Comment on Setting up a server for a research team. What should be in my checklist?
bergetfew@sopuli.xyz 1 day agoHonestly, after considering the security implications of enabling access to the university’s network, I think I would first warn the team about this before setting up anything and let them decide how to proceed afterwards. I’ll also inform them to ask the IT department for the in-house VPN solution and identity management.
I don’t believe there would be need for the team to access anything in the network apart from the computer itself. Is it possible to arrange a solution that disables connections to intranet devices through the server by default just to be safe?
1995ToyotaCorolla@lemmy.world 1 day ago
Sounds good! It’s always a good idea to make sure everyone is on the same page about the risks involved in a project. I must also stress that you reach out to IT personally and make sure they know what’s going on. We’ve definitely had faculty go behind our back before, I’m sure that happens at other schools too, lol. I do have some final thoughts based on your bullet points to consider:
1) Server computer is a Mac Mini (latest model I think?). I’ve been told they would replace macOS with Linux, still I believe I should ready if they don’t (I don’t have experience with macOS at all)
I would personally avoid this, just due to the fact that the hardware might be in an insecure area and easily forgotten. Once the team is done with it, they might just leave it in place to idle forever. Or, someone might find it, not know what it is, and remove it. A VM running in the campus datacenter is a lot safer than a computer under a lab counter. This also avoids future hiccups with an exotic OS/hardware combination that you might not be thinking about right now.
*2) Server will be situated in university and provided a static IP address *
You’re going to need IT’s involvement on this, full stop. Just because an address isn’t in use right now on the campus network, doesn’t mean that it’s free for you to use. As far as public facing IPs go, those are totally managed by campus IT. You will need their permission to host services on them.
3) Team needs remote access to the server, presumably comfortable with using CLI
See number 2. You need IT’s permission to host services on the network.
4) I am unlikely to be permitted access to server myself after setup, so it should be ready to be managed by the team
You need to document everything you set up ready to hand off to whomever will be managing this server. This is unlikely to be someone on the research team, as if they can’t set it up themselves, I doubt they’ll be able to maintain it.
5) Extra hardware and/or paid software could be arranged but to a limited extent and within reason
There’s generally going to be a budget and/or grants available depending on the scope of the work the research team is doing. Going through the proper channels (IT Dept and Grant Officer) will give you access to these resources. As an example, a center involved with our school was doing watershed research and we were able to secure them a grant for tablets they could use for fieldwork.
One final, important thing to consider is what data this research team is collecting, what they’re using it for, and what’s going to happen to it once they’re done with it. If there is any PII (Personally Identifiable Information) in this dataset, there might be laws (e.g. GDPR) that you might need to comply with.
I hope that you don’t think that I’m harping on you too bad, it’s just that there’s lots to consider outside of the raw technical side of things that many homelabbers don’t really have to think about.
bergetfew@sopuli.xyz 1 day ago
Thank you for your suggestions. From the thread it is highly apparent that I would need IT’s support on this.
As for the hardware, we could still consider a machine with Linux as the server instead. Though the remote access issue would need to be resolved.