Summer 2025
Leadership Thoughts
In times of change, collaboration becomes essential to help drive efficiencies within our organization. As we head into fall, the PMACS teams remain committed to working collaboratively in developing and implementing technology improvements and changes. Our focus is on enhancing electronic systems that facilitate easier documentation methods and foster streamlined workflows.
Recent Achievements and Initiatives
- Successful Transfer of Tumor and Tissue Bank to the LIMS: The LIMS team has successfully onboarded the Tumor and Tissue Bank (TTAB) lab to LabVantage LIMS. This integration opens the door for several existing research efforts to benefit from using a common system. For instance, the Clinical Research Unit (CRU) within the Abramson Cancer Center conducts many studies that engage TTAB for tissue processing. With both labs now operating on a single platform, there is less need for annotating and barcoding samples. This work can now be done once, allowing technicians to focus more on sample processing rather than documentation. Additionally, the LIMS team has supported a pilot initiative for MyPennGenome, exploring a partnership with Illumina for large-scale sequencing of samples aimed at screening clinically relevant genetic variants. Samples collected by the Penn Medicine BioBank (PMBB) can be linked to clinical identifiers through established, automated processes before being transferred to the Genetic Diagnostics Lab (GDL), where they enter its established LIMS workflow for sample tracking.
- Kissflow Application Implementation: PSOM Administration worked closely with Doug Brunk to successfully implement a powerful process management tool that enhances collaboration across departments, streamlines workflows, and improves communication. This self-service tool enables administrators to implement solutions within their teams and throughout PSOM. By using Kissflow, our organization can automate and visualize the steps involved in various workflows, ensuring that all stakeholders are aligned and informed throughout the process.
- Compliance with NIH Data Management Requirements: To meet new NIH genomic data sharing requirements and NIST 800-171 cybersecurity standards, our teams have onboarded the first PSOM user to an AWS secure research environment set up by ISC and ORS. Penn Medicine IS has also hired a third party to assess HPC for NIST compliance with the aim of achieving compliance.
- AI Integration: The power of AI plays a significant role in streamlining workflows. Our teams have been working with the university to make several AI services available to PSOM faculty and staff. These efforts include bringing the capabilities of Copilot Chat, Grammarly, as well as CoPilot 365 and ChatGPT to the school.
As we move through the end of summer, the PMACS teams remain dedicated to collaborating on technology improvements to drive efficiency and process improvements. Look for more exciting updates to come in the fall!
Staff Updates
Rikki Godshall retires after 28 years
After 28 years of service, Rikki Godshall is retiring from his role supporting Research Computing at the University of Pennsylvania. Over the course of his career, Rikki contributed to Penn Medicine’s research efforts in various technical roles, helping to ensure the reliable delivery of both standard and complex IT services. His work supported a wide range of research initiatives and reflected the collaborative environment that defines our organization. We thank him for his contributions and wish him well in his retirement.
Nate DiGiorgio assumes leadership of PMACS Linux and Cluster Computing Teams
Beginning June 7th, Nate DiGiorgio has assumed responsibility for overseeing the PMACS Linux teams and the teams responsible for both the Limited Performance Computing Cluster (LPC) and High Performance Computing Cluster (HPC). In Nate’s expanded role, he will oversee the operations of all Linux-based PSOM services and define the strategy for the future of the HPC and LPC within PSOM.
Welcome to our New Hires
Timothy Gilliand joined the Windows systems administration team effective July 1, reporting to Bill Ihlenfeld.
New PMACS Website Launched this Spring
We are pleased to announce the launch of our updated PMACS website. The redesigned home page now includes more links to the most-used pages and resources, making it easier to find what you need quickly. The new design also profiles recent PMACS news.
Additionally, we have created dedicated pages for faculty, staff, and students. Each page focuses on the services most relevant to those groups. You will find quick links to how-to guides and simplified options for asking questions and getting assistance. We invite you to explore the new site and see how these changes can benefit you.
Introducing the Scientific Computing Brain Trust Workshop Series
The Scientific Computing Brain Trust is a collaborative initiative at Penn Medicine aimed at broadening awareness and understanding of the resources available to support clinical and translational research. Through a curated online video series, the Brain Trust educates faculty, staff, and trainees about key people, workflows, and technology platforms that are already in place to assist and enhance research efforts.
This collaborative brings together a network of specialized groups, including Penn Medicine Academic Computing Services (PMACS), Penn Data and Technology Solutions (DTS), the Penn Data and Analytics Center of Excellence (PennDnA) in partnership with the Center for Clinical Epidemiology and Biostatistics (CCEB), the Penn Medicine Biobank (PMBB), and the Institute for Biomedical Informatics (IBI). Each group contributes distinct knowledge and services to support the research lifecycle—from data acquisition and integration to analytics, computing, and biobanking. The Brain Trust serves not only as an educational platform but also encourages collaboration and promotes new research ideas across Penn Medicine.
The Scientific Computing Brain Trust videos are made available to all active PSOM faculty, staff, and students. New and updated content will be added regularly. Access the content through the Scientific Computing Brain Trust Workshop or through the PMACS Help & Reference Guides page.
A Guide to Penn & Penn Medicine Consumer AI Services
The introduction of ChatGPT 3.0 in 2022 introduced generative AI to a global audience. Since then, many vendors have been incorporating AI capabilities into their products. Below is a summary of key AI services available to members of the Perelman School of Medicine community and how to access them.
Currently Available
Penn AI Chat
Penn AI Chat is a Penn Medicine service built by PennDnA on Microsoft Azure that leverages OpenAI’s ChatGPT functionality. This is the only service approved for use with all sensitive data, including identifiable patient data.
This service is available to anyone with a UPHS account (the same account used to access @pennmedicine email services) and is available when connected to the UPHS and PSOM wired networks, UPHS’s wireless network, and the UPHS and PSOM VPN services. Visit the Penn AI Chat website.
Microsoft Copilot Chat
Microsoft Copilot Chat is a full-range generative AI chat client, running on ChatGPT, that provides web search enhanced with generative AI to create novel content (text, images). There is no additional charge over existing Microsoft 365 agreements*.
Microsoft Copilot Chat is approved for use with low, moderate, and high risk data, excluding social security numbers and credit card data.
Copilot Chat is self-service. You can learn more about accessing Microsoft Copilot Chat.
Grammarly
Grammarly is an AI writing assistant made available to PSOM faculty, staff, and students through an agreement with the University of Pennsylvania. Grammarly will work with Microsoft Office products, including Microsoft Word, Excel, PowerPoint, and Outlook, to improve written communications. Grammarly will offer both inline suggestions and the ability to enter prompts and generate text.
More information can be found on the PMACS setting up and configuring Grammarly webpage. Grammarly users will need a PennKey to access the service. Grammarly is approved for use with sensitive data. While Grammarly can be used with many applications, PSOM’s implementation is restricted to specific applications.
OpenAI for Education
The University of Pennsylvania and OpenAI completed an initiative to make ChatGPT available to faculty and staff as part of the University’s Brokered Products portfolio. Brokered Products are software and services available under an enterprise agreement, but users who wish to access brokered products will be charged directly for their license.
OpenAI for Education is appropriate for use with low and moderate-risk data, according to the University and Penn Medicine data classification policy. Use of OpenAI with high-risk or sensitive data, such as PHI, social security numbers, location data, and certain HR records, is prohibited. There is no BAA covering between OpenAI and the University of Pennsylvania and the University of Pennsylvania Health System.
Please visit the ISC Brokered Products portfolio for more information. To request access, please submit a request here (PSOM faculty, staff, and students only). If you already have a personal account, you can use these instructions to migrate your content to your Penn-provided OpenAI account.
This offering does not include access to OpenAI’s API services.
Microsoft 365 Copilot for Penn O365
Microsoft 365 Copilot Integrates generative AI running on ChatGPT into the Microsoft Office applications—Excel, OneNote, Outlook, PowerPoint, Teams, and Word. It also includes a Work search that allows queries across all of those applications.
Microsoft 365 Copilot is available for faculty and staff at $31 per month. This service is currently available only to users of the Penn 365 environment. Penn Medicine 365 users cannot currently access this service.
Microsoft Copilot Chat is approved for use with Low, Moderate, and most High Risk Data. Do not input data such as SSNs and credit card data. Please see the additional guidance document for more information.
Not Currently Available
Apple Intelligence
Apple launched its initial Apple Intelligence features with the release of Mac OS X 15.1, iOS 18.1, and iPadOS 18.1 on October 28, 2024. Apple has announced multiple new features, which will be built into the operating system as part of future upgrades.
Apple’s vision for Apple Intelligence is to conduct as much processing on the device as possible while sending data to Apple’s private cloud environment when the device’s local resources cannot handle the request. Apple automatically makes these decisions based on the request without notifying the user when data is sent off the device. Penn Medicine, inclusive of PSOM, remains in contact with Apple regarding Apple Intelligence and continues to evaluate these services. However, Apple Intelligence is not approved for use.
Zoom AI Companion
Zoom AI Companion is a feature of the Zoom platform that provides the ability to summarize meetings and chat messages, among other features. The University of Pennsylvania is currently evaluating whether to enable Zoom AI Companion in the University’s Zoom environment.
Zoom AI Companion is currently disabled in the Penn Medicine Zoom environment as the use of Zoom AI Companion is not covered by the Business Associate Agreement between Penn and Zoom.
Windows 11 Upgrade – What You Need to Know
PMACS has introduced a new self-service feature to allow you to upgrade from Windows 10 to Windows 11 at your convenience.
Why this is happening:
Microsoft is ending support for Windows 10, so PMACS will begin upgrading all devices to Windows 11 to ensure continued security and support. Users are encouraged to take advantage of the self-service upgrade process to upgrade at a time of their choice. For more details, see below.
How to Check Your Windows Version
- Click Start
- Go to Settings > System > About
- Under Windows specifications, look for the version listed next to Edition
If it says Windows 10, you’ll need to upgrade.
How to Upgrade
We’ve made it easy with a self-service upgrade option that you can run at your convenience.
Visit: Windows 11 Self-Service Upgrade Guide
- The upgrade takes about 1–2 hours
- You can choose to run it overnight to avoid interruptions
Important Notes
- Some older devices may not support Windows 11 (View the System Requirements)
If your device is not compatible, we recommend replacing it with a newer model. - For help or questions, please contact your PMACS LSP or submit a Helpdesk ticket.
Coming Soon! PSOM Migrates to New VPN Service for Remote Users
Later this summer, PMACS will be switching to a new VPN solution called GlobalProtect, which will replace the current Ivanti VPN.
Keep an eye on your inbox — we’ll be sending out instructions soon on how to install and use GlobalProtect.
Important Changes
To better protect the PMACS network, we’re making changes to how devices access the VPN:
- GlobalProtect checks if your device is managed by PMACS or UPHS (trusted) or personal (untrusted).
- PMACS and UPHS-issued devices are considered trusted and will have full VPN access, which matches their current access through Ivanti.
- Personal devices will have limited access by default.
If you need to use a personal device to access certain PMACS resources, you’ll need to submit a VPN exception request.
When You Need a VPN Exception (for personal devices)
You must request an exception if you currently access any of the following from a personal device:
- Remote access to a PMACS desktop
- PMACS Shared Drives
- SSH access to PMACS Linux servers (except LPC & HPC submit hosts)
You do NOT need an exception to access the following services regardless of which device you connect from:
- LPC & HPC submit hosts
- LIMS
- Velos
- Other PMACS web-based tools
More details about the exception process, including links to the online form, will be published later this summer.
Guidance on NIST 800-171 & Genomic Data
This Spring, twenty NIH-supported repositories of genomic data began requiring all research teams to process, store, and analyze data provided by an in-scope repository in NIST 800-171 compliant computing environments. All new or renewing requests are required to attest to the new requirements. The requirements to meet NIST 800-171 standards are wide-ranging and require significant effort to demonstrate and maintain compliance.
As an institution, the University of Pennsylvania and the Perelman School of Medicine continue working on making secure research enclaves available to research faculty and their teams to continue their work. The first enclave, built on AWS, is now available through the Office of the Vice Provost for Research (OVPR) and ISC. To get started with the AWS secure research enclave, please submit a request with ORS.
In parallel, PSOM has engaged with a 3rd party to assess and develop a remediation plan for the High Performance Computing (HPC) cluster. The first phase of the assessment has been completed, and PMACS and PSOM leadership are currently reviewing the results to determine how best to proceed. Additional information will become available later this summer.
PARCC also intends to provide a secure enclave that meets NIST 800-171 requirements, but the timeline is not yet available.
As always, please contact your Service Information Officer with any questions.
The New Fiscal Year Brings New University and UPHS Computing Policies
As digital security threats continue to evolve, the University and UPHS are both taking steps to increase security. Those efforts include both technical efforts and policies. Several of these changes are highlighted below:
- The University of Pennsylvania is midway through an effort to block all connections originating outside university networks by default. This change primarily affects computers hosting services on PennNet. This project will conclude in the fall of this year.
- Penn Medicine, inclusive of both PSOM and UPHS, has introduced a new set of policies governing the use of technology (UPHS Intranet only). These policies govern the acceptable use of computing equipment and services, the need for 3rd party risk assessments when purchasing technology solutions and services, and the technology standards that Penn Medicine must meet.
- The University of Pennsylvania has updated the IT security policy to establish clear requirements for patching all Penn-owned devices connected to Penn’s networks. Beginning July 1, all patchable assets must have security updates applied within 30 days of release. When a high-risk vulnerability is identified, patching must occur within 3 days. Devices not patched within these timeframes may be disconnected from the network.
PMACS, in partnership with the University’s Office of Information Security and Penn Medicine Cybersecurity, is working to address these policies and to safeguard PSOM’s research and education activities. Please stay tuned for further updates on this topic in upcoming newsletters.
Password Security: Your First Line of Defense Against Cyber Attacks
Passwords are Penn Medicine’s first line of defense from cyber-attacks. Despite advancements in security technologies, weak or compromised passwords continue to pose a significant risk. To safeguard our systems from basic attacks, it's crucial to use strong passwords.
Key Password Practices:
- Unique: Avoid using the same password across multiple accounts.
- Complex: Create passwords that combine letters, numbers, and special characters, and steer clear of simple dictionary words.
- Long: While the minimum requirement is eight characters, we strongly recommend using twelve or more for enhanced security.
- Confidential: Never write down or display your password where others can see it.
- Not based on personal information: Do not use passwords based on easily accessible personal information such as phone numbers, addresses, or names.
- Privacy: Never share or disclose your password to anyone under any circumstances.
Why it Matters:
One weak password can lead to a major breach. Strong passwords are vital because password-cracking programs can break shorter and simpler passwords in mere seconds or minutes. When attackers obtain passwords, they can methodically exploit our systems and data, using the stolen account as their entry point. For additional tips on creating strong passwords, please refer to our Password Standard.