[unisog] Slashdot's UCSB Article

Jim Dillon Jim.Dillon at cusys.edu
Tue Oct 1 17:11:10 GMT 2002

Thanks Allen,

The insight helps.  Accepting domain membership, using a personal firewall,
or working through something like a Citrix front end, any of these sorts of
options work?  Truly they have costs - can those be passed on to fund the
difference in your support requirements?  I understand your dilemma, and it
is as I feared.  We want our cake (support all the various platforms) and we
want to eat it too (do it securely) without recognizing the requisite costs.
>From a long term/strategic sense it does seem to be contradictory, a failure
to truly understand total cost/TCO.  My gut hunch is that with MS still
firmly entrenched as the 90% solution in the job market, and with most job
requirements specifying MS products, it doesn't serve our clients too well
to eliminate MS options, good or bad, but I can understand your dilemma.
Thanks again.

My experience with the university environment says that the contentions
about homogenous environments don't really fly here.  Mac, Linux, Unix, HP,
MS 95-XP, even an Apple Lisa, IP, Novell, and Apple Talk networks are all in
full bloom here.  We have paid some of the prices you mentioned though,
NIMDA et al within certain communities.  Somehow we manage to support that
without wholesale giving up on certain platforms, but there is a lot of
investment required to make that happen, more than the accountants recognize
for certain.  

Given your inability to get enough resource to support a solution, perhaps
an external partnership with a Telco to manage that connectivity through
their broadband solution can eliminate your costs supporting the
infrastructure of a resnet?  Of course you'll still have to manage your
end/connection of their solution, but the user environment and support can
become a contractual issue between the telco and the user, not the school.
Now you manage a firewall or VPN perhaps, not a network?  Maybe that's what
reality/TCO will support?  Telco's might be more agreeable these days
towards cost effective solutions!  :)  Of course I cringe at the thought of
what security services or lack thereof could result from such a solution,
but perhaps that can be dictated to some degree?...

Thanks for your time, you've provided good insight for consideration.


-----Original Message-----   **** Copious Clipping of History  ****

From: Allen Chang [mailto:allen at rescomp.berkeley.edu]
Sent: Monday, September 30, 2002 10:30 PM
To: Jim Dillon
Cc: 'Daxter Gulje'; SANS (E-mail)
Subject: RE: [unisog] Slashdot's UCSB Article

On Mon, 30 Sep 2002, Jim Dillon wrote:

> While I can understand taking the target-of-the-day out of circulation, it
> is not an apparent example of great support for the end-user/customer
> community.  ...

Well, if by removing Win2k computers, you prevent them from being
compromised and thus prevent them from wasting network resources through
DOS and warez FTP/XDCCs, you serve all the users. ... Although, I have to
concede that not
allowing any exceptions is somewhat heavy-handed.

> a well designed group policy be enforced for those that do bring W2K to
> campus to ensure good configurations?

This is entirely dependent on the environment. In the ResHall environment
where you have 8 different OSs on thousands of configurations in 6
different languages, it just isn't feasible. In corporate or small edu
departments, it's manageable because of large IT departments or small
number of similar computers.

> Not an administrator/operational problem, but a strategic near-sightedness
> problem perhaps?  ...

No, you're entirely right. However, that would require an enormous
investment of resources. In terms of labor cost, probably around $15
per computer just to install basic patches and antivirus because of the
differing configurations.

More information about the unisog mailing list