![]() |
![]() |
ICC Meeting: |
Message forwarded to the ICC-L by Dan Cromer: The UF e-mail service is in the process of migrating off of the Barracuda spam filters. ProofPoint has been in place for a long time as the first spam filter barrier, but the quarantine feature has not. This feature offers similar, actually superior, functionality to the Barracudas in providing users with control over their account message filtering. As part of the transition, selected accounts have had the Barracuda filtering turned off, and the ProofPoint quarantine function turned on. The plan is that, ultimately, all accounts will use the ProofPoint quarantine feature, and the Barracudas will be taken out of the mail flow path altogether, to save the additional cost and technical support required for them, as well as eliminate the occasional slowdown that they have caused. The message below, with attachment, was from James Oulman from CNS to me as part of a pilot group. As a next step, I’d like to have all ICC’ers join the transition group, both to provide a broader group for testing, and to prepare you as technical support for your departments for the ultimate transition. Please let me know if you want to delay this change for yourself, otherwise I’ll pass on the ICC group to James when he’s ready to take on more. |
Documentation is being developed, which Dan included as an attachment and the plan is still there to provide access to the ICC folks prior to this being rolled out generally. Andrew Carey has been moved over already (as a Tier 2 meeting participant) and we can expect a message from James Oulman at some point that we have been as well. The site to check is https://quarantine.mail.ufl.edu.
Dan Cromer pointed out that the user can control the level of quarantine and may even remove the filtering (except for infected messages) should they be concerned about false positives.
Centralized FAX service via Exchange (previous discussion)
Updates not available...
Split DNS solution for UFAD problems
Steve wants to keep this on the agenda for future reference.
IT survey is coming (previous discussion)
Dan mentioned that IFAS might wish to use our own Lansweeper data to prepare reports rather than work with contractors such as is apparently being planned for some locations. With the new SQL cluster, Matt Wilson and Wayne Hyde are bringing new life to querying that extensive database.
[Wayne had recently run a number of useful queries against Lansweeper BTW, including one that pointed out machines that had numerous disk errors (boding imminent doom for disk failure) and another listing the alarming numbers of machines with out-of-date versions of Adobe Reader.]
Outsourcing of DE course development (previous discussion)
Steve asked if this had been advertised to faculty yet. Dan was not aware, but the deal itself is apparently in place now.
Negotiations underway for the Microsoft Campus Agreement
Updates as available...
New web cluster
Santos Soler spoke briefly about his plans. He hopes to have something like the following:
Key elements will include:
The redundancy should provide for a very robust and stable system which should remain up 24/7 (unless a complete power failure occurs or the network is knocked out).
This will be a virtualized infrastructure and Santos is awaiting space that is being freed by moving a number of SQL DBs to the new SQL cluster. The ARR boxes will intelligently balance and direct the load as needed.
This cluster will support PHP and PERL but a new addition with be Shibboleth support. Shibboleth will require a single primary alias be used, so units like Entomology which have various aliases in effect (http://entomology.ifas.ufl.edu, http://nematology.ifas.ufl.edu, http://entnem.ifas.ufl.edu, http://entnemdept.ifas.ufl.edu) will have to pick one.
Santos put out a desperate plea that folks take this opportunity to clean up prior to moving. There is a large amount of inappropriate data (obsolete or just plain doesn't belong) on our current web server that needs to be culled. Steve pointed out that his department has many "web masters" in charge of various sections of the departmental site (this after consolidation a couple of years back); that makes cleanup more difficult because so many different folks are involved.
Santos also mentioned that many sites are still using old out-of-date logos. Those sorts of things should be updated as well.
Santos plans to migrate things unit by unit and will send out e-mails to let everyone know when they are being moved so that things may be well coordinated. Most transfers will be done by hand so it will be very involved and will take a good deal of time; but Santos is adamant that it be done "right". Santos will be working on the server-side throughout the remainder of the year and hopes to begin moving folks early in the new year.
The new hardware is nearly in place across the South Central District; Bill Black still has a sticky installation remaining for the Okeechobee CEO however. Fergie is turning on the last of his new DCs today and Ben still has a couple left. Andrew hopes to get Kevin Hill's systems ready before the holiday and then figure out when they should be delivered.
Andrew pointed out that hardware/DC deployment is the first priority because we are beginning to see increasing failure rates of our old DCs. Once that is done he will turn his focus to migrating the various MPS servers and get the file sharing and print serving in place across the many sites.
Andrew reminded folks that they should contact him if there is a critical need to move a particular MPS over sooner (full or failing).
Wayne Hyde reported that the new SQL cluster is now in production and being backed up by DPM. ePO, WSUS and Lansweeper have been moved there already. Wayne's Power Tools (which Steve thinks should be renamed Wayne's Turbo Tools) is querying from there now and seeing a great speed improvement. Matt is going to work on migrating SQL01, SQL03, SQL04, SQL05, SQLDEV databases to the respective instances shortly as well; Matt hopes to have SQL05 done by next week.
The new cluster has 96GB of RAM (as opposed to 6GB prior); this equates to speed as far fewer disk accesses are needed to fulfill queries.
New virtual infrastructure being planned and spec'ed out
Wayne continues to work hard on this plan as was discussed at the last meeting.
There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM
Windows 7 deployment
Andrew expressed his hopes that Nick Smith might continue SCCM investigations from where Daniel Solano left off prior to leaving. Nick has had much success with the Microsoft Deployment Toolkit (MDT) and SCCM would be a logical step up with that. Steve noted that he had purchased a very good practical book on MDT recently and would very much like to be involved in any SCCM efforts.
Steve also noted that discussion began today on the CCC list about creating a SCCM support group at UF. Erik Schmidt has already created SCCM-L@lists.ufl.edu in support of that if you should wish to join (send an e-mail to listserv@lists.ufl.edu with a body containing:"Subscribe SCCM-L Your Name").
Exit processes, NMB and permission removal (prior discussion)
Updates not available...
Re-enabling the Windows firewall (prior discussion)
Update not available...
Services Documentation: Is a Wiki the way? (prior discussion)
Updates not available...
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
IFAS efforts toward Green IT (previous discussion)
Updates not available...
Creating guest GatorLink accounts: singly or in bulk (prior discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (prior discussion)
Steve wants to keep this topic on our radar.
Moving away from the IFAS VPN service (previous discussion)
Steve assumes that moving our VPN to private IP is waiting on Wayne Hyde finding the time to implement.
VDI desktops as admin workstations (previous discussion)
This is another cool service that Wayne has in progress and which is awaiting sufficient time to pursue further.
Wayne's Power Tools (prior discussion)
The new SQL cluster is now bringing some muscle to bear on a number of services, including these tools, as Wayne noted in a couple of recent e-mails:
Message to the ICC distribution list from Wayne Hyde: Matt and I are migrating some ITSA databases (WSUS, ePO, Lansweeper) to the new SQL cluster which will require me to update the WPT code that I haven’t looked at in … a long time. WSUS has already been migrated to a new 2008 R2 server using the new SQL back-end. There shouldn’t be any client update problems associated with the move. |
Message to the ICC distribution list from Wayne Hyde: The WPT pages are working now and will run much faster if they were heavy SQL hitters (ie: OU Computer Status). I’ll be replacing Lansweeper with a new version soon that will trim out dead objects and have many other improvements and information. After everything is up and running I’ll split the WPT pages into “old busted” and “new hotness.” The old busted WPT pages will use the legacy databases and will be removed after the new Lansweeper install has scanned most of IFAS. |
Computer compliance tool in production (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Core Services status (previous discussion)
Data Protection Manager status
This service is well into production and being used for all sorts of our backup needs now including the new SQL cluster and a number of remote MPS machines.
VSE 8.8 is expected prior to this year's end. If it holds true to the hype it should be a great improvement (see at bottom)...
"The new release of McAfee(R) VirusScan(R) Enterprise software delivers optimized security with significant system performance improvements[2], including:"
The new SQL cluster has also greatly enhanced the performance of our web-based ePO console (signon with "ufad\if-admn" credentials). If you hadn't been using that prior, check it out!
Status of SharePoint services (prior discussion)
IFAS migrating to centralized MOSS
Steve speculated that this is being slowed somewhat due to IFAS already having a fairly complicated SharePoint configuration. Santos said that he understood we first need to upgrade our own system to a newer version before any migration could occur.
Public folder file deletion policies and procedures status
Nothing further was available on this topic at this time.
The December Microsoft patches will include seventeen bulletins (2 Critical, 14 Important, and 1 Moderate) addressing numerous vulnerabilities--mainly in windows itself.
McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".
A security update was made available at the first of the month for Adobe Reader and Acrobat. The latest version is now 9.4.1
Java Version 6 Update 23 was released a couple of days ago; it is not a security update however.
A security update of QuickTime to version 7.6.9 was released a few days ago.
MS Office News update
Updates not available...
Job Matrix Update status
This is here as a standing topic--no discussion this month.
Remedy system status (previous discussion)
Updates not available...
Remote control solution worth consideration? (prior discussion)
Steve had put this topic in the agenda last month at the request of Santos Soler, but Santos was not able to make it there for discussion.
Santos just wanted to point out that this looked like a pretty good and inexpensive solution considering that we are having issues currently with remote assistance (specifically elevation) with Windows 7 currently. This system involves a server and agents on each client.
UAC settings egregious for users?
This topic was skipped this month...
PDF-Xchange (prior discussion)
Updates not available...
The meeting was adjourned early at about 11:05 AM.