Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Medicine IT

Ask Slashdot: Do I Give IT a Login On Our Dept. Server? 1307

jddorian writes "I am head of a clinical division at an academic hospital (not Radiology, but similarly tech oriented). My fellow faculty (a dozen or so) want to switch from a paper calendar to electronic (night and weekend on-call schedule). Most have an iPhone or similar, so I envisaged a CalDAV server. The Hospital IT department doesn't offer any iPhone compatible calendar tool, so I bought (with my cash) a tiny server, installed BSD and OpenLDAP for accounts, and installed and configured DAViCal. After I tested it out, I emailed IT to ask to allow port 8443 through the hospital firewall to this server. The tech (after asking what port 8443 was for), said he would unblock the port after I provide him with a login account on the machine (though 'I don't need root access'). I was taken aback, and after considering it, I am still leaning toward opposing this request, possibly taking this up the chain. I'm happy to allow any scan, to ensure it has no security issues, but I'd rather not let anyone else have a login account. What do the readers of Slashdot think? Should I give IT a login account on a server that is not owned or managed by them?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Do I Give IT a Login On Our Dept. Server?

Comments Filter:
  • by Anonymous Coward on Monday April 18, 2011 @12:21PM (#35856290)

    .... you'd be breaking network and security policies up the wazoo by plugging your own server into the network, much less having a machine that IT couldn't manage and audit.

    • by Qzukk ( 229616 )

      Yeah. Scanning it for vulnerabilities doesn't answer the question of whether your server is intentionally malicious.

      If the calendar is externally available (just not in an iPhone friendly format) then perhaps you can get a compromise with IT to jack your server in a port outside the firewall.

      • Yeah, what the worlds needs is some disgruntled employee putting a computer in their office that will dump client data out a particular port without IT knowing what is going on.

      • by spun ( 1352 ) <loverevolutionar ... m ['oo.' in gap]> on Monday April 18, 2011 @01:02PM (#35857102) Journal

        That explains a lot. Guess what, Head of the Division: just because you are smart, and well trained in YOUR field, does not make you a computer or network expert. As the head of a division at an academic hospital, you have a responsibility to not only follow HIPPA (or your country's equivalent) requirements yourself, but to set an example for the medical professionals training at your facility.

        Do you simply not understand that plugging unauthorized and unaudited equipment into a hospital's network is not only a very bad idea, but against the law in most places? As the head of a division, you should understand that.

        The fact that you were "taken aback" by a request to follow policy indicates that you most likely view this as a dick waving contest. It is not. Your dick will not shrink if you allow the computer professionals to audit your work and comply with hospital policy and the law. No one expects you to be a network expert, that is your hobby, not your profession.

        In short, stop being a condescending ass and let the professionals do their job. If I knew an untrained "division head' was setting up unauthorized networking equipment, I would avoid that hospital like the plague, as I don't want hacked equipment broadcasting my medical history to the world, understand?

        • by ElMiguel ( 117685 ) on Monday April 18, 2011 @01:19PM (#35857398)

          The fact that you were "taken aback" by a request to follow policy indicates that you most likely view this as a dick waving contest. It is not. Your dick will not shrink if you allow the computer professionals to audit your work and comply with hospital policy and the law.

          Now who's the doctor here?

        • by Moryath ( 553296 )

          In short, stop being a condescending ass and let the professionals do their job. If I knew an untrained "division head' was setting up unauthorized networking equipment, I would avoid that hospital like the plague, as I don't want hacked equipment broadcasting my medical history to the world, understand?

          We had a thread similar a while back - I explained that there are reasons IT does things. It has nothing to do with wanting to "spite" the users. It has plenty to do with ignorant users thinking that the cra

        • by eepok ( 545733 )

          You seem to have read the request for input as condescending, pompous, and arrogant.

          I did not see it as that.

          I read it as, "Hey guys, I know what I'm doing (computer-wise), but I'm not sure if IT should have constant access to it. What do you think?"

          Yet instead of giving the guy a normal answer ("This may not be HIPPA compliant... as much as you may hate it, you have to follow IT's rules on their network...") , you felt the need to attack him. Why? Because he's not a system administrator by employ?

          Of all th

          • by spun ( 1352 )

            Let me put it this way: I'm "taken aback" that he would be taken aback by a request to comply with hospital policy and federal law.

    • by Ferzerp ( 83619 ) on Monday April 18, 2011 @12:28PM (#35856434)

      I think the real question should be should IT shut down any network port they see your rogue equipment connected to.

      Hint: the answer is yes

      • Re: (Score:3, Insightful)

        by Zyrkyr ( 594993 )
        Right. You aren't required to give them a user account on your machine, but they're not required to open a firewall port for you either...
      • by postbigbang ( 761081 ) on Monday April 18, 2011 @12:39PM (#35856648)

        Depending on the poster's country, there may be a lot of regulatory, compliance, legal, and other issues at play here. This appears to be a rogue server as you cite. If I were the head of IT, I'd have it outta-there in a heartbeat and write up whomever deployed it-- on the surface and without other information, this is a problem.

        WIthout more information, it sounds to me like a convenience issue for the department head, but it's a legal nightmare looking for a spot marked X-- that server, for starters.

        • by synthesizerpatel ( 1210598 ) on Monday April 18, 2011 @12:58PM (#35857036)

          A good IT manager would mosey over and have a sit-down to explain the IT policy concerning servers, lay out all the reasons why IT is responsible for them - backups, security scans, keeping antivirus up to date, tracking hardware assets, etc.

          By the end of the conversation, the owner of said rogue device would be thinking 'Wow, I really should hand this over, this guy is much more capable than I am at maintaining a server.. and why would I _want_ to maintain a server anyway?'

          No need for threats or derision for being ignorant. (note: ignorance isn't a bad trait as long as it isn't willful and repeat, it just means you don't know)

          • by NeverVotedBush ( 1041088 ) on Monday April 18, 2011 @01:18PM (#35857380)
            While I agree there is no need for threats, the OP mentioned that he was inclined to "take it up the chain" because the IT person wanted an account.

            Not aimed at the IT person directly, but the OP certainly seems willing to make threats on his own.

            The OP is an ass and should have a severe talking to by management. If I was the IT person, I would see the OPs threat to take it up the chain and raise him a discussion of plugging unauthorized equipment into the network, busting HIPAA regulations, and potentially exposing the organization to security breach, bad publicity, legal liability, and fines -- and have that discussion in front of management when the OP took his case "up the chain".
        • by Ferzerp ( 83619 )

          You see this type of thing a lot in healthcare actually (not usually so egregious). IT has a requirement to follow policy and legal regulations, (HIPAA, SOX, HITECH, etc). Due to this, some of the shinies that individuals may want are not allowed. Instead of recognizing the reasons, people do what the submitter did and try to do an end run around the whole process ignoring the fact that what IT is doing by not allowing these things is protecting the company in a legally mandated way.

          Occasionally with ext

    • by PFI_Optix ( 936301 ) on Monday April 18, 2011 @12:46PM (#35856804) Journal

      Some questions not answered:

      Did the OP ask the IT department what sort of services they are capable of providing? Hospital IT departments are usually in the habit of trying to provide departments with what they need, as department heads and doctors generally win the battle for "I want ________" when it goes up the chain.

      Did he inform IT of his plans prior to executing it, or just bring in a server and set it up, then start asking for access? If he did the former, they might have worked with him, providing him with rackspace, security, and expert administration so that his workload was limited to application administration. if he did the latter, he's lucky they haven't made an issue out of it and gotten him written up.

      Did he make sure he's not violating any federal regulations regarding patient data security? A rogue server on the network is a MAJOR security threat, no matter how competent the administrator is (or believes himself to be).

      Did he think about the precedent this sets? If every department decides to go running their own servers on their own terms, IT can't support them and the whole hospital steps back about 20 years in how their network functions.

      Did he consider the idea that maybe the service he's setting up for his own department might be useful to scale to the entire hospital at a later date? it sounds like he's found a service he considers worth putting a lot of effort into providing...for just his department. If it's good for radiology, it's likely good for lots of others. But HIS server probably can't accommodate that scale. HIS server isn't centralized. HIS server...well, is his.

    • Give IT their login and pray it doesn't go my HOSPITAL environment you'd pretty much be hauled in front of the CIO, HR, and your dept chair to have a career education session.... 1. Most Likely, your hospital has an email system 2. Most Likely your hospital has a web portal to said email system 3. Most Likely, your email system has a calendar available on the portal 4. Most Likely, you over engineered this.... Tacobell programing...aka don't reinvent the wheel to do everything
      • by ZenDragon ( 1205104 ) on Monday April 18, 2011 @01:16PM (#35857340)
        Same here... I work for a bank. Anybody caught setting up a server that was not explicitly sanctioned by IT would be fired on the spot. Period, no questions asked and no quarter. For compliance, all communication in and out must be logged. This is FEDERALLY mandated, and not just IT being nazi's. I worked for a company prevously that provided call center and info management services for a medical provider and we didnt even allow people on the floor with cell phones. Is it abnormal that, as a IT professional, that this post almosts makes me angry?? lol
    • by Kamiza Ikioi ( 893310 ) on Monday April 18, 2011 @01:05PM (#35857146)

      More than that, who says you are a qualified systems admin? You say "I am head of a clinical division at an academic hospital (not Radiology, but similarly tech oriented)." And I take it that you installed BSD and OpenLDAP. My question is... so what? Who is to say what you really know? You are operating in a hospital. You have medical records. The IT staff there MUST make sure ALL systems there comply with HIPPA and industry security standards.

      Hey, the IT guy watches Grey's Anatomy. Can he perform medical tests in your hospital? No? So what makes you think you are comparable to IT? They respect your job, how about you respect their's.

      I'm sorry, but there is no way in hell I would let you on such a network without root. Not an account, but root. And if I were a patient, I would be screaming bloody hell if I found out non-IT staff got to run their own servers on the hospital network. The fact that they let you run at all is mind boggling to me. Probably because they can't fire a department head or you have tenure or something similar.

      But you are on the most sensitive type of network and balking at the most basic request. "Should I give IT a login account on a server that is not owned or managed by them?""

      Should they allow you host a server on a network that is not owned or managed by you? Honestly, if you did this all without first passing it by my IT department, I'd do my best to have you fired. Don't wanna give access to your precious box... geez, you really think THAT is the big deal in all this. Unbelievable, foolish, and arrogant to say the least!

  • I dunno (Score:5, Insightful)

    by EvanED ( 569694 ) <[moc.liamg] [ta] [denave]> on Monday April 18, 2011 @12:22PM (#35856302)

    But instead of asking "should I give IT a login account on a server that is not owned or managed by them?" perhaps you should ask "should I give IT a login account on a server that is on their network?"

    It becomes a lot less clear in that formulation, huh?

    • Re:I dunno (Score:5, Interesting)

      by Vlado ( 817879 ) on Monday April 18, 2011 @12:43PM (#35856742) Homepage

      I heard such stories about hospitals over and over again.

      Essentially what it boils down to is that hospital IT departments have almost no chance of establishing good environments, because every doctor that has 5 seconds of free time feels like they have both the authority and obligation to directly interfere with how IT does things.

      Situations can vary from either the I've-been-working-for-50-years-without-a-computer-and-I'm-not-gonna-learn-how-to-use-one-now to what we have here where someone know how to make things better by themselves and simply bypasses the whole system with an application that is not supported or endorsed by the IT. And for sure does not integrate with other data-flow activities that are going on in the hospital.

      In the end IT guys run for cover anytime when some local "god" decides that their way is best and things will run how they seem fit, because they just bought a new iPhone and want to have EVERYTHING interact with it. Screw the company-issued smartphones!

      I'm aware that there might be bureaucratic red tape involved in getting things done. But if you go outside of system in the end you just make sure that nothing works for anyone instead of having a list of services that are stable and continue growing at a steady pace, based on a good input from everyone.

      In any case, at the end of the day, why does a service like that even need to be hosted from within a hospital? Plug the server in at home and you avoid any problems if the calendar in iPhone is such a big deal for you. /Disclaimer: iPhone is just an example here. Enter your preferred/hated brand instead

  • by tomalpha ( 746163 ) * on Monday April 18, 2011 @12:22PM (#35856304)

    Why does a server that is not owned or managed by the IT department exist inside the firewall?

    In my workplace that's a sacking offence.

    • by shentino ( 1139071 ) <> on Monday April 18, 2011 @12:27PM (#35856420)

      Also, this is a hospital.

      Wouldn't this also be a HIPAA violation?

    • by jafiwam ( 310805 ) on Monday April 18, 2011 @12:36PM (#35856598) Homepage Journal

      It's probably also AGAINST THE LAW. Christ. Submitter is an unmitigated moron. People are going to jail for HIPPA violations and you want to dump any old crap on the hospital network for a CALENDAR? Just use an external web based thing ya moron. Try Google Apps.

      I'd have gone right to the pres and required you be fired immediately OP. Arrogant doctors are not to be let loose on the network without training wheels.

      • by AK Marc ( 707885 )
        The only successful HIPAA case was because people didn't release documents when required to. There has never been a single fine for leaking patient records, and likely will never be.
    • by MaerD ( 954222 ) on Monday April 18, 2011 @12:37PM (#35856602)

      Indeed. Be happy they haven't fired you for violating acceptable use and/or purchasing policies. Don't expect to take this server with you when you leave, either.

      IT not supporting the application is one thing, YOU buying unknown, unsupportable hardware, plugging it into their network and then being arrogant enough to decide they shouldn't even have a log in? You seem to be running a bit short on common sense here.

      Also, this is not a random user requesting access, it is your information technology people who A) should know what they are doing and B) are on the hook for what happens on the network security-wise.

      • Indeed. Be happy they haven't fired you for violating acceptable use and/or purchasing policies. Don't expect to take this server with you when you leave, either.

        The guy asking this question is an academic, and as head of his group is probably tenured - he's not in danger of being sacked. And at the risk of painting with too broad a brush... in my experience, a lot of faculty are used to doing whatever they want, and tend to let others worry about the less important stuff (like HIPAA compliance, if there's actually money in the budget to make a purchase, or generally cleaning up messes caused by aforementioned faculty not thinking things through).

        Anyway, I think a b

  • Ask? (Score:3, Insightful)

    by gazbo ( 517111 ) on Monday April 18, 2011 @12:22PM (#35856310)
    Have you asked him why he wants a shell? If not, why the hell not? And if so, why haven't you told us?
  • Doing it wrong (Score:5, Insightful)

    by dzr0001 ( 1053034 ) on Monday April 18, 2011 @12:23PM (#35856316)
    You shouldn't be deploying rogue hardware that is not company owned at any place of business let alone a hospital. Have you even considered the compliance ramifications?
    • by wkk2 ( 808881 )

      At a minimum I would request that the box be placed on a separate VLAN that has no other access to the LAN. Internal access should go through the firewall rules like you would for an external server with all the appropriate logs and auditing. I would also transfer ownership by giving them the hardware.

  • Wait, what? (Score:5, Insightful)

    by 0100010001010011 ( 652467 ) on Monday April 18, 2011 @12:23PM (#35856324)

    You're asking them to open ports and you're "taken aback" for them asking for an account? They ARE the IT department.... did you even bother asking them if they had the capability of doing what you wanted before you reinvented the wheel?

    You may not think that IT owns or manages your server, but they do own or manage the network. Imagine if some guy from IT came down to you and wanted to start looking through radiology records. I'm sure you'd ask him if it was ok to look over his shoulder every now and again before you gave him full access.

  • You want to put a server on the network, complete with special firewall rules to support it? Yes, it's reasonable for IT to want some access to it.
  • Tell them that the second they reimburse you for the server they can not only get a login, but they can become responsible for its maintenance and security and they had better be sure it has a solid uptime. That only seems reasonable. :-)

  • It's their job to manage security and the infrastructure. At a minimum, you gain a second set of eyes and hopefully expertise in hardening the server against the outside world. The last thing they want is your box to be a big gaping hole in their system.

    If IT doesn't need root access, then he probably just wants it there to review the OS/changes to make sure that it won't break anything. Also, if it goes down, IT can help you get it back up or raise it when you're not available.

    Really, I don't know why you
  • Yes (Score:4, Insightful)

    by geek ( 5680 ) on Monday April 18, 2011 @12:24PM (#35856336)

    If you're hit by a car tomorrow and die you want someone else to be able to pick up the work and go forward. Once upon a time I had a VP I worked for at an ISP put me and the other head of the IT department on a plane with him to LA. The three of us were the only ones with access to the entire companies systems. I mentioned to him, if the plane went down, the company would probably be dead within a week. He just laughed it off.

    That said, your IT department are the best ones to handle this. I doubt the hospital is paying you to play tech nerd, I'm sure you have other work you should be doing. The IT guys are PAID to do this and are screened carefully (at least I hope so) by management to be trustworthy in doing it.

    It sounds to me more like you're looking for job security by being the only one with keys to the castle.

  • by jav1231 ( 539129 ) on Monday April 18, 2011 @12:24PM (#35856350)
    Let me tell you how this goes down in most corporations. If you don't, their security dept. simply won't give you what you want. They're likely to shut you out anyway. If you take it up the chain then you're calling attention to the fact that you have a non-hospital entity on the company network. This is/was a bad career move. You might get away with it and many do for some time. Given that you're running BSD is a plus as you're not as likely to propagate a virus. Unfortunately for you, IT already knows. So if you choose not to give them a login you might find yourself without an IP address. Or worse, without a job.
  • by $RANDOMLUSER ( 804576 ) on Monday April 18, 2011 @12:24PM (#35856352)
    Asking what port 8443 is for wasn't a stupid question - if it's not in /etc/services, it's not a standard port number. As for giving him an account, look up "chroot jail". Problem solved.
  • by rotide ( 1015173 ) on Monday April 18, 2011 @12:24PM (#35856354)
    You are operating a server, behind the firewall, on their infrastructure, in their facility. You, (un)fortunately, don't make the rules. What you're doing sounds great and the lengths you've gone to make it happen are commendable. But I can't imagine any decent business being run while allowing any employee to run any server they want behind their firewalls without at least some oversight. You're going to have to follow their rules, sorry.
  • Yes. The simplest is to give the tech an account with limited privileges, let him log on and look around, and then when you have this server up and running, reduce the privileges on his account further so that he can't interfere with anything.

    But here's bigger factors you should worry about : think longer term. There's a chance that your hacked together server will be in use for the next 10-20+ years. Just how things go. Make sure to make an image file of the final configuration of the server onto a DVD

  • Feel free to take this up the chain of command. Both you and IT probably have valid arguments, and you should have a chance to duke it out to higher-ups. But at the end of the day, both sides will need to abide by whatever decision. To do otherwise would risk firing. If you don't like the decision that comes down ("Yes, IT must be given login access if you have this server"), you can simply tell your clients (the docs and allied health staff you serve) that you can't provide the calendar feature they as
  • by codegen ( 103601 ) on Monday April 18, 2011 @12:25PM (#35856374) Journal
    You say he doesn't want root access, only an account. Maybe he has an iPhone and is also stymied by the IT department's lack of support for CalDAV.
  • Play nice with them. Consider yourself lucky they didn't go ape-shit.

    Give them a nice minimal account that doesn't have access to anything. That way you can show that your shit is tight. If they start demanding more then start playing hardball.

  • by cbelt3 ( 741637 ) < minus punct> on Monday April 18, 2011 @12:26PM (#35856386) Journal

    What you've done would cause any professional IT group to get out the hot tar, feathers, and rail. Or at least come into your office and ask you politely to remove the damn server from their facility. And never do this again. You must have missed all the security briefings, the issues with HIPPA, and whatnot when you were looking at systems. What you've done is to create a 'rogue system'.

    Imagine one of your kids sets up a server in your house. You don't understand it, you don't know if it's happily sniffing network traffic to steal passwords so pizza can be ordered using your credit cards, serving up pr0n, or just running minecraft. Would you willy nilly allow the kids to open a port on your firewall without the ability to audit what they're doing ?

    Of course not.

    Personally I'm amazed that they only asked for an account on your little server. I would have gone over and watched while you removed it from the facility and put in in your car.

    • by Anonymous Coward on Monday April 18, 2011 @12:42PM (#35856726)

      If my parents need a port to be opened, they have to come down to the basement and ask me.

  • Does it sit on an IT managed network? Connected to IT managed switches? Does it use IT managed/owned internet access? Did you get approval from IT to connect a server to their managed network and deploy an unapproved service from them before plugging it into the IT managed network?

    Im willing to bet the answer to all of the above is "no". You should be prepared for the WWE type smackdown. You should also re-read the Acceptable use policy for your enterprise/organization and you should very politely offer them watever access they desire to allow your unauthorized service on their managed network.

    My ,02.

  • by Leebert ( 1694 ) *

    Several issues here.

    1.) You're storing organizational data on a non-organizationally owned IT device. For that reason alone, they should say "no". (What guarantee do they have that you won't take your machine with you when you quit/get fired, and the data with it?)
    2.) Your machine is on their network. They are responsible for what happens on that machine. Your machine could potentially be used to escalate placement of an attacker to the rest of their network.
    3.) Even if you leave your machine after yo

  • It's pretty dicey to say it's not owned by them. While technically it might belong to you, and you might be able to prove it after an expensive lawsuit, in general it's not a good idea to mix your own stuff with company's stuff. If you bought it for use by the company, being possessive of it will not help you much.

    Do you trust your IT group? Did you ask them why they want a login on your box? Do you have any reason not to trust them? Because they do have a reason to not trust you, and that is, lots of emp
  • by GlennC ( 96879 ) on Monday April 18, 2011 @12:27PM (#35856402)

    If you are able to put a server on the hospital's network and have it working without IT approval (apparently), then I'd say the hospital has a bigger problem.

    Never mind the fact that IT is unable or unwilling to support the tools that you and your team need to do their jobs.

  • by wcrowe ( 94389 ) on Monday April 18, 2011 @12:30PM (#35856474)

    ..."Should I give IT a login account on a server that is not owned or managed by them?"...

    You mean not owned and managed by them right now. However, someday down the road, when you are gone, IT will have to manage the damn thing. The company I work for made a mistake many years ago by allowing every user to have Microsoft Access installed on their machines. A lot of power users went wild creating Access databases for their own purposes. Naturally, over time, two things happened: 1) The databases grew in size and complexity. 2) The company began to depend on them and link the information in them to each other. Very quickly, all these databases became IT's responsibility to manage, especially when the pinheads who designed them got promoted to their particular level of incompetence, or left the company. It has been very tedious getting the data away from these god-awful Access databases, and re-designed and normalized into proper SQL Server or DB2 databases.

    Yes, IT should have access to your server. They'll have to manage it eventually anyway.

  • by Zontar_Thing_From_Ve ( 949321 ) on Monday April 18, 2011 @12:38PM (#35856622)
    jddorian - I'm going to bottom line this for you. It's really quite simple.

    The request to have a non-root account on a box plugged into a network managed by IT could not be more reasonable. If you have problems with this request then you have bigger issues my friend than we could possibly deal with here on Slashdot. It might be interesting to know exactly why you are opposed to this request. If you can't live with it then take you box and go home with it.
  • by eison ( 56778 ) <> on Monday April 18, 2011 @12:55PM (#35856984) Homepage

    At the large company I worked for, hooking up personal computers to the network was a terminable offense. So no, you don't give them a login - you don't set this up at all.

    The chief reason appeared to be fear of viruses and hackers, but there are many, many more. The hacker front can be a bit obscure: What if your CEO read the article about RSA getting hacked by an excel file with an embedded flash object, and the CIO assures the board that all computers will have flash removed and tasks IT with identifying and removing flash everywhere? How are they going to look having to explain 'well, we got everything, except for the personal computers that we don't have access to'?

    Lets say people start relying on the service you are providing with a personal computer under your desk. What if it goes down? Helpdesk will get called, and need to know what to tell the caller so they don't appear incompetent, and need to be able to address the problem. What if IT is required to certify that all of their computers have X patch applied as part of a compliance audit for certification? What if a corporate policy goes out that no computer can run unecnrypted ftp regardless of port # they run it on? What if your company is obligated to ensure that terminated employees can't log in to servers? What if a lawsuit is served and your company is required to provide copies of all records pertaining to meetings with client xyz, and your calendar server has meeting info on it but your IT department doesn't even know it exists? None of these things are unreasonable, but none of them can be done easily if you're allowed to set up whatever box you want doing whatever.

    Sure, it makes your job harder if you have to go through official channels to get the things you need to get your job done. But your company needs to be able to get their job done too, and a bunch of random whatever-somebody-set-up-under-their-desk systems makes that really hard.

  • by Crudely_Indecent ( 739699 ) on Monday April 18, 2011 @01:00PM (#35857074) Journal

    1. install vmware server, configure a barebones virtual machine
    2. configure local ssh to listen to an alternate port number.
    3. configure port forwarding on your local machine to direct port 22 to the virtual machine.
    4. give them access to the VM

    Best of both worlds.
    They think you've given them access, and you have...just not to the machine they think they're accessing.

    If you decide to give them an account on the actual machine, configure an external location to backup your logfiles, even remote logging. When they attempt to do something bad on your machine (and they will) you'll have the proof you need to make someone regret their actions.

    • 5. ???
      6. Get fired.

      Seriously, I think you forgot those steps. What you wrote sounds exactly like a handbook on how to get fired.

  • by Kral_Blbec ( 1201285 ) on Monday April 18, 2011 @01:04PM (#35857134)
    Is it really that hard to load into your smartphone a few weeks schedule occasionally? Even if everyone in the department is a techie, there is no need to try and get fancy. Sometimes the old fashioned really is better.
    If you were talking a department of 100+, I can see some benefit. For a dozen freaking people though, you're just creating needless drama.
  • by jwhitener ( 198343 ) on Monday April 18, 2011 @01:40PM (#35857716)

    Why even bother setting up a server with all the excellent online calendar applications? For instance, many schools use Google apps for education or MS Live.

    That aside, going rogue, not talking to IT, and making a custom solution just for your one area, is one of the things that makes working in IT so frustrating at times. Among the many, many problems that implementing your own solution can create, just think about one: what happens if you change jobs? I can personally attest to getting calls from random new department heads saying "Joe Smith (former department head) set up system xyz to do abc for us and now he's gone, I expect IT to now support system xyz".

    This scenario is especially prevalent in academia. Academic freedom is important, but all too often it spills over into areas that it really doesn't belong.

  • Troll. (Score:5, Informative)

    by pz ( 113803 ) on Monday April 18, 2011 @01:44PM (#35857792) Journal

    The OP is a troll.

    The user ID "jddorian" is a fictional character on the US TV program Scrubs.

    No head of department at any hospital or university I have been associated with would have had the time in their career to be more than passingly conversant on computer IT issues, forget know about ports. Heads of departments get to those positions only because they do nothing else with their lives.

    A head of department would know better than to set up something themselves. They wouldn't also have the time to do something like that. They would be familiar with the idea that the hospital IT infrastructure is far more highly managed than normal corporate IT structures.

    And, unless this is a seriously podunk hospital, they likely already run Microsoft Exchange for email, and so have electronic calenders.

    Troll. It's a troll.

Things equal to nothing else are equal to each other.