Operating System Configuration
Before shipping, Illumina systems are tested and verified to operate within specifications. Changing settings after installation can introduce performance or security risks.
The following recommendations mitigate performance and security risks for the operating system:
| • | Create passwords that are at least 10 characters long and comply with local policies. Keep a record of the password. |
| • | Illumina does not keep customer logon credentials, and unknown passwords cannot be reset. |
| • | An unknown password requires restoring the system to factory defaults. This restoration removes all data from the system and creates downtime. |
| • | Use the administrator account only for applying system updates and other use by IT staff. For all other functions, use the user account. |
| • | If the system software operates incorrectly, consult your IT administrator about possible Group Policy Object (GPO) interference. When connecting a domain to a GPO, some settings can affect the operating system or instrument software. |
| • | Turn off RDP and use the Windows firewall or a network firewall (hardware or software). |
| • | Turn off Windows Automatic Update. |
Password Requirements
The Windows operating system has two accounts: administrator (sbsadmin) and standard user (sbsuser). The administrator account is intended for IT use, system updates, and installing the control software, Local Run Manager analysis modules, and other software. Perform all other functions, including sequencing, from the user account.
The operating system requires a password change for both accounts at the first login. Update each password every 180 days, when prompted.
|
Policy |
Setting |
|---|---|
|
Enforce password history |
Five passwords remembered |
|
Lockout threshold |
Ten invalid logon attempts |
|
Minimum password length |
Ten characters |
|
Password must meet complexity requirements |
Disabled |
|
Store passwords using reversible encryption |
Disabled |
Windows Updates
To control configuration and operation of the control computer and deliver a more robust operating environment, the default Windows operating system has Windows Update turned off. System updates are not supported because they can put the operating environment at risk.
Alternatives to turning on Windows Update include:
| • | More robust firewalling and network isolation (virtual LAN). |
| • | Network isolation of network attached storage (NAS), which allows data to sync to the network. |
| • | Local USB storage. |
| • | Avoiding improper use of the control computer and ensuring the appropriate permission-based controls. |
Software Restriction Policies
Windows Software Restriction Policies (SRP) use rules to allow only specified software to run. For the iSeq 100, SRP rules are based on certificates, file names and extensions, and directories. SRP defaults to allowing the following rules.
An IT representative or system administrator can add and remove rules to customize the security level. For instructions, refer to Illumina Instrument Control Computer Security and Networking. If the system is added to a domain, the local Group Policy Object (GPO) might automatically modify the rules and turn off SRP.
|
Certificates |
|---|
|
iSeq Application Certificate |
|
Executable Files |
|---|
|
Portmon.exe |
|
Procmon.exe |
|
Procmon64.exe |
|
Tcpview.exe |
|
File Extensions |
|---|
|
*.cfg |
|
*.lnk |
|
*.png |
|
*.tif |
|
*.txt |
|
*.xml |
|
Directories |
|---|
|
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% |
|
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% |
|
C:\CrashDumps\* |
|
C:\Illumina Maintenance Logs\* |
|
C:\Illumina Manufacturing Test Results\* |
|
C:\Illumina\* |
|
C:\Program Files (x86)\Chromium\Application\* |
|
C:\Program Files (x86)\Illumina\* |
|
C:\Program Files (x86)\Internet Explorer\* |
|
C:\Program Files\Illumina\* |
|
C:\Program Files\Internet Explorer\* |
|
C:\Program Files\Jenoptik\* |
|
C:\Program Files\Ophir Optronics\* |
|
C:\ProgramData\Illumina\* |
|
C:\ProgramData\Package Cache\* |
|
C:\ProgramData\webex\* |
|
C:\Users\*\AppData\Local\GoToAssist Corporate\* |
|
C:\Users\*\AppData\Local\Temp\Citrix\* |
|
C:\Users\*\AppData\Local\Temp\CitrixLogs\* |
|
C:\Users\*\AppData\Local\Temp\LogMeIn\* |
|
C:\Users\*\AppData\Local\Temp\LogMeInLogs\* |
|
D:\Recovery\* |
|
GoToAssist Corporate Opener*.exe |
|
Turnover to customer.bat |
Third-Party Software
Illumina supports only the software provided at installation.
Chrome, Java, Box, and other third-party software are untested and can interfere with performance and security. For example, RoboCopy interrupts streaming performed by the control software suite. The interruption can cause corrupt and missing sequencing data.
