Minutes of AD Committee Meeting

October 8, 2002


Mark Palmer

John Sawyer

Dean Delker

Jarrod Morgan

Sherry Hays

Mark Ross

Kevin Hill

Mike Kanofsky

Gary Wilhite

Mike Armstrong

Joe Hayden

Joe Gasper

Chris Leopold

Steve Lasley

David Ayers

Dwight Jesseman

Jack Kramer - remote


Old Business:


Minutes were approved.  Chris is working on a switch that dumps shared directories, where we are going on the enumeration 4-5 shares, there is a switch that we can quickly enumerate for remote shares – he was trying to work everything with one tool – perl script.  Chris will put more time into it.  He wanted to build a perl script to be able to give it to Mike so he can use it once we are setting up the tree. 


Kevin pulled up the AD timeline to see if we were on schedule.  We need to extend the enumeration  - Kevin put it out another week – it will be due 10/16.  Once we have the list together we can provide the template and tools to others not in IFASDOM so they make plans to join the tree once it is completed.  We want to restore operations once the tree is up at no extra work for the dept. administrators.  Or we can just decide we are giving each administrator their own OU and they can set it up themselves. 


Kramer – calling about no shares on bdcs.  Saying that they have classes that need shares.  Local site comprises two recs.  Chris asked Kramer to get with him and they can approach Cromer. 


Sherry passed around the Questionnaire summary.  Kevin – after looking at the questionnaire as it now stands we need to do some education as far as AD and ICC goes.  Chris was saying that we need to send out information to anyone that has computer support in their title. Contact unit admins. Forestry, Wildlife, Ag Engineering, Animal Sciences we haven’t heard from.  We need to contact a few people that we know haven’t written anything in or contacted anyone to ask them where they stand on AD. 


With AD we need to put out something that shows/explains ICC and AD for the general IFAS public.  We need PR.  If we don’t contact these people, then they aren’t aware that this isn’t an opt-in situation.   We need to bring this up at the ITPAC meeting to Joe Joyce. 


Jack K. says that we need to have a meeting that is mandatory for all computer support people. 


Project documentation:  Steve says that the timeline and budget he is going to put on the front page.  He will rework the AD webpage, move more pertinent stuff to the top.  He has added more information.  Kevin got a called from a Microsoft consultant and he pointed him to our site so he could see where we were at this time.


Update on project budget:  We need to finish up this meeting to be submitted to ITPAC meeting 10/18.  We don’t have the info for the costs for upgrading from Jennifer and Claude King.  Training proposals – does anyone have any idea on what training is going to cost?  Kevin is going to tell the ITPAC committee that the numbers are set in stone.  He will tell them that we really need the test servers right away so we can start working on this ASAP.  Be sure and tell them that we need admin. training.  Hire a full FTE trainer for a full year?  We need to make sure that the people who are currently doing their job can do their job after AD has been implemented. 


We need to go out and get more estimates for training.  Sherry will look into investigating training – will need info by next month. 


Mike is looking into exchange hardware and software licensing costs.  Our budget is for a single exchange server.  Mike is looking into a cluster – five storage array.  (long term goal).  How would IFAS feel if there was a central exchange server for campus?  There will probably be multi-domain, but it will be one exchange organization – the potential is to have one exchange organization for all of campuses with several servers.  How does it work?  There is one global address list, create address books, change how the client sees it, by changing acl’s by creating aliases, Mike says it is going to take more research.  Under AD you have the exchange list which is the users. 


This group needs to – once the time comes – sit down with the other entities and be very vocal as to what IFAS will need.  Licenses, hardware, we can say what we need, will have to see what the consultant says about the design of AD. 


For what we know right now, what we have in the budget is good.  Licensing is correct.  Talk to another university who has rolled out AD to see what their budget looked like.  We need to add a line item for migration tools - $12 per head per year.  Incorporate migration and management tools together. 


We need to tell the ITPAC committee that the servers and FTE’s are an immediate need.   We need to look at where the funding is going to come from.  They will be bringing in a consultant to show how to design that already knows AD and we will implement.  The group has only met twice.  They want the AD implemented by November 1st.  There might be portions up, but no exchange 2000 up, small baby steps, some things will come out in phases.  There will be a DAD memo coming out from Frazier that we need to get input from consultant and others.  If the consultant says that we need more than one person, then the budget will be expanded.  The group at open systems is historically anti Microsoft.  If the candidate is strong and can assimilate others, the position is an A&P position.  Connelly stated that it will be the AD God, A&P position.  If there was a qualified non-degree individual, then there might be some leeway.  There will be an announcement to the AD-list, ICC-list, that we have a consultant, and if you want to talk about the details, come …..  The group will disband once the consultant is hired. 


Was there any discussion at the meeting that Kerberos would be the authentication service?  There are, already at this high level, different camps rallying around their own system. 


Will wireless and web systems authenticate into AD? 


Chris encouraged everyone to read the minutes and the vision statement. 


Continue AD Design Discussions:  If you are logging into the ifas.ufl.edu domain, and try to authenticate through the win.ufl.edu server and it’s down, then you can’t log on.  The fix for this would be to create a win domain with the IFAS domain.  If we are looking for single sign on then we need to use the existing database for authentication.  Or you map user name and password from a centralized CDC from gatorlink to a centralized domain.  We will have problems with cross authentication – we have to have some attribute in the Kerberos (gatorlink) that tells where this user belongs to get everyone in the right domain.  There are three hundred classifications for students at this time and it’s not as granular as we are.  With the new directory coming out there should be a way to go in and change the information so it represents the person for authentication purposes.  There is still a problem with eight-character logon.  Will this issue be looked at the UF level?  MIT is having problems pushing authentication from Kerberos to AD.  Single sign on may not be something that we can go to. 


The first thing to ask the consultant – what ifs.  Replication, sign on ids, single domain for UF, this might be a deployment time for dot net. 


We would have to make AD write only for passwords.  Distribute the Kerberos server locally. 


We need to put a list of issues – not design (the consultant will be doing this). 


If we do this...  then…


Authentication – wan link is fine – if you are authenticating through AD and the wan server is off-line, then you cannot log on.  There is only a short time on the wan – but if the wan is off you can’t get the ticket to work, print, etc. 


The wan might be the biggest issue? 


If we go with listing issues we could start by listing out requirements.


Imperative – there should be no reliance for logon to local resources on the wan.  We need quick authentication to wan participants support access to locally shared resources, student labs, processing gpos, wan, pushing software, etc. 


Eliminate authentication over the wan under requirements.

Local resources are always available during wan authentication. (without using local machine accounts) 

Remote student teaching labs.

Replication is minimized. 

ERP Data


Committee assignments:


Sherry Hays looking into training costs.

Ask Jennifer and Dan to look into Wan links

Kevin  and Chris working on enumeration

Mark is doing sanity check on costs


Next meeting date:  November 7th1:30 – 4:00pm