HMS IT Endpoint Services Program
The HMS IT Endpoint Services desktop support program uses industry-standard computer management software to enhance the desktop computer support provided by HMS and HSDM. The applications we use are:
- LANDesk for Windows 7 and newer
- Jamf Pro for Macintosh
- Carbon Black for research instrument management and security
Benefits of the Endpoint Services Program
- Enhanced computer security by ensuring operating systems and applications are up to date.
- Bomgar Remote Support can reduce response times of support calls and enable distance-based support.
- Computers attached to instruments can be secured and made more productive by ensuring they are always available for their intended purposes.
- Inventory reporting for department administrators track computer purchasing, insurance liability, and life-cycles.
- Self-Service Portal enables HMS faculty and staff to install HMS licensed software.
Who is eligible for the Endpoint Services Program?
All HMS Faculty, Staff and Postdocs with an HMS-supported computer are eligible for the Endpoint Services Program. Endpoint Services Program software is installed as part of the Cyber Essentials security suite.
Are HMS/HSDM students eligible?
Students working in a lab or office, as an HMS or HSDM staff member, are eligible. Students not working in an official capacity for HMS/HSDM are NOT eligible to participate in the Program.
What computers are eligible?
Any computer in use by faculty, staff, Postdocs or students that have a reasonable expectation of support by the HMS IT Client Services Group, including, but not limited to:
- On Quad computers used for daily HMS related work
- Off Quad Work computers purchased for use in a location other than the worker’s primary HMS office, used primarily for HMS related work.
- HMS owned & supported computers connected to instruments.
- Any computer that has Harvard University or Harvard Medical School Site licensed or volume licensed software installed on it. Certain software licensing agreements that HMS or Harvard University participate in may require management tools to be installed on the computer as long as the licensed software is installed.
What computers may not eligible?
- Computers belonging to students NOT working in an HMS lab or office position.
- Home computers purchased with personal funds used at home primarily for non-HMS related activities, even if some HMS related work is performed.
- Computers retired by HMS and given to staff, faculty or researchers for use at home.
- Instrument computers that are fully supported by a vendor.
- Computers too old to run the self service software.
- Some computers that are used by clients with multiple appointments may have to abide by rules implemented by other affiliates. In these cases, the device is exempted from HMS management.
Desktop Support FAQ
Why has HMS implemented the Endpoint Services Program?
The Endpoint Services Program helps HMS IT:
- Create a holistic view of the entire HMS computing environment
- Ensure highest levels of information security
- Reduce the impact of planned and unplanned outages
- Identify and implement new services to the HMS community quickly and efficiently.
Which applications are HMS using for desktop support?
IT has chosen three different applications for use on Harvard owned computers. Each application is geared towards a specific computer platform and need. We selected solutions that are recognized as best in class and widely adopted across many sectors, in order to get the best possible results for our community.
- For Windows computers, we have chosen LANDesk. LANDesk provides a full suite of tools and application designed to enhance the desktop support process.
- For Macintosh computers, we have chosen Jamf Pro by Jamf Software. Casper provides a full suite of tools and applications designed to enhance the desktop support process.
- For “specific use” we have chosen Carbon Black. A “specific use” computer is a computer used in a particular capacity, such as one connected to an instrument or serves a very unique purpose. Carbon Black protects computers from in appropriate use and malware.
- For Remote Desktop Support, we have chosen Bomgar Remote Desktop. Bomgar is also used by Harvard University IT and leverages industry standards to ensure maximum security..
How are the computers affected?
Enrollment in the program requires the installation of a Self Service Application which is comprised of two main components:
- A “helper” application, responsible for making the connection to the server. The helper application runs periodically on a scheduled basis, usually about once per day.
- The “Self Service” application which allows a computer user or Client Service Representative (CSR) to sign in and install software from a portal on the computer.
How will IT use the helper application?
The helper application runs in the background and communicates with the management server to send certain information back to the server. The information is sent in an encrypted format.
The helper application allows the management server to do the following:
- Receive information about the current OS version and patch status.
- Receive information about installed applications and versions.
- Receive information about the installed hardware and current status (i.e., hard drive full, disk errors, memory page errors, total RAM, hard drive capacity, etc.)
- Receive BIOS information about the computer, such as serial number, IP address, MAC address. BIOS passwords are NOT captured.
- Push approved OS patches and approved application updated to the target computer(s) as needed.
- Apply approved configurations to the target computer(s) as needed, such as Wi-Fi configurations, Wi-Fi Certificates, email server configurations, printer configuration files, etc.
- Apply policy configurations to target computer(s) as needed, such as blocking certain OS or application patches, blocking known malware or spyware applications, enforcing encryption polices, etc.
How often is information sent to the server?
Information is sent to the server in a secure encrypted format approximately once every 24 hours. Data that is sent contains only information about the hardware and software configuration. No personal data of any kind is ever collected or sent to the server.
When and how will IT push updates to a computer?
IT will push applications, application patches, OS patches, configurations or policies to the computer when needed. We will make every effort to notify you prior to doing so, however some circumstances may require us to push certain critical updates prior to fully notifying you of the update. We have not established a regular schedule for deploying software updates that are not critical, however we can push updates upon request, and can configure computers to install updates provided by the manufacturers.
What is the self service application?
The Self Service application is a tool that can be used by you to self-install software provided by HMS. From this single interface, you will be able to select certain applications to install on your computer, and may be able to access certain other IT support resources. Your Client Services Representative can also use this helper application to install software on your computer when they visit.
What kind of software is available via self service?
Currently, available software is limited to currently supported applications for which there is normally no charge to you. This includes Microsoft Office, MATLAB, LaserGene, FireFox, and Adobe Reader. We may also make available pre-configured printer packages that will allow you to self install and configure the printer or printers located in your areas. In the future, we expect to be able to offer additional applications that have a license fee associated with them, such as Adobe Acrobat, Creative Suite, and FileMaker Pro.
How do I access the self-service portal?
Windows: Start-> Programs -> LANDesk Management -> Portal Manager.
The first time you launch the self-service application, it may take a few minutes for all available applications to appear. You can also click the Refresh button to load the portal faster.
Macintosh: Macintosh HD -> Applications -> HMS Self Service
The first time you launch the self-service application, it may take a few minutes for all available applications to appear.
Will my computer be slowed down by the management tools?
HMS IT carefully selected software with minimal performance impact as a key factor. The applications that are installed on the computer are very small and take up very little processing power when running.
Are you managing mobile devices?
BYOD mobile devices such as smart phones, smart watches, and tablets are not being managed at this time. Mobile devices purchased with Harvard funds may be subject to management at a future date.
Can this software monitor what I do on the computer?
No. HMS IT specifically implemented software that is unable to perform tasks such as monitoring what actions or work is performed on a computer.
Specifically, these tools cannot:
- Collect any personally identifiable information.
- Collect information about what data files you currently have open or have opened in the past.
- Collect information about what is in your home folder.
- “Scan” or “crawl” through your computer.
- Create a list of the files or documents on your computer.
- View what files an application has accessed or the history of any files that may have been opened.
- Report on how long any one session lasted with any given application, or what you were doing within the application.
- View any kind of browser history, browser caches files, browser downloads, etc.
- Log or watch “keystrokes”.
- Determine what activities were performed during the time the user was logged in.
- Enable HMS IT to see your computer screen without your permission.
- Report on how long any one session lasted with any given browser, nor can we determine what websites were visited or how much time was spent on any given website.
These tools can:
- Create a list of applications, and we can report on how long a specific application has been running in the foreground in total hours and minutes.
- Report on how long a specific web browser has been running in the foreground in total hours and minutes.
Will my computer be encrypted through this software?
Harvard University policy requires all mobile devices, including laptops, smartphones and tablets to be fully encrypted. Desktop computers are not included in this policy.
Is this software secure? Will my data be secure?
Yes! HMS Information Technology is committed to maintaining full security of all data utilized in the day-to-day operations of the School. The applications selected by HMS IT to provide this service collect, transmit and store non-personalized information about the computer in a secure database within a secure HMS managed facility. At no time is your personal information touched or collected.
For more information about how HMS IT handles your private information, please review the HMS IT Privacy Statement.
What happens when I leave HMS?
If you leave HMS with a computer currently being managed, our licensing agreements with software manufacturers require us to remove ALL Harvard licensed software. Harvard owned software includes any application or suite of applications provided by HMS to you at no charge or any software that was purchased by the lab or department using a Harvard University 33 digit billing code. Any software purchased with your own funds is yours to keep.
If your computer leaves Harvard Medical School (e.g.: retired or taken with you to another institution) it is extremely important that the Endpoint Services software be uninstalled prior to your departure date. Failure to do so:
- Leaves the computer in a managed state that cannot be easily undone off the HMS network.
- Prevents removal of HMS licensed software, putting you at risk of violating the Digital Millennium Copyright Act .