Hi David (and everyone else), Having consulted with members in SPAT (those that have responded in time), here is our overview of services required on a research class machine: (Below are my definitions of service classes, others may have different ones of course) Admin Services: ICIS Authentication Services: LDAP, Licence Servers (e.g. Matlab, IDL, etc.) Communication Services: SSH (typically Port 22), FTP (?), Zoom, Access to Remote Data centres, Remote Desktop Gateway, Unified Access, VPN Data Sharing Services: SMB Servers, HTTP / HTTPS servers, NFS Servers, File Exchange (retired in 2 days?), Sharepoint, Onedrive, etc. Information Services: DNS, Library Journals Productivity Services: Office365, HPC Interactive Services (e.g. Jupyter Notebook, etc.), Software Centre Teaching Services: Blackboard, Starfish, Panopto, Secure College Webpages The above is probably a non-exhaustive list, and I've no doubt once a clearer picture emerges of what a Research Class machine might look like, then there will be the hope that this can be iterated / fine-tuned to accommodate any niche requirements inherent with the breadth of research activities and their associated diverse requirements. Thanks for your efforts towards defining this David. Best wishes, Rich -----Original Message----- From: David Colling <d.colling@imperial.ac.uk> Sent: 22 November 2022 20:17 To: Bresme, Fernando <f.bresme@imperial.ac.uk>; French, Paul (PHOT) M W <paul.french@imperial.ac.uk>; Keaveny, Eric E <e.keaveny@imperial.ac.uk>; Sternberg, Michael J E <m.sternberg@imperial.ac.uk>; Staffell, Iain L <i.staffell@imperial.ac.uk>; Pengelly, Ellen <e.pengelly@imperial.ac.uk>; Buchaca-Domingo, Ester <e.buchaca-domingo@imperial.ac.uk>; Bantges, Richard J <r.bantges@imperial.ac.uk>; Michalickova, Katerina <k.michalickova@imperial.ac.uk>; physics-departmental-computing <physics-departmental-computing@imperial.ac.uk>; Bryce, Craig T <c.bryce@imperial.ac.uk>; Bearpark, Michael J <m.bearpark@imperial.ac.uk> Cc: David Colling <david.colling@gmail.com>; Pearse, Will <will.pearse@imperial.ac.uk>; Cucinotta, Clotilde <c.cucinotta@imperial.ac.uk> Subject: Services needed on a research computing desktop and laptop Hi All, I am sending this to the Physics Departmental Computing Committee and to the departmental members of the FRCC so that they can gather information from their departments. As some of you know ICT are increasingly confining what people can do on college machines, even those bought on research grants and used by individual researchers. This has been most noticed by the change in the management of Macs. In my years involved in departmental computing, no issue has annoyed more people. Behind this is the increased number of attacks on university computing system which is visible both at Imperial and elsewhere. Some universities have been badly hit and have ended up paying £Ms to ransomware attackers. Apparently this is one of the things that keeps our President awake at night. This is clearly a threat that we have to take seriously, but it is also not clear how much damage could be done to college systems by a laptop or desktop used by a single (or team of) researcher(s). In discussions with ICT the most sensible approach seems to be that we define a class of machine that is a research desktop or laptop that ICT don't manage but which also has limited access to college central systems. Most of us have no reason to access payroll (say) and in fact would view it as a security breach if we could. We have a meeting on the 30th November where we will discuss this proposed set up. What I need going into is the list of services that researchers would need access to from these research machines, how that access would them + any other thoughts/comments. For example the sort of thing that occurred to me are: service: Office365 (including sharepoint, email, OneDrive teams etc) Access: Is access through the secure web portal enough for most of these plus a mail client providing secure access the the email. [I use Office365 much less than almost anybody to whom this email is going so am the least qualified to answer this one] Service: ICIS (Payslips, expenses claims etc) Access: Secure web access should be enough. Service: Starfish Access: Secure web access is sufficient. What other services are needed and how? Other comments: - I don't think that it is unreasonable to have a requirement that the disks of all research laptops are encrypted in case they are lost when travelling. The performance hit is minimal and if that is important then running on a laptop might not be ideal. So please do send me your thoughts (on services mainly) and comments. For once I would not be against you sending to everybody as I would welcome debate on this. Best, david