ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM September 12th 2014 REGULAR MEETING


A meeting of the ICC was held on Friday, September 12th, 2014 in the Not-So-New-Anymore UF/IFAS Communications Building. The meeting was chaired and called to order by Jimmy Anuszewski at about 10:00 am.

We're going green! No paper at this meeting :)

PRESENT: At least 26 members participated.

Remote participants: Russell Hunter, John Macias, Luis Coll, Donna McGraw, Tom Barnash, Marion Douglas, Jonathan Potts, Javier Ramirez, Wei Cao, Daniel Preston, Dennis Brown, Joel Parlin, Ron Thomas, David Bauldree, Marvin Newman, Luis Rivera, Scott Owens, Guillermo Black, Earl Sloan, Wayne Hyde, Wendy Williams, Angelo Daniels, Dan Christophy and Dewayne Hyatt.

On-site participants:
Jimmy Anuszewski, Steve Lasley, Dan Cromer, Tennille Herron, Santos Soler.

STREAMING AUDIO: Might be available here

Recorded Video: Not great, but it's here.


NOTES:

Agendas are going to be replaced with the meeting notes in rough draft. This saves time and paper and allows everyone to see the notes in an agenda type format.

Dennis Brown should be commended for his food/drink accomodations. Thank you, Dennis.


Report from the chairman

Member news:

As far as I know, there are curently no new movements within the ICC Community.

Recap since last meeting:

As per his usual procedure, Jimmy pointed folks to the notes of the last meeting, without going into any details.

Details about this meeting:

First, let me apologize to everyone about the video/audio disaster of this meeting. Dan and I tried a last minute addition of Acano and while I was pleasantly surprised by the number of people that used it, we didn't realize that microphone and audio issues would be a problem. This will be fixed for the next meeting as Acano will be the only option used. The current video recording of the 9-12-2014 meeting did not record the audio (BlueJeans).


Security:


New draft security Standards and Policies (previous discussion)

Updates as available...

Implementing the Mobile Computing Security policy (previous discussion)

Updates as available...

Patching updates... (previous discussion)

Microsoft

The September Microsoft patches included 4 bulletins of varying importance, covering 29 unique CVEs in the usual suspects. As of September 10, no risk assessment has been released, though you can find an August assessment here.

Adobe

Ther Adobe Reader and Acrobat updates have been delayed until next week (Thanks, Steve, for the update on this) but Flash and Air have updates available.

Java

The scheduled quarterly updates are expected on Tuesday, October 14th.

Apple

Apple updates can be tracked here. Rumors of the new OS X Yosemite can be found here. Looks like a Fall release of the user friendly system with no details of network improvements yet. iTunes was updated to be compatible with the new iOS 8, which is being released with the new iPhones. (speaking of, how about that iWatch?)

Microsoft updated Office 2011 for Macintosh computers. Latest version released is 14.4.4, on August 26, 2014. The link can be found here.

VLC

There was an update to the video player, VLC, on July 26. You can find the download here.

Other

Jimmy noticed on a recent email to an IFAS Listserv that shortlinks were being used. This practice should be avoided because we have been telling faculty, staff, etc that short links are dangerous when you don't know if it's a valid source.

Updates as available...


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Abraham Turell and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Acano is still coming along. Dan Cromer showed Jimmy Anuszewski how to use Acano and after only several minutes, it was fairly simple to use. Dan has emailed directions on how to use it and also provided the link that gives instructions on Acano's use. I would recommend learning how to use it sooner rather than later, considering that Bluejeans will not be used after March of 2015. Acano will be the video utiltiy used for the October ICC meeting. Dan asked that everyone hold off on using Acano for classes until we hold our October meeting. Also, if you detect a bug or think a feature should be added, please email Dan as soon as possible.

Dennis mentioned that he had a meeting that was on the Health Science Center Videoconferencing that uses a different IP set and a different system. Their setup works well with the UF Video System and included a test site that allowed people to check their connections. Dennis sent Jimmy the following email:

I tested connecting with Jabber and Abe tested connecting with an Polycom type endpoint and both work.

The problem we were trying to solve was to connect to a seminar being held in the CGRC Auditorium.

For my conference these were the connection numbers.

75003@video.ahc.ufl.edu
75003@159.178.78.111

Abe said 75001 is Al Murray’s test conference (75001@video.ahc.ufl.edu). Using 75001 without @video.ahc.ufl.edu with Jabber does not appear to work.

Updates as available...


 

Endpoint security concerns (previous discussion)

Updates as available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

See the Acano update above.

Possible end-point refresh in the works (previous discussion)

Updates as available...

Movi/Jabber Updates (previous discussion)

Updates as available...

End-user Scheduling (previous discussion)

Updates as available...

Lync updates (previous discussion)

Updates as available...

WAN (previous discussion)


Updates from James Moore (previous discussion)

Updates as available...

Wireless printers (previous discussion)

Updates as available

VoIP at RECs

Updates as available...

Phone bills to be paid for centrally? (previous discussion)

Updates as available...


Policy


Cloud Services (previous discussion)

Updates as available...

Notes from last month's SIAC meeting

Updates as available...

Last month's IT Directors Meeting Notes

Wendy Williams or Dan Cromer with possible updates?

Updates as available...

PrintSmart initiative (previous discussion)

Updates as available...

New IT Service Management Initiative (previous discussion)

Updates as available...

Content Management System (CMS) for UF: Entering preparation phase (previous discussion)

The ICS hosted a Web Maintainers Meeting on August 14th. The meeting discussed the template to be used in all IFAS Departments and options available and the timeline for the migration. The video can be seen here and the slides are available here.

If you have any questions, you can email Tennille at webteam@ifas.ufl.edu.

T4 training has finally started and can be signed up for at this link. Be prepared to go through 15 modules, with approximately 3-4 videos per module (video time averaging around 10 minutes each). There are around 12 quizzes in total, with most of them having the option to retake an unlimited amount of times. The link to register can be found here.

Steve Lasley asked what do the classes actually cover. It was explained by Jimmy and Tennille that the classes cover basic user profiles, page creation and features, category creation and content creation.

Tennille added that the end of training form be filled out correctly and submitted (she emailed an example last week. If you need to see that example, email her a request for a copy of the sample). She also said it will be at least a year before the new UF template is avaialable. She also stated not to get focused on the failure of the migration tools because she has been involved with several migrations and they never go as smoothly as planned.

During the UF Web Managers Meeting, held on September 8th, Anthony DeLorenzo, Web Developer for the UF Web Team, stated that it was in his opinion that smaller websites would do well during the T4 transition (sites with less than 200 pages) while larger sites should take caution about tranisitioning to the new system. The automigration tool is not what they were hoping it would be and most content will have to be manually moved. He does like what T4 is providing and thinks it will be successful. T4 will not be made mandatory by UF nor will the UF templates (at least not at the current time), which should be released soon.

Authentication Management policy draft (previous discussion)

Updates as available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Updates as available...

KACE (previous discussion)

Updates as available...

CNS working to implement NAC for UF wireless (previous discussion)

Updates as available...

UF Exchange updates (previous discussion)

Updates as available...

Canvas Selected as the Centrally Supported Course Management System (previous discussion)

Jimmy participated in a Canvas class, held at the Hub 221, on August 25th. The class taught the basics of how to use Canvas and some comparisons to Sakai. Jimmy is not a heavy user of either system, but encountered no problems with Canvas and felt it was very intuitive and easy to use. Full implementation is not expected until the end of 2015.

Alternate IFAS domains in e-mail (previous discussion)

Updates as available...

Split DNS solution for UFAD problems (previous discussion)

Updates as available...


Projects


New web cluster (previous discussion)

Updates as available...

Windows 8 Deployment? (previous discussion)

Updates as available...

SCCM for IFAS

Updates as available...

Exit processes, NMB and permission removal (previous discussion)

Updates as available...

Services Documentation: Is a Wiki the way? (previous discussion)

Would be really nice if more people could contribute to this.

Attention!Attention!Attention!Attention!Attention!

A wiki has been created at http://my.ifas.ufl.edu/wiki/icc/. Everyone in the ICC distribution group should be able to add/edit.

Attention!Attention!Attention!Attention!Attention!

Operations


IFAS IT Updates

Chris Leopold addressed several issues that have recently been encountered by IFAS IT. The full report can be downloaded here.

1) Issue: In August, FSHN experienced a networking event that disrupted connectivity for a few days. The B120 Cisco 4900m was seeing a large broadcast storm occurring, which made it incapable of seeing BPDUs, and thus loopguard kicked in and shutdown the interface.

2) Issue: Building 120 Air Handler

On August 27th at 7:49pm, ITSA experienced a data center power outage. The outage was caused by an electrical short in one of the compressors within the air handler that then tripped the main power breaker. IFAS FacOps, the after-hours crew, had by-passed the bad compressor and got the AC working with the remaining “good” compressor.

With the help of EI&O, ITSA was able to secure a spot cooling unit to augment the degraded cooling of our air handler. As you can see by the below graph, the IFAS datacenter is maintaining adequate temperatures.

3) Issue: McCarty D Connectivity issues (Building 498)

Users were complaining of generalized and sporadic network disruptions. These included but not limited to:

  • Workstations periodically cannot connect to the network (receiving self-assigned address)
  • Workstations are periodically receiving a duplicate IP address message
  • Workstations email client (Outlook) is not synchronizing with the Exchange server periodically 
  • Workstations email client (Outlook) requires re-authentication with the Exchange server periodically

From our fact gathering, it was known that these issue appeared to have started within the December 2013 timeframe, occurs regularly on the first floor with sporadic occurrences on other floors and time varied - but most occurrences were in the early morning hours prior to 8am.

With the assistance of EI&O and Net-Services, we were able to track down several issues within McCarty D. They are outlined below:

DHCP Option 252: If DHCP option 252 was not set, the client would continually make DHCP-INFORM requests against the DHCP server. This event wasn’t causing any problem and is happening on every UF subnet that offers DHCP, without option 252, to windows clients. At most, there is only an insignificant amount traffic would is generated on the network.

Issue: Intel(R) 82579LM incorrectly responding to ARP requests. When a computer, running Windows with an Intel 82579LM NIC, has the advanced option “protocol ARP Offload” set to ENABLE and the system is in sleep mode, the workstation will respond to ARP requests even after the DHCP lease had expired. This causes other workstations on the network to receive a “Duplicate IP address” popup message.

Issue: IPv6 multicast flood during sleep from i217-LM. When a Microsoft Windows workstation with an i217-LM NIC and a driver version prior to 12.10.30.X was in S1 sleep mode, the workstation would flood the network with ICMPv6 'Multicast Listener Report' messages. This would result in huge traffic loads causing network devices to drop packet and create a variety of networking issues.

4) Issue: Outlook Client issues

James Oulman, Microsoft and ITHD are working to define the Outlook client problem. Once that has been done, they will work on a fix.

5) Issue: DC replication issues

While deploying a new version of the IPCC.exe application, ITSA noticed that there were UFAD Domain Controllers that had inconsistencies with their NETLOGON share. So, ITSA wrote an application, ReplChk.exe, which would check a single file checksum on the source NETLOGON share and compare it with all other UFAD DC NETLOGON shares.

Projects:

Project: MPSv2.5 Deployment

 Completed July/August Deployments:
Bay
Escambia
Gulf
Jay (WFREC)
Liberty
Walton
Milton (WFREC)
Hillsborough
Collier
ONA

Planned September Deployments:
Wakulla
Franklin
Calhoun
Marianna
Jackson
Washington
Gadsden
Jefferson

 

Finally, Chris noted that this was the worse video interaction that he has ever been a part of with the ICC meetings.

Santos Soler is working on Powershell Scripts for home folder creation. It will be based on NMB (Network Managed By). See here for more information. He has generated some reports, as of Tuesday September 9, 2014.
IFAS Autogroup reports path: \\ad.ufl.edu\ifas\SOFTWARE\IFAS AutoGroup Reports. These reports are CSV type files. I've copied the full directions to a PDF file here.

Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)

Updates as available...

Print server (previous discussion)

Updates as available...

Recording lectures for Distance Education (previous discussion)

Updates as available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Jimmy will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted. So Jimmy will leave it here.

DirectAccess pilot (previous discussion)

Updates as available...

VDI desktops as admin workstations (previous discussion)

Updates as available...

Wayne's Power Tools (previous discussion)

Updates as available...

Computer compliance tool update (previous discussion)

Updates as available...

Disabling/deleting computer accounts based on computer password age (previous discussion)

Updates as available...

Core Services status (previous discussion)

Updates as available...

ePO updates (previous discussion)

Updates as available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates as available...

Public folder file deletion policies and procedures status (previous discussion)

Updates as available...

MS Office News update (previous discussion)

Updates as available...

Job Matrix Update status (previous discussion)

Updates as available...


Other Topics


Event updates from Wendy Williams

Wendy has been sick this week, so no updates. Let's hope she feels better!

Permissions on file server: Home folders

Jimmy is keeping this here due to continuing problems.

Dan Cromer had wanted to discuss multiple access to user folders. He could think of only one reason for this to be allowed, when one person leaves and another person needs temporary access. In fact, this could be accomplished without providing access to another user's folder by having admin move the needed folder to another appropriate folder, either Unit or Private. Dan wanted to re-emphasize the standard configuration and usage of Unit, Private, and User folders.

Steve began documenting permissions of the file servers a few weeks ago under the new ICC wiki under the topic "How should permissions be configured on the various shared folders?" and Santos has continued that process.

Wayne Hyde expressed his concern about broad and basically uncontrollable access to unit folders. Steve had thought that those with the "UF_PA_IDM_NETMGR" role could only set NMB to point to their own OU(s) or clear them; it turns out that anyone with that role can set NMB for anyone to any unit. Wayne feels (and Steve agrees) that this situation makes it very important to control what information is posted to such folders. This isn't being handled very well in most cases currently and is truly out-of-hand in many cases.

Steve pointed out that he clears his Unit folder every weekend and has labeled it so folks are aware:

Entomology's Unit folder

It had never occurred to Steve to use Entomology's Unit folder for any kind of permanent storage. Apparently Entomology is in the minority on this, however; many use the Unit folder to distribute templates and other such materials. There was considerable discussion about trusting units to use these resources properly, but the fact is many are not and keeping things as they are is just an invitation to a breach that IFAS will sorely regret.

David Depatie expressed the importance of teaching users about how to best use the file server and all agreed that user cooperation is an important part and maybe the most important part of all this. There is more that can be done to lead folks in the proper direction, however. Steve pointed out that it has always puzzled him why his unit is the only one (at least that he knows of) that redirects My Documents to the Home folders for folks.

Wayne has a plan to rename Private to Groups for our workgroup shares, but there are technical reasons related to our backup methods why this should be done at the next fileserver refresh and not before.

Wayne mentioned that Santos has created scripts to automatically create Home folders; this should help encourage proper use of the file server. Those scripts will be demonstrated during the meeting.

[Note: there are portions of Wayne's Power Tools that can help with cleanup of Home folders as mentioned earlier in these notes.]

Wendy Williams took the position (and Dan Cromer agreed) that either ITSA should take away the Unit folders because they are too unsafe, or ITSA should let us use them while providing the tools to help monitor them. Santos pointed out that monitoring is really only possible when dealing with a small number of files and folders; the size of most Unit folders makes this a nearly impossible task, however, in his opinion.

There was considerably more discussion on this topic. It is obviously good to raise this topic often to make/keep all OUadmins aware of the risks. It will be a continual struggle and hopefully we can continue to move gradually towards a more secure and maintainable situation. It won't happen overnight, but it won't happen at all unless we all remain vigilant.

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve or Jimmy. Wayne stressed to make sure that the "managed by" attributes are set correctly.

From the 8-8-14 meeting:

Santos Soler has written Powershell scripts that will allow an automated creation of folders, user groups and users. The scripts are well documented within and need to be run as Administrator. You can find the scripts at \\ad.ufl.edu\ifas\software\powershell. You can either follow the commented instructions within the scripts or go to the 15 minute mark of the audio recording.

Dewayne Hyatt has been busy upgrading 2008r2 to 2012r2 deployment.

Wayne has been trying to repair the SQL problem that occurred on August 7th.

Updates as available...

SAS depot updated

The SAS 9.4 installation depot (\\ad.ufl.edu\ifas\SOFTWARE\SAS\SAS9.4_32bit ) has been updated to permit installation on Windows 8.1 AND to allow installation on 32 bit Windows installs.

FAQs for new hires

Updates as available...

Adobe licensing (previous discussion)

Updates as available...

Getting rid of Windows XP

Do it....now. Wayne stated that XP machines are down to 27 boxes. Steve mentioned that Microsoft stated IE support is going to be limited, leaving people to wonder if Windows 7 will be losing some sort. Hopefully we hear more. Windows 9 is expected to be out in April, 2015.

Misc.

Cyber Self-Defense
The next Cyber Self-Defense workshop will be held next Thursday,
09/18. Please let your staff and faculty know about this upcoming class.

This two hour workshop is designed to raise awareness of faculty and
staff on such topics as safe web browsing, preventing malware
infections, recognizing phishing scams, encrypting and backing up
files, and wireless security. The class covers discussion topics that
get participants thinking about how to protect their personal and work
computers at home, in the office and while traveling.

The class is free, but seating is limited. Sign up now at my.ufl.edu.
To self-register, sign on to myUFL and navigate to My Self Service >
Training & Development > Request Training Enrollment. You can then
search by date, title, or course number.

Course Number: GET199
Course Name: Cyber Self-Defense
Location: Human Resources Bldg, Room 120
Start Date: Thursday, 09/18/2014, 2:00-4:00 p.m.

Adobe Training

Next Tuesday Adobe will be on campus presenting a full day of training and information opportunities in the Reitz Union Auditorium and Cinema. These presentations are free, but registration is required by going to the Adobe Event page, http://edu.adobeeventsonline.com/AD/2014/UFL/invite.html. Agenda and further information is also available on this page. The event is open to the entire campus and staff, faculty and students are encouraged to attend.
Agenda
09:00 AM ▪ PDFs and Acrobat
10:15 AM ▪ Design for Print and Tablet Devices
11:30 AM ▪ Digital Publishing Suite (DPS) Campus Panel
01:30 PM ▪ Introduction to Video
02:45 PM ▪ Design for Web

Adobe trainers will demonstrate some powerful new tools now available and how to best utilize Adobe products like Acrobat, InDesign, Digital Publishing Suite, Photoshop, Premiere Pro, Muse, and Edge Animate.

Need Adobe Software?
If you need Adobe software, UF has an enterprise licensing agreement for Adobe Creative Cloud Suite, or just Acrobat separately. This agreement is available for faculty, staff, departmental and lab usage. The current agreement is not available to students. For a yearly fee you have access to all the latest software versions included in the Creative Cloud Suite, and any new software that may be added during that year. For further information: https://software.ufl.edu/agreements/adobe_ETLA/

Dan added that Airport Express and any other wireless router is not allowed to be used, in accordance with UF Policy.

He also stated that he would like to sunset the IFAS VPN. There is a small amount of people that still use it but not enough (less than 20) to warrant it from being shut down. He plans on retiring it at the end of Fall of 2014. Cisco Anyconnect should be used when UF VPN is needed.

Steve asked how to connect an outside institution to a UF Video Bridge Conference. No one had an answer except that Acano would take care of that problem by providing a web link for participants to use with their browser. Javier Ramirez also stated that he was having problems with his microphone that they use for their large video conferences. Dan stated that it would be beneficial to use the USB microphones, such as the Revolabs USB Microphone. Javier stated that they are having Macintosh compatibility problems with the microphones. Jimmy suggested that he check the firmware and drivers for the microphones. Dan also suggest an amplifier be used. Javier also stated that the Revolabs interface on the Mac limited the microphones levels.


That's All Folks!

The meeting was adjourned at 11:34 and the next meeting will take place October 10, the weekend of the LSU home game!