Applies to: iOS and Android devices enrolled in MobileIron who are on Exchange Online

If your work email is not loading on your phone, please power it off and turn it back on. If you reboot and your email does not load, please try switching from Wi-Fi to cellular (or vice versa). Please wait a few minutes for the phone to refresh and your email to load.  We have recently discovered a mismatch in ActiveSync protocols when some mobile devices connect, which requires a reboot to update and restore functionality appropriately. If you continue to experience difficulty, please contact the IS Service Desk for assistance.

There will be limited support next week while EDC Support attends the annual REDCap Conference. Please plan for delayed response times.  Priorities will be made for Moving Projects to Production, User Access, Creating New Projects, and Change Requests.  General REDCap questions will be best effort. 

Be sure to review the Help&FAQ, Training Resources, and Getting Started with REDCap pages.  

If you have any questions, please email edcsupport@partners.org

Applies To:  Windows HP Devices

Partners IS has identified that a specific Intel I217-LM Network card within HP device models can cause major network switch outages. Devices managed by Partners IS have already been updated. These instructions are for all other HP workstations connecting to the Partners network.

Please work with your Local IT Administrator to download and install the latest versions of the NIC Driver provided by HP Support Services.

1. Visit https://support.hp.com/us-en/drivers
2. Enter the model name of the computer you have
3. Upgrade all drivers.

Here are a few device-specific drivers for your convenience. This list is not exhaustive:

• HP EliteDesk 800 G1 Mini-Tower, Small Form Factor, Desktop Mini, Ultra Slim Desktop Models
  • Windows 7 x86, Windows 7 x64
  • http://ftp.hp.com/pub/softpaq/sp71001-71500/sp71407.exe
• HP ZBook Mobile Workstation, HP ZBook Mobile G2 Workstation Models                
  • Windows7 x86, Windows 7 x64                                
  • http://ftp.hp.com/pub/softpaq/sp77001-77500/sp77107.exe

If your device is blocked from the network,

1. When possible, connect to the guest network to update your driver
2. Contact the IS Service Desk for next steps

Additional references:

• https://communities.intel.com/thread/48051
• http://linuxtoolkit.blogspot.com/2014/12/intel-nic-driver-causing-multicast.html
• http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/
• https://communities.intel.com/thread/70393
• http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=mmr_sf-EN_US000005367

ERIS DIPR File Server (fs.dipr.partners.org) maintenance is scheduled on Sunday, July 30, 2017 from 10a.m. to 2p.m. EDT for a full server replacement. During this maintenance window, any applications and systems that have storage associated with this server will be offline for approximately one hour.

Impact

ERIS DIPR File Server (fs.dipr.partners.org) is the nfs file server which provides mounted storage to our DIPR environment. For any systems managed by ERIS, technicians will check and reboot or remount storage.

Action Required

If you are an owner of a virtual machine in DIPR, we strongly encourage you to check the status of your VM once the scheduled work concludes. If you find one unresponsive, reboot or remount the storage. If any issues persist, please contact rcc@partners.org and we'll address the problem.

Please contact rcc@partners.org if you have any questions or concerns about this maintenance.

ERIS provides Discovery Informatics Platform for Research (DIPR), a flexible, secure cloud computing infrastructure designed to meet research needs. DIPR Virtual Machines (VMs) offer IT power and services to research customers without placing the burden of purchasing or managing server hardware on the researcher.

Updates to LabArchives Secure Login process to use Okta, Partners newest technology, will occur on July 13 at 4pm ET.

The new login link will be posted and updated on our websites. Please be sure to update any bookmarks after the cut over!

The biggest change to note is that when you are off network, you will be prompted for a second factor of authentication.

To register a phone number, or to check to see what number has been previously registered, go to Password self server (myprofile.partners.org). Login and click on the "update my phone number” link.  You can add a phone number or update an existing number.  Make sure you enter all numbers you may wish to use for second factor authentication, you will be able to choose the appropriate number to use when needed.

Please see the article INFO: Secure Log In Overview and FAQs for additional information.

If you have any questions/concerns, please email edcsupport@partners.org

The Office 2016 upgrade for Macintosh, non-standard PC or personally-owned computers used for business is available for self-installation. There is a separate process for upgrading Partners Standard Windows PCs; site-specific information can be found on SharePoint. 

Steps at a glance

1. Uninstall older versions of Office
2. Install Office 2016 
   • For Non-standard Windows PCs and personally-owned devices can install through the Office 365 Portal - please read these Installation Instructions
   • For Mac OS > Self Service Application or through Office 365 Portal
   • For Partners Standard PCs > Site specific information can be found on SharePoint. There is a separate process for devices with asset tag, yellow lock and Partners' screensaver.
3. Activate Office 2016

Note: please read the complete Installation Instructions

Visit the Office 2016 training & support site for training and support resources related to the Microsoft Office 2016 upgrade and move to Exchange Online for Windows devices at Partners.

Partners has embarked on a strategy to improve the computing experience across the breadth of devices used at work to assure productive, clean and stable computers (Windows PCs, Apple Macs, smartphones and tablets). With the recent virus and ransomware attacks, both within our System and Internationally, Partners is accelerating this effort to improve the security of our environment.

A change will be made to Mac desktops and laptops to help secure our environment. On Tuesday, July 18, 2017, the ForeScout SecureConnector Network Access Control (NAC) agent will be installed on all devices enrolled in PEAS.

Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network. A NAC agent is an application installed on a device to allow visibility into policy compliance of that device when connecting to the Partners network. The current agent used at Partners is called ForeScout SecureConnector.

What can I do to prepare?
You can check to see if you have the agent installed on your computer by opening your Applications folder and searching for ForeScout SecureConnector. If you do not find ForeScout SecureConnector in your list, you may visit this website to install: https://rc.partners.org/SecureConnector. Since you are enrolled in PEAS, you can simply open Self Service and install ForeScout SecureConnector.

What devices already have the SecureConnector Network Access Control (NAC) agent?
ForeScout SecureConnector is already installed on most Partners standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux computers are exempt at this time.

Since November 10, 2016, those working at or attending meetings at Assembly Row are required to install the ForeScout SecureConnector agent on any computer connecting to the Partners network. All devices must meet the security requirements to gain full network access. Other hospital site locations will implement this compliance check at a later date. The requirements include encryption, antivirus software, and patches. 

Please visit the Knowledge Base for FAQ and additional information on device compliance, or our webpage on how to Secure Your Mac. If you have additional questions, please contact the IS Service Desk.

Updated on May 17, 2017: 

Wordpress 4.7.5. was released.
https://wordpress.org/news/2017/05/wordpress-4-7-5/
 

Applies To: Wordpress <4.7.4

A Wordpress vulnerability in the password reset function might allow attackers to get hold of the password reset link without previous authentication [CVE-2017-8295].
Combined with other vulnerabilities and, depending on the server configuration, a remote attackers may be able to pass extra parameters and consequently execute arbitrary code.
All versions of Wordpress prior to 4.7.4 are vulnerable. Exposure increases if combined with other vulnerabilities (as CVE-2016-10033) so make sure your PHP is running the latest patched version. An exploit is known to this vulnerability.

At the moment this is being written, Wordpress stable version is still 4.7.4. Please stay alert and update it when a patch is available. For now, as a temporary solution, UseCanonicalNames can be enabled to enforce a static SERVER_NAME value. [see link below]

References:
http://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname
https://httpd.apache.org/docs/2.4/misc/security_tips.html
http://php.net/manual/en/function.mail.php
https://wordpress.org/download/release-archive [for when a new version comes up]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
--
Note:
As always, other basic server security hardening also applies, as 1) making sure you're logging mail transport (if using local MTA) with proper retention; 2) possibly changing php.ini to log mail functions (improved auditing); 3) log monitoring tools to detect an alert unusual activity (i.e., increased mail traffic); 4) off-box logging, among others.
 

Effective May 16, you will be able to log into HealthStream using your Partners username and password. You will no longer need to remember a separate password to complete your HealthStream learning requirements. 

HealthStream is the online learning system used by MGH and Partners HealthCare to administer required annual and departmental trainings.

If you need assistance with HealthStream, or have questions about single sign on, please contact mghhealthstream@partners.org.

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.14 scheduled for tonight Wednesday April 26th at 8:30 PM EST are complete. REDCap was offline from 8:30-8:45 PM EST.

This upgrade is to apply a necessary patch to address a number of bugs introduced in the upgrade to version 7.0.10. 

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org

Windows 10 Creators Update (build 1703) was released on April 11th and will show up as an update for users on their devices. Read more: https://blogs.windows.com/windowsexperience/2017/04/11/whats-new-in-the-windows-10-creators-update/

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.10 scheduled for Wednesday April 5th at 8:00 PM EST are complete. REDCap was offline from 8:00PM-8:38PM EST. 

This upgradel included a number of new features and bug fixes. These include:

• Repeating Instruments and Events: REDCap now has the ability to repeat a data collection instrument or an entire event of instruments an unlimited number of times without having to specify the amount needed. This is sometimes called one-to-many data collection, in which a project can have one or more repeating parts. The repeating instruments/events feature can be enabled and set up by clicking the Enable button in the Optional Modules section on the Project Setup page.
  • ​​​Note: A separate Service Alert will be sent next week to fully detail this new feature.
• Improvement: New interface for Home/My Projects/Control Center pages.
• Improvement: A zip file containing all uploaded documents (or signature files) for an individual record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.
• Improvement: File Upload fields that are displayed on reports will no longer display the text "[document]", but will instead provide a "Download" button so that the user can actually download the file from the report.
• Field name (variable) auto-suggest when typing branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation, Data Quality rule, report filter’s advanced logic). While typing logic/calculations into the text box, it will auto-suggest a REDCap variable name from your project that is clickable to inject into the text box. If the project is longitudinal, it will also suggest event names to inject unique event names.
• Real-time validator for branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation) that allows you to run your logic/calculation on a specific record in the project, and it returns the result. For example, if typing branching logic in the Add/Edit Branching Logic popup in the Online Designer, you can select a record, and it will tell you if the field will be displayed or hidden for that record based upon the record’s currently saved values. When typing calculations, it will return the actually calculated value of the field for a selected record. This makes it easier to formulate your logic and calculations so that you get them right the first time.
• Preview email - When composing an email on the "Email Users" page in the Control Center and also when composing survey invitations (e.g., the Participant List, Automated Survey Invitations set up), there is now a Preview option for viewing the fully-rendered HTML preview of the email that is being composed. Additionally, there is an option to send a test email to oneself in case they want to actually receive a copy the email being composed before officially sending it to others.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

REDCap v7.0: New Feature Release and User Group Meeting

BWH: April 11th 2017 3:30-4:30PM, Thorn Conference Room

Click to register.

MGH: April 20th 2017 3:00-4:00PM, Simches Building Room 3.120, 185 Cambridge Street

Click to register.

This user group session will review the new feature releases and how best to implement and retro fit to production projects. We will also use the time for users to share their experiences and tips/tricks.