Due to the risks posed by systems that are missing security updates, the University has implemented a policy in September 2017 requiring all Duke-owned computers to be enrolled in a centrally-monitored security management system.
This policy is designed to provide the University with the direction and support needed to ensure that devices connecting to our network are kept up-to-date with security patches and can be associated with an individual or group. While the methods may differ depending on the device type, the intent is to make sure all devices are well-protected.
Below is additional guidance for IT staff on implementation priorities:
- Planisphere: Use Planisphere for tracking your IT assets and identifying your devices that are enrolled in one of Duke’s endpoint management tools. Please see the Endpoints@Duke Planisphere page for more information and feel free to send any questions or concerns to planisphere-feedback@duke.edu.
- Servers and VMs: The policy only applies to laptops/desktops, but servers should still be managed. OIT and other departments have made good use of SCCM, BigFix, WSUS, Puppet, Ansible, and Spacewalk as options. VM’s should also be maintained. VM’s running on enterprise infrastructure like ESX should be managed or tracked, and a process should be in place to track and/or update them. For VM’s on desktops and laptops, the priority is to ensure the host OS is kept up-to-date and tracked. Dual-boot machines should have coverage on both OSes, and both will be reported in Planisphere.
- Research labs: If you have research lab environments, Duke OIT and ITSO would like to know about them so we can work with you on which alternative protections might be needed. Please email itso@duke.edu for assistance with labs.
- Mobile devices: Phones and tablets are not in the policy’s current scope, but, if you have Duke-purchased phones and tablets, please begin considering how these are managed and tracked. Jamf Pro is currently available for iOS devices.
