[labnetwork] Getting files off older computers

N Shane Patrick patricns at uw.edu
Mon Sep 10 14:50:26 EDT 2018 

Hi All,

We have a similar setup, but with a different set of data tunnels, so to say. User owned external drives are outright banned from being connected to any system in the facility.

Our lab runs on an internal network that only allow communication within that network, and no access to the internet as a whole. The exceptions being dedicated IPSEC tunnels that connect to servers for tool access control, security cameras, and, among those, data storage.

Via these tunnels, every tool has access to two network share drives, and each drive maintains separate directories for every user registered to our facility. One drive allows a limited quota of disk space where files may be stored long-term, and the other drive allows unlimited storage but files older than 2 weeks are automatically purged. When a user enables a tool via out extremely customized implementation of CORAL, scripts automatically make the correct directory for that user available to the drive mounts on the systems in question. Users may then store anything they generate to these drives. Upon disable, the directories are made inaccessible to protect that user’s data.

Users may then retrieve their files via a webpage on our custom CORAL frontend, or while anywhere on campus they may mount their directories as a drive share on their personal systems. So similar to other implementations, we have a server-in-the-middle approach that allows us to isolate the lab from outside threats while still allowing our users store their data in a protected but accessible space, but everything is internal rather than using external services.

We’ve implemented storage to these drives in other creative ways for systems that are less capable or intentionally brain-damaged in some way, including having our old Alphastep 100 be able to store traces as an image to these drives when it would normally only be able to print to a physical, attached printer. All of this is thanks to a very talented and patient lead developer we are very thankful to have. So I realize this very custom approach may not be doable by everyone, but it certainly has worked well for us.

N. Shane Patrick
Electron Beam Lithography
Research Engineer, Washington Nanofabrication Facility (WNF) 
National Nanotechnology Coordinated Infrastructure (NNCI)
University of Washington
Fluke Hall 129, Box 352143
(206) 221-1045
patricns at uw.edu <mailto:patricns at uw.edu>
http://www.wnf.washington.edu/ <http://www.wnf.washington.edu/>


> On Sep 10, 2018, at 7:13 AM, Nathan Nelson - Fitzpatrick <nnelsonfitzpatrick at uwaterloo.ca> wrote:
> 
> Hi Kevin,
> 
> This is a very good question and I’m looking forward to reading all the responses that will come in.
> 
> We have a similar suite of tools running older Windows versions in our lab.  Our IT people have set up a Virtual LAN to let us network all of our tool PCs (including Windows XP and 7).  The Virtual LAN is barred from sending or receiving traffic outside of campus so we have greatly reduced worries about someone attacking vulnerable and un-patchable computer hardware.  
> 
> To transfer into and out of the cleanroom VLAN we have a locally hosted instance of OwnCloud (https://owncloud.org <https://owncloud.org/> ).  This sits on a server with one network card facing into the cleanroom network, and one network card facing out to the general campus network.  
> 
> On all of the cleanroom computers we have installed a browser with the OwnCloud URL bookmarked, so a user will just login to their account through the Owncloud web interface and then uploading files is just a matter of “drag and drop”.  The files can be retrieved and downloaded on the user’s desktop computer using the same method (though the URL is different from the “in-cleanroom” URL).
> 
> I would be happy to answer any questions you have about our solution.
> 
> Best regards,
>   -Nathan
> -- 
> Nathan Nelson-Fitzpatrick  PhD
> Nanofabrication Process & Characterization Engineering Manager
> Quantum-Nano Fabrication and Characterization Facility (QNFCF)
> Office of Research
> University of Waterloo
> 200 University Avenue West, Waterloo, ON  N2L 3G1
> P: 519-888-4567 ext. 31796
> C: 226-218-3206
> https://fab.qnc.uwaterloo.ca <https://fab.qnc.uwaterloo.ca/>
> <university-of-waterloo-logo-esig[2].png>
> 
> 
> 
> 
> From: <labnetwork-bounces at mtl.mit.edu <mailto:labnetwork-bounces at mtl.mit.edu>> on behalf of Kevin McPeak <kmcpeak at lsu.edu <mailto:kmcpeak at lsu.edu>>
> Date: Sunday, September 9, 2018 at 7:54 PM
> To: "labnetwork at mtl.mit.edu <mailto:labnetwork at mtl.mit.edu>" <labnetwork at mtl.mit.edu <mailto:labnetwork at mtl.mit.edu>>
> Subject: [labnetwork] Getting files off older computers
> 
> Dear Colleagues,
> 
> Here at the LSU cleanroom, we have several older computers (e.g Win XP and Win 7) which are not allowed on the network. These computers are connected to instruments (e.g. SEM and AFM) that we often need to get files from. Unfortunately, the instruments do not run on Win 10 (our network administrator won't allow Win 7 on the network as well). 
> 
> The current protocol to get images etc. off these older computers is to use a cleanroom owned USB stick to move the file to one computer in the cleanroom which is on the network.
> 
> I do not like this protocol. It is very difficult to stop users from using their own USB stick, which could be infected. Also USB sticks grow legs.
> 
> I suspect other facilities on the list have faced these same challenges. I am curious how you have resolved them. Thank you in advance for your input!
> 
> Regards,
> Kevin
> 
> -- 
> Kevin M. McPeak
> Assistant Professor
> Louisiana State University
> Dept. of Chemical Engineering
> 3307 Patrick Taylor Hall
> Baton Rouge, LA  70803
> email: kmcpeak at lsu.edu <mailto:kmcpeak at lsu.edu>
> phone: 225-578-0058
> _______________________________________________
> labnetwork mailing list
> labnetwork at mtl.mit.edu
> https://mtl.mit.edu/mailman/listinfo.cgi/labnetwork

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mtl.mit.edu/pipermail/labnetwork/attachments/20180910/fbc0fe6d/attachment.html>

More information about the labnetwork mailing list