ITSD Computing and Communications Services News
April, 2004

CCS News Home
Back Issues
Search CCS News
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
  Leaving the Lab: Termination Notification System (TNS) Issues

As employees leave the Lab, a system referred to as the Termination Notification System (TNS) initiates a sequence of events that alert the supervisor, and a division-specific mail list, about actions that will be initiated on behalf of cyber security.

On the day TNS learns about a termination, a notice is sent to the supervisor that the account will be disabled within 2 business days, and deleted within 30 business days (using the real dates that apply to the individual in question). The most common impact involves systems that are accessed through LDAP password authentication. Most employees use LDAP for access to Lab email, calendar, HR self-service site, JHQ, business applications, and Novell. The LDAP password is also used to authenticate to the Lab central IMAP servers. In this context, "disabling the account" means that TNS removes your LDAP password so that you can no longer login to your IMAP account. Further, the IMAP account will continue to receive mail and possibly accrue charges until the exstaff account is deleted. Novell, Calendar and Connected Backup accounts (for PC backups) are the other accounts being managed by TNS at the present time.

There is one thing supervisors and employees can do to make the process more efficient and cost-effective. As part of the checkout process, employees who use the Lab’s IMAP electronic mail system should clean out mail folders stored on the server prior to leaving. This insures that no storage costs are incurred during the TNS process described above. ITSD deliberately keeps the accounts in an inactive (disabled state) for a period of time, just to insure that customers have time to rethink things should a need for data arise.

Another perfectly viable option is to choose "delete now" for a specific account, or "delete all now" if every account (email, calendar, Novell) can be removed immediately. This is done via a Web link that is contained in the email notification sent to the supervisor.

ITSD will be reviewing TNS in the coming months, with the objective of identifying and managing other critical computer accounts with this system. Background information on TNS is here: http://www.lbl.gov/ITSD/CIS/home/info/accountTerm/.