This standard seems to be virtually the same as the previous iteration with a couple minor adjustments. Many of my comments from the last revision still stand, which I have copied (and updated) below:
Laptop, desktops, Windows tablets seems vague and non-inclusive. What about iOS tablets? What about other mobile devices (iOS/Android tablets, phones, etc.)? What about departments that use Linux or UNIX boxes? Aren’t they considered “end-user devices”? If not addressed in this standard, will there be another standard to reference them? There is a reference to a “mobile device SLA” but SLAs do not set forth standards.
The term “mobile device” seems to be used very loosely. What is the definition of a “mobile device”? To me, a “mobile device” is anything that doesn’t require a power cable to turn on, which would include laptops, tablets, phones, etc. UPDATE: This revision seems to be referring to another category of “portable” devices. What’s the difference and how is the casual reader supposed to easily tell the difference? Seems like there may need to be a glossary of terms, at minimum.
“What is End-User Device Support”
“Acquisition, management, maintenance, and support” – this standard notes “support” in the title, so some of these items seem to be out of scope. Acquisition, for example, is a purchasing/funding issue. “Support” is supposed to be the topic of the standard, so why is it noted separately from these other items and why are they included?
“Excluded from the scope of this standard”
Doesn’t make sense to address student checkout laptops in the Classroom Technology standard. They may or may not ever be used in a classroom. What about lab equipment? Print stations? Where do they fall? Seems like all of these need to be in the same place.
“Responsibilities – UNM IT”
Should be noted that UNM IT charges for the base standard operating environment
“Device Acquisition”
Second bullet doesn’t speak to the cost associated or to creating a plan to meet this requirement
“Installation, Warranty and Equipment Maintenance”
What constitutes a “certified staff” member? Do they need to be Dell/Apple certified? A+? This is very vague.
“Equipment Set up, Integration and, Security”
Typos and grammatical issues in section heading
First bullet – UPDATE: This document is much better than what was there before. I’m curious, though, how this was developed and by who. If strictly by UNM IT, I don’t believe that meets the spirit of a collaborate standard where all parties should have some feedback into what constitutes best imaging practices
Enterprise-grade deployment tools aren’t always appropriate in smaller departments/environments (cost could easily outweigh benefits). What’s wrong with deploying images via USB keys?
While a good general rule to try to follow, many departments cannot guarantee operating systems are “within manufactures (sic) product life cycle” – many departments must utilize older operating systems for special hardware, such as Windows XP for mass spectrometers that are necessary for their department’s operation and initiatives.
“All UNM owned devices must utilize Microsoft Active Directory (AD) authentication and be joined to either HEALTH or COLLEGES UNM domains”
Nice idea, but not possible (at a minimum) without wireless AD availability. Windows tablets don’t have ethernet ports, nor do many modern laptops. This would require additional adapters to be purchased for these devices. Additionally, tethering a Surface tablet to the wall with a cable kind of defeats the purpose of a tablet or mobile device. Wireless AD would be great! But I don’t think we can add it to a standard that REQUIRES people to join AD using a solution that doesn’t yet exist. If this is an auditable standard then if wireless AD doesn’t exist then, in order to comply, we MUST join the devices to the domain via whatever method IS available, which simply isn’t doable with currently existing technology on campus. Unless this can be put into place before this standard is ratified, it should be added to the standard later during a regular review cycle once wireless AD is available.
This also doesn’t address offsite UNM-owned machines, even if they have ethernet ports. Will VPN be available for these machines? Cached profiles work for a while, but not indefinitely.
“Antivirus”
What is the “UNM IT enterprise managed solution”? Microsoft Defender has been more than adequate since Windows 8. Why slow down machines with software that provides no additional coverage? I do not agree that the UNM enterprise anti-virus solution is preferable. I would not be providing good service to my users if I install a program that will significantly slow down my users’ machines without providing any measurable improvement in stability or protection, which is especially true on older machines that are struggling for system resources to begin with. Having an enterprise-level anti-virus solution is great for areas that do not have robust images or IT support, but there needs to be a way for areas to meet this requirement without having to prescribe to only one solution if another can meet the same level of protection, particularly if it offers a massive performance increase to boot. This was one thing that the Data Center Standard did so well – it offered guidelines and a general “toolbox” of options but did not require that any single solution had to be employed.
“Hardware Lifecycle”
Again, this is a nice standard to aim for but doesn’t seem attainable by many UNM departments unless UNM IT is offering a multi-million-dollar influx of money for departments to meet this requirement. “As budget permits” helps, though.