WWC snapshot of http://www.alw.nih.gov/WWW/ALW-policy.html taken on Sat Jun 10 17:44:29 1995
NIH Advanced Laboratory Workstation Policy
May, 1995
Table of Contents
Advanced Laboratory Workstation (ALW) servers generally operate 24 hours a day, seven days a week. Scheduled interruptions of service will be announced via electronic mail and the ALW World Wide Web (WWW) service at least one week in advance.
ALW servers are attended by operators from 8:00 am to 12:00 midnight Monday through Friday, excluding Federal holidays, and from 8:00 am to 4:00 pm on Saturdays.
The ALW System's staff provides customer support from 9:00 am to 4:00 pm Monday through Friday, excluding Federal holidays.
Remedial hardware maintenance is available for ALW file servers (not user-owned workstations) from 8:00 am to 5:00 pm Monday through Friday, excluding Federal holidays, with a four hour response time to begin repairs.
A
schedule of rates
governing the various kinds of services offered by DCRT has been established under the NIH Service and Supply Fund (Revolving Fund). For billing purposes, each customer-defined project is identified by a DCRT account number. In addition, everyone who personally uses any computer services must obtain a registered user name, which must be used on all requests for services and to authenticate to the ALW System. Users of data processing facilities are billed monthly.
Each DCRT account is managed by an
account sponsor, who plays a vital role in the success of the ALW System. Because of this, each sponsor should designate an alternate to accept responsibility in the sponsor's absence. Sponsors and alternates must be government employees. They have full responsibility for their computer accounts, and must ensure that accounts are
used properly
and for purposes that directly relate to official government business. Account sponsors open and close accounts, authorize and remove users, workstations, and group storage under their accounts, carry out important financial responsibilities, and provide the interface between the users and DCRT staff in account security and other matters.
The ALW staff wants to be kept informed of problems encountered by account sponsors and would like to hear about their concerns. The ALW Problem Tracking and Reporting system (PTR) or the 4-DCRT or 6-UNIX hotline should be used to inform DCRT of user problems, to authorize resetting forgotten passwords, and to apply for refunds. See
Reporting Problems and Requesting Services
for further information. Communication, or course, must always be two ways. Occasionally, DCRT staff will contact account sponsors in order to update information or if a problem arises concerning the use of an account.
The DCRT Technical Assistance and Support Center (TASC) serves as a focal point for all DCRT accounts and welcomes inquiries from sponsors concerning administrative procedures. Contact them by calling 4-DCRT (4-3278).
Specific responsibilities of account sponsors include:
- Registering an alternate sponsor. This person will have the authority to act whenever the account sponsor is unavailable.
- Authorizing additional users, workstations, and group storage volumes.
- Changing the NIH Common Account Number (CAN) to which the account is charged.
- Reminding users to follow proper security procedures, such as selecting strong passwords, keeping them secret, and changing them frequently.
- Authorizing the resetting of forgotten passwords.
- Monitoring account computer resource usage as reported on the monthly statement.
- changes to account information, such as the names of authorized users, host names and locations of registered workstations, and names of workstation administrators.
- Communicating with DCRT on matters of security and privacy, reporting any suspected security violations to ALW security personnel.
- Making sure that all contractor personnel use ALW facilities properly.
- Determining when accounts, users, workstations, or group storage volumes are to be deactivated, and arranging to delete or move files prior to deactivation.
ALW staff responds only to problems and requests for services (increasing disk space, restoring backups, changing configurations, and so on) reported either by submitting a Problem Trouble Report (PTR) via the
ptr
command on an ALW machine, or by calling 4-DCRT (4-3278) or 6-UNIX (6-8649). Problems reported via other mechanisms are not logged, dispatched, or tracked.
We respond to problems and requests for services on a "best efforts" basis. However, we usually respond to requests for disk space and service outages in less than four hours, and to routine problems, questions, and requests to restore data from backups in less than two working days.
It is illegal to use government computer resources for personal or recreational purposes. Personal use includes generation of social mailing lists, personal correspondence, programs to process household financial records, and so on. The illegality of personal use of government computer resources is covered in both the
Standards of Conduct
and Title 18 of the
Federal Code of Regulations. Recreational use includes the creation of artwork and calendars with no work-related purpose and the playing of games. Immediate action will be taken against any user found to be using ALW resources improperly. In addition, it is prohibited to produce, store, display, or transmit material that is sexually explicit, suggestive or otherwise offensive on government computing resources or facsimile machines. Federal Information Processing (FIP) resources at NIH are to be used solely to support the NIH mission
Employees who use FIP resources in a manner prohibited by the EEOC guidelines or DHHS Standards of Conduct will be subject to disciplinary action, up to and including suspension.
The ability to share stored data is one recognized advantage of the ALW environment. However, access to or the use of information (e.g., data and applications programs) stored on the ALW System is the sole responsibility of the "owner" -- the account sponsor or registered user -- of such information. Information belonging to other users may not be accessed, regardless of the degree of access control applied to it, without the explicit permission of the owner unless the information is stored in a facility which is intended for general availability such as the anonymous FTP or World Wide Web directories. Unauthorized access to data is a breach of Federal privacy/security regulations (See
Security).
Particular care must be taken in use of inter-user communication facilities such as electronic mail and news. Use of these facilities to harass other users, send obscene messages, or perpetrate jokes is a clear misuse of federal computing resources. In addition, electronic mail must be addressed to the specific persons who are intended to receive the mail; indiscriminate sending of electronic mail, either as bulk mail to many recipients or as mail to a random recipient, is not allowed.
NOTICE: Software distributed on the ALW System is obtained under a variety of legally binding license agreements that restrict the use, duplication, and transfer of the software and associated documentation. Unauthorized use, duplication, and/or distribution of this software can result in penalties for both the individual responsible and the National Institutes of Health, including civil damages up to $50,000 for each occurrence and criminal penalties including fines and imprisonment.
Each licensed software package and associated documentation distributed on the ALW System is authorized for limited use in conjunction with the services provided by the NIH Computing Facilities Branch. This software and documentation may not be duplicated or transferred to any other individual or facility. Each user who requests and receives such software is responsible for insuring its proper use. In the event of improper use, unauthorized copying or redistribution of the software and/or associated documentation, we will contact the responsible user and account sponsor for corrective action.
All users and account sponsors are responsible for paying special attention to the software listed in
Appendix C. Even though these software applications are accessible from all ALW workstations,
use without a license constitutes software theft and violates both federal law and NIH policy.
The Privacy Act of 1974 (Public Law 93-597) requires that Federal Agencies which collect information about individuals insure that it is disclosed only to authorized individuals and agencies; that it is accurate, relevant, up-to-date, and complete; and that its security and integrity are protected.
Computer security is a vital concern at NIH. The Computing Facilities Branch maintains physical security procedures to protect data from improper access by unauthorized individuals and performs contingency planning to insure that vital data can be reclaimed if a major physical disaster occurs. Each user and account sponsor has a clear role in maintaining a responsible level of computing security. Users and sponsors are expected to take routine precautions to safeguard the privacy of their passwords, and to report any suspected violations of this privacy to ALW staff.
To meet its responsibilities under the Privacy Act and to enable users to protect other types of sensitive data, the Computing Facilities Branch restricts physical access to its computer machine rooms. The restricted areas include the ALW, Convex System, and System 370 machine rooms and the output distribution area. Anyone in these areas must have an authorized identification badge. There are two types of badges. Regular entry badges are given to Computing Facilities Branch employees who have a recurring need to enter the restricted area. Temporary access badges, which permit short-term entry to equipment installers, repairmen, visitors, etc., are issued by the Head, Computer Operations Unit.
Any security system is only as effective as the efforts of the people using it. Users must also take actions to utilize the security facilities provided and to promote security in their working locations. Rooms housing workstations should be locked, passwords should not be kept near the workstation, papers with privacy data or any reference to passwords should be kept in a locked area, and users should logout or unlog before leaving their workstations unattended.
A disaster recovery plan is an organized effort to minimize the impact of a possible disaster that may interrupt data processing capabilitites. As part of our plan, all ALW servers are powered from Uninterruptible Power Supplies (UPSs) with sufficient capacity to isolate the servers from most power outages, which last only a few seconds.
We also plan to create additional full backup tapes of all disks that are used for the permanent storage of data and send these off-site for storage. In this way, some data and system recovery will be possible if there is a major catastrophe such as a flood or fire. We have not yet implemented this plan, however, so we recommend that users with critical data should periodically copy it to tape and arrange for off-site storage themselves.
Data security, beyond the physical security of the central computer facility and the system software that protects data while being processed, is the responsibility of the users who create and maintain data systems.
Users are responsible for deciding what other types of computerized data may need protection and for choosing and using appropriate security measures from among those offered. Please note however: The ALW System has not been certified by the Department of Defense to process any classified military data. Since the research mission of NIH requires data and information sharing, there will always by design be data that is not protected against access. Data should not be accessed without the owner's knowledge unless it is clearly intended for shared access.
The ALW System offers several facilities to assist in maintaining the security of data:
- Access to the system as a whole is restricted to those who have an authorized account and registered login name.
- Protection groups and group storage volumes allow groups of users to share access to specific files while maintaining the confidentiality of personal passwords.
- Users may encrypt data with the
crypt
command. Once data has been encrypted, it can be unscrambled only by someone who knows the keyword. This is the most secure protection available and users are urged to encrypt all data which contains personal information on individuals and any other sensitive information.
It should be noted that anyone who violates the provisions of the Privacy Act and permits the unauthorized release of personal information is subject to prosecution and fines.
Protect your account;
select good passwords,
change your password
frequently (at least every other month), and avoid sharing your password with others. "Sharing" passwords undermines security, possibly resulting in unauthorized access to government computing resources.
Be particularly cautious when using network utilities such as
telnet,
ftp, and
rlogin. When these programs prompt you for your password, they send it in the clear over the network, possibly revealing it to eavesdroppers.
Be careful about revealing your password to someone on the telephone. ALW staff never call users requesting their passwords unless it is with regard to a specific problem that has been reported by a Problem Tracking Report (PTR) or in direct response to a user telephone call. If an ALW staff member must initiate a contact and request a password, users should ask for the staffer's name and call back through the help line before fulfilling the request. This will ensure the identity of the ALW staff member, and prevent unauthorized persons from posing as systems personnel.
Remember that giving
system:anyuser
read or write permission on an Access Control List (ACL) enables
over 20 million
Internet users around the globe to read or write your files--do not do this unless that is what you intend!
Reboot your ALW at least twice a month to receive the latest security and system updates.
The ALW staff carefully monitors the system security information and takes immediate action when it appears that an attempt to breach security has occurred. Use of the login name related to any security violation is immediately suspended by the ALW Security Investigators.
The Security Investigators contact the account sponsor or alternate contact by telephone and send a confirming memorandum detailing the specific circumstances of the apparent security violation. In such a situation, it is the responsibility of the account sponsor to investigate the apparent violation and return a written explanation to the ALW staff responding to each instance of possible violation. When the written explanation is received and accepted, the Security Investigators will reinstate the suspended account/initials. Attempts to breach security may be innocent (simple lack of knowledge or understanding), but we are required to pursue all apparent security violations. ALW staff will work with the account sponsor to determine the cause of the problem and how violations can be avoided in the future.
At times, users may discover apparent breaches of security (such as discovering that an unknown person is making use of their login name), or may need assistance with a security-related problem. Please report apparent security problems immediately to the ALW staff.
In the unfortunate event that a password is forgotten, the user will be unable to authenticate and access ALW files. A forgotten password must be reset by ALW staff because passwords are stored only in an encrypted form. To request that a password be reset, the user or account sponsor may submit a PTR or send a memo to:
Chief, Distributed Systems Section
Computing Facilities Branch, DCRT
National Institutes of Health
Building 12A, Room 2033
12 SOUTH DR MSC 5624
BETHESDA MD 20892-5624
FAX: (301) 402-2867
Since the password is by definition confidential, any request for "lost password" assistance will require extensive validation by ALW staff. This validation process entails checking records, contacting the account sponsor, and running software that resets the password. The length of time required to reset a user's password will depend on the time required to locate the individual who must authorize the password request. This process may require several days. Be extremely careful not to forget passwords.
ALW provides installation and maintenance upgrades on a "best efforts" basis for software according to how it is licensed, as described in the following sections.
Public domain software is not covered by copyright (e.g. software developed by Government employees). Freely distributable software has a copyright that permits free distribution with restrictions or limitations (e.g. the GNU software, which requires distribution of source code).
ALW distributes supported public domain and freely distributable software to all client workstations. ALW staff provides support on a "best efforts" basis, since the authors of such software have no obligation to correct problems or provide assistance.
Software in this category is copyrighted software licensed to be used on any machine subscribing to ALW service, for example, the vendor's UNIX operating system and the AFS cache manager. See
Appendix A
for a list of ALW site licensed software.
ALW distributes site licensed software to all client workstations. ALW staff provides assistance on a "best efforts" basis, and relies on the software vendor to correct defects and make enhancements.
More and more applications are available with network licenses, also known as "floating" licenses. ALW distributes network licensed applications software to all client workstations. When such an application is executed, it contacts a license server to "check out" one of a limited number of licenses. If the supply of licenses is exhausted or the license server cannot be reached, the application issues a warning and will not run, or run only in a "demo" mode that does not permit work to be saved. Should this occur, notify the ALW staff via a PTR or by calling 4-DCRT or 6-UNIX so they can correct the problem or order additional licenses. Proper ALW etiquette is to not leave network licensed applications running if you are not using them, so the license is available to your fellow users. See
Appendix B
for a list of network licensed applications.
ALW staff provides assistance on a "best efforts" basis, and relies on the software vendor to correct defects and make enhancements.
Software is this category is licensed for use only on a specific machine. ALW distributes supported single machine licensed software to all client workstations, but
users are expected to purchase their own licenses and maintenance service directly from the vendor.
Software licensed for a single machine may or may not run on an unlicensed machine, depending upon whether or not the vendor's software enforces the license.
Appendix C
is a list of single machine licensed software. Even though these software applications are accessible from all ALW workstations,
use without a license constitutes software theft and violates both federal law and NIH policy.
ALW staff provides assistance on a "best efforts" basis, and relies on the software vendor to correct defects and make enhancements.
ALW currently provides
no
hardware support. This includes hardware installation. We recommend that users purchase installation from the equipment vendor along with the equipment itself, and that users purchase hardware maintenance from a qualified source.
We strongly recommend that owners of ALW workstations only use peripherals (e.g. expansion memory, disk drives, optical disk drives, tape drives, network interfaces, etc.) that are manufactured by the same company that manufactured their workstations (i.e., SUN disks for Suns, HP disks for HPs, and so on). While ususally such peripherals are slightly more expensive than so-called "third-party" peripherals, the manufacturers' peripherals can always be covered under your workstation hardware maintenance contract and, more importantly, the manufacturer can be relied upon to support their peripherals in current
and future
releases of their operating systems.
However, should you choose to attach third-party peripherals, the ALW policy for supporting these is as follows:
- ALW does not perform hardware installation or maintenance. The workstation owner is responsible for connecting cables, setting device numbers, installing memory, controllers, adapters, etc. We recommend purchasing installation from the equipment vendor on the original equipment order.
- ALW maintains a list of the third party peripherals for which we will perform
software
installation (see
Appendix D). Workstation owners are responsible for checking this list in advance to be sure that we support the equipment they plan on ordering--DO NOT BELIEVE THE VENDOR!
- If a workstation owner can successfully install the hardware and software for an unsupported peripheral device on an ALW, make the device functional (e.g. mount partitions from a storage device), and provide us with all necessary software and the software installation procedure, we will make the installation persistent and add the device to our list of supported third party peripherals.
We have no control over continued software support for peripherals. Often, major operating system upgrades require new software and installation procedures for third-party equipment. If we do not obtain the new software and installation instructions from ALW users about these peripherals, the devices will be removed from our support list.
ALW
does not
recommend use of local magnetic or optical disk drives as an alternative to ALW-managed file space in AFS. We
do not
back up local storage, and cannot recover lost or corrupted files. Storage of data on optical media does not protect it from unintentional deletion, corruption by misuse or malfunction of system or application software, or mishandling or loss of removable media.
However, local storage devices should function normally on ALW systems. Upon request, ALW staff will custom package systems to automatically mount local storage.
ALW
does not
support the use of local storage for the home directories of registered ALW users. These must reside in AFS. AFS-resident home directories may contain symbolic links to directories on local storage, however.
ALW makes backups of user home volumes and user data volumes each working day, Monday through Saturday, excluding Federal holidays. The daily backup takes a snapshot of user data as it was at approximately 6 A.M. of the same day. ALW can recover data as follows, depending on the age of the lost data:
The user data snapshot from which a backup is made is retained on line for 24 hours. You can recover data from your home directory as it was at the most recent 6 A.M. simply by looking in the directory path
~/OldFiles. An ALW system administrator can assist in recovering any other user data as it was at the most recent 6 A.M. by mounting the backup volume.
All daily backup tapes are retained for seven days. ALW staff can restore data from any working day in the previous 7 days.
One daily backup tape each week is retained for 30 days. ALW staff can recover data from some one day within each week for up to 30 days.
One daily backup tape from each 30-day period is retained for 365 days. ALW staff can recover data from some one day within each 30 day period for up to 365 days.
Data more than 365 days old is not retained and cannot be recovered.
Proposed changes to ALW policies will be posted on the ALW World Wide Web server at least 30 days prior to adoption to allow sufficient time for comment by ALW users.
Analyze analyze
MRIPS Medical Xcaliber medx
AVS avs
Asterix asterix
FrameMaker maker
Lotus 1-2-3 123
Macsyma macsyma
Mathematica math
Matlab matlab
Microsoft Excel excel
Microsoft Word word
Quanta quanta
S-Plus splus
SAS sas
SoftWindows softwindows
Sun ANSI C Compiler cc
Sun ANSI C++ Compiler CC
Sun ANSI FORTRAN Compiler f77
Sun ANSI Pascal Compiler pc
Synchronize synchronize
WordPerfect wp
NOTICE: Use of the following software without a valid license constitutes software theft and violates both federal law and NIH policy
HP ANSI C Compiler /bin/cc
HP C Developer's Kit /usr/bin/admin /usr/bin/cdc /usr/bin/prof ...
HP C++ Compiler /usr/bin/CC
HP C++ Developer's Kit /usr/bin/cdvi, /usr/bin/cxxdev
HP Fortran77 /usr/bin/f77
HP Glance glance
HP Laser CD-ROM lrom
HP Pascal Compiler /usr/bin/pc
HP SoftPC /usr/bin/spc
TOSHIBA [Brand Name - No model info]
ANDATACO
[Andataco MICROP 2217-15MQ1001901]
[AD1926 cyl 2770]
[AD210 cyl 2575]
[ANDATACO 200D3 DEC DSP3160S]
[ANDATACO 450D5 DEC DSP5400S]
[Andataco SEAGATE ST15150N]
DEC
[DEC RZ24 cyl 1346]
FALCON
[FALCON ST31200N cyl 2724]
[FALCON 1.0GB-ST11200N cyl 1874]
FUJITSU
[Fujitsu1 cyl 1427]
[FUJITSU M2624F-512]
[Fujitsu M2624FA SCSI cyl 1463]
IBM
[SSE-400 [IBM-467] cyl 1162]
MICROPOLIS
[Micropolis 1598 cyl 1892]
[Micropolis 1598-15 cyl 1931]
[Micropolis 1908 cyl 1890]
MAXTOR
[MAXTOR P1-17S]
[Maxtor XT-8000S]
QUANTUM
[Quantum ProDrive 105S cyl 974]
SEAGATE
[Seagate ST1480N]
[Seagate ST11200N cyl 1853]
[Seagate ST12400N cyl 2626]
[ST3600N cyl 1872]
[ST42100N cyl 2570]
[ST42100N cyl 2571]
[Segate cyl 2124]
Unknown
[BSCG1.2 cyl 1892]
[BSCG1598-15 cyl 1892]
[CDC Wren VII 94601-12G]
[CRANEL-M2266SA cyl 1656]
[Tahiti cyl 29190]
[Wren4 cyl 1221]
[Wren7 cyl 1616]
[WREN-7 cyl 1929]
CRESCENDO
[FDDI Driver Release 2.1 for SunOS 4.1.x]
[FDDI Driver Release 1.0 for Solaris 2.1]
NETWORK PERIPHERALS
[NP-SB FDDI Driver Release 1.5 for SunOS 4.1.x]
[NP-SB FDDI Driver Release 2.2 for Solaris 2.x]
ARTECON
[Artecon Erasable Optical Disk (EOD) - No model info]
MAXOPTIX
[MAXOPTIX Optical Disk (Loadable SQ Driver) - No model info]
[MaxOptix Tahiti 2 A7.1 - No model info]
PINNACLE
[REO Optical Disk Jukebox (Loadable JB driver) - No model info]
[REO-650 Optical Disk - Compatible with SunOS 4.1.X]
[REO-650/1300 Optical Disk]
ANDATACO
[Exabyte EXB-8200 8mm Helical Scan]
Unknown
[Emulex MT02 QIC-11/QIC-24]
Scanner "GPIB SCSI Controller [N. I. GPIB-SCSI] scanner"
Sun SPARC 10 Clone "Axil Workstation [Axil 311]"
SCSI Controller "[ptscII0] [ptvme0] ??"
Last modified: May 4, 1995
Keith Gorlen
Distributed Systems Section, Computing Facilities Branch
Division of Computer Research and Technology
National Institutes of Health
kgorlen@alw.nih.gov