I’ve not got to the bottom of this yet, and there are still discussions underway with our IT department, but it seems that, in consultation with an outside support vendor, that our IT department has decided that our Macs (including the new MacStudio that we run Flame on) are going to be simply wiped roughly once a year and the everything reinstalled.
I still do not know if they are going to remove everything sans the system software (/opt/Autodesk and all other files for Flame, etc.) and then replace it all afterwards without any apparent disruption except the time that it takes, or whether they simply do it and then expect us to have removed everything beforehand and then put it back in again afterwards.
By way of a metaphor, I am put in mind of having to move everything out, have the house redecorated, and move everything back in again, rather than decorate around existing objects as in an update. I’m still not sure why they cannot simply update the software. I don’t think they’ll even allow us to have two partitions and keep files on the second.
Does anyone here have such a total institutional total wipeout system, and a ready recipe for moving stuff back in after having everything wiped?
I’d be curious to hear their justification for this. IT peeps are supposed to be cautious about changing things. This sounds disruptive without a clear benefit.
Are they paid by the hour?
Yes Greg-Paul, it is something I really want to get to the bottom of, and I think I’m going to have to see the whites of their eyes as questions within emails chains are really not being answered, but simply edicts given and then “we trust we are helping you to be productive” appended. All I can think is that they see it as some sort of systems protection (Sunderland University had all of their systems held hostage last year) but then everyone bring private laptops and smartphones onto campus that would be windows onto the system? I’ve asked if we can keep local ownership but this and many other question go unanswered. Hopefully some facetime can help but this feels like something from some dystopic sci-fi flick a la Dark City.
Sounds more like Severance.
Never done that. Ever. Closest thing is, when installing new software and updating OS, to have a pre-checked (very carefully) image disk installed into the machine to replace the existing one. On occasion I have wiped the stone and wire when between jobs. And all of this was years ago. In this day and age there are so many moving parts to any system that it seems like a dangerous waste of time. One moderately severe issue can erase all of their “helping you be more productive” in a heartbeat.
Of course this level of security means that they are trading secrets about North Korea nuclear weapons. Definitely not about tv commercials.
would it be worth doing a Carbon Copy Clone of the entire mac hdd before this happens? Then you have the option to restore back as it was…
Yes as I thought, you kind of think that this centralisation and wipe-out is something that should be becoming less of an option, rather than more of an option. Yes, Adam, if this does turn out to be a cast-iron edict, I’d love to get a solution that enables us to easily copy everything around the OS and allow for a seamless interchange. As Tim says, there’s stuff all over the place and so many parts that this nuking (if you excuse the reference) is disruptive and hardly support-ive. I look forward to bumping into them in something more than a one-way Amazon-ish customer support paradigm.
How else do you think your outside vendor is going to make their boat payments?
From a distance, my impression is that that your IT department / outside vendor wants a clean base system in the interest of eradicating malware, spyware, etc.
If there’s no way around their policy, then I’d consider Lightningad’s suggestion to clone (at the very least /opt/Autodesk) and restore after the security purge.
In full fairness, most of the bigger facilities are already doing this in certain ways.
For example, a bunch of the big facilities have been using Puppet or similar to manually push out config files and other important schtuff every 30 minutes for the past 10 years. Of course, they are Active Directory environments with user accounts that can be logged in from anywhere so there technically isn’t anything to lose if the local machines were to be wiped anyways.
I have no idea if this is true or not but I could definitely see this as an anti-malware precaution or even just basic security practices, as in larger facilities the local machines are seen as replaceable and almost disposable from a data perspective. Anything locally on a machine that isn’t already somewhere else is a great opportunity to see your pants around your ankles at some point.
So, whilst a lot of us don’t like the idea, it does make sense and could be part of larger institutional IT policies that are high value targets for malfeasance.
Nice one Randy, and many thanks on the thoughts and the back-up to the backing-up and wiping issue. I’ve managed to get a temporary stay of execution of the plan for a few weeks and then they are going to wipe it, but a colleague (who teaches offline post-production) and I have been putting together a list of issues that we would need resolved and we should be meeting with them after our long hot summer break in September. I basically don’t mind if they update and fumigate the infrastructure/house, as long as our furniture can be put back quickly and we don’t have to spend weeks getting everything back in order before getting it fumigated again. We also want enough warning and a window. As it stands the machine desktop states something like “always back up your work as the machine could we wiped at any moment.” It’s like living in a cheap hotel room that cleans a lot where you cannot spread out. They’ve got a library computer methedology as their model (where students work in MS Word and upload to the cloud), and hopefully a face-to-face human conversation can make it more win-win and flexibly workable?
Well it sounds like there is some work to be done changing the way things are built. End users machines ought to be disposable in nature. They are the weakest link in a facility and the more they are leaned on the riskier it gets.