Support Level | Support Level 0 | Support Level 1 | Support Level 2 | Support Level 3 | Support Level 4 |
|---|---|---|---|---|---|
Description | Non-NYS Owned Computer | NYS Owned ITS provides "Basic" Support Services | NYS Owned ITS Provides "Advanced" Support Services | NYS Owned and ITS "Fully" Supported | NYS Owned and ITS "Enhanced" Supported |
Purpose | Used for providing services to non-NYS employees and non-students (e.g. Community Members). | Used for providing services to NYS employees and students. | Used for providing services to NYS employees and students. | Used for providing services to NYS employees and students. | Used for providing services to NYS employees and students. |
Examples Include | Student computers, CoachUSA, non-Fredonia / non-state owned hardware, etc | Computers used with Scientific equipment. Single purpose computers, "appliance" type computers, Faculty start-up funded computers (depending on purpose), etc. | Multi-station / Multi-location use systems such as Carrier, Siemens, FSA, Physical Plant, Health Center Systems, Faculty start-up funded computers (depending on purpose), etc. | Standard Windows/Mac desktops & Macs, Faculty Mac's, Smart Classroom, Computer Labs, etc. | HIPAA, PCI, or similar type restricted access computer or system required to exceed normally recognized IT security best practice. Falls within level 2 data risk classification |
Data Risk Classification Category | Category 1 - Public | Category 1 - Public | Category 2 - Private | Category 2 - Restricted | Category 3 - Restricted |
OS Patch Management | Vendor or Service Provider installs critical and security OS patches no less than monthly. Current AV solution installed and updated automatically, no less than daily | ITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor) | ITS enables OS 'auto-updates'. Anti-virus required (Win/MAC) and updated automatically at a frequency of no less than daily. (OS must have current security and critical patches available from OS vendor) | ITS installs OS updates. ITS installs and configures SEP updates. (OS must have current security and critical patches available from OS vendor) | ITS installs OS updates. ITS installs and configures SEP updates. (OS must have current security and critical patches available from OS vendor) |
Application Support and Management | Vendor or service provider | Local Fredonia non-ITS faculty / staff or under manufacturer software support agreement | Local Fredonia non-ITS faculty / staff or under manufacturer software support agreement | ITS provides all application support and management or service provided by manufacturer or vendor. Software under manufacturer's support agreement. Funding sources may vary | ITS provides all application support and management or service provided by manufacturer or vendor. Software under manufacturer's support agreement. Funding sources may vary |
Hardware Support | Vendor or service provider | Physical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sources | Physical Hardware should be kept under vendor or manufacturer's warranty. No ITS hardware support available. ITS reviews hardware spec and will (if requested) assist in acquiring hardware quotes from NYS OGS approved sources | ITS fully responsible for all hardware, maintenance, and support | ITS fully responsible for all hardware, maintenance, and support |
Local and/or Network Printers | Local Only | Local via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed out | Local via USB or similar and/or printer has statically assigned NATTED IP with port 9100 allowed in but not allowed out | Local via USB or printer defined on non-internet directly accessible 141.238.x.y | Local via USB or printer defined on non-internet directly accessible 141.238.x.y |
May connect to Fredonia Wired Network | "Direct to Internet" access only via NAT. | "Direct to Internet" access only via NAT. No 141.238.x.y IP address available | "Direct to Internet" access available. Firewalled and ACL'd 141.238.x.y range available based on need and scope | Yes, full Fredonia 141.238.x.y IP provided via statically assigned IP address reserved in IPAM or MAC address reservation with IPAM assignment via DHCP | Yes, full Fredonia 141.238.x.y IP provided via statically assigned IP address reserved in IPAM or MAC address reservation with IPAM assignment via DHCP |
May connect to Fredonia Wireless Network | No | Yes, via FredSecure or similar 802.1X Solution | Yes, via FredSecure or similar 802.1X Solution | Yes, via FredSecure or similar 802.1X Solution | Yes, via FredSecure or similar 802.1X Solution |
Port allowed Outbound (going outside Fredonia campus) | HTTPS, SSH | HTTPS, SSH | HTTPS, SSH | All required but host sits behind hardware firewall | All required but host sits behind hardware firewall |
May be connected to Fredonia's Active Directory ("AD.FREDONIA.EDU") | No | No | No | Yes | Yes |
New York State Asset Tag Required | No | Yes | Yes | Yes | Yes |
May initiate a connection to another Fredonia Computer | No | No | No | Yes, but network ACL's may be in effect | Yes, but network ACL's may be in effect |
May be connected from a Fredonia computer initiating the connection | No | RDP, SSH, IP Printing (9100) only | RDP, SSH, SMB (file print sharing). Can not use same eServices account / password | Yes, but network ACL's may be in effect | Yes, but network ACL's may be in effect |
Scanned by NESSUS | Yes, non-credentialed only | Yes, non-credentialed only | Yes, non-credentialed only | Yes, credentialed and uncredentialed | Yes, credentialed and uncredentialed |
Hardware Replacement Costs | Vendor or service provider | Department responsible. No ongoing ITS replacement funding available | Department responsible. No ongoing ITS replacement funding available | Yes, funding sources may vary | Yes, funding sources may vary |
Disaster Recovery / Business Continuity Disk Imaging Services | None, vendor or service provider responsible | ITS can provide imaging service for Win/Mac Only via optional SLA | ITS can provide imaging service for Win/Mac Only via optional SLA | Full DR/BC Services available with optional / additional SLA | Full DR/BC Services available with optional / additional SLA |
Host (OS) Firewall required | Yes | Yes | Yes | Yes | Yes |
May be used to store Fredonia information / data | No | Limited but not HIPAA / FERPA data. See "Normal Backups" below | Limited but not HIPAA / FERPA data without ISO review and approval. See "Normal Backups" below | Yes | Yes |
Inventoried by LanSweeper | No | Yes via SSL off-site method currently used on laptops | Yes via SSL off-site method currently used on laptops | Yes, via full AD credentials | Yes, via full AD credentials |
WhatsUpGold Alerts and SNMP alarms | No | No. Available with optional SLA | No. Available with optional SLA | Yes, full and enforced use of WUG | Yes, full and enforced use of WUG |
Whole Disk encryption required | No | Depends on type of information stored | Depends on type of information stored | Depends on type of information stored. All Fredonia owned laptops = yes | Depends on type of information stored. All Fredonia owned laptops = yes |
Regulated Data Security Controls (FERPA, HIPPA, etc.) | No | Depends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia data | Depends on ownership. Configuration must be reviewed and approved by ISO if used to store Fredonia data | Full controls in place pending review and approval from ISO | Full controls in place pending review and approval from ISO |
Who has local admin privileges | Vendor only | Local Fredonia non-ITS faculty / staff. 1Password use available with optional SLA | Local Fredonia non-ITS faculty / staff. 1Password use available with optional SLA | ITS OS admin, ITS application admin, 1Password use required | ITS OS admin, ITS application admin, 1Password use required |
If running web service, is SSL cert required and who procures cert | Yes, vendor or service provider procures | Yes, vendor or service provider procures | Yes, vendor or service provider procures | ITS, funding sources vary | ITS, funding sources vary |
Disable IPv6 | Yes | Yes | Yes | Yes | Yes |
Who provides normal daily backups | None, vendor or service provider | Vendor or service provider. ITS may upon optional SLA | Vendor or service provider. ITS may upon optional SLA | ITS provides all OS, application, and image backups | ITS provides all OS, application, and image backups |
Authentication | Local accounts only | Local accounts only | Local accounts only or self supported authentication system | AD bound, Federated allowed. Only local service accounts allowed | AD bound, Federated allowed. Only local service accounts allowed |
ACL VLAN changes | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services | Reviewed by ISO, executed by Network System and Services |
Examples | Student computers, CoachUSA, | Computers used with Scientific equipment. GasBoy, Health Center, etc. | Carrier, Siemens, FSA, etc. | Prowatch, DVTEL, Wilmac, Banner, AD, etc. | Prowatch, DVTEL, Wilmac, Banner, AD, etc. |
Computer Naming Convention | None | Should follow documented ITS Naming Convention | Should follow documented ITS Naming Convention | Must follow documented ITS Naming Convention | Must follow documented ITS Naming Convention |
ITS DataCenter Available to Host System(s) | No | Yes, with additional SLA | Yes, with additional SLA | All ITS Servers must be stored in approved ITS controlled DataCenters | All ITS Servers must be stored in approved ITS controlled DataCenters |
...
| Live Search | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Related articles
| Filter by label (Content by label) | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
|
| Page Properties | ||
|---|---|---|
| ||
|