Contents


Page Last Modified: Apr 27, 2018


Share Link:   https://answers.fredonia.edu/x/RIc4


Report problems with this page

Support LevelSupport Level 0Support Level 1Support Level 2Support Level 3Support Level 4
DescriptionNon-NYS Owned ComputerNYS Owned ITS provides "Basic" Support ServicesNYS Owned ITS Provides "Advanced" Support ServicesNYS Owned and ITS "Fully" SupportedNYS Owned and ITS "Enhanced" Supported
PurposeUsed for providing services to non-NYS employees and non-students (e.g. Community Members).Used for providing services to NYS employees and students.Used for providing services to NYS employees and students.Used for providing services to NYS employees and students.Used for providing services to NYS employees and students.
Examples IncludeStudent computers, CoachUSA, non-Fredonia / non-state owned hardware, etcComputers used with Scientific equipment. Single purpose computers, "appliance" type computers, Faculty start-up funded computers (depending on purpose), etc.Multi-station / Multi-location use systems such as Carrier, Siemens, FSA, Physical Plant, Health Center Systems, Faculty start-up funded computers (depending on purpose), etc.Standard Windows/Mac desktops & Macs, Faculty Mac's, Smart Classroom, Computer Labs, etc.HIPAA, PCI, or similar type restricted access computer or system required to exceed normally recognized IT security best practice. Falls within level 2 data risk classification
Data Risk Classification CategoryCategory 1 - PublicCategory 1 - PublicCategory 2 - PrivateCategory 2 - RestrictedCategory 3 - Restricted
OS Patch ManagementVendor or Service Provider installs critical and security OS patches no less than monthly. Current AV solution installed and updated automatically, no less than dailyITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor)ITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor)ITS installs OS updates. ITS installs and configures SEP updates. (OS must have current security and critical patches available from OS vendor)ITS installs OS updates. ITS installs and configures SEP updates. (OS must have current security and critical patches available from OS vendor)
Application Support and ManagementVendor or service providerLocal Fredonia non-ITS faculty / staff or under manufacturer software support agreementLocal Fredonia non-ITS faculty / staff or under manufacturer software support agreementITS provides all application support and management or service provided by manufacturer or vendor. Software under manufacturer's support agreement. Funding sources may varyITS provides all application support and management or service provided by manufacturer or vendor. Software under manufacturer's support agreement. Funding sources may vary
Hardware SupportVendor or service providerPhysical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sourcesPhysical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sourcesITS fully responsible for all hardware, maintenance, and supportITS fully responsible for all hardware, maintenance, and support
Local and/or Network PrintersLocal OnlyLocal via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed outLocal via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed outLocal via USB or printer defined on non-internet directly accessible 141.238.x.yLocal via USB or printer defined on non-internet directly accessible 141.238.x.y
May connect to Fredonia Wired Network"Direct to Internet" access only via NAT."Direct to Internet" access only via NAT. No 141.238.x.y IP address available"Direct to Internet" access available. Firewalled and ACL'd 141.238.x.y range available based on need and scopeYes, full Fredonia 141.238.x.y IP provided via statically assigned IP address reserved in IPAM or MAC address reservation with IPAM assignment via DHCPYes, full Fredonia 141.238.x.y IP provided via statically assigned IP address reserved in IPAM or MAC address reservation with IPAM assignment via DHCP
May connect to Fredonia Wireless NetworkNoYes, via FredSecure or similar 802.1X SolutionYes, via FredSecure or similar 802.1X SolutionYes, via FredSecure or similar 802.1X SolutionYes, via FredSecure or similar 802.1X Solution
Port allowed Outbound (going outside Fredonia campus)HTTPS, SSHHTTPS, SSHHTTPS, SSHAll required but host sits behind hardware firewallAll required but host sits behind hardware firewall
May be connected to Fredonia's Active Directory ("AD.FREDONIA.EDU")NoNoNoYesYes
New York State Asset Tag RequiredNoYesYesYesYes
May initiate a connection to another Fredonia ComputerNoNoNoYes, but network ACL's may be in effectYes, but network ACL's may be in effect
May be connected from a Fredonia computer initiating the connectionNoRDP, SSH, IP Printing (9100) onlyRDP, SSH, SMB (file print sharing). Can not use same eServices account / passwordYes, but network ACL's may be in effectYes, but network ACL's may be in effect
Scanned by NESSUSYes, non-credentialed onlyYes, non-credentialed onlyYes, non-credentialed onlyYes, credentialed and uncredentialedYes, credentialed and uncredentialed
Hardware Replacement CostsVendor or service providerDepartment responsible. No ongoing ITS replacement funding availableDepartment responsible. No ongoing ITS replacement funding availableYes, funding sources may varyYes, funding sources may vary
Disaster Recovery / Business Continuity Disk Imaging ServicesNone, vendor or service provider responsibleITS can provide imaging service for Win/Mac Only via optional SLAITS can provide imaging service for Win/Mac Only via optional SLAFull DR/BC Services available with optional / additional SLAFull DR/BC Services available with optional / additional SLA
Host (OS) Firewall requiredYesYesYesYesYes
May be used to store Fredonia information / dataNoLimited but not HIPAA / FERPA data. See "Normal Backups" belowLimited but not HIPAA / FERPA data without ISO review and approval. See "Normal Backups" belowYesYes
Inventoried by LanSweeperNoYes via SSL off-site method currently used on laptopsYes via SSL off-site method currently used on laptopsYes, via full AD credentialsYes, via full AD credentials
WhatsUpGold Alerts and SNMP alarmsNoNo. Available with optional SLANo. Available with optional SLAYes, full and enforced use of WUGYes, full and enforced use of WUG
Whole Disk encryption requiredNoDepends on type of information storedDepends on type of information storedDepends on type of information stored. All Fredonia owned laptops = yesDepends on type of information stored. All Fredonia owned laptops = yes
Regulated Data Security Controls (FERPA, HIPPA, etc.)NoDepends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia dataDepends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia dataFull controls in place pending review and approval from ISOFull controls in place pending review and approval from ISO
Who has local admin privilegesVendor onlyLocal Fredonia non-ITS faculty / staff. 1Password use available with optional SLALocal Fredonia non-ITS faculty / staff. 1Password use available with optional SLAITS OS admin, ITS application admin, 1Password use requiredITS OS admin, ITS application admin, 1Password use required
If running web service, is SSL cert required and who procures certYes, vendor or service provider procuresYes, vendor or service provider procuresYes, vendor or service provider procuresITS, funding sources varyITS, funding sources vary
Disable IPv6YesYesYesYesYes
Who provides normal daily backupsNone, vendor or service providerVendor or service provider. ITS may upon optional SLAVendor or service provider. ITS may upon optional SLAITS provides all OS, application, and image backupsITS provides all OS, application, and image backups
AuthenticationLocal accounts onlyLocal accounts onlyLocal accounts only or self supported authentication systemAD bound, Federated allowed. Only local service accounts allowedAD bound, Federated allowed. Only local service accounts allowed
ACL VLAN changesReviewed by ISO, executed by Network System and ServicesReviewed by ISO, executed by Network System and ServicesReviewed by ISO, executed by Network System and ServicesReviewed by ISO, executed by Network System and ServicesReviewed by ISO, executed by Network System and Services
ExamplesStudent computers, CoachUSA,Computers used with Scientific equipment. GasBoy, Health Center, etc.Carrier, Siemens, FSA, etc.Prowatch, DVTEL, Wilmac, Banner, AD, etc.Prowatch, DVTEL, Wilmac, Banner, AD, etc.
Computer Naming ConventionNoneShould follow documented ITS Naming ConventionShould follow documented ITS Naming ConventionMust follow documented ITS Naming ConventionMust follow documented ITS Naming Convention
ITS DataCenter Available to Host System(s)NoYes, with additional SLAYes, with additional SLAAll ITS Servers must be stored in approved ITS controlled DataCentersAll ITS Servers must be stored in approved ITS controlled DataCenters


Short URL to this page: https://answers.fredonia.edu/x/RIc4


Search