General Policy for Service Provided by CLAS Linux Group

Overview

The CLAS Linux Group is a part of the broader CLAS Technology Services team.  We support a variety of hardware, software, facilities, and network services.  We augment the support offering of the central IT provider ITS.  We will facilitate central IT issues and questions for our users as needed.

This document defines the policies of the CLAS Linux Group regarding computing facilities and information technologies.  All information herein is to be used as a guideline; specific interpretation of this policy is left to the CLAS Director of Research in consultation with the Senior Director of IT for CLAS and the DEO’s of the departments in CLAS as needed.

Defined Support

Due to staffing, efficiency and budgetary limitations, we must prioritize and standardize our support of hardware, operating systems and software.

Support

  • These are the guiding principles (the order is significant) under which we operate:
  • The primary responsibility of the group is to support core network services like file services, printing, Linux accounts, authentication, core applications and maintain a secure environment for computing.
  • Support education including account creation, course software, course accounts, student labs and educational software environments.
  • Support faculty, staff and TA/RA Linux workstations and servers in CLAS that use approved operating systems, and to support commonly-used educational and research software running on those systems.
  • Support research computing.  The priority of research computing is determined by the time we have left, direction from the department chairs, and other duties as assigned by the CLAS Senior IT Director.

Operating Systems

  • We will provide full support to the following operating systems in managed load machines:
    Approved versions of CentOS/Ubuntu or Fedora Desktop running on approved hardware.
  • We do not have the resources in terms of time, training, or dollars to support other operating systems.  We will attempt to help answer questions based upon our knowledge but will not support other operating systems.
  • The Self-Managed Machine Responsibilities should be consulted before requesting a self-managed machine.  There are several University policies that the user must adhere to when managing their own machine.  This document also has answers to commonly asked configuration questions.

The following items need to be considered when purchasing equipment:

  • Support
    CLAS Technology Services cannot prohibit the purchase of hardware or software that it does not support, but we discourages such purchases.  We realize that there may be very good reasons for the purchase of unsupported products, and will try to work with faculty and staff who do purchase such products. But we cannot offer help for such purchases at the same level as for officially supported equipment and software.
  • Commercial Support
    CLAS Technology Services strongly recommends that no product be purchased without also buying a support contract for that product.  It is the responsibility of the purchaser of the equipment to arrange for any necessary support contracts with the vendor or manufacturer.
  • Product Capability
    The CLAS Technology Services should be consulted in any purchase decision for research hardware so that we can offer advice about the potential compatibility and performance of the product.  For hardware purchases, for example, we will offer advice as to the amount of memory or local disk space that should be purchased.
  • Security
    CLAS Technology Services strongly discourages the purchase and use of any product that potentially creates a security risk for the other users.
  • File Server and Backup Capacity
    The purchase of hardware and software can place demands on the disk space on the central file server, and on the server backup system. Please consult us for options and pricing to backup your hardware.  See Backup/Restore Service Description for details.
  • Network Capacity
    Some products may place extraordinary demands on the network.  In such cases, we must plan for these demands, and must cooperate with Information Technology Services (ITS) to meet them.  Network-intensive purchases may also require the purchase of network equipment.
  • Facilities Services Issues
    A purchased product may have special needs for air conditioning, electrical power, or other facilities services.  Notify the CLAS Technology Services as early as possible of these needs, so that we can cooperate with the Facilities Services Group in providing for them.  We may ask the purchaser to pay for the additional Facilities fees.

Support Restrictions

  • To have a supported machine, the configuration must be approved BEFORE THE EQUIPMENT IS ORDERED.  There are too many combinations and peripherals for PC's for us to support every combination or for us to list the "currently" supported combinations. We will work hard to support mainstream combinations of video, Ethernet, mouse and sound cards. If the equipment is ordered without being approval, we reserve the right not to support it.  This applies to both initial purchases as well as upgrades.
  • Hardware & Software Obsolescence 
    We will support approved equipment for the duration of the support contract purchased with the equipment from the hardware vendor.  Equipment that does not have a support agreement receives a lower priority than gear with a hardware or software warranty/contract.
    • In the event of a catastrophic hardware failure (eg. motherboard, processor, HBA, etc), as determined by the CLAS Linux team, the device may no longer be viable.  CLAS Linux will work with the owner to identify their best options for a replacement system.
    • CLAS Linux support for any major OS/hardware upgrades/repair ends after seven years.
    • OS's without vendor support will be isolated on the network and not receive any new software or OS patches due to the level of support effort required to support obsolete hardware/software and due to University IT core security standards which require security patching within so many days of a CVE/security bulletin being released.
  • Off-site Equipment
    We do not have the resources to support UI owned equipment off-site.  UI owned equipment located off-campus will need to be brought back to a campus office to be supported.
  • Laptops
    We don’t support Linux on laptops or dual boot laptops.
  • Vendor and Manufacturer Support
    We will keep the hardware we manage in good working order to the best of our abilities.  We will cooperate with external support groups on- and off-campus to resolve hardware problems.
  • Hardware Upgrades
    We will identify upgrades to the hardware that supports the central infrastructure providing core file, print, web services, and backup and recovery services.
  • Network Connectivity
    We provide DHCP and static IP’s for equipment in some buildings as necessary (CS, Math, Stats).  We cooperate with on-campus units (ITS) to maintain network functionality, though we do not have any control of the network, network reliability, or network performance.  ITS has administrative domain over all the networks we use including the wireless spectrum.  ITS can and will disable network ports that ITS deems a security risk due to violations in the ITS acceptable use policy.  We also reserve the right not to provide network services for self-managed hardware if that hardware is deemed a security risk.
  • User-Installed Networking Devices
    Users must not install any networking hardware without first consulting with a CLAS Technology Services team member.  Improperly installed or configured equipment can make the entire network unusable for everyone.  Such equipment can also be a potential security risk. 
  • Standard Backups for Linux account holders
    We will back up the main Linux file server only, so that files can be restored in the event of equipment failure or accidental loss by the user.  Requests for restores will be prioritized based upon support priorities.  Abuse of restores by users may result in this service being terminated for that user.  Backups will span a 12 week window.  No desktop/client backups will be done by default.  Please store all of your data on the file server ONLY.
  • Backups for researchers
    We will work with researchers to find the most economical way to backup your research data.  See the Backup/Restore Service Description for details.
  • Superuser Access
    We will fully support equipment if the CLAS Linux team is the only party to have superuser (root) access, or the equivalent, on that equipment. We cannot be responsible for the state of equipment for which we do not have sole and complete administrative access.  There is a more limited support offering for shared root machines that can be found in the Linux Support Policy document.

Software Support

We will install and upgrade legally obtained and licensed educational, research, and productivity software for supported platforms according to our policies defined earlier. We will work with vendors to solve problems regarding installed software on supported equipment. 

Software Funding

Software typically has two components of cost: 

  1.  Capital purchases
  2.  Annual maintenance costs
    1. We will only purchase academic software and annual maintenance costs approved by the computer advisory committee (the three departmental DEO’s or designates and the CLAS Director of Research Services).  Furthermore, not all software requests will automatically be granted.  We typically have a three year recurring support allocation from the student computer fees that is used to fund these software purchases.  We will facilitate the license negotiation and will install, maintain, and support the software.
    2. When there is a differential cost between an educational version and research version of a software package, the college and departmental contributions will be calculated based on the cost of the educational version.  Departments and researchers interested in the research version must cover the purchase and annual cost differential or the entire cost if not used for academic work.

Software Request Guidelines

There are several guidelines used when considering a software request.

  1. Purchased software used in academic courses or in research.
  2. Software license agreement must be approved by the U of I legal team before we can load the software on departmental workstations.  If the software isn’t approved, then the department's DEO must sign off on the installation and subsequent liability.

All software requests should be submitted to the ticketing system located at request@divms.uiowa.edu.  All requests for new software or for upgrades to existing software must be approved by the computer advisory committee.  If the computer advisory committee approves the request the we will install the software based upon the following criteria:

  1. All requests for research software will be installed on a priority basis.  We place a priority on maintaining core network services first, completing the academic software requests second, and installing research specific software packages third.
  2. Requests will be handled on a first come first serve basis.
  3. For software that will be used in the fall semester, the cutoff date is August 1st
  4. For software that will be used in the spring semester, the cutoff date is December 1th.
  5. For software that will be used in the summer semester, the cutoff date is May 1st

Any academic software requests submitted after the dates above will be installed as time allows and will not be guaranteed to be ready for use at the start of the semester. 

Software Eligibility Guidelines

In order to maintain a secure and productive computer environment, software must meet the following guidelines to qualify for a network install.

  1. Annual maintenance must be purchased for all commercial software. Annual maintenance must include phone support.
  2. Software must be able to run as an ordinary user (i.e., not as a Power user or Administrator) and is not a security risk.
  3. Software must support network licensing and must be able to be run from any machine on the network unless prior approval is arranged with CLAS Technology Services.
  4. Enough licenses must be purchased to adequately support the class (or classes) in which the software will be used.  We recommend purchasing a number equal to at least 20%-25% of the maximum number of students in the class (or classes) or a number equal to the number of seats in the computer lab which will be used by the department's students.
  5. The department(s) funding the software is responsible for any reporting requirements (e.g., Ansys requires an annual usage report).  CLAS Technology Services will handle any reporting requirements of academic software usage if required.
  6. The software must not conflict with existing applications or underlying operations of the host operating system.
  7. Software license agreement must be approved using the Software Review process.

If a purchased package does not meet these guidelines, we will not install it on the network.

Guidelines for Software Removal

We recommend a one-year notification period prior to removing software from computer labs.  This notification time period would allow us to communicate the status of the software through a variety of mechanisms (e.g., newsletter, application wrapper, faculty meetings).

Annual software maintenance contracts must continue to be funded by the departments during the notification period.

Software that remains on the removal list following the one-year notification period will be removed from lab, classroom, and other public workstations prior to the start of fall classes. In addition, we cannot support retired software that remains on individual faculty or research machines. It is especially likely that new OS loads will render retired software inoperable.

Patching

CLAS Linux will patch the OS during our normally agreed upon patch window.  An automated email will be mailed to the users that are logged into the system if a reboot is needed for patching.  CLAS Linux recommends writing long running jobs to be checkpointable if at all possible to minimize reboot interruption.

  • Default patching schedules
    • Ubuntu/Rocky - Thursdays from 4am-6am (automatic patching), every other Thursday 9am-12pm (manual patching)
    • Fedora - T, W, Th from 4am-6am
  • Users can notify us to delay patching for one window (patching occurs every two weeks) but not two consecutive patch cycles if they are in the middle of a long running job that would be difficult to restart. 
  • If a user chooses to have their system auto-patched over the weekend and does not come back up properly it will be resolved during business hours M-F. 
  • Critical or emergency patches may be applied within 1 day if required.

Printing & Supplies

  • Departmental network or personal printers are purchased by each department as well as any supplies (toner, paper, maintenance kits, etc).  CLAS Technology Services will perform page accounting to help the departments track usage.
  • Personal faculty and staff purchased printers will not be supplied (toner or paper) by the CLAS Technology Services.  The departments or the faculty member will provide supplies to those printers.
  • Laboratories that are funded from the College of Liberal Arts computer fees have no funding for printer paper.  Thus, paper for these laboratories must be provided by the users.  The amount of toner provided for these laboratories will be determined by budgetary constraints.

Facilities Support

CLAS Technology Services provides the following support for facilities in the Division:

Laboratory Access

Instructional lab access in MLH and SH are available to any valid UI Iowa One card holder. The labs are open during building hours and locked when the building entrance doors are locked. See Linux Computer Labs for details. 

Facilities Support Restrictions

  • User-Installed Network Equipment
    Users must not install their own network equipment (such as hubs/switches, WAP’s and bridges) on any network jacks.  Improperly installed or configured network equipment can render a network unusable by anyone.
  • Food and Beverages
    No food or beverages are allowed in the general undergraduate laboratories.  Any food or drink found in these laboratories may be confiscated, and the user may be locked out of the laboratories for a period of time.

Although we discourage the practice, users of other laboratories or offices may have food and beverages. Any accidents with food or drink that spill onto laboratory or office equipment must be reported immediately to CLAS Technology Services.  The maintenance contract may or may not replace damaged equipment.  CLAS Technology Services keeps some older keyboards, mice and monitors that may be used in these situations on a case by case basis.

Linux File Services

The CLAS Technology Services Linux Group provides the following support for facilities in the College of Liberal Arts and Sciences:

Default Quotas

The CLAS Group will provide file services to the networked equipment in the college, as follows:

GroupWarning Levelhard Quota
Faculty/Staff/Students30617 MB30720 MB

 

Default Personal Web Quotas

GroupWarning LevelHard Quota
Faculty/Staff/Students1638 MB2048 MB

 

What Personal Web Quota Includes: Quota on the web server includes anything in and under your personal web directory or folder. It does not include anything in your account's home directory.

General Quota Policies

  • Faculty can purchase additional quota for $0.15/month/GB. So, to receive 31GB of home directory quota (your 30 GB + 1GB more), it will cost $1.8/year. 
  • Shared space or projects are setup on a by request basis. 
    • Faculty and staff may request a shared “/group/username” area from which all of their shared/project space will reside.  This space will have a group quota limit of 600MB.  Any request beyond 600MB will be charged for at the normal charge back rate defined above.
    • Student group spaces are approved by the CLAS Director of Research.
    • Educational shared space requests will use the “/group/class/course #” directory space.  This space goes away at the end of each semester.  If the shared space needs to go beyond one semester, or be used by multiple classes, the faculty member will request an exception to be approved on a case by case basis with the CLAS Director of Research.
  • Self-managed equipment access to Email, Web, ssh, and printing is the responsibility of the user.  Some limited file service may be possible, depending on the type of self-managed equipment.  Samba/CIFS access is available for all shared mount points and NFS access is available for your home account on a request basis.  See the Self-Managed Machine Checklist for additional details.
  • Managed equipment: services for self-managed equipment, plus file services and remote management all provide by the CSG group.

Accounts

Any valid HawkID user with a current appointment may create a CLAS Linux account based upon the University wide HawkID that expire sometime after the owner ends their appointment with the University.  The password is the same as your HawkID password.  See the Linux Account Service page for details.

Anyone else who would like an account must apply for an account.  A faculty member in CLAS sponsoring department is required to sponsor the account.  If the user is not affiliated (no valid HawkID) with the University, the sponsored accounts require a zero-dollar appointment. A CV and appropriate University of Iowa title (e.g., Research Assistant II) are a requirement of the zero-dollar appointment. The zero-dollar appointment will create or extend a HawkID for the sponsored individual. The account will expire whenever the sponsorship ends. Sponsorships can extend for a maximum of one year. Sponsors can apply for renewal.

All accounts and the rights associated with them are the sole property of the single individual on record as the owner of the account.  Rights and ownership are not transferable.  Individuals are not to give access to an account to anyone else.

The use of an account is limited by departmental affiliation and status of the account owner. Having a Linux account with CLAS Technology Services does not entitle the owner to access to every workstation within the college.

Remote Access

In situations where a user is trying to connect to equipment with the computing resources from off-site, CLAS Technology Services has no control over the user's remote equipment or the connection from that equipment into the UIowa network. Therefore, CLAS Technology Services can provide only very limited help for remote access from locations outside of the campus network.  See our Remote Access Help pages for help.

  • Wireless access 
    Wireless service is provided by central IT (ITS).  For help or details on the ITS wireless service please reference the Wireless Support pages from ITS.

Web

Each user has a web page available at http://www.[cs, math, stat].uiowa.edu/~username. Please see the Personal Web Pages Service pages for details. 

Additional Services

The CLAS Linux Group provides many services beyond those described above. For a complete listing of the services and service descriptions, please visit Linux Services