Host Self Registration Project
The IT Services Host Self-Registration service will combine a web-based self-registration application and a health-check tool to be run on the registering host computer. The software, associated documentation, and support of the system will be provided as a general service to the Stanford community.
The system will accommodate some custom configuration — on a network segment basis — by local network administrators (LNAs).
This project will finish the job started by the initial host self-registration project. IT Services is currently piloting the host self-registration software on several subnets across the university, including the Law School and GSB. Host Self Registration is still intended as a per-network opt-in service for Phase II.
Key Goal Highlights:
- Adapt the Host Self Reg tools to accommodate the existing ResComp Registration processes.
- Enable ResComp to leverage the Health Checking capabilities of the Host Self Reg system.
- Host Self-Registration, Phase II addresses desktop security, node registration in NetDB, and audited risks around the lack of accurate information in NetDB.
For several Septembers prior to the implementation of Host Self-Registration phase I, Stanford experienced serious problems on the campus-wide network, with the autumn arrival of many compromised, infected, and/or vulnerable (poorly patched and updated) systems with new students, faculty and staff on campus. These problems caused outages across the campus network resulting in the loss of business continuity and consumed vast quantities of man-hours in aggregate across campus in the efforts to resolve these problems. Additionally, registering new well-maintained systems has been a time-consuming issue for those managing campus wide network access.
Phase I of the Host Self-Registration project performed base-level host self-registration and activation in NetDB and provided a common set of required processes (patching and data security checks) to be run prior to allowing the self registration of a system on the network. Phase I required that the registering user be able to identify themselves via their Stanford University Network Identifier (SUNet ID).
Phase I appears to have improved information security on campus, reduced the number of systems that required manual intervention and rebuilding from scratch, progressed towards a healthier campus-wide network and, in general, received a positive response from the campus user base.