Hi our lab in Seoul is in the midst of upgrading our computers and I was just wondering how other labs usually have their systems set up.
I’m talking about 2 things in general, back up systems and security
For back up, I’m looking at using 3 sources, 2 physical and 1 cloud based, with one of the two physical backups on site and one air gap off site, and one last on a private server or cloud based service. The cloud and on site source would be updated regularly while the off site would hopefully be updated once every 6 months or so. This would be a contingency in case of the lab suffering catastrophic failure and loss of machines(which unfortunately could accidentally happen from internal(machine malfunction(laser cutter gone bad) or external reasons(ie. William Osman ;;)). Other causes could be ransomware or just unfortunate circumstances. This method would secure out data from potential loss and also cover our butts if something goes wrong.
We are also making a base image file for computers, where we could start with a completely new computer and install the OS and all (and I mean all, for every machine in the lab) other programs, drivers, software, etc. (maybe use Ninite or something to facilitate this ) offline and then make an USB boot based image copy of the computer at that point, so if any computer goes to heck, we can always turn it back it this this base state.
The other interest I’d like to discuss is cyber security of the labs. We unfortunately suffered a major virus contamination on one of our machines and was about to format it but realized it would be a major hassle due to the amount of drivers and installation we would need to re-do. So right now we are using an USB based bootup to backup and run anti-virus/malware programs and run several iterations of reboot and repeat the process to see if we got it all.
However in order to prevent this from happening again, we are thinking of using deep freeze like programs to secure the integrity of the computers for everyday usage and also implement a first step sandbox computer for lab users so when they bring physical USBs of their own from outside, we can check them prior to them using the computers in the lab. We are also considering a website upload based solution for files, as we can limit the file type, for example only dxf or ai files for laser cutter usage, and let them upload their data to a computer here which will also check the files online through a standard surveillance program. This might be a bit more technical so people may not utilize this system so I am guessing we would still need to use the sandbox method for USB bringing people.
This is what I’ve thought of right now and I would appreciate any input or additional methods that other labs are already using. I will also be happy to estimate the cost/time of this process and share my experience as we install this system in our lab for other labs to use as well.