Forum Replies Created
-
AuthorPosts
-
ssmockParticipant
This standard seems to be virtually the same as the previous iteration with a couple minor adjustments. Many of my comments from the last revision still stand, which I have copied (and updated) below:
Laptop, desktops, Windows tablets seems vague and non-inclusive. What about iOS tablets? What about other mobile devices (iOS/Android tablets, phones, etc.)? What about departments that use Linux or UNIX boxes? Aren’t they considered “end-user devices”? If not addressed in this standard, will there be another standard to reference them? There is a reference to a “mobile device SLA” but SLAs do not set forth standards.
The term “mobile device” seems to be used very loosely. What is the definition of a “mobile device”? To me, a “mobile device” is anything that doesn’t require a power cable to turn on, which would include laptops, tablets, phones, etc. UPDATE: This revision seems to be referring to another category of “portable” devices. What’s the difference and how is the casual reader supposed to easily tell the difference? Seems like there may need to be a glossary of terms, at minimum.
“What is End-User Device Support”
“Acquisition, management, maintenance, and support” – this standard notes “support” in the title, so some of these items seem to be out of scope. Acquisition, for example, is a purchasing/funding issue. “Support” is supposed to be the topic of the standard, so why is it noted separately from these other items and why are they included?
“Excluded from the scope of this standard”Doesn’t make sense to address student checkout laptops in the Classroom Technology standard. They may or may not ever be used in a classroom. What about lab equipment? Print stations? Where do they fall? Seems like all of these need to be in the same place.
“Responsibilities – UNM IT”
Should be noted that UNM IT charges for the base standard operating environment“Device Acquisition”
Second bullet doesn’t speak to the cost associated or to creating a plan to meet this requirement“Installation, Warranty and Equipment Maintenance”
What constitutes a “certified staff” member? Do they need to be Dell/Apple certified? A+? This is very vague.“Equipment Set up, Integration and, Security”
Typos and grammatical issues in section headingFirst bullet – UPDATE: This document is much better than what was there before. I’m curious, though, how this was developed and by who. If strictly by UNM IT, I don’t believe that meets the spirit of a collaborate standard where all parties should have some feedback into what constitutes best imaging practices
Enterprise-grade deployment tools aren’t always appropriate in smaller departments/environments (cost could easily outweigh benefits). What’s wrong with deploying images via USB keys?
While a good general rule to try to follow, many departments cannot guarantee operating systems are “within manufactures (sic) product life cycle” – many departments must utilize older operating systems for special hardware, such as Windows XP for mass spectrometers that are necessary for their department’s operation and initiatives.
“All UNM owned devices must utilize Microsoft Active Directory (AD) authentication and be joined to either HEALTH or COLLEGES UNM domains”
Nice idea, but not possible (at a minimum) without wireless AD availability. Windows tablets don’t have ethernet ports, nor do many modern laptops. This would require additional adapters to be purchased for these devices. Additionally, tethering a Surface tablet to the wall with a cable kind of defeats the purpose of a tablet or mobile device. Wireless AD would be great! But I don’t think we can add it to a standard that REQUIRES people to join AD using a solution that doesn’t yet exist. If this is an auditable standard then if wireless AD doesn’t exist then, in order to comply, we MUST join the devices to the domain via whatever method IS available, which simply isn’t doable with currently existing technology on campus. Unless this can be put into place before this standard is ratified, it should be added to the standard later during a regular review cycle once wireless AD is available.This also doesn’t address offsite UNM-owned machines, even if they have ethernet ports. Will VPN be available for these machines? Cached profiles work for a while, but not indefinitely.
“Antivirus”
What is the “UNM IT enterprise managed solution”? Microsoft Defender has been more than adequate since Windows 8. Why slow down machines with software that provides no additional coverage? I do not agree that the UNM enterprise anti-virus solution is preferable. I would not be providing good service to my users if I install a program that will significantly slow down my users’ machines without providing any measurable improvement in stability or protection, which is especially true on older machines that are struggling for system resources to begin with. Having an enterprise-level anti-virus solution is great for areas that do not have robust images or IT support, but there needs to be a way for areas to meet this requirement without having to prescribe to only one solution if another can meet the same level of protection, particularly if it offers a massive performance increase to boot. This was one thing that the Data Center Standard did so well – it offered guidelines and a general “toolbox” of options but did not require that any single solution had to be employed.“Hardware Lifecycle”
Again, this is a nice standard to aim for but doesn’t seem attainable by many UNM departments unless UNM IT is offering a multi-million-dollar influx of money for departments to meet this requirement. “As budget permits” helps, though.ssmockParticipantThank you for the reply, TJ. Some additional feedback based on your response:
1) It seems like “End User Device Support” extends far beyond managed workstations and that the SLA for that cohort is nowhere near inclusive enough to cover “End User Device Support”. This goes back to my comment that the name for this standard shows that the contents of this standard are nowhere near broad enough to cover what “End User Device Support” really covers, or the name is incorrect and needs to reference “UNM-owned” or “UNM Managed” systems.
2) I do not agree that the UNM enterprise anti-virus solution is preferable. I would not be providing good service to my users if I install a program that will significantly slow down my users’ machines without providing any measurable improvement in stability or protection, which is especially true on older machines that are struggling for system resources to begin with. Having an enterprise-level anti-virus solution is great for areas that do not have robust images or IT support, but there needs to be a way for areas to meet this requirement without having to prescribe to only one solution if another can meet the same level of protection, particularly if it offers a massive performance increase to boot. This was one thing that the Data Center Standard did so well – it offered guidelines and a general “toolbox” of options but did not require that any single solution had to be employed.
2.5) Why is this standard focused on “preventing data loss” (I’m assuming you’re meaning in a security/data protection sense)? Isn’t that the Data Security Standard? Why would we re-define security standards (including anti-virus) in this document when they should be defined in a much larger sense. That standard doesn’t exist yet, but this standard should still simply reference the Data Security Standard and this can be done very simply with a single line – “All systems must adhere to the UNM Data Security Standards as set forth in <insert link here>”.
3) Wireless AD would be great! But I don’t think we can add it to a standard that REQUIRES people to join AD using a solution that doesn’t yet exist. If this is an auditable standard then if wireless AD doesn’t exist then, in order to comply, we MUST join the devices to the domain via whatever method IS available, which simply isn’t doable with currently existing technology on campus.
ssmockParticipantSome of these items have been brought up already, but I wanted to submit all the notes I had in one place. I do believe that this standard and the feedback received highlights some of the issues with the standard writing process, particularly one that affects so many people and areas on campus.
———–
The name of the standard is misleading – it seems to talk about how UNM IT/departments provide support to end-users, which could include personal devices and all mobile devices, in some cases. While no one may want to touch personal devices physically, isn’t simply providing documentation (e.g. knowledgebase articles) for users to configure their personal devices “end-user device support”? This should be renamed to something along the lines of “UNM-owned End-User Device Support Standard”.
Laptop, desktops, Windows tablets seems vague and non-inclusive. What about iOS tablets? What about other mobile devices (iOS/Android tablets, phones, etc.)? What about departments that use Linux or UNIX boxes? Aren’t they considered “end-user devices”? If not addressed in this standard, will there be another standard to reference them? There is a reference to a “mobile device SLA” but SLAs do not set forth standards.
The term “mobile device” seems to be used very loosely. What is the definition of a “mobile device”? To me, a “mobile device” is anything that doesn’t require a power cable to turn on, which would include laptops, tablets, phones, etc.
“What is End-User Device Support”
“Acquisition, management, maintenance, and support” – this standard notes “support” in the title, so some of these items seem to be out of scope. Acquisition, for example, is a purchasing/funding issue. “Support” is supposed to be the topic of the standard, so why is it noted separately from these other items and why are they included?
“Excluded from the scope of this standard”
Doesn’t make sense to address student checkout laptops in the Classroom Technology standard. They may or may not ever be used in a classroom. What about lab equipment? Print stations? Where do they fall? Seems like all of these need to be in the same place.
“Responsibilities – UNM IT”
Should be noted that UNM IT charges for the base standard operating environment
“Device Acquisition”
Second bullet doesn’t speak to the cost associated or to creating a plan to meet this requirement
“Installation, Warranty and Equipment Maintenance”
What constitutes a “certified staff” member? Do they need to be Dell/Apple certified? A+? This is very vague.
“Equipment Set up, Integration and, Security”
Typos and grammatical issues in section heading
First bullet – what are these “best practices” that are being talking about? The FBI doc is 200 pages long and provides almost no information whatsoever that’s relevant. What’s included in “best practices”? Are we talking about security (isn’t that the Data Security Standard)? Image creation and deployment practices? Ergonomics and high-contrast color schemes? Accessibility settings? Startup programs? Licensing? Power settings? Group policies? Local policies? Personalization settings? The list goes on and on – this point is incredibly vague with no guidance.
Enterprise-grade deployment tools aren’t always appropriate in smaller departments/environments (cost could easily outweigh benefits). What’s wrong with deploying images via USB keys?
While a good general rule to try to follow, many departments cannot guarantee operating systems are “within manufactures (sic) product life cycle” – many departments must utilize older operating systems for special hardware, such as Windows XP for mass spectrometers that are necessary for their department’s operation and initiatives.
“All UNM owned devices must utilize Microsoft Active Directory (AD) authentication and be joined to either HEALTH or COLLEGES UNM domains”
Nice idea, but not possible (at a minimum) without wireless AD availability. Windows tablets don’t have ethernet ports, nor do many modern laptops. This would require additional adapters to be purchased for these devices. Additionally, tethering a Surface tablet to the wall with a cable kind of defeats the purpose of a tablet or mobile device.
This also doesn’t address offsite UNM-owned machines, even if they have ethernet ports. Will VPN be available for these machines? Cached profiles work for a while, but not indefinitely.
“Antivirus”
What is the “UNM IT enterprise managed solution”? Microsoft Defender has been more than adequate since Windows 8. Why slow down machines with software that provides no additional coverage?
“Supplies & Daily Operation”
Equipment Maintenance – what qualifies as “certified staff”? Do they need to be Apple/Dell certified? A+?
“Hardware Lifecycle”
Again, this is a nice standard to aim for but doesn’t seem attainable by many UNM departments unless UNM IT is offering a multi-million dollar influx of money for departments to meet this requirement. “As budget permits” helps, though.
Lastly, I’m concerned that this standard is being developed without a matching SLA from UNM IT for this service. Where is UNM IT in all this? This standard seems to be targeted towards departments but not towards UNM IT’s baseline for service.
- This reply was modified 8 years, 7 months ago by ssmock.
-
AuthorPosts