) fall to the grant Principle Investigator (PI) and researcher.

Procedure

To request software, fill out the College of Engineering Software Procurement Request form and bring applicable media, documentation, and licensing information to ECS, 1253 SC by the above noted deadline.

Within two weeks of receiving the software, ECS will notify instructor if the software cannot be installed on the network.

Requirements

In general, software to be installed on the Engineering Computer Network must:

Run under Windows 10 or 64-bit Linux
Run as ordinary user (not administrator)
- Does not need to write to protected areas (C:\Windows ,C:\Program Files, C:\Program Files (x86), etc.)
- Does not need to write to the local machine registry (HKey_Local_Machine store)
Allow the installing administrator to set the location of files the software needs to create and modify
Be IPv6 compatible
Have a licensing system that does not require administrative action on each computer (no web activation per host)
Have a silent installation method (no user interaction during installation)*
Not conflicting with existing applications and device drivers
Not require hardware security devices
Not require Netbios

* Please check with staff to see if a silent install is possible

Questions

For questions about this policy and use of software on College of Engineering computers, please contact the ECS Director, 319-335-5751.

Student Lab Computers

Windows computers in student labs in the 1245 SC and 3231 SC computer classrooms, Hering (1220 SC), Elder (1231 SC), and 2301 SC labs have Automatic Updates turned on. That is Microsoft’s recommended setting, and the setting you should have on any Windows computer at home.

Computers in those labs are set to patch Sunday beginning at 1:00 am whenever there is an operating system patch or a software patch to be installed. Another patch begins at 3:00 am on Sunday to ensure that all downloaded patches were installed. At patch time, all the computers in the labs will be unavailable for the few minutes that it takes for the patch to install and the computer to reboot.

Faculty and Staff Computers

If a Windows patch or software updates are released during the week, Windows machines will be taken down beginning at 1:00 am on Sunday to install patches. Else the computers will remain available for login.

If a critical patch is released during the day, you will get a pop-up dialogue box that will allow you to defer the patching for up to 3 hours. After that period of time, your login session will terminate so the patch can be applied.

ECS suggests that you close all files when you leave your computer at the end of the day and log out before Sunday. If there are updates to install, the installation will not damage any files if all files are closed.

ECS Policies

Academic Software Funding and Acquisition Guidelines

Acceptable Use Policies for Information Technology Resources

Backup and Recovery Policy

Computer Account Disabling Policy

Computer Allocation Policy

Computing Safely

Desktop Computer Support Policy

Disaster Recovery Policy

ECS Computers and Naming

Engineering Computer Access Policy

IT Usage Guidelines and Good Practices

Linux Temporary Storage Policy (/var/tmp)

Network, Security, and Cabling Policies

Passwords - What you need to know

Personally Owned Computer Support Policy

Printer Support Policy

Procuring IT Equipment

Software Procurement and Installation Policy

Windows Patching Policy