Univ-wide OIT divs:
Selected Services:

Rutgers, The State University of New Jersey

LCSR Director's Web Page


This page summarizes resources available for system administrators.  Some of these resources are useful for faculty and others who administer individual PC's and workstations, as well as staff who administer multiple systems. It is maintained by the Charles Hedrick, Director of the Laboratory for Computer Science Research. Please contact hedrick@rutgers.edu if there is information you think should be here and isn't, or if you find errors.

General comments

Over the last few years, Rutgers has been centralizing services needed to administer systems. Most colleges now have staff to manage all systems, or at least to support staff in departments. There are also a reasonable set of support services at the University level.

There's also a tendency to make increasing use of cloud services. Key cloud services will be mentioned on this page.

Connecting to the Network

The current network model is that "TD" (the Telecommunications Division within OIT) maintains the backbone, and the network up to the building. Within the building, operations is sometimes by TD and sometimes by the college or department.

To connect to the network require identifying who is responsbible for your area. TD (throught noc@rutgers.edu) should be able to identify that if you don't know.

TD can help with support services such as DHCP.

TD manages hostnames, but would prefer to delegate responsibility to departmental staff where possible. Most departments have their own subdomain, e.g. cs.rutgers.edu for Computer Science. They control hostnames within that subdomain, using a central web application, Infoblox: maintaining hostnames and other host-related information.

TD management the wireless network, RUWireless. Most areas of the campus are now covered. If your area is not, in some situations you may need to pay for installation. Generally it is not allowed for units to set up their own wireless access points.

User Identity

All systems and services at Rutgers are based on a common set of user information. There is a separate Identity Management groups that manages this information. They get feeds from many different data sources, including personnel, students, alumni, and guests of various types. All users are assigned a NetID, which is the login identifier use by all systems. Passwords are stored in three linked password stores: MIT Kerberos (run by Identity Management), Active Directory (run by Enterprise Infrastructure), and Azure Active Directory. Passwords are synced in all 3 of these stores.

Web applications should always use the Netid and Univeristy password. Generally they should use CAS to authenticate, or Shibboleth if the application has users at institutions outside Rutgers. Information about the user is availabel from an LDAP server run by Identity Management or Active Directory. Some information can also be passed through from LDAP by CAS or Shibboleth.

The University has licensed DUO for one-time passwords. Applications with sensitive data should use it. CAS supports it.

Windows Systems

While there are systems of all types at Rutgers, the majority are based on Windows. For security reasons, you should make sure your systems are running a recent version of Windows, set up to install updates automatically.

Administration of Windows systems has been converging on Active Directory. Enterprise Infrastructure currently runs an AD system for the University. Individual units can arrange for separate OU's. There are good facilities for admininstering systems without your OU.

The University has site licenses for Windows, and a variety of other software. See software.rutgers.edu for information on software and services licensed by Rutgers.

If you want to integrate Windows into a Linux / Unix environment, Rutgers has licensed login software from Comtaria. It can authenticate against LDAP. It can also use Kerberos. This allow integration with the LDAP system run by Identity Management, or services typically used to manage clusters of Linux systems.


Most departments or colleges currently run their own file servers. However there is increasing use of cloud storage. The best place to start for cloud storage is probably OneDrive (available as part of the University's licensing of Office365) or box.com. The University will shortly have a license for box.com with no storage limits. Note that both of these types of storage are primarily web-based. There are tools to sync then to Windows and other personal computers, but you probably wouldn't use them as primary storage.

Enterprise Infrastructure now has a large Isolon system. Departments that don't want to run their own file servers, or that want a second location for backup, should contact them. It may also be possible to arrange for Microsoft-style storage integrated with Active Directory.

Enterprise Infrastructure can also help with backups.


Many Macintoshes are run as standalone systems. However it is certainly possible to integrate Macs into Active Directory, and use the same file servers. If you want to use University passwords, it is also possible to integrate Macs with the LDAP server run by Identity Management. That server has enough user informaiton that it can be used for login.

Linux and Unix

Linux and Unix are normally run at the departmental level. There are still many clusters of systems using NIS for user / password information. However some units have begun using Redhat's IPA (also available for other distributions) for user and group information. Computer science currently uses IPA to support multiple clusters of systems, with Kerberized authentication for storage. This is the direction we would recommend for departments with more than a dozen sytsems, or with multiple clusters of systems. Contact hedrick@rutgers.edu for more information.

Applications and services

The University has some services that you'll probably find of interest to support your applications.

Enterprise Infrastructure manages an internal cloud system. You can get virtual machines and storage from them at pricing that is generally better than outside providers such as Amazon. They have a robust backup infrastructure, which keeps copies of data offsite. They can also arrange for disaster recovery at a commercial off-site service.

Many departments have applications that need data about employees and students. Much of the data is available from OIT. However other units, e.g. Alumni Affairs, maintain their own data. I suggest starting with Enterprise Applications Services to help you arrange accest to data. Most data access is by doing queries to Oracle databases. However if necessary it is possible to arrange for periodic transfers of files.


Information Protection and Security are responsible for helping secure systems and information throughout the University. However every IT staff member needs to consider the security implications of everything they do. Systems at Rutgers are under constant attack. There is information on their web site. See particularly their section on standards and compliance. Everyone who is responsible for systems or applications will be expected to comply with these standards.

Operating systems must be kept up to date. We strongly recommend that all systems be set up to apply security patches automatically. IPS does periodic scans fo all systems at Rutgers. They will detect operating systems that are out of date, and expect the staff responsible for them to respond.

IPS classifies data by sensitivity. Any system that has personal data needs special attention. You should avoid having more sensitive data such as credit card numbers or SSNs on your system. If you do, you should expect your staff to have security training, and you should expect IPS to do penetration testing of your applications.

Note that there are specific requirements for writing secure applications. You should not simply turn a student loose to write an applications for you unless you are certain that they understand how to do so securely. The OWASP web site is a good starting point for learning about web application security. However we strongly recommend having all applications supervised by staff with proper security training. My experience in interviewing candidates for programming positions makes it clear that people can have years of experience in industry, and still have no idea how to do this.

Old information not yet reviewed

  • Wireless Policy
  • Wireless security recommendations
  • Video Conferencing and other video
  • Getting Certificates for SSL
  • Preventing your mail system from being an open relay
  • Spam tools: testing, tracking, reporting
  • LDAP services
  • Shibboleth service
  • Rutgers Enterprise Network Management Numbers and LDAP attribute structure
    • Information Protection and Security - describes IPS, the group with primary responsibility for security. Specific security information is on sites listed below.
    • Netsecurity (an IPS site) - a site primarily for end users; contains basic recommendations for common non-server system types
    • RUSecure (an IPS site) - security for IT staff; policies, recommended processes, technical information
    • NPPI (an IPS site) - policies and tools for systems that maintain Non-Public Personal Information
    • CIRT (an IPS site) - home of the group that processes reports of security problems
    • Privacy Enhanced Email - Using "secure" mail.
    Other services of special interest to sysadmins:
    Other information
    Monthly meetings for system administrators:

    The following group meets every month except January, July, August, and September.

    • OIT Technology Meeting, first Wednesday of each month at 1:30. Subscribe to the ru_it mailing list for agenda and other details.
    Linux Information:
    Solaris Information:
    Other Unix Versions:
    Palm OS

    Mailing Lists:
  • NOTE: to subscribe to ru_it or any of the other mailing lists, send mail to "LISTNAME-subscribe@email.rutgers.edu". Replace LISTNAME with ru_it or other mail list name. For more infomation, refer to the UCSToolKit. The address from which your message comes will be added to the mailing list after you respond to the confirmation message.


    OIT maintains a good deal of infrastructure that may be of interest to departments. The references above point to the groups doing most of it. But since you may not have time to follow every link, this section outlines some major items that are likely to affect departments. You will find documentation on a number of infrastructure issues at the Telecommunications Documentation web page.

    Most people at Rutgers will need to create OIT computer accounts. We're now using the term "NetID" for these. Historically OIT accounts were Unix login accounts. While most of our services are still being delivered by the central Unix machines, we're in the process of moving services to dedicated servers. Thus we're trying to separate Unix logins from the way we authenticate and authorize users for services.

    Almost all of our services use the same username, which is now called the NetID. While these usernames are in Unix /etc/passwd files (or their NIS equivalent), the username/NetID is actually allocated by processes based on a central Oracle database. That database is the master source of information about the username/NetID.

    Unix account creation is done by a web-based system called RATS. RATS is a big Perl application that runs on Unix servers. RATS talks to a central RATS server, which deals with the Oracle username database. All OIT Unix accounts should now use the NetID as their username. We encourage departments to do this as well. For Unix systems, you can run RATS yourself. Otherwise, you can ask users to create accounts on an OIT system first, and copy their username.

    Departments can also access our user/NetID information using LDAP. See ldap.rutgers.edu for more information.

    NetID's allow access to Unix accounts on rci, eden, and the equivalent at Newark and Camden (andromeda and pegasus at Newark, crab and clam at Camden). They also provide access to PC's in public labs and a variety of web-based applications.

    The primary way a user gets a NetID is by going through the RATS-based account creation process on one of the 6 primary Unix systems. There is actually a 7th copy of RATS, running on http://netid.rutgers.edu. This will let you allocate a NetID without creating an account anywhere. We strongly urge you not to use this facility. Users expect that a NetID will entitle them to a full set of services, including email and other things. If they create an account on one of the 6 campus systems, they'll get that. If they do it using netid.rutgers.edu, they'll get a NetID and a password, but many services won't work. The only service that we actually guarantee will work in this way is RIAS.

    Passwords are maintained in 2 Kerberos databases, one for faculty/staff and the other for students. Departmental applications can access these passwords via Radius or LDAP. For authenticated web services, we recommend using the Apache Radius module. (All web applications that take passwords should use SSL.) For access to Radius, contact radius-support@tdmx.rutgers.edu. For information about LDAP, see the ldap.rutgers.edu.

    For services within OIT, three types of authentication are used: Kerberos, and one-time cards from Enigma logic (academic services) and SecurID (administrative services). For Solaris and Linux there are standard libraries that can be used to authenticate against the Kerberos and Enigma passwords. (Ask oss@nbcs.rutgers.edu for more information.) Departmental staff are asked to purchase one-time cards in order to use certain services. If staff have Enigma cards already, it would be possible to use them to authenticate services within a department. Because of the overhead of managing cards, we haven't encouraged widespread use throughout the University.

    If you want to use the NetID for a departmental system, you can use the RATS account creation software. RATS allows people to create accounts for themselves, based on information in the People Database. It allocates common usernames. Another approach would be to ask people to create accounts on an OIT system first (e.g. point to the OIT account creation web page, http://oit.rutgers.edu/accounts), and use LDAP to find out what their username is. For information on RATS, see the RATS page. For information on LDAP see ldap.rutgers.edu.

    Administrative computing services has recently started a service for departments that want to take payments via credit cards. They handle all the security and communications with the bank. I don't have a contact at the moment, so I would contact acshelp@acs.rutgers.edu.

    Other services of interest to departments are documented on this page and the OIT web pages. Primary information about OIT is now distributed by the three campus divisions, Camden, Newark, and New Brunswick, although the services of most interest to departments are shown at the top of this page. For example, OIT runs a mailing list system, which can generate mailing lists based on administrative data (e.g. all students or all faculty in a given unit). Many departments use OIT systems for email for their staff, as well as to host web pages for their departments.

    OIT has a number of services for people who are doing web pages. Most are documented in Web Support at Rutgers.

    OIT provides help for staff who are in charge of Solaris, Linux, Windows and (to some extent) Macintosh systems. These include online information, particularly involving security, and consulting. Most of this page is information of this kind. The Open Systems Support group is the center for support of Solaris, and to some extent Linux. In addition to recommendations, they maintain a repository of software and tools for automating system administration. They are willing to work with departments to improve or automate their system administration. The Microcomputer Support Services Group performs similar functions for Windows and Novell, although their tools for helping to automate system administration are still in preparation.

    OIT maintains the network. As part of this, they supervise allocation of IP addresses and hostnames. While many departments communicate with noc@rutgers.edu to allocate addresses and names, it is now possible for departmental staff to do allocation for themselves. See the hostmaster web page for information on procedures. (While the web tool has moved, hostmaster.rutgers.edu still appears to be the best documentation for the service.) The same group that manages IP addresses and hostnames runs DNS servers across campus. These servers are intended for use by departments. We currently recommend that departments use DHCP to distribute IP addresses to systems.

    Site licenses

    Site licenses are done on the basis of some combination of availability, terms, and interest among users. OIT is much more likely to pay for a site license if we can get a product for the whole University for a single flat fee. However this is increasingly rare: most recent site licenses involve some charge to the user. Where site licenses are simply discounts, they are typically arranged with Purchasing based on how many people at the University are buying the product. 

    OIT will often initiate site licenses for software that we know is in wide use, when we know that there are terms for a site license that are much more attractive. However many existing site licenses, particularly for Unix, have been initiated by faculty or departmental staff. When you know that there is a piece of software that your department needs, and you believe that attractive terms would be available through a site license, please contact us. For PC-related software, you should contact Frank Reda, reda@nbcs.rutgers.edu, 445-1760. For Solaris software, you should contact Charles Hedrick, hedrick@rutgers.edu, 445-3088.  

    For more information, contact oirt@rutgers.edu
    Last updated: Thursday, 12-Oct-2017 16:33:29 EDT

    © 2017 Rutgers, The State University of New Jersey. All rights reserved.