URL: https://it.desy.de/help_uco/it_at_a_glance/index_eng.html
Breadcrumb Navigation
IT at a glance
IT at a glance
The IT infrastructure at DESY in Hamburg is diverse and complex: For about 11,000 computers are in use to access the wide variety of centrally provided IT services. This guideline is designed as an introduction to the IT environment offered by the IT group and to get acquainted with the services.
Support
Support will be provided by your group administrators whose names you can find in your group secretary or in the User Consulting Office (UCO).
The UCO is also open to all questions concerning the IT services. Detailed information on the services which are provided centrally by IT can be found directly at the IT-main page.
DESY Account
A DESY account enables you to access DESY computers and IT services such as e-mail or web. The account is set up by the namespace supervisors who are responsible for your group.
Alternatively you can ask the group secretaries to help get in contact with your administrators.
Note: Before your DESY account can be created, an entry in the IAM database (Identify Access Management) is required. If this has not yet been created, contact your group secretary or V1.
Password
Note: Please change your password only as described in the following! In addition, passwords should never be stored or written down for security reasons!
Passwords have to comply with the DESY security regulations (see table). The initial password which is indicated when setting up the account is valid five days, every six months at the latest you have to set a new password.
Password Changes
Password changes are made in DESY Registry, the user administration tool on the DESY intranet.
The registry is only accessible within the DESY network. From outside of DESY you can change your password via this passwd.desy.de.
Please log on at the Registry with your username and (initial) password.Click in the left menu on Change password and enter the new password twice. For completion, click on Change password. Here you can select which password you want to change, some services such as WiFi or Oracle have their own passwords.
Security Criteria/ Password Requirements |
|---|
A password must have at least 8 and at the most 14 characters from the 4 categories: upper case letters, lower case letters, numbers and special characters |
It has to contain characters from at least 3 of the 4 above mentioned categories. |
The password should be difficult to guess, and it should not be taken from the dictionary or contain the account name. |
MFA - Multifactor authentication
To protect against unauthorized access, a so-called token for multifactor authentication is required in addition to the password for numerous IT services.
You can find out how to set up this token in the quick guide and on the other pages linked there on the subject of MFA.
IT Security and Rules
General IT Security
The internal DESY network (DESY intranet) is protected against access from outside by a firewall. Incoming and outgoing mails are checked for malware. The Trellix virus scanner is installed on the DESY Windows systems as standard.
If you are using a device or software which you administer by yourself, only use software which is still supported by the manufacturer and install security relevant updates as soon as possible.
see: rsr.desy.de.
External Data Management
The storage of business data at external third-party providers (this includes the forward of emails and calendar entries e.g. to gmail, web.de or others) is forbidden, amongst others, due to data security reasons. See that your private and business data is strictly separated as much as possible.
see: datenschutz.desy.de (German only)
Phishing
Phishing is the attempt of attackers to obtain login data (account name and password) of computer users by sending fake e-mails with links to fake websites. The credentials obtained in this way are used, for example, to get unauthorized access to the mailbox of a person's account in order to send SPAM e-mails in that person's name.
Phishing is a serious threat to IT security. You get access to the DESY systems with your DESY account and the corresponding password. This always involves a huge security risk for the IT systems if your credentials are phished and it is important that you take note of that.
Note: Phishing e-mails can not always be identified at first glance. As soon as you are requested to enter your login data on a website or to pass them on differently than specified by DESY, you should be careful!
Information on the procedure practiced at DESY to defend against phishing can be found on this site.
Regulatory Framework
The use of DESY's IT services is subject to general conditions, the knowledge of which you confirm during account registration.
The Conditions of Use, and especially the rules mentioned under §5 of the staff section D4 (IT security and data protection) and of the RSR (Computer Security Council) can be found at the following web pages.
see:
-d4.desy.de (only available from the DESY Intarnet)
-rsr.desy.de (only available from the DESY Intarnet)
-Condition of use
System Enviroment
Publicly accessible devices such as copiers, scanners and printers can be found in the public area in front of the UCO in building 02b (ground floor). For more information see: User-documentation
Linux
Within the DESY environment, an adapted Ubuntu is used on desktop computers. Distributions based on RedHat Enterprise Linux are available for servers.
see: linux.desy.de
Windows
The Windows operating system used at DESY is adapted to the needs of DESY users. For data exchange and administration, the network drive H: (home drive) with a so-called "public" folder is available to the Windows users. The data exchange within the own group takes place via the network drive N: (group drive), with users of other groups via the network drive S:.
MacOS
Apple devices and thus MacOS, are ordered at DESY in the groups via the administrators. The most important information can be found here.
Central Systems and Resources
With 'pal.desy.de', a publicl accessible network of Linux computers (cluster) is available to all DESY user.
IT provides central resources for computing at DESY(BIRD, NAF and Grid).
More information can be found here.
The DESY web pages can be maintained centrally via the CMS (Central Management System) by each group individually. Advice and support on this issue is offered by the Web Office.
For users who have no access to a Windows system, IT provides a Windows Terminal Server, which allows you to login to the Windows interface to use applications like MS Office.
Each person with a DESY account receives an email address automatically. This is usually the person's first and last name (e.g. firstname.lastname@desy.de).
When you start your email program for the first time, it should be pre-configured. If this is not the case, please contact the UCO. Detailed information on the email concept and the configuration of email-clients can be found here.
With the Zimbra web client, all DESY users can easily access their mails from anywhere via mail.desy.de.
In addition, IT supports e-mails clients Outlook and Thunderbird for Windows an Thunderbird for Linux.
Email Filter
To ensure the data security at DESY, emails with potential dangerous attachments as well as encrypted content will be blocked.
For more detailed information on what content is blocked and how to proceed in such a case, please read: E-mail at DESY.
Printing
Most printers at DESY are available as network printers. Printers usually belong to a specific DESY group. This is identified by the name, such as hasps1 (Hasylab). All public accessible printers begin with the description 'pub' (for public), such as pubcp1. These are located in particular in buildings 01a, 01d and 02b. Available network printers can be found via the website Printing at DESY.
How to set up the printers under different operating systems can be found on our pages Printing from Windows, MacOS - Add printer and Printing from Unix.
Software
For the supported operating systems, software is provided centrally in different ways. Information about this can be obtained from the UCO. Lists of available software for Linux, Windows and MacOS can be found here.
The software under Windows is provided via the network-based installation tool 'DSM': Start → DSM Software Shop (DESY) → Installer & Uninstaller.
The software for Linux is provided by network installation via the AFS or installed locally on the workstations. IT Supported Distributions at DESY.
The software for macOS is provided via the Munki store.
Collaborative work
At DESY, numerous possibilities for communication and collaborative work are provided. These include the e-mail system at mail.desy.de, Sympa mailing lists at lists.desy.de, an active and internal chat through Mattermost at chat.desy.de and of course video conferencing tools. At desy.zoom.us you can register for a free basic zoom account, licensed accounts have to be ordered through the Asset Management Sytem(AMS - only available in the Intranet). As an Alternativ to Zoom you can use BigBlueButton via Mattermost(chat.desy.de).
Collabora is an application for simultaneous editing and creation of files directly in the Sync and Share Cloud.
This overview is a small part of the services used at DESY. A complete list with many instructions and further important hints can be found here.
Network (Intranet/Guest Network)
For access to the internal DESY network (DESY intranet), as well as to the guest network, the wired and the wireless network (LAN/WLAN) are available. Devices that are not registered for the DESY intranet automatically connect to the DESY guest network. Access to DESY intranet is thus not possible.
The first time you open a browser with an unregistered device, a portal page for logging in to the DESY guest network will open. You will receive some information about the user rules. Your device will then be automatically authenticated to use the DESY guest network for the next 7 days.
For access to the DESY intranet, offices at DESY are equipped with network sockets. A connection to the DESY intranet can be established via the left connection of each socket. If you have any questions regarding the registration of devices, please contact your group administrator.
For wireless access to the network, non-registered users can use the WLAN connection 'Science Hotspot' for the DESY guest network. DESY and Eduroam User can use 'eduroam'. For DESY users with registered devices, there is the WLAN 'DESY' for the DESY intranet.
LAN & WLAN.
Remote Acces
For the secure access from a computer outside of the DESY network to the DESY internal systems, you can either use a centrally provided SSH Gateway or a VPN Gateway.
Please also note that the establishment of a VPN connection requires a valid VPN account and a VPN client, please also contact your group administrator.
For more information please visit the following website (German only).
IT Trainings
Information concerning IT Trainings can be found here.
