LDSTech

New Computer Policy

Discuss questions or suggestions for Computer, printer, Networking, and other electronic equipment support.

New Computer Policy

#1Postby aebrown » Sun Aug 23, 2009 12:47 pm

There is an updated (August 2009) Policy and Guidelines for Computers Used by Clerks for Church Record Keeping. On this thread we can discuss items of interest in the new policy document.

Here are some changes I noticed right off:


  1. There are no longer any references to Remote-Access Software. So any attempts to use that as a way to justify accessing MLS remotely seem to be disapproved.
  2. Point 11 of the STS responsibilities section explicitly says that MLS can be installed on personal computers for training purposes.
  3. On repairs, the $150 limit is no longer mentioned. Instead, the STS (in the case of printers) or the FM Group (in the case of computers) determines if the item should be repaired or replaced.
  4. For instructions for handling computers in discontinued wards and stakes, we are directed to look on the LDSTech wiki. That's a nice endorsement of everyone's efforts on the wiki, since it is being linked to from an official policy document.
I'm sure there's more, but that's what caught my eye on first reading.
User avatar
aebrown
Community Administrator
 
Posts: 12726
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

#2Postby russellhltn » Sun Aug 23, 2009 1:54 pm

How is this new version being distributed? It's not in the Letters & Policies section of Clerk & Technology Support.

As far as remote software:

Authorized word processing, spreadsheet,
antivirus, and remote access applications are
also available. These applications are updated
regularly. See mls.lds.org for the latest versions.


I'm not sure what they are talking about there. I don't see any remote access software. LANDesk does have the ability to remote. And in the case of FHCs, it's possible for the STS to get an account to use that ability. Perhaps something like that will come to the Admin computers.

I also see
No other software should be purchased or
installed on Church computers unless it is
approved by the stake president, is appropriately
licensed, and does not interfere with the
operation of or compromise the security of the
Church software and data already on the
computer.


I know how I read that. But some may still interpret that as not outright banning other remote software such as GoToMyPC. I would have liked to have seen something that directly addressed that issue.

While not new, this policy continues a situation that I find odd: The FM group is financially responsible for the computers, but the stake is financially responsible for the surge protector. I'm not seeing much of a incentive to get a good surge protector that will protect he computer from harm. In fact, buy a really cheap protector and you may get your new computer sooner. :(
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14095
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#3Postby techgy » Sun Aug 23, 2009 1:57 pm

Thanks for the heads up.
Have you read the Code of Conduct?
techgy
Community Moderators
 
Posts: 3089
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#4Postby jdlessley » Sun Aug 23, 2009 9:15 pm

Russell and Alan have already mentioned most of this.

My attention also focused on remote access applications. I see some roadblocks to using them.

First the Software section mentions that specific category is available at the mls.lds.org website. Yet, there are no such applications available at the website - a possible addition at some time in the future?

Second there is a restriction that any other software must be approved by the stake president (not in the 2005 version). But then it must also not interfere with the operation of or compromise the security of the Church software and data already on the computer. The security of Church software and data is open for interpretation. Desktop 5.5 could be taken to be Church software since it mostly consists of operation system configuration customizations. Some of those customizations would have to be changed to accommodate most remote access applications. However, this leaves Dell Optiplex 740s open for installing remote access applications since there is not a Desktop 5.5 or similar setup for the 740.

Other items I noted:

The policy still refers to the scheduled replacement cycle for computers and printers to be on a 5-year cycle. Perhaps the situation we find ourselves in now is an aboration and the Church plans on returning to the 5-year cycle once the current situation (whatever that is) passes.

The Software section has been reworked or reorganized. One point that was added to purchasing and installing software on computers includes the approval of the stake president (mentioned above).

There is no more mention of OpenOffice or any other specific software. They are covered in the software available at mls.lds.org. So if you want to know about software to install that does not require stake president approval, go there.

The consideration for the changing policies in some areas is apparent in disposing of computers from discontinued wards and stakes. Instead of giving those procedures, reference is made to finding them on the wiki. To me this means Church employees have been given a charge to be involved in keeping the wiki up to date with information such as this. This also tells me that policies and procedures are not only found in official paper documents any more. Church websites have become another source for official policy and procedure.
JD Lessley
Have you tried finding your answer on the LDS.org RKATS page or the LDSTech wiki?
jdlessley
Community Moderators
 
Posts: 5642
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

#5Postby russellhltn » Sun Aug 23, 2009 10:19 pm

jdlessley wrote:First the Software section mentions that specific category is available at the mls.lds.org website. Yet, there are no such applications available at the website - a possible addition at some time in the future?


Possibly. Then again LANDesk is part of the security suite that's loaded on each machine. It has remote functionally, but we've been given no information on how to use it. But it does suggest future plans of some kind.

One of the other things that stick out to me against remote access is:
Computers should be located in secure areas
where bishopric or stake presidency members
and ward or stake clerks can work with and print
this confidential information in private.


It would seem difficult to insure this is the case for all remote users who want to operate MLS from home. Particularly since I believe the counsel is to have the family computer in a "public" area to discourage pornography.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14095
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#6Postby jdlessley » Sun Aug 23, 2009 11:20 pm

Interesting perspective Allan. I hadn't thought of the remote location having a need for privacy. But you are right that if the remote location can open MLS, logic would dictate the same requirement would apply to the remote location as the remotely accessed computer would have.

I'm not so certain LANDesk foots the bill for remote access from a computer outside the enterprise network in which it is deployed. Since it is an enterprise remote control application the management console is in the hands of Church headquarters. As such they are the only ones who control the remote access. So even remote control from a stake computer of a ward computer is not possible.
JD Lessley
Have you tried finding your answer on the LDS.org RKATS page or the LDSTech wiki?
jdlessley
Community Moderators
 
Posts: 5642
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

#7Postby russellhltn » Mon Aug 24, 2009 12:11 am

jdlessley wrote:Interesting perspective Allan.


I'll take that as a complement. ;)

jdlessley wrote:I'm not so certain LANDesk foots the bill for remote access from a computer outside the enterprise network in which it is deployed. Since it is an enterprise remote control application the management console is in the hands of Church headquarters. As such they are the only ones who control the remote access. So even remote control from a stake computer of a ward computer is not possible.


I went and re-reviewed the LANDesk Remote Control class (new.FamilySearch.org, Help Center, e-learning courses). It appears to allow anyone to connect (with permission) to any computer. In this case it's to allow service missionaries (some of whom work from home) to connect to patron computers (not necessarily FHC computers).

I think the way this is set up requires someone to be in front of the controlled computer to connect it up. It's not going to be a good solution for remote MLS. However, I have a customer who uses LANDesk, and I know they've been using it to connect to unoccupied computers, so it doesn't appear to be a limitation of the software.

Now, going back to the (hopefully) dead horse, there's two types of remote software. Point-to-point (like VNC) and server-based (like GoToMyPC). The problem with point-to-point is that it requires some inbound ports to be opened on the Cisco firewall. To do that requires working though GSD. (Good luck!). The server-based one has both computers connecting out to a server that passes the traffic. Since it's a outbound connection for both parties, it's more likely to get though a firewall. My question here: have we now strayed into the "3rd party server" rule?
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14095
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#8Postby jdlessley » Mon Aug 24, 2009 1:31 am

RussellHltn wrote:I'll take that as a complement. ;)
It was.
RussellHltn wrote:I went and re-reviewed the LANDesk Remote Control class (new.FamilySearch.org, Help Center, e-learning courses). It appears to allow anyone to connect (with permission) to any computer. In this case it's to allow service missionaries (some of whom work from home) to connect to patron computers (not necessarily FHC computers).

I think the way this is set up requires someone to be in front of the controlled computer to connect it up. It's not going to be a good solution for remote MLS. However, I have a customer who uses LANDesk, and I know they've been using it to connect to unoccupied computers, so it doesn't appear to be a limitation of the software.
You're right, any computer can connect to and control another computer with LANDesk. The important thing here is that the Church still maintains the management console that permits the Remote Control Viewer (installed on the computer doing the remote control) to interface with client computers with the Remote Control Agent (installed on the client computer). Communications are routed through the Church servers.

RussellHltn wrote:Now, going back to the (hopefully) dead horse, there's two types of remote software. Point-to-point (like VNC) and server-based (like GoToMyPC). The problem with point-to-point is that it requires some inbound ports to be opened on the Cisco firewall. To do that requires working though GSD. (Good luck!). The server-based one has both computers connecting out to a server that passes the traffic. Since it's a outbound connection for both parties, it's more likely to get though a firewall. My question here: have we now strayed into the "3rd party server" rule?
With that 3rd party server issue coming into play I would guess the best solution for remote control would be LANDesk using the Church servers. However, that creates a server load issue for the Church that they may not be ready to handle.
JD Lessley
Have you tried finding your answer on the LDS.org RKATS page or the LDSTech wiki?
jdlessley
Community Moderators
 
Posts: 5642
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

#9Postby russellhltn » Mon Aug 24, 2009 2:09 am

jdlessley wrote:With that 3rd party server issue coming into play I would guess the best solution for remote control would be LANDesk using the Church servers. However, that creates a server load issue for the Church that they may not be ready to handle.


Keep in mind that at the moment it's only for use in Family History. (Note that the admin policy tells us to go to mls.lds.org, not familysearch.org) Clearly the church has the technology. It's not just available for the admin computers, yet. I suspect when it does become available, we'll get more guidance on how it's to be used.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14095
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#10Postby RossEvans » Mon Aug 24, 2009 7:07 am

RussellHltn wrote:Now, going back to the (hopefully) dead horse, there's two types of remote software. Point-to-point (like VNC) and server-based (like GoToMyPC). The problem with point-to-point is that it requires some inbound ports to be opened on the Cisco firewall. To do that requires working though GSD. (Good luck!). The server-based one has both computers connecting out to a server that passes the traffic. Since it's a outbound connection for both parties, it's more likely to get though a firewall. My question here: have we now strayed into the "3rd party server" rule?


jdlessley wrote:With that 3rd party server issue coming into play I would guess the best solution for remote control would be LANDesk using the Church servers. However, that creates a server load issue for the Church that they may not be ready to handle.


Could someone please point to an actual policy document that describes such a "3rd party server" rule? I find no such reference in this document, where we might expect to find it mentioned. The "rule" seems to be a unicorn.

Church IT representatives have certainly articulated in comments on this forum that we should not upload to a third-party server data that has been downloaded from MLS or LUWS. And the terms of use for LUWS also have provisions to that effect. But I am unaware of any documented policy that says: No matter what the question is, if it involves a third-party server, the answer is no.

As for GoToMyPC, I have always assumed that is out of bounds, but for another reason. I thought that was because it was considered a violation of procedure to go away and leave the desktop PC running. Our local instructions have been to shut it down and physically unplug the power. However, I don't find those instructions in this document, either, as a matter of churchwide policy.

In any case, it is clear that under this document, GoToMyPC or any other software should not be installed without approval of the stake president.
RossEvans
Senior Member
 
Posts: 1325
Joined: Wed Jun 11, 2008 8:52 pm
Location: Austin TX

Next

Return to Computers, Printers, Networking, and Electronics

Who is online

Users browsing this forum: No registered users and 0 guests