Skip Navigation
 Search | Directories | Reference Tools
UW Home > UWIN > Admin Gateway > Introduction to Nebula 

Nebula Bronze Services

Topics on this page

General description

This is a description of the Nebula Bronze service, and the responsibilities of both the Nebula support team and the department requesting Bronze services. As described on the Nebula home page under What is Nebula?, Nebula is a system of networked personal computers, centrally managed and supported by UW Technology. Nebula PCs are networked to a Windows domain, which provides the following services:

Nebula Gold is a full-service, managed desktop option that provides complete software update management and a wide array of technical support and consultation services.

Nebula Bronze is a managed desktop option designed for departments that have onsite technical support staff who can provide local desktop and application support, but want access to a professionally managed domain with secure file and print services. All software is provided and installed by the support staff; Nebula then regularly updates the operating system and virus software.

Nebula Bronze computers:

Technical considerations

Support responsibilities: Local support staff will support and troubleshoot the Windows operating system, all desktop applications, and any problems indicated by the Nebula scan reports. No software or hardware support is offered by Nebula for Bronze systems, other than that described above. Bronze client departments will identify primary and secondary local support people, who are given additional rights to perform the required functions. Nebula staff will consult with the local support staff on the process of adding a Bronze system to the Nebula domain. Local support staff actually perform all Nebula conversions (more information is given on the Implementation page).

Local support staff are responsible for reporting security incidents to Nebula Support, to minimize the possibility of contagion.

Domain accounts: Nebula domain accounts will be created for all client staff who require them, based on a valid UW NetID.

Local accounts: Nebula uses group policy to rename the default 'Administrator' account. No change is made to the password. The local 'Guest' account is also renamed, and a secure password is assigned. Local support staff manage credentials for all local accounts, including the renamed 'Administrator' account.

Remote management: Nebula domain administrators must be able to remotely manage Nebula Bronze workstations. Workstations are monitored for operating system version and service pack level, and antivirus DAT file revision level. Local support contacts will be notified about any problems, and are responsible for fixing them. If a system remains in conflict with domain policy for a period of time, it will be dropped from the domain. Local support staff will then work with Nebula support staff to ensure a system is in compliance before it is rejoined to the domain.

Server services: Nebula Bronze workstations may run services that listen on the network, and are remotely accessible, so long as the appropriate security measures are in place (see Firewalls, below).

Firewalls:A firewall or similar network access control system is required for UW owned/operated machines, as outlined on the Minimum Computer Security Standards page. Nebula uses group policy to configure the built-in Windows Firewall so that remote management is possible. Local administrators may add additional firewall rules to the Windows Firewall, or disable the Windows Firewall completely, and use a different network access control method. Where local administrators choose to use the Windows firewall, they typically may not configure the ports controlled by the default domain policy. Where local administrators require additional exclusions for the Windows firewall, such as for RDP and SMB, they should contact Nebula Support.

If a client wishes to use IPSec filters or the UW Technology Logical Firewall to perform a similar function, Nebula will provide guidelines for doing so. Any other firewall is unsupported. If remote management functions are disabled by such software, local support staff will be given notice to comply with domain policy requirements. If they do not comply, the problematic computer will be removed from the domain until the problem is solved. Specific information on the firewall policy is on the Firewalls on Nebula Bronze Workstation and Local Servers page.

Remote Control software: Only the built-in Remote Desktop and Remote Assistance services are permitted for remote control of a Nebula system. Software which is not permitted includes, but is not limited to, PCAnyWhere, ControlIT, GotoMyPC, etc. Remote control software installed on a Nebula system to connect to a system elsewhere is generally prohibited as well.

Network drives: Network access is granted via the I:\groups (shared) and H:\ (private) drives, and these drive letters need to be available for this purpose. Nebula will assist the department in moving files from any local servers to Nebula servers. Files stored on the networked drives are routinely backed up. The last several daily backups are available for user retrieval from I:\snapshots.

Software updates: The required settings for Bronze workstations are to turn on both Windows updates and virus updates. Bronze workstations are sent specified software updates daily (operating system patches, hot fixes, and virus updates). Nebula will check to ensure that Bronze workstations have a current operating system, a current antivirus DAT file, and functional automatic updating of the operating system. Nebula will notify local support staff if these items are found to be out of compliance. These must be fixed by the local support staff, or Nebula will remove the compromisable system from the domain. Use of the supported anti-virus client is required on Bronze workstations. The client can download the McAfee VirusScan software from the UWICK site.

Additional software available

Shared calendar program

The client can purchase Oracle Calendar client software and pay for ongoing maintenance costs by sending a budget number and license count to nebula-support@cac.washington.edu The client is responsible for installing, configuring and updating the client software on each Bronze workstation as well as troubleshooting any Oracle Calendar issues.

Virtual Private Network connectivity (VPN)

The Nebula Virtual Private Network is a service provided to help clients using a Nebula computer while connected to the Internet but not on the UW campus network. The VPN ensures a secure, encrypted connection into the domain, and provides access to Nebula resources. You will find instructions and a setup program on the Nebula Virtual Private Network page.

As stated above, all software and hardware support for Bronze systems is provided by the client’s local technical support staff, although Nebula Support will assist in troubleshooting specific network connectivity and VPN problems.

Implementing Nebula Bronze Service

Please see the page on Implementing Nebula Bronze Services for more details on this process.

If you have questions or suggestions, please forward them to nebula-support@cac.washington.edu.