[OpenAFS] Windows 8.1, SkyDrive and Roaming Profiles

Lars Schimmer l.schimmer@cgv.tugraz.at
Tue, 02 Jul 2013 10:09:43 +0200 

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2HAFJFKECXILRQTMCHPLV
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 2013-07-01 19:09, David Boyes wrote:
>>> A university would not.
>>
>> Why not?
>=20
> Because:=20
>=20
> 1) Universities tend toward maximum freedom of usage, even if the "feat=
ure" is actually hazardous.=20

Not everywhere. Depending on the level of security you want. With the
new events of Prism and co being real and not more hidden, the chances
to lock some features down are really high.
We e.g. do propose to NOT upload any data to any internet service we
cannot control. Thats why we do run OpenAFS - we want a own cloud to be
reachable secure from everywhere.

> 2) If you disable something on a machine that you don't own, you're lik=
ely to get all sorts of grief. Most machines in university environments a=
re owned by individuals.=20

Hell, NO!
If foreign workstations to resist in our network, they are a BIG risk
for security. They do go into a seperate, closed down subnet. Really.

> 3) Somewhere in the process of getting a PhD, most faculty members seem=
 to have been given a golden God card that says they can do anything they=
 want, no matter how stupid. If you prevent them from using Skydrive, the=
y will call your manager, call the dean, and call everyone they can find =
to make your life miserable. You won't like this.=20

They get a own subnet without OpenAFS features. Really.

>>> An organization that is supporting Bring Your Own Device (BYOD) canno=
t.
>>
>> Is there a use case for roaming profiles in a BYOD environment?
>=20
> Yes. Consider #2 above. How else would you handle it? Or devices with n=
o/minimal local storage.=20

Blackberry setup?
Remote wipe, encrypted storage,... all fine builtinto android (and if
needed: Apple iOS).

>=20
> Your last phrase encapsulates it neatly. "with an articulated security =
stance" rarely =3D university. Universities block things they get sued ab=
out. No further, unless you wish to experience #3 above.=20


I do not know which university you do know and think about, but at least
in europe some do work different.


MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723




------enig2HAFJFKECXILRQTMCHPLV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHSiscACgkQmWhuE0qbFyOEvQCcCZN1dfI2vjacJy5eW3E9f0nH
0IIAniBpS2AiM4CswN2f6UtsRdtjM1Dw
=v563
-----END PGP SIGNATURE-----

------enig2HAFJFKECXILRQTMCHPLV--