From: Fernandez, Miran Sent: Sunday, March 15, 2020 11:38 PM To: Department Heads Subject: Physical access into City facilities/buildings and Remote access to City technology resources Importance: High Everyone, In preparation for the City facility/building lockdown event please read this email carefully in its entirety, and forward it along to essential personnel as applicable, particularly if they will be connecting in to City . MIS recommends you print this email out along with all of the associated attachments, to ensure that you have them available for reference as necessary. Re Physical access to City facilities/buildings Limiting physical access to City facilities/buildings may present some inconvenience to the public and employees alike. Please keep the following in mind for the duration of this event: City Hall and JFK Building access * Until further notice, all external City Hall doors and external JFK Building doors have been programmed into a lock-down mode at all times so that they will NOT automatically unlock. o All internal City Hall and JFK Building doors to departments will continue with their currently programmed open/lock cycles. ? If they automatically open at a certain time, then they will continue to do so. ? If they require someone to swipe them in order to unlock, then someone will continue needing to do so. * Please MAKE SURE to communicate ASAP to your employees that if they have been assigned City IDs: 1. They should bring them to work TOMORROW and carry them at all times, 2. They are responsible for any access/attempts associated with their assigned IDs, and that 3. MIS needs to be notified immediately of any lost or misplaced IDs so that we can disable them accordingly. o For employees that don’t have IDs, please complete pages 19-20 of the attached Computer Use Policies & Forms. ? Once completed, the employee should contact the MIS Help Desk (via either x4357 or help@lowellma.gov) so that we can schedule getting the employee’s picture taken, production of their card, and programming accordingly. * Controlled access to City Hall (managed by City Hall MIS @ x4357) will be available through the City Hall JFK Plaza door, and require a valid City ID/ Access card. o All active City ID/ Access cardholders have been enabled access to the City Hall JFK Plaza door as follows: ? Monday – Thursday between the hours of 6:00 AM and 10:00 PM ? Friday between the hours of 6:00 AM and 1:00 PM. * Controlled access to the JFK Building (managed by Police MIS @ x4510) will be available through the Police Front Desk. o Questions/requests re access to the JFK Building should be sent to the MIS Help Desk (help@lowellma.gov) for routing to Police MIS. * In the event of emergency access, the Fire Department has access to the lock boxes on the Merrimack St and JFK Plaza entrances, ensuring them 24x7 access to the building. Other City facility/building access * Until further notice, all other City facilities/buildings should have their external doors in lock-down mode to the public, accordingly. * If physical access keys are distributed to personnel, they should be tracked and noted for inventory purposes. General considerations * For security reasons, no one should be propping doors open, or holding them open for others; everyone should be required to use/swipe their City ID/ Access card to gain access as appropriate. * Employees may find members of the general public attempting to enter buildings through the same door that an employee is entering. o Employees should carefully apologize, do their best to explain that the building is currently closed to the public, and direct them to contact the number listed on the door posting for assistance. Re Remote access to City technology resources While MIS has contingency and continuity plans in place to enable remote access to City technology resources in the event of an emergency, please keep in mind that they are not intended to be long-term “work from home” solutions. As such, services are limited to “standard” program and application offerings including Munis access and MS Office applications. We have a “continuum” of remote access ranging from email access via the web, to email access via a mobile device, to remote access of files and remote access to our financial system. While additional details on working with these resources are available below, please feel free to reach out to either myself directly or to the MIS Help Desk (help@lowellma.gov or 978-674- 4357) with your questions. Remote Desktop (RDP) Access Remote desktop access is available for Windows and MacOS devices using the Microsoft Remote Desktop Protocol (RDP) tool. RDP enables a secured and window-based connection into a dedicated City Hall MIS RDP set of servers which can support approximately 120 concurrent connections across our employees’ various remote locations. When connected remotely, all the work you conduct actually takes place within a window on the server you are connected to, with only keyboard/ mouse/ screen updates being communicated/sent back and forth. However, the “experience” you will receive when connected remotely can be impacted by many factors including the equipment you are using to connect as well as anything “going on” on the Internet. RDP is specifically targeted for staff that need access to Munis or data/files stored on network drives. When connecting via RDP, please note the following: 1. RDP services are NOT intended to equate to “work from home”. a. Remote access is intended to provide short-term remote access, often to address an emergency need or “simple” access from a remote location, often with a limited set of applications or tools b. “Work from home” is intended to provide long-term access from home as a worksite, often using standardized hardware and software with a full set of necessary applications or tools 2. RDP services are NOT “available to everyone by default”. a. RDP services are controlled and licensed no differently than how other applications are licensed b. Department heads need to identify which employee(s) in their department require RDP access, along with what applications they need access to, in order to determine whether or not RDP is a viable option to meet that need c. MIS will provide employees with standardized instructions on how employees may install/configure RDP access, but are limited in our ability to troubleshoot devices in employees’ homes 3. RDP services are NOT available 24x7 a. MIS strives to ensure that these services are available during City Hall business hours b. Access outside of business hours can be interrupted for a variety of reasons ranging from patches, to system resources c. If you have a specific RDP connectivity need outside of “normal” City Hall business hours, please contact MIS as soon as possible and we will do our best to accommodate you i. This is absolutely critical in the case of Munis processes that may be expected to run overnight or otherwise outside of business hours! 4. Working with your RDP session window and disconnecting your RDP session. a. Once you successfully connect to an RDP session, you will notice that it runs in a “window” – you need to know how to resize that window and how to properly close it out! b. Resizing your RDP session window i. Because your RDP session is run within a “window”, you may find the need to scroll up/down or left/right depending on the resolution of your remote computer’s screen ii. If you right click on the top grey area of the window, you should receive a drop down menu, from which you can select 1. “Full screen” to maximize the size of the RDP session window 2. “Smart sizing” to automatically change the resolution of the window based on its size, during which the application will attempt to “fit the entire screen” into the window by automatically adjusting its resolution c. Disconnecting your RDP session i. Each RDP session maintains its own “state” for a certain period of time, which means that you open up a Word document, start typing something, close the RDP session, and come back to it within a reasonable amount of time to continue working on the Word document you opened earlier and which would still be on your screen, no differently than if you were in the office and did so. However, unlike your office computer, RDP sessions expire after a certain amount of time in order to free up resources for other RDP sessions. So, it is important to understand when RDP sessions expire, and how to properly disconnect your RDP session! ii. Generally speaking, your RDP session is either manually disconnected (preferred), gets automatically disconnected, or expires 1. RDP session – MANUAL disconnect (preferred) a. If you are still working on something, need to step away for a reasonable period of time, and expect to return to continue: i. Either 1. Close the Remote Desktop Connection Window or 2. Click on the “Start/Window” icon in the lower left hand of the screen, 3. Click on the “Power Off” button, and 4. Click on Disconnect ii. Programs on the remote computer will generally continue to run after you have disconnected for a reasonable period of time 1. This means that the system will maintain your connectivity “state” and that if you reconnect to the same RDP server, you will find everything “right as you left it” with any emails or documents open 2. When you reopen your RDP session (within a reasonable period of time), your screen should display just as you left it b. If you have your completed your work and saved everything i. Close and shut down all of your applications, documents, and browsers ii. Either 1. Close the Remote Desktop Connection Window or 2. Click on the “Start/Window” icon in the lower left hand of the screen, 3. Click on the “Power Off” button, and 4. Click on Disconnect 2. RDP session – Automatic disconnect a. Your RDP session will automatically be disconnected as follows: i. Following 1-2 hours of idle time (based on resources) ii. Following 6-10 hours of active time (based on resources) b. When disconnected, your RDP session will continue to run for a reasonable period of time i. This means that the system will maintain your connectivity “state” and that if you reconnect to the same RDP server, you will find everything “right as you left it” with any emails or documents open ii. When you reopen your RDP session (within a reasonable period of time), your screen should display just as you left it 3. RDP session – Expiration/Shutdown a. Your RDP session will automatically expire and be shut down as follows: i. If your session has been disconnected for more than 8-12 hours (based on resources) ii. If there are patches to be applied outside of business hours b. Once and RDP session expires, opened applications are closed and opened files are deleted (and unrecoverable) 5. Once you start your RDP session, here is what you will find: a. A “standardized set” of: i. Shortcuts on your desktop ii. Applications listed in the “Remote Application Center – v2.0” screen in the middle of your window iii. Applications available by clicking the “Start/Window” icon in the lower left hand of the screen. b. The following applications are what we consider our “standard” set of tools, which are available: i. Internet Explorer ii. Google Chrome iii. MS Excel iv. MS Outlook v. MS Word vi. Munis Live vii. Munis Train c. Certain applications with either specific licensing needs or resource needs are not currently available, including: i. Specialized software such as 1. Vision 2. AutoCad 3. ArGIS 4. GraniteNet 5. FuelMaster ii. Banking software such as 1. Enterprise Bank Secure Browser iii. Misc. programs such as 1. JBTV vital records 2. Animal Licenses (MS Access) d. Please contact MIS for assistance with specialized remote application needs 6. Accessing Munis a. Launch Munis Live or Train from the “Remote Application Center v2.0” Window or the icon on your desktop. b. Munis should function just it would from your desktop. 7. Accessing your email a. Launch Outlook 2016 from the “Remote Application Center v2.0” window i. The first time you launch this, it will need to load your profile and conduct other startup processes, so it make take several minutes b. Customization? Outlook retains many settings locally; as a result of that, you may choose to adjust several settings: i. Your email view? 1. Click on the View menu option 2. Choose a layout from the Layout portion of the icon bar ii. Your email signature? 1. Click on the File menu option 2. Select Options from the left hand side 3. Choose Mail from the Outlook Options window 4. Click on Signatures a. Contact MIS for assistance iii. Additional mailboxes you need access to? 1. Contact MIS for assistance c. Otherwise, all of your email folders should be accessible as expected 8. Accessing your work files a. All of your data files should be in their designated drives/directories b. Please avoid storing files on your desktop, making sure to store them on network drives 9. Accessing websites a. Because browser websites are typically stored on a local computer, you will NOT have access to your bookmarked websites when using RDP Services! i. Please make sure that you have a list of those key websites you need to access, along with login credentials. ii. Do any of these websites have any special requirements (e.g., a specific browser, soft keys, hard keys, web certificates, etc.)? If so, MIS will need to know so that we can determine how to accommodate your access! 10. You should take the same precautions on an RDP session as you would if you were logged in locally in your office. a. Do not share your password with anyone b. Keep in mind that you are subject to the same Computer Use Policies via RDP as you would be in the office c. Do not leave your connection enabled while you are away from it i. Either lock the screen on the mobile computer you are using (which will prevent access to the remote session) or disconnect your session (see above)! Web-based Email Access Web-based Email access is available from most current web browsers for employees that need access to email, and may not have a mobile device with which to do so. When connecting to Web-based Email, please note the following: 1. Web-based Email services are NOT intended to equate to “work from home”. a. Web-based Email services are intended to provide short term-access to City email via a web browser b. “Work from home” is intended to provide long-term access from home as a worksite, often using standardized hardware and software with a full set of necessary applications or tools 2. Web-based Email services are NOT “available to everyone by default”. a. Web-based Email services are controlled and licensed no differently than how other applications are licensed b. Department heads need to identify which employee(s) in their department require Web-based Email services c. MIS will enable Web-based Email services for employees as identified 3. Web-based Email services are NOT available 24x7 a. MIS strives to ensure that these services are available during City Hall business hours b. Access outside of business hours can be interrupted for a variety of reasons ranging from patches, to system resources 4. Accessing City email via the web a. Access to the City’s web-based email servers is via https://webmail.lowellma.gov b. When prompted to sign in , employees should enter their credentials as requested c. If you are using a private computer – not used by the public (as might occur at a conference or event) i. The “Private computer” selection is chosen by default. ii. When using a private computer, your session will time out within 8 hours of user inactivity. d. If you are using a public computer, as might occur at a conference or an event i. UNCHECK the “Private computer” selection, as it may allow others to gain access to your email. ii. When the “Private computer” selection is unchecked, your session will time out within about 15 minutes of user inactivity. 5. Customization? Unlike Outlook mail access via RDP Services, Web-based Email services are somewhat limited in customization 6. Logging out a. The correct way to sign out (PREFERRED) i. Click on your name in in the upper right hand corner ii. Click on Sign out b. The less secure way to sign out (which may allow others access to your mail) i. Close the browser Telecommunications The attached “20200313 COL Department Telephone Directory” document includes a quick reference on the first page, followed by departmental details; updates to the telephone directory should be sent to the MIS Help Desk (help@lowellma.gov). * Voice Mail o Most department “main numbers” have associated voice mailboxes. ? These “main numbers” are the numbers that are typically published as the department number, call group, or hunt group ? Please make sure that you and others know the password to your department’s voice mailbox. ? Please review your department’s outgoing voicemail message and update it accordingly during this event. ? Please make sure that everyone knows how to access the voicemail system. * The attached “20200315 Accessing Your TPX Voice Mail” document provides instructions on how to do so. * Please note that this is an extract from the training materials provided for using your TPX Voice Mail. * If you would either like additional training on working with voicemail, or another copy of the entire voice mail training PDF, please send an email to the MIS Help Desk (help@lowellma.gov) so that we can assist you accordingly. ? Please make sure to have a plan in place re who will be checking your departmental voice mailbox(es), and how they will forward messages to others. ? Department “main numbers” cannot be forwarded at the phone level, and would require MIS to look into reprogramming, if there is a need to do so. o Most City employees also have associated voice mailboxes . ? Even if an employee forwards their phone to an external device, it is possible that it may still receive voicemail. ? Please advise your employees as to whether or not they should be modifying their outgoing voicemail message during this event. ? Please make sure that everyone knows how to access the voicemail system. * The attached “20200315 Accessing Your TPX Voice Mail” document provides instructions on how to do so. * Please note that this is an extract from the training materials provided for using your TPX Voice Mail. * If you would either like additional training on working with voicemail, or another copy of the entire voice mail training PDF, please send an email to the MIS Help Desk (help@lowellma.gov) so that we can assist you accordingly. o Some Polycom phones (“the basic package”) do not have voice mailboxes. * The voicemail button on these phones will do nothing. * Forwarding calls o The attached “20200313 Forwarding Your Polycom Phone” document provides instructions on forwarding your Polycom phone to another phone (such as a cell phone). ? Please note that this is an extract from the training materials provided for using your Polycom telephone. ? If you would either like additional training on the Polycom telephone, or another copy of the entire phone training PDF, please send an email to the MIS Help Desk (help@lowellma.gov) so that we can assist you accordingly. o Some Polycom phones (“the basic package”) cannot be forwarded. o Once a call is received by your mobile device, whether or not you can forward that call further is a function of your mobile device and the plan it is on, so it is something we would encourage everyone to test accordingly. ? One way to do so would be to forward your Polycom phone to your mobile device, have someone place a call to your Polycom phone to verify that it forwards accordingly, and then once you have answered the call on your mobile device, check to see what menu options are available on your phone. ? Note that if you do have the option to forward the call, it *may* tie up additional minutes on your phone, but again, that is a function of your mobile device plan. * Conference calls o The attached “20200315 Conference Features of the Polycom Phone” document provides basic instructions for conducting a conference call on your Polycom phone. o Most Polycom phones accommodate the ability to conference several callers together. ? Between 3-5 callers may be conferenced together, depending on the phone and call package. ? These type of calls require little training. ? Some Polycom phones (“the basic package”) may not be able to conference calls. o Meet-Me Bridged Calls allow up to 50 callers to call into one number to call in to participate on a call using your Polycom phone. ? These types of calls require advanced planning and setup, and may be subject to additional fees. ? These types of calls require minimal training. ? Please contact the MIS Help Desk (help@lowellma.gov) for additional information and assistance in getting this type of conference call service configured. o UberConference is a web based conference tool for calls, screen sharing, and video conferencing ? This tool is primarily actually funded through the Commonwealth Interactive Collaborative Exchange MIS hosts, and while it is mostly used for ad-hoc large conference call ins, the City does have a few accounts which can be made available for scheduling of conference calls ? These types of calls require more extensive training. ? Each account has a dial in number associated with it, which would have to be assigned to someone to manage and coordinate the scheduling of conference calls ? Please contact the MIS Help Desk (help@lowellma.gov) for additional information and assistance in getting this type of conference call service configured. While I understand that this is “lots of information” in one email, we thought it made sense to attempt to pull it all together into one place. Please feel free to reach out to me directly or to the MIS Help Desk (help@lowellma.gov or 978- 674-4357) with your comments, concerns, questions, or requests for additional assistance. Thanks! - Mirán