|
Policies and Recommendations
Although Remote Control offers the opportunity to dramatically improve support levels and enhance user productivity, it also brings up issues of privacy. Currently, Information Systems uses the Tivoli application suite to perform remote control activities. Tivoli Remote Control incorporates privacy protection features that protect the user's computer from unwanted or unknown intrusion. In addition, existing privacy policies within Information Systems and the University supplement Remote Control privacy features. Policies governing use of Remote Control by Information Systems appear below. This information also discusses the privacy features built into Tivoli Remote Control.
The Systems Group within Information Systems maintains the servers and infrastructure for remote control. This Group consists of the Director of System Support Services and a group of Systems Administrators who are responsible for system maintenance and implementation. This group has complete access to the computers that serve the network and WFU users, but does not have access to individual ThinkPads. Management level access to Remote control servers must be limited to the Systems Group. Students or others working with the Systems Group will have no access to remote control servers. Consultants working on implementations or upgrades of the remote control environment will have access only while directly supervised by a member of the Systems Team. Remote Control software cannot be configured or installed in such a way as to permit IS staff members or others to take control of a user's machine without the user's express knowledge and specific approval. Approval cannot be blanket, but must occur in every instance in which a remote control session is requested. Furthermore, the approval process must be integrated into the client software as specified in the ``Information Systems - Support Center'' section below. Tivoli Remote Control software meets all these conditions.
The Information Systems Support Center will be responsible for the initiation of all remote control sessions. Sessions are only initiated through a call from a user to the Support Center. Such calls will be documented through the opening of a trouble ticket. Remote control sessions cannot be opened by anyone other than Information Systems Support Center staff. Remote Control software is designed and installed such that the user has the choice to accept or reject any and all remote control sessions at any time. This default configuration cannot be changed by ISSC or any other member of the IS staff. This configuration does not permit members of ISSC or other IS staff members to force a computer to accept a remote control session. Whenever a Remote Control session is requested, a window on the user's screen will ask the user to accept or reject the requested session. Upon rejection, the remote control software will disallow the session. No member of ISSC or IS will have the power to override this rejection. If the user allows a remote control session, the user will have the power to terminate the remote control session at any time. With Tivoli Remote Control, the user will be able to terminate a remote control session by pressing ALT-T at any time. Then the user will see a screen allowing them to change the session status. Allowed statuses will be ``Active'', which grants full control; ``Monitor'', which will allow the initiator of the session to watch activity on the user's computer; ``Suspend'', which will temporarily suspend all remote control activity; or ``Terminate'', which will immediately halt all remote control activity and break the remote control session. Remote control sessions will not allow for transfer of files between the user's computer and the session initiator's computer. Remote control software will be installed by default as part of the WFU Standard Software Load. The software, however, must be launched manually by the end-user whenever it is needed. This precaution adds an extra layer of security.
Software will give ThinkPad users higher levels of support by providing software updates throughout the year - when they are needed rather than after the fact. Timely virus protection patches, security and other bug patches, and latest versions of software will be provided as soon as they become available. Such timeliness will greatly enhance the security and functionality of ThinkPads because IS will be able to respond quickly to such emergencies as virus outbreaks or unwanted security intrusions on ThinkPads. Ability to deliver extensive software upgrades directly over the network should also eliminate the need for faculty to return their ThinkPads to IS each year for load refresh. Tivoli will pre-configure upgrades and installs for the WFU ThinkPad environment. This will eliminate the need for user intervention in the installation process. Users will, however, be able to defer or refuse software upgrades should they choose. Tivoli provides a way to easily identify basic build information about ThinkPad hardware (i.e. BIOS revisions). This information is valuable for activities such as Y2K evaluation and repair, or implementing bug fixes associated with hardware issues. Tivoli can track the number of copies of Standard Load software in use on campus. As the University has customarily over purchased to insure full license compliance, these numbers will be used to reduce annual software expenditures.
Tivoli Software Distribution and Asset Management begins the software distribution process by performing a predefined file inventory on a ThinkPad. This inventory looks for specific file types within specified directories. These directories consist of Standard Load software directories. Directory lists will be available for review upon request. The current directory list is attached. Tivoli is incapable of scanning for, opening or copying personal data files. In addition to Tivoli not being able to do such scanning and manipulation, IS and University policies control such activity. Tivoli compares files found during the inventory with a predefined list of software signatures. This software signature list consists of software contained within the Standard Software Load. A list of these signatures will be available for examination upon request. The signature/inventory comparison reveals which Standard Load applications need upgrades and where patches are required. Patches such as virus protection updates or security patches are pushed out automatically. Upgrades such as new versions of Netscape or Microsoft Office offer the user the option to defer/decline the upgrade, or to manually perform the upgrade from a software installation menu at a later date. Using the results of this comparison, Tivoli also keeps a running count of the number of copies of Standard Load software running on campus. Only software designated in the signature list is examined and counted. The counts are used for meeting our contractual license agreements. IS does not engage in the management of any ThinkPad software not found in the WFU Standard Load. Such software is the sole responsibility of the individual owner, and such software cannot be added to the signature lists for Tivoli to manage.
|
