Policies

LSCG Information Technology policies.

Overview

A well-functioning network is the result of cooperation among all participants to meet security baselines, to use the network responsibly, and to prepare for disruption and provide appropriate responses to incidents as they arise. Summaries of LSCG policies are outlined below. See the links in the sidebar for the official UCOP and UCSB Electronic Communications Policies.

Emergencies & Urgent Requests

Emergencies

Normally all help requests are handled in first-in, first-out order among requests with similar impact and priority as determined by LSCG staff. Emergency issues take priority over other requests, and are generally those that affect multiple users or that will impact an imminent event or deadline. The following is a rough, non-exhaustive list of Emergencies:

  1. Outage or degradation of LSCG-provided service impacting multiple disparate users.
  2. Outage or degradation of LSCG-provided service impacting users with imminent externally-imposed deadlines or imminent events relying on said service.
  3. Problems with personal or group systems for users with imminent externally-imposed deadlines or imminent events relying on said systems for which no work around is readily available.
  4. Physical emergencies such as Fire, Flood, Earthquake, Power Interruption, etc.

Urgent Requests

Some requests do not rise to the level of emergencies, but will result in an emergency if left unattended. Due to the time-sensitive nature of these requests, they may be given elevated priority and addressed outside the normal first-in, first-out process.

Data Backups & Retention

In order to protect mission critical information, the technical support group maintains a system of data backups. The data stored on various servers within EEMB, MCDB, Chemistry, the LSCG, and NRI is copied to a dedicated backup system on a daily or hourly basis. Due to cost constraints, there is no provision for centralized backups of desktop systems. Retrieval and restoration of data from backup due to user request, user error or negligence is done on a recharge basis.

Data Retention

The information below describes how long the copies of different data is kept on the backup server. Once the retention time expires, that particular copy of the data is no longer available; it is purged from the disk or the tape on which it had been stored.

  • The Lifesci-Filer file server takes daily and hourly snapshots of shared folders for self-restore.
  • A full backup of every server is made once per week and kept for four weeks.
  • A full backup of every server is made once per month and kept for six months.
  • An incremental backup (backups catching changes since the last backup) is made every night and kept for four weeks.
  • A cumulative incremental backup is made once per week (including the current version of all the files changed within the last seven days) and kept for six months.
  • A backup of live research data (i.e. not backups of data residing on desktops) stored on laboratory NAS devices is made monthly. These backups are kept on tape for six months.

Data Restoration

Backed up data can be restored in two ways: self-service restoration or restoration by LSCG staff. Our file server allows users to recover their data from automatic daily and hourly snapshots. Please see the Restoring Backups from Lifesci-Filer tutorial for more information. Retrieval and restoration of data from tape backup by LSCG staff due to user request, user error or negligence is done on a recharge basis.

Network Acceptable Use Policy

Computer and Network Acceptable Use

The computers and data networks at UCSB are to be used primarily for University business. UCOP policy specifies other sorts of "allowable use". To summarize the document, computing and network resources may be used for non-business purposes with a few restrictions. This document addresses some of the more common issues, but is not an exhaustive list. If you have questions about the ECP, please contact help@lifesci.ucsb.edu. Any work done by LSCG staff to bring a computer back into compliance with policy will be done on a recharge basis.

Interference with University Business

Network bandwidth is a finite quantity and is expensive to increase. There were several instances in 2001, in which a single computer succeeded in using all of the network bandwidth in a major building. This interrupted mission-critical services such as file sharing and email access for everyone within the building.

Further, the sending of unsolicited bulk email (spam), forwarding of chain-letter email, or participating in denial-of-service attacks is not permitted.

Unlawful Activities

Use of computers or the Life Sciences network in a fashion that violates federal, state or local law is a violation of UCOP policy.

Peer-to-Peer and Distributed Computing

The University network is a finite resource intended to support University business and to support the University's mission. While incidental, personal use is allowed under existing policies, certain types of applications consume more network resources. These typically fall into one of two categories; peer-to-peer or distributed computing.

Peer-to-peer (P2P) applications are those in which every computer acts as both a client and server. Some examples of peer-to-peer applications are Morpheus, Gnutella, and FreeNet. Distributed applications are similar. These applications typically use computers with fast network connections as “reflectors” to reduce bandwidth usage elsewhere. A few examples of distributed applications are BitTorrent, Spotify, and Abacast. Commercial businesses may take advantage of P2P and distributed computing technologies and use client computers as part of their business plan to lower distribution costs. The commercial use of UC resources for profit is prohibited.

Unless these types of applications are within UC guidelines and being used in support of University business, they are not allowed on the Life Sciences Network. When a computer is found to be running such software, its traffic is filtered at the departments' router, effectively cutting it off from the internet. The filter will remain in place until the software is uninstalled, any unlicensed content removed, and that compliance has been verified by technical support staff. Any work done by technical support staff to bring a computer back into compliance with policy will be on a recharge basis.

False Identities and Anonymity

It is a violation of UCOP policy to impersonate another person with the exception of an employee using a supervisor's identity at their direction. It is allowable to use a pseudonym so long as it is clearly not an attempt to impersonate someone. A user of University electronic communications resources may remain anonymous (the sender's name or electronic identification are hidden) except when publishing web pages and transmitting broadcasts.

Other Violations of Policy

Other UC policies (such as those involving harassment, intellectual property, and commercial activities) also apply to the use of the Life Sciences Network. The UCOP website contains information regarding other policy issues.

Desktop Operating System Support Guidelines

Ongoing Vendor Support

One of the requirements for a device to have an unrestricted access to the department network is that someone be responsible for installing security software patches as needed. Modern desktop and laptop computers typically run operating systems that can be configured to download and install these patches automatically. The table below lists the desktop operating systems allowed full access to the Life Sciences network and the date at which they can no longer be connected to said network. In general, operating systems are considered supported if security updates are available from the original vendor to all users. When a vendor stops supplying updates, we allow for a transition period of a few months to allow our users time to migrate to a new operating system. Instrument control computers and other systems that cannot be upgraded can remain on the Life Sciences network behind a firewall that prevents outside access.

 Apple Mac

Operating System Version Release Date End Vendor Support End LSCG Support
MacOS 13 Ventura Oct 2022    
MacOS 12 Monterey Oct 2021    
MacOS 11 Big Sur Nov 2020    
MacOS 10.15 Catalina Oct 2019 Oct 2022 Mar 2023
MacOS 10.14 Mojave Sep 2018 Oct 2021 Mar 2022

 Microsoft Windows

Operating System Version Release Date End Vendor Support End LSCG Support
Windows 11   Sep 2020    
Windows 10   Jul 2015 Oct 2025 Dec 2025
Windows 8.1   Oct 2012 Jan 2023 Jun 2023

 Linux Distributions

Operating System Version Release Date End Vendor Support End LSCG Support
Ubuntu 22.10 Kinetic Kudu Oct 2022 Jul 2023 Jan 2024
RKEL 9 Blue Onyx Jul 2022    
RHEL 9   May 2022 May 2032 Nov 2032
Ubuntu 22.04 LTS Jammy Jellyfish Apr 2022 Apr 2027 Sep 2027
Debian 11.0 Bullseye Jul 2021 TBD TBD
Ubuntu 20.04 LTS Focal Fossa Apr 2020 Apr 2025 Sep 2025
Debian 10.0 Buster Jul 2019 Jul 2024 Dec 2024
RHEL 8   May 2019 May 2029 Nov 2029
Ubuntu 18.04 LTS Bionic Beaver Apr 2018 Apr 2023 Sep 2023
Debian 9.0 Stretch Jun 2017 Jun 2022 Dec 2022
RHEL/CentOS/Scientific Linux 7   Jun 2014 Jun 2024 Dec 2024
ChromeOS   Jun 2011    

When considering installing Linux on a desktop computer, the first question to arise is what distribution to choose. Complicating the decision is the fact that there are at least a couple hundred distributions from which to choose. Of these, there are only a few that have corporate backing or a large enough following to provide timely patches for all distributed components: Debian, Red Hat (both “Red Hat Enterprise Linux” and “Fedora”), and Ubuntu. While any of these will provide a reasonable working environment, the Life Sciences Computing support unit has standardized on Ubuntu Desktop as our primary recommended distribution, with Debian, CentOS, Scientific Linux, and Red Hat Enterprise Linux as our secondary recommended distributions. We strongly advise that Linux systems run one of these recommended distributions.

Support Levels & Guidelines

The Life Sciences Computing Group provides a wide range of Information Technology Services. Our LSCG Services and Charges (PDF) document contains a non-exhaustive list of the services we commonly provide. These services are provided under the following general guidelines:

  • The Life Sciences Computing Group serves the EEMB, MCDB and Chemistry departments, the Neuroscience Research Institute and the Institute for Collaborative Biotechnologies administrative office. Network and Server support is provided to the Psychology department IT staff. Users with a full, active @lifesci.ucsb.edu, @chem.ucsb.edu or @icb.ucsb.edu email address and a current affiliation with the one of the above departments or groups are eligible to receive support for systems they primarily use. LSCG does not provide support for family, commercial or other systems.
  • Full service is provided from 8am-5pm on normal University Business days.
  • Limited services (Emergency and Scheduled Outages) are available between the hours of 7am-8am & 5pm-11pm Weekdays and 7am-11pm Weekends and Holidays.
  • Between 11pm-7am services are monitored and repairs completed on a Best-Effort basis.
  • When outages or other problems occur during Limited and Best Effort hours, every effort is made to start repairs early enough to allow for repair or work-around by the beginning of the next Full Service day.
  • Services are provided at the UC Santa Barbara campus only. Technicians will visit Life Sciences and Chemistry offices and labs to provide support when necessary.
  • Hardware support for desktop systems is provided for 6 years after final sale date for each hardware model. Operating System support is provided as described on our Operating System Support Guidelines. Application support is provided until vendor support ends or security patches are no longer available. Instrument control and other specialty systems will be supported past these dates on a best-effort basis and subject to labor recharge. Network access may be limited for specialty systems running software for which security patches are not available.
  • Data migration and recovery support is available for all systems, even systems otherwise ineligible for support. LSCG will assist in migrating business or research data from an unsupported system to a supported one. While simple data migration is generally included in the process of connecting a new system to the network, data recovery is generally performed on a recharge basis.
System Management Software

In order to maintain the security of the Life Sciences Network and the machines accessible through it, LSCG normally installs device management and anti-malware software on all desktop and server systems with full, unfettered access to our network. This software is provided for Mac, Windows and Linux systems, and ensures that devices are compliant with campus and LSCG policies regarding passwords, system security, updates, and other settings. Primary users can retain Administrative rights on their systems or equivalent, but we ask that the management software not be disabled or adjusted. Exceptions can be made for devices or software that have an incompatibility with these tools, on an as-needed basis. Users with personally-owned machines that wish to decline this software can do so, but they will be placed on our Gadget network, rather than our departmental networks.

If you have any questions about this software, or need to request an exception, please contact the helpdesk for your department at help@chem.ucsb.edu or help@lscg.ucsb.edu, and we will work with you to find a solution that meets your needs.