CAT Support Tiers: An Overview
|Tier 1: Full Support||CAT Supported, CAT Managed||This tier covers systems fully managed by the CAT and it is the preferred tier for systems we deploy. Examples include systems in CAT computer labs and many staff or faculty systems that we deploy and manage. The CAT handles deploying, upgrading, and patching these systems. CAT sysadmins are the only people with administrator/root access. Users have full access to CAT-provided resources like home directories, file servers, applications, and printing.|
|Tier 2: Co-Managed||CAT Supported, CAT & User Co-Managed||The CAT deploys the base system with all supported software and services. The end user shares administrator privileges. This is often used in cases where the user wishes to install their own software or needs to run programs that need to run as an administrator.
We strongly discourage using your administrator account for daily tasks such as email, web browsing and running programs. Logging in as an administrator leaves your computer more vulnerable to attacks and infections. We recommend only using this account when it is needed for installs and other actions that require administrative privileges. While this may seem cumbersome, it is the best practice to avoid security vulnerabilities.
User should be aware that if the system becomes corrupted or unstable, the CAT will redeploy it back to its current base system. The user is then responsible for adding the localized modifications back. All software added by the user needs to be properly licensed for use at PSU. Make sure you have read our Tier 2 Disclaimer before opting to go Tier 2.
Windows 7 and above: Users may not even need to fully log in as an Administrator. Instead, Tasks that require Administrative privileges will prompt for administrator login information. Alternatively, right clicking a program and selecting “run as administrator” will bring up a prompt to provide your Admin login.
Linux Tier 2: Due to security reasons related to file servers, TheCAT cannot offer Tier 2 loads for Linux.
Caveat: Because users have admin access they can break Tier 2 systems, and therefore must be more careful and aware of their actions. In most cases the CAT can only “fix” broken Tier 2 systems by reloading them from scratch. As with Tier 3 systems (below), compromised computers may be removed from the MCECS network.
|Tier 3: Self-Managed||CAT Networking, User Managed||This tier covers systems fully managed by the owner/user. Examples include personally-owned systems, most laptops, and some research systems. The CAT only provides network access (an IP address and Internet access) for the system. For wireless computers, use the OIT managed wifi infrastructure on campus. The user/owner does everything else: setting it up, installing and configuring the operating system, upgrading, patching, general management.
Caveat: To maintain network security, the CAT may disable the network access to Tier 3 systems that show evidence of being compromised (infected with viruses/worms).
In a nutshell, if you want a CAT supported system, you will need to be Tier 1 or Tier 2. If you want to manage your own computer with no CAT intervention, you will need to be Tier 3.
Also note that we are not in a position to provide dual boot implementations for CAT supported configurations. This is also the case for a Tier 3 system wanting to use a CAT supported configuration as a virtual machine. This is due to the inherent security concerns with such configurations.