Data classified as "Level 1 - Confidential Information" by the KU Data Classification & Handling Policy, including information protected by HIPPA (health info), FERPA (student records), GLB (financials) and PCI (e-commerce), should not be stored on KU group file storage or personal file storage via KU Central File Storage. For a complete list of data classified as "Level 1" please see the KU Data Classification & Handling Policy: Appendix 1. Please contact your Technology Support Staff regarding the special permissions and processes required to store Level 1 data.
Users can access their stored folders and files from home or a remote location by connecting to the server through the KU Anywhere Virtual Private Network (VPN) service. The use of VPN technology ensures that access to files is protected when using the Internet for connectivity. Please note: Users will not be able to login to the HOME domain from outside of KU and should use permanent (persistent) mapping of shares, a script to mount shares, or manual mapping to access their network drives.
File systems are automatically backed up on a daily basis through snap-shotting and traditional back up to tape.
Self-Service File Recovery (snapshots)
A snapshot is a locally retained point-in-time image of data. A snapshot is a "frozen," read-only view of a volume that provides easy access to previous versions of files and directories. Users can directly access snapshot copies to recover accidental deletions, corruptions, or modifications of their data. The procedure for self-service file recovery can be found here for Microsoft or here for non-Microsoft operating systems.
Since the security of the file is retained in the snapshot copy, the restoration is both secure and simple and eliminates the need to involve KU IT in the restoration process.
The space required to keep snapshots does not count toward share quotas and is considered a benefit of the storage service. Snapshots are taken once a day and retained for 10 days.
All files are backed up to tape daily, and after one week, the data is stored off-site for 90 days.
Responsibility for management of the storage resources allocated to departments and groups is built upon a formally defined collaboration between designated departmental Technology Support Staff and KU IT.
A departmental Technology Support Staff member is designated within each department and serves as the only person authorized to request changes for access to or removal of departmental data. This provides a simple accountability trail and eliminates confusion around questions of who is ultimately responsible for defining access to or removal of all departmental folders.
KU IT provides highly skilled storage experts who are tasked with monitoring the performance, capacity, and accessibility of departmental data. The KU Central File Storage Service infrastructure is monitored 24 hours a day, 7 days a week and 365 days a year. KU IT staff are on-call during in the event of system failure. Clients will be notified at least two business days in advance of any scheduled maintenance requiring the service to be taken off-line.
Authentication for the Central File Storage service is provided through the KU Active Directory HOME domain. An Active Directory user account in the HOME domain is required to access this service. Guest users can obtain temporary "File Server" access via a KU IT Sponsored Temporary Account.
Authorization, or the individual who has access to the files, in any given departmental share is delegated to the Technology Support Staff. An Active Directory group, which will be created in the department’s Active Directory Organizational Unit (OU), determines who has access and their type of access to the share. Technology Support Staff can also provide access to any other KU Active Directory group or user. For best practices on how to set permissions please read Best Practices for Assigning Rights in Group Central File Storage.
Machines authenticating to HOME (AD) will have the user's home directory automatically mapped to V:. If you want to migrate your users to AD, please see the AD website or contact the KU IT Customer Service Center at 864-8080 or email@example.com for more information.
Files are served via the traditional Windows SMB/CIFS file sharing protocol and can be mapped using standard drive mappings.
When the service goes active, a mapped drive bound to (v:) will show up for all staff members when they log in to the HOME domain from a Windows workstation. To make the drive mapping persistent, so it can be accessed via KU Anywhere without logging into the HOME domain, a Technology Support Staff member will have to leverage group policy within their OU to persistently map the drive. Workstations not in the HOME domain will have to mount their drive manually via one of the methods below.
Due to the large number and large size of the home directories being offered, it is necessary to spread the load across multiple locations. The location of the user’s home directory can be looked up in Active Directory HOME domain joined workstations by use of the %homeshare% variable. The simple lookup table below can also be used for non-HOME domain machines to determine the exact mount point of a user’s home directory:
|First letter of
KU Online ID
|Home Directory Location
The following methods have been identified for providing mapping of shares under Windows:
- Manual mapping of network drives through the "Map Network Drive" option under Windows Explorer
Windows XP example
Windows 7 example
- Automatic mapping of drives through login scripts (See Example). If the workstation is in the HOME domain you could un-mount and then persistently mount %homeshare% which contains the user's home directory UNC path. Running "echo %homeshare%" in the HOME domain will return the home directory mount point.
- Automatic mapping drives through Windows Group Policy Preferences (GPP)
The following methods have been identified for providing mapping of shares under OS/X:
- Manual mapping of network drives through the "Connect to Server" option in Finder (See Example). You must look up the home directory location of the user from the table above.
- Mapping network drives through the user’s "Login Items" in his or her account settings (See Example). You must look up the home directory location of the user from the table above.
Migration of data not residing on resources managed by KU IT will be the responsibility of the Technology Support Staff. Tested procedures and best practice documentation for migration will be provided by KU IT during the design process.