Data security and privacy are top priority at Mass General Brigham (MGB). It is a requirement that all devices are secured via full disk encryption and/or physical lockdown (requires aprproval from site Information Security and Compliance groups).
Standard Windows devices * (desktops and laptops with a Partners/MGB asset tag, device number, and "keep it safe and secure" stickers, running Windows 10 Enterprise) should already be in compliance by employing Bitlocker encryption. If your work device isn't already running Windows 10 Enterprise, please contact the IS Service Desk.
Non-standard or personal devices used for checking email must also be encrypted and/or locked down, even when the device does not contain patient information. Windows 10 devices should use the built-in Windows Defender Antivirus. Please visit Secure your Computer to learn more and contact the IS Service Desk and request your device be secured.
* Please also see HOWTO: Determine whether you are using a standard or non-standard computer
Overview
Over the past several years, Mass General Brigham has seen the explosion of iPhone and iPad device usage in all areas of the business enterprise. While a formal program to support mobile devices is still being developed, there are still numerous resources currently available.
Program for Enterprise Apple Services
PEAS is the program of services that supports Apple products at Mass General Brigham. With PEAS, our community of patients, researchers, clinicians and teachers is provided a suite of services, improving the way we do business with Apple products, and helping you stay safe & secure.
Help Yourself with Self Service
Self Service is our Mass General Brigham app store that provides Enterprise software and resources for Apple laptops & desktops. Launch Self Service from your Applications folder to download Office for Mac, receive the token-less VPN hotfix, and install clients for MGB services like VPN, Citrix and Microsoft Office.
Need Self Service?
Determine if your Mac is enrolled in PEAS by opening your Applications folder. If Self Service is available, you're enrolled! Need Self Service? Enroll in PEAS now.
General Guidelines
- Support for iOS devices are limited to a best-effort support for work purposes during normal business hours
- All mobile devices, including personally owned devices used for MGB related work must have a passcode and must be encrypted
- iPhones and iPads must be updated to iOS 12 or above
- Android Devices must be updated to the latest version available from your phone carrier or be at version 9 or above
Research Applications
iPads used for research, particularly those that are patient facing (i.e. used for survey collection and electronic data collection), MUST be secured via Ivanti Mobile Device Management (MDM) to ensure that they are kept in compliance with MGB policies. **MANDATORY** enrollment into MDM for all iPads, iPhones, Android devices purchased with corporate funds will start in late 2017
If you are using iPads in your research, please review the available resources for enrollment. If you are planning to deploy more than 10 iPads, please open an IS Service Hub ticket in the "enterprise mobility management" queue for assistance
Available Resources
HOWTO: Enroll into Ivanti for iOS
HOWTO: Enroll into Ivanti for Android
HOWTO: Install Dropbox Business for iOS
HOWTO: Request Imprivata Cortext Paging
HOWTO: Unenroll from Ivanti for iOS
INFO: Ivanti: What is it and Why do I need it?
INFO: Ivanti: What Mobile Devices are Supported?
INFO: Ivanti: What Mass General Brigham Can and Can Not See on your Mobile Device
INFO: Ivanti: What Is Ivanti Tunnel and Why do I Want It?
INFO: Imprivata Cortext Overview
Overview
Over the past several years, Mass General Brigham has seen the explosion of iPhone and iPad device usage in all areas of the business enterprise. While a formal program to support mobile devices is still being developed, there are still numerous resources currently available.
Data and device backup is the responsibility of the device owner.
iPhone
Android:
General Guidelines
- All mobile devices used for Mass General Brigham related work must be full disk encrypted; at BWH all devices used for MGB related work must be full disk encrypted.
- Device must be running a recent version of the OS as described on the Device Operating Systems (OS) Compliance Page.
- ERIS provides the following best-effort/limited support for work purposes:
- Wireless network connection troubleshooting.
- E-mail client configuration.
- VPN access configuration.
- Configuration of Partners supported software.
- No hardware support is provided for personal laptops.
- No support is provided for home desktops/networking.
Restrictions/Limitations
- Neither ERIS nor the hospitals/MGB Digital assume any liability for a user’s personally owned device.
- No troubleshooting can take place if the computer is not operating normally during software configuration.
- Data/software backup is the responsibility of the device owner. In the course of performing the limited services on personal devices, it is possible that all software, including operating systems, other programs, and user data files may be lost. This can result from the intended or unintended consequences of the configuration process. It is the responsibility of the device owner to backup all software and data before requesting assistance. It is the responsibility of the device owner to have and provide authentic, individually owned and registered software in the event reinstallation is necessary. Digital Research is herein advised that our staff shall not be responsible at any time for any loss, alteration, or corruption of any software, data, files, or damage of hardware on any personal device.
Automated desktop and server backup service is available for your protection.
Need Backup?
Data and software backup is the responsibility of the device owner. Automated desktop and server backup service is available for your protection.
Windows and Linux remote desktop services for research data analysis
ERIS provides a remote desktop service for data analysis and technical computing on our Windows Analysis Servers and on Linux as part of the ERISOne Linux Cluster.
A number of Remote Desktop servers are attached to the ERISOne Linux Cluster for use as remote workstations in the cluster environment.
The Remote Desktop service is ideal for using graphical applications such as Freesurfer, RStudio or a Genome Browser with data stored on the ERISOne Cluster. The Firefox web browser is available for web-based applications or data transfer to and from external collaborators for example with https://transfer.partners.org or the Aspera Browser Plugin. Various other graphical tools and software development applications are also installed.
You can connect to an ERISOne Remote Desktop from a Mac computer, Windows and Linux PC's and Apple iPads. Other mobile devices will be supported in future.
Gaining Access
An account on the ERISOne Cluster is required for access to the remote desktop. If you do not yet have an account, complete the Cluster application form. Please see additional guidelines, policies and instructions in the Knowledge Base.