Data classified as "Level 1 - Confidential Information" by the KU Data Classification & Handling Policy, including information protected by HIPPA (health info), FERPA (student records), GLB (financials) and PCI (e-commerce), should not be stored on KU group file storage or personal file storage via KU Central File Storage. For a complete list of data classified as "Level 1" please see the KU Data Classification & Handling Policy: Appendix 1. Please contact your Technology Support Staff regarding the special permissions and processes required to store Level 1 data.
Users can access their stored folders and files from home or a remote location by connecting to the server through the KU Anywhere Virtual Private Network (VPN) service. The use of VPN technology ensures that access to files is protected when using the Internet for connectivity. Please note: Users will not be able to login to the HOME domain from outside of KU and should use permanent (persistent) mapping of shares, a script to mount shares, or manual mapping to access their network drives.
File systems are automatically backed up on a daily basis through snap-shotting and traditional back up to tape.
Self-Service File Recovery (snapshots)
A snapshot is a locally retained point-in-time image of data. A snapshot is a "frozen," read-only view of a volume that provides easy access to previous versions of files and directories. Users can directly access snapshot copies to recover accidental deletions, corruptions, or modifications of their data. The procedure for self-service file recovery can be found here for Microsoft or here for non-Microsoft operating systems.
Since the security of the file is retained in the snapshot copy, the restoration is both secure and simple and eliminates the need to involve KU IT in the restoration process.
The space required to keep snapshots does not count toward share quotas and is considered a benefit of the storage service. Snapshots are taken once a day and retained for 10 days.
All files are backed up to tape daily, and after one week, the data is stored off-site for 90 days.
Responsibility for management of the storage resources allocated to departments and groups is built upon a formally defined collaboration between designated departmental Technology Support Staff and KU IT.
A departmental Technology Support Staff member is designated within each department and serves as the only person authorized to request changes for access to or removal of departmental data. This provides a simple accountability trail and eliminates confusion around questions of who is ultimately responsible for defining access to or removal of all departmental folders.
KU IT provides highly skilled storage experts who are tasked with monitoring the performance, capacity, and accessibility of departmental data. The KU Central File Storage Service infrastructure is monitored 24 hours a day, 7 days a week and 365 days a year. KU IT staff are on-call during in the event of system failure. Clients will be notified at least two business days in advance of any scheduled maintenance requiring the service to be taken off-line.
Authentication for the Central File Storage service is provided through the KU Active Directory HOME domain. An Active Directory user account in the HOME domain is required to access this service. Guest users can obtain temporary "File Server" access via a KU IT Sponsored Temporary Account.
Authorization, or the individual who has access to the files, in any given departmental share is delegated to the Technology Support Staff. An Active Directory group, which will be created in the department’s Active Directory Organizational Unit (OU), determines who has access and their type of access to the share. Technology Support Staff can also provide access to any other KU Active Directory group or user. For best practices on how to set permissions please read Best Practices for Assigning Rights in Group Central File Storage.
Machines authenticating to HOME (AD) will have the user's home directory automatically mapped to V:. If you want to migrate your users to AD, please see the AD website or contact the KU IT Customer Service Center at 864-8080 or email@example.com for more information.
Files are served via the traditional Windows SMB/CIFS file sharing protocol and can be mapped using standard drive mappings.
When the service goes active, a mapped drive bound to (v:) will show up for all staff members when they log in to the HOME domain from a Windows workstation. To make the drive mapping persistent, so it can be accessed via KU Anywhere without logging into the HOME domain, a Technology Support Staff member will have to leverage group policy within their OU to persistently map the drive.
All connections to Central File Storage will need to use \\cfs.home.ku.edu\[onlineid].
Workstations not in the HOME domain will have to mount their drive manually. Instructions can be found in our Knowledge Base.