ERIS DIPR File Server (fs.dipr.partners.org) maintenance is scheduled on Sunday, July 30, 2017 from 10a.m. to 2p.m. EDT for a full server replacement. During this maintenance window, any applications and systems that have storage associated with this server will be offline for approximately one hour.

Impact

ERIS DIPR File Server (fs.dipr.partners.org) is the nfs file server which provides mounted storage to our DIPR environment. For any systems managed by ERIS, technicians will check and reboot or remount storage.

Action Required

If you are an owner of a virtual machine in DIPR, we strongly encourage you to check the status of your VM once the scheduled work concludes. If you find one unresponsive, reboot or remount the storage. If any issues persist, please contact rcc@partners.org and we'll address the problem.

Please contact rcc@partners.org if you have any questions or concerns about this maintenance.

ERIS provides Discovery Informatics Platform for Research (DIPR), a flexible, secure cloud computing infrastructure designed to meet research needs. DIPR Virtual Machines (VMs) offer IT power and services to research customers without placing the burden of purchasing or managing server hardware on the researcher.

Updates to LabArchives Secure Login process to use Okta, Partners newest technology, will occur on July 13 at 4pm ET.

The new login link will be posted and updated on our websites. Please be sure to update any bookmarks after the cut over!

The biggest change to note is that when you are off network, you will be prompted for a second factor of authentication.

To register a phone number, or to check to see what number has been previously registered, go to Password self server (myprofile.partners.org). Login and click on the "update my phone number” link.  You can add a phone number or update an existing number.  Make sure you enter all numbers you may wish to use for second factor authentication, you will be able to choose the appropriate number to use when needed.

Please see the article INFO: Secure Log In Overview and FAQs for additional information.

If you have any questions/concerns, please email edcsupport@partners.org

The Office 2016 upgrade for Macintosh, non-standard PC or personally-owned computers used for business is available for self-installation. There is a separate process for upgrading Partners Standard Windows PCs; site-specific information can be found on SharePoint. 

Steps at a glance

1. Uninstall older versions of Office
2. Install Office 2016 
   • For Non-standard Windows PCs and personally-owned devices can install through the Office 365 Portal - please read these Installation Instructions
   • For Mac OS > Self Service Application or through Office 365 Portal
   • For Partners Standard PCs > Site specific information can be found on SharePoint. There is a separate process for devices with asset tag, yellow lock and Partners' screensaver.
3. Activate Office 2016

Note: please read the complete Installation Instructions

Visit the Office 2016 training & support site for training and support resources related to the Microsoft Office 2016 upgrade and move to Exchange Online for Windows devices at Partners. For help with the install, stop by your local Tech Depot for assistance or contact the IS Service Desk.

Partners has embarked on a strategy to improve the computing experience across the breadth of devices used at work to assure productive, clean and stable computers (Windows PCs, Apple Macs, smartphones and tablets). With the recent virus and ransomware attacks, both within our System and Internationally, Partners is accelerating this effort to improve the security of our environment.

A change will be made to Mac desktops and laptops to help secure our environment. On Tuesday, July 18, 2017, the ForeScout SecureConnector Network Access Control (NAC) agent will be installed on all devices enrolled in PEAS.

Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network. A NAC agent is an application installed on a device to allow visibility into policy compliance of that device when connecting to the Partners network. The current agent used at Partners is called ForeScout SecureConnector.

What can I do to prepare?
You can check to see if you have the agent installed on your computer by opening your Applications folder and searching for ForeScout SecureConnector. If you do not find ForeScout SecureConnector in your list, you may visit this website to install: https://rc.partners.org/SecureConnector. Since you are enrolled in PEAS, you can simply open Self Service and install ForeScout SecureConnector.

What devices already have the SecureConnector Network Access Control (NAC) agent?
ForeScout SecureConnector is already installed on most Partners standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux computers are exempt at this time.

Since November 10, 2016, those working at or attending meetings at Assembly Row are required to install the ForeScout SecureConnector agent on any computer connecting to the Partners network. All devices must meet the security requirements to gain full network access. Other hospital site locations will implement this compliance check at a later date. The requirements include encryption, antivirus software, and patches. 

Please visit the Knowledge Base for FAQ and additional information on device compliance, or our webpage on how to Secure Your Mac. If you have additional questions, please contact the IS Service Desk.

Updated on May 17, 2017: 

Wordpress 4.7.5. was released.
https://wordpress.org/news/2017/05/wordpress-4-7-5/
 

Applies To: Wordpress <4.7.4

A Wordpress vulnerability in the password reset function might allow attackers to get hold of the password reset link without previous authentication [CVE-2017-8295].
Combined with other vulnerabilities and, depending on the server configuration, a remote attackers may be able to pass extra parameters and consequently execute arbitrary code.
All versions of Wordpress prior to 4.7.4 are vulnerable. Exposure increases if combined with other vulnerabilities (as CVE-2016-10033) so make sure your PHP is running the latest patched version. An exploit is known to this vulnerability.

At the moment this is being written, Wordpress stable version is still 4.7.4. Please stay alert and update it when a patch is available. For now, as a temporary solution, UseCanonicalNames can be enabled to enforce a static SERVER_NAME value. [see link below]

References:
http://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname
https://httpd.apache.org/docs/2.4/misc/security_tips.html
http://php.net/manual/en/function.mail.php
https://wordpress.org/download/release-archive [for when a new version comes up]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
--
Note:
As always, other basic server security hardening also applies, as 1) making sure you're logging mail transport (if using local MTA) with proper retention; 2) possibly changing php.ini to log mail functions (improved auditing); 3) log monitoring tools to detect an alert unusual activity (i.e., increased mail traffic); 4) off-box logging, among others.
 

Effective May 16, you will be able to log into HealthStream using your Partners username and password. You will no longer need to remember a separate password to complete your HealthStream learning requirements. 

HealthStream is the online learning system used by MGH and Partners HealthCare to administer required annual and departmental trainings.

If you need assistance with HealthStream, or have questions about single sign on, please contact mghhealthstream@partners.org.

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.14 scheduled for tonight Wednesday April 26th at 8:30 PM EST are complete. REDCap was offline from 8:30-8:45 PM EST.

This upgrade is to apply a necessary patch to address a number of bugs introduced in the upgrade to version 7.0.10. 

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org

Windows 10 Creators Update (build 1703) was released on April 11th and will show up as an update for users on their devices. Read more: https://blogs.windows.com/windowsexperience/2017/04/11/whats-new-in-the-windows-10-creators-update/

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.10 scheduled for Wednesday April 5th at 8:00 PM EST are complete. REDCap was offline from 8:00PM-8:38PM EST. 

This upgradel included a number of new features and bug fixes. These include:

• Repeating Instruments and Events: REDCap now has the ability to repeat a data collection instrument or an entire event of instruments an unlimited number of times without having to specify the amount needed. This is sometimes called one-to-many data collection, in which a project can have one or more repeating parts. The repeating instruments/events feature can be enabled and set up by clicking the Enable button in the Optional Modules section on the Project Setup page.
  • ​​​Note: A separate Service Alert will be sent next week to fully detail this new feature.
• Improvement: New interface for Home/My Projects/Control Center pages.
• Improvement: A zip file containing all uploaded documents (or signature files) for an individual record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.
• Improvement: File Upload fields that are displayed on reports will no longer display the text "[document]", but will instead provide a "Download" button so that the user can actually download the file from the report.
• Field name (variable) auto-suggest when typing branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation, Data Quality rule, report filter’s advanced logic). While typing logic/calculations into the text box, it will auto-suggest a REDCap variable name from your project that is clickable to inject into the text box. If the project is longitudinal, it will also suggest event names to inject unique event names.
• Real-time validator for branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation) that allows you to run your logic/calculation on a specific record in the project, and it returns the result. For example, if typing branching logic in the Add/Edit Branching Logic popup in the Online Designer, you can select a record, and it will tell you if the field will be displayed or hidden for that record based upon the record’s currently saved values. When typing calculations, it will return the actually calculated value of the field for a selected record. This makes it easier to formulate your logic and calculations so that you get them right the first time.
• Preview email - When composing an email on the "Email Users" page in the Control Center and also when composing survey invitations (e.g., the Participant List, Automated Survey Invitations set up), there is now a Preview option for viewing the fully-rendered HTML preview of the email that is being composed. Additionally, there is an option to send a test email to oneself in case they want to actually receive a copy the email being composed before officially sending it to others.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

REDCap v7.0: New Feature Release and User Group Meeting

BWH: April 11th 2017 3:30-4:30PM, Thorn Conference Room

Click to register.

MGH: April 20th 2017 3:00-4:00PM, Simches Building Room 3.120, 185 Cambridge Street

Click to register.

This user group session will review the new feature releases and how best to implement and retro fit to production projects. We will also use the time for users to share their experiences and tips/tricks.

Service Alert: REDCap Infrastructure/Security Update 

We are continually re-evaluating the security of our servers. As a result, we have disabled support for TLS 1.0 and certain encryption ciphers that are considered weak.

If you notice any issues accessing the REDCap application via API or other, please contact edcsupport@partners.org. 

REDCap: API and DET User Group Meeting

BWH: April 24th 2017 10:00-1100AM, Thorn Conference Room

MGH: April 27th 2017 1:30-2:30PM, Simches Building Room 3.120, 185 Cambridge Street

Main Objective: Provide support, best practices, and guidance to REDCap End-Users utilizing the REDCap API and DET

Learning Objectives:

-Learn how to access REDCap's API, DETs
-Learn how to best implement the API, DETs
-Review updates to API features in REDCap v7.0
-Understand the current limitations and when to contact ERIS or Research CORE for additional support

Target audience: Researchers that have evaluated and decided to use REDCap and/or have started a REDCap project. Researchers with basic level programming experience.

Applies To: All Users

Information Systems Maintenance (ISM) took place on Monday, February 13th from 12:00 am to 4:00 am.

During that time, planned system maintenance and testing was be performed by IS teams. This routine maintenance reduces the risk of unscheduled outages on our computer network and to the Internet.

Impact to systems and applications

• VPN was available during the ISM.
• Sunquest was down from 2:00am – 4:00am.  All data will be queued up during the downtime, and transmitted when interfaces are again functioning.  No data will be lost. Please see your site specific communication for your ordering and result verification processes during this time. During the downtime:
  • Sunquest will not be available for any users 
  • Collection Manager will not be available 
  • Labels will not print for any orders released during the downtime 

Impact to sites

• Services or resources hosted in the Partners HealthCare data centers may be unavailable during the ISM.
• Your site's IS Management team will provide more detailed communication about planned outages at your facility and will coordinate with specific groups that may be impacted.

Need help during the downtime? 

View the IS Broadcast Archive for additional details. Please contact your IS Service Desk if you have any questions.

View the 2017 IS System Maintenance (ISM) Schedule in the IS Service Desk Knowledgebase (Partners login required).

The ERIS proxy server is now performing as expected.