ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM March 9th 2012 REGULAR MEETING


A meeting of the ICC was held on Friday, March 9th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Twenty-four members participated.
 
Remote participants: David Bauldree, Bill Black, Allan Burrage, David Bauldree, Bill Blake, Lance Cozart, Dan Christophy, Dan Cromer, Marion Douglas, David Essex, Francis Ferguson, Chris Fooshee, Kevin Hill, Russell Hunter, Joel Parlin, Mike Ryabin, Nick Smith, Matt Wilson, and Alex York.
 
On-site participants: Dennis Brown, Winnie Lante, Steve Lasley, John Sowers, and Wendy Williams.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman


Member news:

Dan Cromer discovered a couple of support folks at Env Hort that we had been overlooking. CJ Bain is their Data Manager and Scott Purcell is a Web Developer. Steve would like to welcome both to our ranks and apologize for not getting in touch sooner.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Special guest

Jessica Darby presentation on the new Remedy System

Background

CNS had already announced a new trouble ticket system and mentioned that the UF Help Desk would be moving there as well. IFAS will consequently be following along too.

The day prior, Jessica had provided two documents relevant to her presentation:

A bit of initial confusion

Jessica explained that the IFAS IT support folks had already been added into the new Remedy system as support staff because it was originally believed that everyone at UF would move over to the new system at once. Due to differing timetables, however, network services moved ahead of everyone else and that caused a few issues.

The main problem ICCers were having was that we already see a different view of the remedy system than does a regular end-user; we instead see the "Incident Management Console." The location for submitting a ticket as an end-user is consequently rather buried in the menu structure. Jessica first explained how to locate that via live demo and the Production Customer handout she had supplied earlier.

The area in question is termed the "Service Request Management" page -- this is the page one accesses as an end-user in order to request tickets.

Viewing tickets as a customer in live Remedy

Here is a web rendering of Jessica's explanation document:

  • If you are trying to submit a ticket to CNS in production Remedy, you will have to complete a few extra steps due to your Remedy settings. To submit a ticket to CNS through the Service Request Management System:
    1. Log in
    2. Select the Applications tab on the left
    3. Then select Service Request Management
    4. Then select Request Entry.
  • This navigation will allow you to submit a ticket to CNS as an end user.

    Service Request Management menu

  • To view a request that you have submitted to CNS in production remedy, you can do this in Service Request Management as well. Follow the steps above to access Service Request Management. Then,
    1. On the left hand side in Service Request Management, there is a box that says “Submitted Requests”.
    2. In this box is a section that says “Open Requests”. You can view all of your open tickets by clicking on “Open Requests”.

    Open Requests menu

So, at this time we can only use the live system as an end-user, but we have to drill in a ways in order to do that. Once all of IFAS and UF is moved in then the interface will be fleshed-out a bit rather than just showing network services as it does currently.

Test system available to assist in learning

The test system is currently the place we should go to try out the new interface as support providers. The Quick Reference document may be used to help navigate the test system in order to become familiar with it. You are encouraged to create test tickets as part of that learning process.

Steve's account currently isn't working for the test system so he was unable to grab screenshots relevant to Jessica's demo of that. Today's meeting was recorded on the bridge, however, and you may watch Jessica's demo there by going to http://mediasite.video.ufl.edu, browsing to the Videoconferences folder and looking for the Monthly ICC meeting link.

[Note: If others have difficulty accessing the test system, please email Dan Christophy; your account may have missed being added.]

Training support folks

Jessica had sent training materials to Dan Christophy and the plan was to have Dan coordinate training for the rest of the ICC folks. Jessica is the only trainer centrally, hence the plan to distribute that aspect out.

Wendy Williams asked when the training might be forthcoming and Dan Christophy replied that he hasn't received it yet himself. After he had, he planned to coordinate with us. Allan Burrage suggested that Jessica look into recording one of her own training sessions which could be recorded for later play-back. Allan suggested that Video Services should be able to assist Jessica with doing that.

Email ticket submission?

Dennis Brown asked about allowing end users to submit tickets via email. Jessica said that IFAS could develop that capability but it would have to be designed so as to prevent spamming Remedy.

Auto-assign will not be supported

A bigger difference in this new system is that tickets submitted by users would not be routed to their OUAdmins as is being done within the current system. IFAS was added as a single support unit and it appears that the IFAS Help Desk will have to play a larger routing role with the new system than they had to do in the past.

Ticket viewing management

John Sowers asked if there was a way to view all closed tickets that had been assigned to an individual. Jessica said that the default filters are set to filter by priority, but that they could be set to be done by status. She didn't have any custom filters set up to do that however.

Knowledgebase

John asked about the included knowledgebase, wondering if it could search closed tickets in order to find past solutions. Jessica responded that Remedy includes a Knowledge Management Console. Jessica added that these are the sorts of things which she will go over in her training sessions. We will be able to contribute articles to the knowledgebase, but Jessica stressed that Remedy sees all of UF as one big company and any articles we add will be viewable by anyone within the Remedy system - we won't be able to develop a separate "IFAS" knowledgebase. We can preface our article titles with "IFAS" however to make those more readily discernible.

Thank you's

The ICC thanked Jessica for speaking with us today and looks forward to upcoming training materials, either from her directly via a recorded session or filtered through Dan Christophy.

Note: David Burdette posted a "How-to intro to the Remedy System" to the CC-L the following Monday after our meeting.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Promising new codec option

Lance Cozart has been testing a promising new codec (videoconferencing endpoint) alternative from AVer. AVer products seem to combine ease of use with a price point much lower than Polycom or even LifeSize solutions. Additionally, the higher priced unit offers in-built MCU and no-extra-cost capture via usb connection that may have the potential of replacing our expensive and complicated Accordent Capture Stations which have an effective lifespan of about another two years. Even better, the warranty on these extends to 3 years with free tech support and one year of advanced replacement including free 2-way RMA shipping. There are no service contracts to buy and firmware updates are completely free.

Lance currently has the HV310 model with in-built MCU that has been quoted at under $2700. The point-to-point version is the HVC110 model which is under $1700. In fact, Lance and Marion Douglas connected to the meeting today using this codec so they could talk about the system and give the ICC a chance to learn more about it.

Demo/discussion from Lance Cozart

Lance first provided the IP address which Steve then forwarded to the ICC distribution list (along with a price quote from CCS). He said that this would be available until about Wednesday night if folks wanted to connect to it remotely and check it out; after that it will move on to Patrick Pettus for some more testing.

Web interface

The device has a web interface with a current password of "1234" so you may check that aspect out as well:

Service Request Management menu

Convenient remote

Lance said that he prefers the remote on this device to that of the Polycom. He believes the layout makes it easier to operate:

Service Request Management menu

It has buttons for Info and dual display and you can change your aspect ratio. Lance noticed that the camera is a little bit faster on this device than on the Polycom.

HVC110 and HVC310 models

Lance then went over some details of two of the "higher-end" devices that AVer offers, the HVC310 and the HVC110 (see specifications tab here for comparison).

Both devices provide full HD 720p at 30fps and an H.323 client (Content in Polycom terms). They are working on SIP, but currently you can't enter a SIP URI in order to call, for example, a Lync endpoint. The biggest problem there is the current lack of the "@" symbol. They expect to have a solution for that in the next month or two. They are also working on a way to connect to the SIP registrar (i.e., for an enterprise contact list) and TMS integration (so the Tandberg Management System can be used to provide device management).

Other than SIP URI calls, Lance reported that his test unit was able to connect to everything he tried: point-to-point or multi-point with other VC endpoints such as Polycom, or PVX, as well as connecting to the bridge for conferences hosted there. You can connect to the AVer device (incoming) from Movi or Lync as well.

Differences between the HVC110 and HVC310 models

The HVC110 provides one microphone while the HVC310 provides two and you can use wireless mics with these systems if you wish. The HVC310 provides a 4-way MCU while the HVC110 does not. The HVC310 provides recording capability while the HVC110 does not

Other features

One nice feature similar to Tandberg endpoints, these devices support a mini-XLR audio connector providing a balanced connection as well as a 3.5 audio connector.

Both devices have RS-232 connections supporting a control signal so that the devices can be incorporated into a more complicated AV control system. As stated, the warranty looks very good and they both have web consoles for remote management.

Similarly to Polycom, both devices support two monitors; the main monitor is HDMI and the second is VGA. It will send everything out to monitor one and monitor two at that point is local and content. The units have a similar function to People+Content which allows you to do something AVer calls "Screen Share" supporting wired or wireless content sharing. This is not limited to 1024 x 768 and Lance was connecting at the native resolution of his laptop. They also have a "VCLink" feature with apps for iPhone and Android that allows mobile devices to be fully functional remote controls.

The HVC310 can record to any external USB drive. Recording allows about six different layouts controlling the organization of the captured components. You can set that as you wish and it gets saved to a proprietary format that may then be converted to an MOV file later.

One thing that Lance had noticed about this device is that it sets to its native resolution or what the EDID of the display negotiates. For Lance that has been 720p usually.

Other discussion

Dan Cromer noted that the prices available on these units from CCS include a considerable discount from the MSRPs; this makes them by far the most affordable among the various competitors.

Mike Ryabin asked if either model supported multi cameras. Lance responded that currently these devices only support the one camera which is connected via a proprietary cable limited to about 30 feet (though they have extenders available apparently). Lance assumed that they currently don't support using third-party cameras.

Dennis asked if the camera was separate or mounted directly to the codec box. It is indeed separate and roughly 5" x 5" x 3.5" in size.

The ICC thanks Lance for his careful research and for sharing his findings with the rest of us. These devices look very promising as potential replacements from some of our many aging Polycom units.

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

Updates not available...

Lync Migration results (previous discussion)

Dan Cromer had reported the week following our last meeting that Lync is now working with the video bridges, though not in quite the same fashion as before:

Message from Dan Cromer to the ICC-L:
"[ICC-L] Lync now working with the video bridges" Tue 2/14/2012 9:53 AM


All,

Great news, Patrick and James now have the video bridge working with Lync, though it can't be used with the old method of connecting to the video portal, and presence is still shown as unknown. To connect to a conference, type {conference ID}@video.ufl.edu, for example, 7839999@video.ufl.edu, in the "Find a contact" search field. Note that the longer vcs.video.ufl.edu isn't used. The contact will show below the search field. You can either right-click and select "Start a video call", or double-click to open the connection, then start video.

Testing is still underway, so let Patrick know of any issues.

Dan

People were indeed able to connect to the bridge for this meeting via Lync, so it appears that those issues have indeed been resolved.

Francis Ferguson reported that he was using Lync today and had experienced video "freezes" of long duration twice during his connection, though the audio continued during that time. Others mentioned seeing the same thing. It was mentioned that disconnecting and reconnecting resolved these issues. Nobody seemed to be able to guess why this might be occurring, however, other than to suggest it was due to transitory issues with the network transport. Dan Cromer speculated that a control packet gets dropped and the client then thinks the video connection is gone, but he didn't know what could be done about it specifically.

Kevin Hill mentioned that he had been having the same issue previously with both Lync and Movi, but after updating all the drivers for the camera as well as its software he had noticed a dramatic improvement. Kevin connected today using Movi, BTW.

WAN (previous discussion)

Updates from James Moore

Updates not available...


Policy


New 'Trouble-Ticket' Entry Page for CNS

Back on the 16th of February, CNS announced a new 'Trouble-Ticket' Entry Page available at http://request.it.ufl.edu.

They noted that "this change applies only to direct requests to CNS, regarding CNS-specific services, such as networking, hosting services, mainframe systems, etc." Tickets for the UF Computing Help Desk should continue to go to http://helpdesk.ufl.edu/. The plan is to merge the two into one in the not too distant future, however.

CNS also reiterated: "As always, if you are reporting a system outage or other emergency, please send us a ticket, but also telephone us at 352/392-2291. We have staff on deck 24/7 to field emergency calls and we want to make doubly-sure that we do not miss yours."

Migration of DNS and DHCP Services to New BlueCat Platform

CNS provided more details on the plan to migrate to the New BlueCat DNS and DHCP Server. It appeared to Steve that this was primarily a central IFAS IT issue but Chris Leopold wasn't available to discuss this.

Shared Infrastructure Advisory Committee reports

It would appear that the SIAC committee intends to post their monthly reports in a more timely fashion--which is good news. The latest posting currently is the January report.

UF File Express still in round-2 beta testing (previous discussion)

Steve asked Dan Cromer if there was any news on when this service might be officially launched. Dan reported that it is really close now; he believed it to be a political rather than a technical issue that was holding things up.

Steve asked about the anonymous access option wondering if the URLs were sufficiently obscure as to provide some confidence against broad access. While Steve understands that restricted data shouldn't be shared in that manner, he believes users would feel better knowing that it would be difficult for third-parties to casually discover posted documents unless they had been sent the URL for access.

Dan agreed that this would be the case, though acknowledging that "security through obscurity" is not best practice by any means.

SharePoint training by Dan Holme (previous discussion)

Steve asked for feedback from anyone who had attended. Surprisingly, Erik Schmidt had posted links to recordings via the CCC-L:

jump to other SharePoint discussion this month

Campus VoIP improvement implemented (previous discussion)

Updates not available...

UF FAX server project (previous discussion)

The service is now in final testing and the details have been pretty much finalized as shown in the documentation provided via Dan Cromer.

Steve mentioned that, with Dan Cromer's assistance, both he and Winnie Lante had successfully tested both outgoing and incoming faxing.

Winnie said that now that incoming faxes arrive as PDF files, she feels quite comfortable with the new system. She mentioned that Steve and she were both a bit confused about how the incoming faxes were delivered. They had expected to have to add the service account mailbox into Outlook in order to receive these, but the incoming faxes went both there and to their personal accounts. Both of them liked it this way because they felt having to check the service account would just make the process more difficult.

Dan Cromer responded that this will be configured as per user request; we simply provide Telecommunications the fax number and the email address. That address can be an individual address, a service account tied to a security group for controlling access, or even a mail-enabled distribution list. How you set the email up is up to you.

Dan has not tried a distribution list, but he believes that would be the way for a group of individuals to get the faxes delivered directly. Steve pointed out that he was using a service account, however, and that the messages were still coming to his mailbox as well as that of the service account. Dan wasn't sure why that was the case but said he would investigate.

Dan reported that this is in "soft launch" currently and is available for people to use right now via telecom request.

Russell Hunter asked about what this service might mean with regards to faxing P-Card paperwork to PeopleSoft, wondering if this would permit bypassing having to printout everything for sending over a traditional fax machine. That is indeed the case though you will need a scanner to generate images of the receipts and other necessary attachments. Allan Burrage reiterated something he had mentioned at a previous meeting, namely that he has a pretty slick solution for generating images of the P-Card cover sheets to help automate this process even further.

Dan Cromer pointed out that an additional advantage of this service is that it would be a "local call" for any remote site, including all RECs and CEOs. That can save money in long-distances charges. Dan added that, initially, the faxing service would track long distance use but would not be charging back for that unless it turned out to be a bigger problem than anticipated.

Upcoming requirements for InCommon Silver (previous discussion)

Updates not available...

Implementing the Mobile Computing Security policy (previous discussion).

Avi Baumstein had provided an update regarding PGP software to the CCC-L list a couple of weeks ago:

Message from Avi Baumstein to the CCC-L:
"Updated PGP software available" Thu 2/23/2012 4:13 PM


Updates to UF's PGP Whole Disk Encryption client are now available at:

https://infosec.ufl.edu/itworkers/pgp

This is primarily for compatibility with Mac OSX 10.7.3, but there are also updated versions for all platforms. More information is included in the release notes.

We have performed limited testing of this version and encountered no problems, but strongly recommend that IT groups test the software on their supported hardware before chancing it on user's laptops.

Steve wondered if anyone had considered using PGP WDE yet, mentioning that this is probably the right solution for any Macintosh laptops. He added that he has now encrypted 14 Win7 laptops using BitLocker and has about 10 more to do before getting to the Windows XP "problem" laptops. Those he hopes to either replace or upgrade those to Windows 7 and plans to integrate BitLocker into his build process on all future laptops.

Wake on LAN support coming to campus: (previous discussion)

Updates not available...

New Secunia site license (previous discussion)

Updates not available...

KACE agent deployed to IFAS (previous discussion)

Kevin Hill asked if the spreadsheet containing an exported snapshot of IFAS machines from Kace (see previous discussion) had been updated. Dan Cromer responded that it has not and he would reinvestigate how to start getting that on a recurring basis.

Domain Policy and redirect duration (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

UF Exchange Project updates (previous discussion)

Chris Hughes had posted some information relating to Outlook prompting continually for credentials as discussed two meetings ago:

Message from Chris Hughes to the ICC-L:
"RE: Outlook on-site and web login issues" Fri 2/10/2012 2:40 PM


Kerberos isn’t currently working for UF Exchange. What is occurring for the different settings is detailed below.

  • Kerberos Password Authentication

    Fails to connect, but then fails over to using HTTPS. HTTPS has a better retry method and longer timeouts than NTLM which results in fewer errors and login prompts.

  • Password Authentication (NTLM)

    Connects, but has errors and login prompts due secure session limits and timeouts

  • Negotiate Authentication

    Negotiates NTLM with the same results listed above.

Kerberos support is supposed to be added by the UF Exchange group this Sunday, February 12th. This should resolve the errors and password prompts for users who have Negotiate or Kerberos selected. It should also improve NTLM and Outlook Anywhere access since the number of sessions will be greatly reduced.

Thanks,
Chris

Steve asked if this issue was continuing for folks, having believed he had seen it again just last week. Others agreed it was happening. Dan Cromer responded that the change mentioned by Chris Hughes had been delayed somewhat but is now scheduled for an upcoming maintenance window.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

The committee tasked to look into this has been dissolved. Here is a copy of the email to the Committee members from Lisa Deal sent this Tuesday:

Dear Committee, thank you for your willingness to participate in the managed print discussion, and for your patience. I sincerely appreciate the candid feedback I have received as we began this process. The existing UF copier/printer contracts are expiring and UF Purchasing will be re-soliciting to create new contracts. The new contracts will be structured to provide a cost per copy model, including supplies (other than paper) – so no major capital outlay will be required on the part of a UF department. The value of those contracts should be self-explanatory to departments, as such, the managed print portion will not be mandated. In keeping with senior leadership’s support, Purchasing will be requiring use of UF’s contracted vendors when acquiring new copying/printing equipment. Additionally, Purchasing has identified at least one large administrative VP unit that is willing to serve as a pilot for implementation of a managed print solution to demonstrate and measure savings. Given the change in direction, your participation in the process as a formal committee member is appreciated but no longer required. Some of you will be engaged to provide technical advice on specifications and business process as the solicitation moves forward. As always, I appreciate your feedback on the Purchasing processes and contracts at UF.

Steve noted that UF has backed way off the original plan for this project and that Dan had posted to the ICC a draft of the "Invitation to Negotiate" that UF would be using as a means of requesting proposals from vendors. Dan asked if anyone had had the time to look at that document. Steve and Dennis responded that they had looked through it briefly and that they both felt it was very thorough and well done.

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Santos Soler wasn't available, but Steve reported that he is busy preparing the new cluster and planning the migration. Steve wanted to reiterate that video files will have to be moved off the web server prior to migration; for Steve's unit this will be a big deal because they have four dozen or more "web site" under control of various groups within sub-folders of their main web site. Creating the proper folder structure and permissioning for that will alone be quite a chore, as will assisting each group in understanding how to add and link files.

If you had forgotten this or the other migration issues which Santos had detailed prior, please click on the "previous discussion" links at the top of this topic to drill back down through past discussions.

File server migrations (previous discussion)

Updates not available...

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)

MDT 2010

Updates not available...

SCCM for IFAS

Alex York mentioned that OUAdmins were welcome to get with him for access to his test system. Steve has access though he has not had time to investigate nearly as much as he would hope. If any training could be provided, that might help Steve and others get over the initial hurdles that have so far prevented much investigation. Alex thought perhaps that Nick Smith might be able to play a role there and said he would discuss that with him.

Kevin Hill asked whether there was an SCCM root or if everyone was just rolling their own at this point. Alex responded that on UF campus everybody has their own SCCM installation though there is a central Configuration Manager initiative which Alex is assisting with. For IFAS, Alex is trying to roll our own SCCM currently and he would hope that Kevin would participate with that rather than develop separately. Kevin asked about bandwidth issues for deployment from campus repositories. Alex responded that a secondary site server could be set up at the remote site if traffic proved problematic; that would permit local caching of deployment packages. This has been done for CREC who used SCCM for OS deployment as part of their recent migration to UFAD.

Dan Cromer said he hoped that whoever participated would share their work with all because he really wants for IFAS to be able to patched things like JRE and the like. Alex said that participants could grant read-only access to packages as a means of sharing their development work on SCCM. Steve noted that the problem with JRE specifically isn't the packaging as much as it is with how/when it is pushed out; it really needs to be done at startup to avoid installation issues. Steve said that Alex had noted this could be done with a task sequence and the timing controlled via maintenance windows. Steve admitted that the details were well beyond his current understandings of the SCCM system or he would already be doing that. Maybe with Kevin and others getting involved some synergy can be developed it getting these things moving forward.

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection? (previous discussion)

Steve asked Alex where he thought we were headed with this. Alex responded that SCCM could deploy this currently for individual units that wanted to go that route, but he was not sure what Wayne Hyde had planned for IFAS as a whole. You can deploy it, run it, it will competitively uninstall McAfee and it will work well; seeing the status, however, will be an issue. With FEP 2007 R3, Alex cannot delegate the Forefront admin console to OUAdmins. He can provide read access, but you would see everyone's machines and thus have a difficult time sifting through things to see alerts on your systems. This issue will be fixed with the 2012 version fortunately.

Long-term, Alex said that he expects this to eventually be managed centrally from UF for Windows machines, once the 2012 version is out and the central SCCM structure is finalized. Once Wayne gets back to a more regular work schedule Alex expects we can have a better discussion about where and how IFAS should head with this. Dan Cromer pointed out that UF pays about $180k/year for McAfee currently. He doesn't think that will go away completely because of its cross-platform support, but the cost savings that we might accrue by moving the great majority of Windows machines to FEP would seem to provide considerable financial incentive.

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Updates not available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

see the new virtual infrastructure section above...

ePO updates (previous discussion)

Updates not available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Dan Cromer had pointed the ICC to some test snapshot ports to SharePoint 2010:

Message from Dan Cromer to the ICC-L:
"[ICC-L] FW: list of individual SP 2010 sites for testing" Wed 3/7/2012 8:39 AM


All,

Thanks to continued hard work by Ben Beach and Matt Wilson, we now have IFAS SharePoint 2010 sites for testing. Some of the links have not been updated, so may point to the old server; use the direct link for accessing each. This is on private IP, so you need to be on UF network. Also, this is a snapshot in time, so files are not updated from production, but we need thorough testing to make sure that the system will work for us before moving to the UF environment, which at this time is planned for some time in April, after the next cumulative update to SharePoint, and to give plenty of time for testing.

Dan

The point of this test system is give folks a chance to determine that everything still works on SharePoint 2010 prior to migrating from IFAS hardware to the UF SharePoint system. Please check things our thoroughly and send Ben Beach any issues which you might discover.

Dennis Brown asked about quotas on SharePoint. Matt Wilson responded that he didn't believe Ben had any quotas in place currently other than the very hard limitation of available disk space. Matt Wilson said he had spoken to Joe Gasper and UF is getting a vastly bigger backend for their SharePoint install. He doesn't know what UF's quotas are but said he would ask.

Steve asked about the "mysites" feature that had apparently been an issue since UF would not support those. Matt responded that IFAS had 280 such sites and only eight of those had actual data over one 1MB. Consequently, he didn't think this would be as much of a concern as we originally thought.

Steve was glad this looks like it is finally happening, mentioning that it has been a long time since we originally thought we would be migrating centrally. Matt pointed out that it has been three years now!

Winnie Lante explained briefly her experience with SharePoint and said she was seeking help in long-term planning for the expansion of SharePoint usage within her unit. Matt suggested that she get with Ben Beach to discuss what structure might best suit those needs. Dan Cromer added that he would like that to be brought back to the ICC prior to implementation as well in order to have a broader discussion of what might be the best organization to have across all IFAS units.

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

The March Microsoft patches will include six bulletins (one "Critical," four "Important," and one "moderate) covering a number of vulnerabilities.

McAfee provides podcasts on the highlights of each month's offerings.

Skype

Skype version 5.8.0.154 was released to address an unspecified security issues along with various performance enhancements.

Adobe

There was another critical security update for Flash. Oops, I meant yet another!

There is also a patch for an Adobe Acrobat/Reader 10.1.2 printing issue should you run into that.

Oracle

More Java updates were released since our last meeting as well.

Apple

An update just came out the other day for iTunes (10.6) which included some security fixes.

Other discussion

Kevin Hill asked if anyone had heard whether UF would be moving the central Secunia CSI to 5.0 anytime soon. Kevin was interested because that version is supposed to provide the capability for uninstalling applications--something the current version cannot handle. Steve said that he had not heard, but suggested Kevin contact Joe Gasper for details.

Steve asked if Joe Gasper had moved to CNS and Dan Cromer responded that this was indeed the case. CNS is currently down two positions since Luis Molina and Buck Buchholz left. They are currently looking for new hires there and some realignment of duties, including Joe Gasper, is likely to occur from that.

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)


Other Topics

Big Blue Button proof-of-concept server

Dan Cromer had announced this early last week:

Message from Dan Cromer to the ICC-L:
"[ICC-L] http://meet.ifas.ufl.edu" Tue 2/28/2012 9:38 AM


All,

I've configured a proof-of-concept server with Big Blue Button version 0.8 beta-3 for testing videoconferencing at http://meet.ifas.ufl.edu. This demo environment is set up now with just a single anonymous meeting. I'd be interested in your testing experience, particularly for those outside Gainesville. So far the only failure I've seen is for a desktop machine in Okaloosa County, where version 11 of Flash wasn't available.

The advantage of this open-source platform is that Extension clientele can connect with no licensing or authentication limitations, though authentication could be required.

Dan

Dan Cromer said that this system is now in beta 4 and some features were broken in that update. This is one potential option for replacing Elluminate. Blackboard bought Elluminate and "Collaborate" is the new re-naming re-structuring which has gone on there. This is another potential option. The option currently preferred seems to be Adobe Connect and Cisco Webex is yet another system to be considered.

The advantage Dan sees for Big Blue Button is its ability to integrate into Sakai. Additionally, licensing may become an issue with the other non-open source solutions.

Steve asked about progress with the LOA1 project and whether or not we might be able to permission SharePoint sites to such accounts in the not-too-distant future. Dan Cromer said that the "QuickReg" project is in "soft-soft" deployment within Sakai currently and one can work with Kris Kirmsee to get a "project" for that. Outside end users can then go to a location within Sakai and create their own Gatorlink account for access. Credit card charging is not currently supported, however.

Steve asked if such accounts could be permissioned within SharePoint because Steve sees SharePoint as being a great tool to replace the continuing need for custom web application development within IFAS. Matt responded that LOA1 is a role within Shibboleth and they have Shibboleth authentication for that. Apparently, it has been made clear that LOA1 credentials will NOT be imported into UFAD, which may make permissioning more difficult. Matt suggested that Microsoft is working with Shibboleth and that a connector may eventually become available that would allow this even though UFAD permissioning is apparently out of the question.

After the meeting, Dan Cromer provided an update on the status of his test site saying: "I have temporarily placed the meet.ifas.ufl.edu Web site out of service due to its older and vulnerable Java version. Alternative sites for review are at http://pilot.education.ufl.edu/ and http://demo.bigbluebutton.org/.

Results of GPO disabling for non-portable devices (previous discussion)

Updates not available...

WebDAV issue with Mac OS X Lion (previous discussion)

Updates not available...


The meeting was adjourned just a bit early at about 11:47.