We should never be subjected to quotas and other active usage restrictions that were never written down anywhere, and we shouldn't be asked to justify or defend requests relative to existing functionality unless that functionality is documented.
- 1. Policies and resources need to be disclosed to faculty and staff in as timely a fashion as is reasonable, preferably through online documentation on (say) a Wiki. We only know to ask for something, or refrain from making redundant requests if we know what's available!
Our head sysadmin concurred. He reported that he's been here 6 months, and only now that he's familiarized himself with all of the systems we have, is he finally starting to get fully familiar with the policies that govern them. Some of the established practices have had to be elicited from students. The department head asked for a short (5-page or so) "best practices" document and this is what well be getting, in December or January.
- 2. In particular, we need a policy for applications installation, config, and maintenance, to alleviate sysadmin load and users' delays. For me, the crux of such a policy is the "spirit of the law" (rationale and general concept) of security. Therefore, the action item I requested was to include this on the forthcoming document.
- 3. I want to consolidate Ringil (web), Fingolfin (file/app), Anaire (CMS: Tiki, MediaWiki, Joomla). Finding out what's already set up on rack-mount systems in the machine room, though, is part of the disclosure issue. Therefore, the action item I requested was to link to a "list of services" from the web version of the policy document.
- 4. Turnaround is still too slow at present. This is changing, with Cole and others coming on the job and the schedule getting reorganized pending some necessary "public works" projects. Thus far, we've had a Windows 2003 Server (1 month), a Tiki for an NSF ITR reporting requirement (1 month), an Opteron account request (2 months), and a web server with several CMSes (12 weeks). I asked for a rough timeline document to go with the best practices document, so we can get an idea of scheduling and expected turnaround time before filing request.