Mule access management - Managing Environments and Permissions
Common Solutions Group Workshop: Managing Large Environments Introduction and Background
description
Transcript of Common Solutions Group Workshop: Managing Large Environments Introduction and Background
Common Solutions Group Workshop:Managing Large Environments
Introduction and Background
Susan Grajek, Yale
Steven Sather, Princeton
2
3
Overview of Today’s Workshop
1. Introduction and background
2. Managing desktop security
3. Asset and inventory management
4. Mobile device management
5. Wrap up, next steps
4
Workshop goals
• What are managed environments?
• Where do we stand today?
– Challenges
– Best practices
• What are the benefits of managing environments?
5
What are managed environments?
• Ad hoc Managed Device group met in Chicago in July
– Brown: Karen Asquith & Alan Usas
– Chicago: Greg Anderson, Corey Liss & Kevin Vaccaro
– Duke: John Cook
– Princeton: Charlayne Beavers, Phil Immordino & Steven Sather
– Stanford: There in spirit!
– Virginia Tech: Bill Plymale
– Yale: Lee Fontaine, Susan Grajek & Adriene Radcliffe
6
Chicago workshop recap
Goals
• Define managed devices
• Describe best practices
• Identify opportunities for collaboration
7
Defining device management
Security– Initial Configuration– Patching/Updates– Access Control– Malware (virus/spyware)– Privacy (encryption, hipaa)
Application deployment Inventory and asset management Image management• Data integrity• Remote assistance • Connectivity and registration• Software and licensing≠ (Accounts Management)
8
Management environments
Fully managed • Dumb terminals, thin clients. • No data or local applications other than those that
facilitate access.
Wide open • End users have administrative privileges at both the
application and operating system levels. • Applications and data are stored locally. • No common base configuration. • Subscription and self-service tools unlikely to be
available, so machine is managed manually. • No up-front prohibited protocols, devices, applications,
or actions (but machine will be disconnected if it causes a problem to the rest of the network).
9
Application storage
Data
storage
Common base configuration?
Updates Admin privileges
Fully managed
Centrally Centrally Complete To central configuration
None
Locked down
Locked down or served centrally
Centrally Updated image Delivered centrally
None
Secure Local or centralized
Locally Initial image, some updates
Subscription to managed updates
None, but options for configuring
Open managed
Locally Locally Initial image Managed updates or use self-service tools
Application, OS or both
Open unmanaged
Locally Locally None Self-service tools or manual
Yes, some few prohibitions
Wide open Locally Locally None Manual Yes, no prohibitions
10
Results of CSG Survey
11
24 respondents for 21 Schools and EDUCAUSE
• Brown University• Carnegie Mellon University• Columbia University• CU-Boulder• Duke University• Harvard - Central Administration• Indiana University• MIT• Princeton University• Stanford University• University of Chicago• University of Delaware • University of Michigan
– Campus Computing Sites– Health System
• University of Minnesota• USC • University of Texas @ Austin (two submissions, data averaged)• University of Washington• University of Wisconsin-Madison• University of Virginia• Virginia Tech• Yale University• EDUCAUSE
12
Desktop Management Environments Faculty Staff Students
Configuration% current % poten-
tial % current % poten-
tial % current % poten-
tial
1. Fully managed
0 1 0 2 0 1
2. Locked down 8 12 11 19 7 10
3. Secure 11 25 27 42 4 2
4. Open managed
34 45 35 28 14 44
5. Open unmanaged
47 18 27 9 75 43
13
Some highlights
• University of Michigan reports 100% locked down for faculty, staff and students
• Four schools reported more than 80% of faculty machines are fully unmanaged:– Chicago, Delaware, USC, CU-Boulder
• Only three schools guessed that faculty machines could be fully managed: – Stanford (10%), UT-Austin (2%) and UVa (1%)
• Two-thirds of schools believe that at least 50% of student machines could be at least partially managed.
14
15
Different tools and processes will work in each environment.
16
Process used
Mapped each device management activity (e.g., application deployment) against each environment to:
• describe what each of us is currently doing
• consider other, additional options
• draft best practices for each environment
17
Example: Application deployment
18
Summary of management tools and processes
• Managed update tools (SMS, Zenworks, GPOs, WSUS, Shavlik)
• Manual update (end user or technician)
• Self-service configuration tools
• Images
• Remote data wipe
• Tools to enable end-users select their management preference
• Installers
• Software virtualization
• Thin client applications delivery
19
Summary of management tools and processes
• Network quarantine
• Life cycle management (leasing, mediated purchasing and disposal)
• Asset management tool
• Vendor-supplied data
• Bundle on CDs
• Mac address/network registration
• Published guidelines
• Site licenses
• Minimum requirements
20
Results of CSG Survey
21
Which practices and tools are we using?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Registration of Mac addresses
Update tools
Manual update (by end users or technicians)
Images
Asset management tool
End-user guidelines for managing devices
Minimum hardware and software requirements
Life cycle management
Web-based self-service installers & config. tools
Network quarantine for unpatched machines
Self-service installers, etc. on CDs
Vendor data integrated w. asset management data
Thin client applications delivery
Application virtualization
Tools for users to manage deployment prefs
Remote data wipe for compromised laptops
% of schools using
22
How widely are we deploying tools & practices?
Registration of Mac addresses
End-user guidelines for managing devices
Minimum hardware and software requirements
Network quarantine for unpatched machines
Update tools
Web-based self-service installers & config. tools
Images
Life cycle management
Manual update (by end users or technicians)
Asset management tool
Self-service installers, etc. available on CD
Vendor data integrated w. asset management data
Tools for users to manage deployment prefs
Thin client applications delivery
Remote data wipe for compromised laptops
Application virtualization
<20% 20-50% 50-80% >80%
% of devices used with
23
How widely are we deploying tools & practices?
0
2
4
6
8
10
12
14
16
24
Questions?
30