ITS Service Changes
How Ongoing/Upcoming Upgrades May Affect You
Below is more detail about ongoing and upcoming changes to ITS services that are likely to impact you:
- Changes to Public LDAP Access
- Integrated System & NetBadge
- Service Portal for Requests Update
- CrashPlan Now Available
- Change Coming to ITS VPN Services' Connection Process
- Protection from Accessing Malicious Websites
- Upcoming Changes to UVA VPN Services
- ITS Statement on Support of macOS Sierra (OS X 10.12) at UVA
Changes to Public LDAP Access (Feb. 1, 2017)
Protects Student Privacy
- Purpose: In the interest of continuing to protect student privacy, the University will be limiting access to the Public LDAP effective Wednesday, February 1, 2017. At this time, direct access to the Public LDAP will be limited so it can only be accessed from known UVA IP-Space (excluding guest IPs) and the IP space of known valid users.
- Impact: For users physically located at UVA or for applications that run from UVA servers, there should be no impact. Off-Grounds users not connected to the UVA network will have to use VPN (Virtual Private Network) to access Public LDAP.
Integrated System & NetBadge (Jan. 15, 2017)
Employee/Manager Self-Service & HR/Finance Admin Users Affected
- Purpose: Starting January 15, 2017, portions of the Integrated System, including Employee/Manager Self-Service (Time/Leave, Payslips, W-2s) and HR/Finance Administrative, will be placed behind NetBadge. You may hear this alternately referred to as the Integrated System going to or behind Single Sign-on (SSO). This work is part of the SecureUVA Initiative.
- Impact: Use the new buttons for Employee/Manager Self-Service and
HR/Finance Admin on the Integrated System website. If you bookmarked
the URLs for the websites previously, please update your bookmarks.
- Now that Employee/Manager Self-Service is behind NetBadge, take advantage of the added security of 2-Step Login. This will better protect your personal information, including your W-2.
- ODS, Discoverer, and SIS are not affected by this change.
Service Portal for Requests Update (Jan. 15, 2017)
Request Processes Rolling Out on Monthly Basis
- Purpose: In Feb. 2016, ITS embarked on an initiative to improve the quality of our request fulfillment processes and to standardize these operations. The transition continues to take place over the course of multiple projects. The first of these to transform were paper-based, email-based, and other service requests into automated processes with designated fulfillment teams.
The web-based tool provides our customers with an easy way to
request and track their orders all in one central location. In the future, this
tool will become one-stop shopping for requesting over 100 ITS services.
Check out the project website for the latest releases.
CrashPlan Now Available (Dec. 15, 2016)
Introducing a Desktop Backup Service for Protecting University Data
- Purpose: ITS is proud to announce a new tool to protect University data placed on desktops and laptops. Use this new service to backup data and protect against ransomware.
- Impact: Degree-seeking graduate students and Agency 207 faculty, staff, and instructors will be able to use this tool to backup devices containing University data, and protect against ransomware infections and hard drive crashes.
Change Coming to ITS VPN Services' Connection Process (Dec. 6, 2016)
Additional Step Will Require Users to "Accept" Network Use Terms
- Purpose: When using UVA networks, members of the University community do so under the terms of Responsible Computing and other University policies. In order to prosecute unauthorized users who access our systems, we must provide notice that access to UVA networks is for authorized UVA use only. Otherwise, law enforcement (e.g. FBI) will not hold non-authorized users responsible for malicious activity on our networks.
- Impact: Starting Tuesday, Dec. 6, 2016, UVA users authorized to
use our VPN services and networks will have to "accept" usage terms each time
they connect. This applies to all of our VPN services (UVaAnywhere,
Joint, More Secure Network). You will see the second "banner" screen when connecting to the network
through a VPN service; click "Accept" to proceed with your connection.
Note: This change is unrelated to the Joint VPN full tunnel migrations that began on Nov. 29, 2016 and continue through mid-December, and will not affect the operation of any of our VPN services and the network access they provide.
Protection from Accessing Malicious Websites
DNS Servers Will Begin Utilizing DNS Firewall Protection
- Purpose: ITS provides Domain Name Server (DNS) services for UVA so that networked systems can look up domain names (which humans use) and resolve them to IP addresses (which computers use). As part of the SecureUVA security enhancement program, ITS' DNS servers will begin utilizing a DNS firewall in order to block access to malicious domains. The DNS server will check every request against a constantly updated database of known bad domains and IP addresses (e.g., confirmed usage by malware or phishing). The firewall will be configured to be increasingly more protective for users beginning in November 2016 and going through Spring 2017.
- Impact: Users trying to access a malicious website will not be able to get through. Requests to look up known bad domains/IPs receive a special response which effectively redirects the requester to a safe system rather than the malicious system. If a user feels the website is being wrongly blocked, s/he should contact the UVA Help Desk. For more information about this project, please see the DNS Firewall webpage (NetBadge credentials required).
Upcoming Changes to UVA VPN Services
Security Enhancements for More Secure Network VPN & Joint VPN
- Purpose: In order to improve network security, ITS is changing the configuration of the More Secure Network VPN and Joint VPN services from Split Tunnel to Full Tunnel prior to the end of the calendar year. Changes to the More Secure Network (MSN) VPN were made on Oct. 18, 2016. The migration of Joint VPN users to full tunnel mode started on Nov. 29 and will continue in waves over the course of the next 3 weeks.
- Impact To Users: Many users will not notice a difference once the MSN VPN and Joint VPN services are operating in Full Tunnel mode. If users need to access local network resources while connected to the MSN or Joint VPN service, such as network printers at home, they may need to enable the “Allow Local (LAN) access when using VPN” option in the Cisco AnyConnect VPN client preferences/options. If you need assistance making these changes, please consult your departmental LSP or contact the UVA Help Desk.
Impact to LSPs: If LSPs have network resources such as file servers that have been restricted by IP address access lists containing their local building subnets, for example, they will need to ensure that they have added the More Secure Network VPN service client IP address range to these access lists. Note: To get ahead of the game you may want to consider adding the Joint VPN service client IP address range at this time as well.
Statement on Support of macOS Sierra (OS X 10.12) at UVA
Can Be Used with Most Basic UVA Services like WiFi and Email
- Purpose: Apple's latest operating system, macOS Sierra (OS X 10.12), is currently (Sept. 2016) being testing against ITS supported products; please see our testing results.
- Impact: We recommend that you check ITS's support statement before installing macOS Sierra on UVA computers; not all services, most notably the Integrated System (HR/Fin) and Student Information System (SIS) are supported under Sierra.