General Guidelines

  1. All Group computational resources are maintained by the System Administration Team. The team is responsible for installing and updating systems and software, based upon need, costs, and time considerations. The sysadmin team can be contacted at the sysadmin list, at sysadmin@ks.uiuc.edu.
    • Communicate by email to the sysadmin list whenever possible; do not rely on either face-to-face communication or direct emails to individual sysadmin members.
    • Sysadmin hours are posted on the web as well as on the sysadmin's door.
    • If you see *anything* broken or malfunctioning, tell the sysadmin team right away! We can't fix problems that we don't know about.

  2. Computer usage is first and foremost for the pursuit of the Group mission and activities. Inappropriate usage of the computer facilities may result in a suspension of your account. Users must be aware of the campus policy on usage of the network and computer facilities as well as possible legal ramifications of inappropriate or illegal usage of computer facilities.

  3. No equipment may be moved or removed without prior authorization from the sysadmin.
    • Equipment may be loaned out to users, subject to approval by the sysadmin.
    • In the case of missing/stolen equipment, contact the sysadmin team right away!
      • The sysadmin team will report the incident to building and campus security, and file a copy of the police report for the incident.

  4. Respect the machines and equipment, and treat them as you would treat your personal property. For example:
    • Do not leave food or liquid sitting unattended near group computers.
    • Don't spill on your system!
    • Clean your keyboard, mouse, and screen whenever necessary.
      • Supplies (alcohol, gauze, monitor cleaning pads) are in Joyce's and the Sysadmin's offices.

  5. Contact the sysadmin team if you need more compute power (desktop, public viz, cluster, etc), and why; even if we can't solve the problem immediately, it helps planning for the future.

  6. More detailed documentation on Group computational policies is stored here.

Shared Resources

  1. Compute Power (clusters, compute workstations)
    • The Group maintains a variety of computational machines and clusters. These machines are meant to be used solely for scientific computing and research, and must be shared by all users.
    • All compute jobs must run through the queuing system.
      • No running outside the queues!
      • Do not abuse the queues - the *spirit* of the rules is to share usage across the group.
      • Be prepared to terminate or suspend batch jobs at the request of the sysadmin team (when necessary).
    • Criteria for prioritizing compute jobs:
      1. relation to group funded research and biomedical relevance
      2. degree of collaboration with experimentalists
      3. contribution to software and/or other method development efforts (e.g. NAMD testing and benchmarking)
      4. urgency
      5. needs in terms of machines suited and size of job (by # of processors, speed, convenience)

  2. Public Machines
    • Do not use locking screensavers on public machines. You must allow for users to log you out if you leave the machine unattended.
      • Special arrangements can be made for long-term jobs that need the user to stay logged in; talk with the sysadmin team.
    • Don't load the machines remotely while others are using them - ie, don't log onto the main visualization machines to compile some software during a 3D demo. Use your judgement.
      • Make sure that you announce your 3D demos at least a day in advance, so that other users know not to use the systems during the demo.
    • Do not store important files on public machines; use the shared disk space.

  3. Desktop Workstations
    • Coordinate with the sysadmin team before installing new software, especially network-based, even into your home directory.
      • This especially refers to servers, proxies, daemons, or other programs which accept network connections. Do not open up new security holes in your system!
      • Personal commercial software must be run through the sysadmin team for licennsing consideration.

  4. Printers
    • Printers should only be used for work-related jobs.
    • Group members are responsible for maintaining the printers with supplies of toner and paper which may be found in the office. Those who use the printers and find that these supplies need to be replenished should inform Marilyn.
    • Users are responsible for monitoring their print jobs and seeing that no print job prevents other users from printing in a timely manner. System administrators will remove unattended print jobs at their own discretion.
    • Use the color printers only when necessary for research purposes.
      • If color figures are only on a subsection of a paper, print most of the paper on the B&W printers and print only those pages with color figures on the color printer.

  5. Disk Usage - refer to the policies posted here. A summary:
    • Store your important files in the shared file spaces. Local disks are not backed up, and may be wiped at any time. Less important files (ie, those that you don't mind if they're deleted at *any time*) may be stored in /Scr or on your local system.
    • Keep your home directory size as small as possible (no more than 5 GB). If you need more space, use /Scr or /Projects.
    • Keep your /Projects space size below 50 GB.
    • /Scr space can be used for short-term storage of large data sets, but it is not backed up. See here for more details on individual /Scr spaces.
    • /Projects space can be used for long-term storage of large data sets, but files should be archived to long-term storage when they are no longer in use. Specific policies are here.
    • Files in /Home and /Projects are regularly backed up, as detailed here.

  6. Do not log into any machine designated as a server!
    • A message stating "DO NOT USE THIS MACHINE. IT IS A SERVER." will be posted upon indvertant login to a server.
    • Current designated servers: edmonton, manitoba, rama, ruse, ottawa toronto, montreal, vegas, rio, roma, riga, reno, rafah, winnipeg

Password and Account Security

  1. Each user is personally responsible for his or her own account, and is the only one who is allowed to use that account. Do not allow others to use your account!

  2. Your password must not be easily crackable by modern systems, or shared with others.
    • General guidelines: 6-8 characters or longer, should combine letters, numbers, and punctuation, only letters or only numbers, must not be based on any name or any word in any dictionary.
      • I recommend two short nonsense words concatenated by a couple of numbers or special characters.
      • Some examples: juxt.fren, krel*yotz.
    • New passwords are checked by a rudimentary scanner.
    • We do run a regular scan of the password file to look for weak passwords.
      • If we crack your password, we reserve the right to shut your account immediately (though we will attempt to give suitable warning).
    • Your web password should be different than your system password (though it may be more crackable if you wish).

  3. Do not let your password get intercepted.
    • Use SSH to get from system to system (instead of telnet/rlogin/etc).
    • Whenever possible, use secure web sites (https://) when transmitting passwords over the web.
    • Use SFTP instead of FTP for transmitting files - clients are on our systems, or available here for UIUC students, staff, and faculty.
    • Use secure IMAP to read your mail (imaps://; most mail clients, such as Eudora, understand secure IMAP).
    • More information regarding external access to Group resources is available here.

Web Policies

Individually Used Resources (both Group- and Personally- Owned)

Users may bring in their own laptop computers, or even desktops, as long as they do not interfere with the normal operation of the rest of the network. Specifically:

  1. Any machine that will be on this network must be approved by the sysadmin team.
    • Do not plug a machine into the wired network without permission!
    • Machines must be given specific permission to use the wireless network.

  2. We will attempt to provide the tools necessary for users to pursue Group-supported work on their personal machines. Specifically, licenses for commonly-used Group software (ie MS Office) and network equipment (ie wireless cards) may be provided for loan to Group members for use on their personal machines.

  3. Personal machines are *not* maintained by the sysadmin team.
    • Users are in charge of their own backups and system patches.
    • Full technical support is not available for personal systems.

  4. Personal machines *must* use DHCP for address assignment, unless special arrangements are made with the sysadmin team.

  5. Personal machines must be secured to an acceptable level if they are to be on our network.
    • Users are responsible for patching their own systems.
    • There must be no clear-and-present-danger level security holes, or access may be removed.

  6. Personal machines may only access the file servers through priveleged authenticated protocols (SMB) or unpriveleged unauthenticated protocols (WebDAV). NFS is specifically prohibited!

  7. All standard campus policies regarding servers, wireless networks, and so forth apply.