Hi David et al, I’m not going to be able to make today’s meeting, nor Wednesday’s. So apologies for the following lengthy screed. One more “service” has come to mind, slightly more general: license servers for various software packages. The most obvious example is Mathematica, but also includes IDL for at least a few people in Astro and perhaps elsewhere. (I suspect Office365 falls into a version of this category, as well.) I’m sure that there are others. More generally: we shouldn’t provide a laundry list of software that we run on our machines — the spirit of our request is that we don’t want ICT controlling them at a low level. We want to ensure that we have access to vital services on the college network, and that we aren’t firewalled from other necessary locations on the broader internet. Alongside a discussion of this list of services, we need them to give us a better understanding of the future of the different classes of networks that they described, i.e., the distinction between (a) off-campus access; (b) BYO machines on campus; and (c) managed machines. Right now, there are a small number of services for which off-campus access requires the VPN. But as far as I can tell, that appears to be the only restriction and the only difference, at least with respect to the services that I require. There are possibly admin and secure-data services that require being on the managed network (e.g., payslip access from off campus has moved from ICIS to “My Imperial”). Is this intended to change under “Universal access” or any other coming reforms? This gets to the nub of the problem, I think. Is ICT happy with these machines becoming BYO, but intend to severely curtail access to crucial services from that network in the name of security? I suspect that this would be unworkable, given the large number of student and other machines that will be in that category, not to mention how this inevitably overlaps with questions of access from external networks. Absent a more reassuring response from ICT so far, I am led to believe that the situation is actually that they just really, really, really want to maintain explicit management of our machines no matter what, without actually justifying the security implications. Sincerely, Andrew ______________________________________________________________________ Professor Andrew Jaffe a.jaffe@imperial.ac.uk<mailto:a.jaffe@imperial.ac.uk> Astrophysics Group +44 207 594-7526 Blackett Laboratory, Room 1018B Imperial College, Prince Consort Road London SW7 2AZ UK http://imperial.ac.uk/people/a.jaffe On 27 Nov 2022, at 18:00, David Colling <d.colling@imperial.ac.uk> wrote:  Hi All, For those of you who can make it we will have a meeting to discuss managed devices tomorrow at 12:00. I have another meeting at 13 but that should give us plenty of time. For thos of you actually in college and want to meet in person, I have booked Blackett 532. For those wishing to join on teams the coords are: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Name: Managed Devices Start: Mon Nov 28 2022 12:00:00 GMT+0000 (Greenwich Mean Time) End: Mon Nov 28 2022 13:00:00 GMT+0000 (Greenwich Mean Time) Id: ff530f5e-239f-4f72-814e-bc10308feea9 URL: https://teams.microsoft.com/l/meetup-join/19%3ameeting_Y2RiNzI0ODQtZDJlZS00Y... xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx If you cannot make it tomorrow and want to send in a contribution by email in advance then please do so although I do suspect thatn almost everything has already been said. Best, david