ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM December 14th 2012 REGULAR MEETING


A meeting of the ICC was held on Friday, December 14th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Twenty members participated.
 
Remote participants: Bill Black, Bill Caltrider, Lance Cozart, Dan Cromer, Kevin Hill, Wayne Hyde, Al Ibanez, Marvin Newman, Joel Parlin, Mike Ryabin, John Wells, and Alex York.
 
On-site participants: Jimmy Anuszewski, David Blackman, Dennis Brown, Winnie Lante, Steve Lasley, Matthew Nash, Robert Peck, and Earl Sloan.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman


Member news:

Wei Cao was hired as our new DBA back in late October, replacing Matt Wilson who had moved to UF central. On behalf of the ICC, Steve would like to welcome Wei to IFAS.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)


Video Services support fronted by the UF Computing Help Desk

Updates not available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Back on October 23rd, Dan Cromer shared an email he had sent to Patrick Pettus:

"We are unable to connect to Movi now on Mac. Do you have a new version of Jabber for Mac? For Windows 8? The current Jabber version you have doesn’t install on Windows 8, though the version of Movi 4.2 we have does work; however, the settings are not stored properly, so must be configured in advanced settings each time it is started for the first time after computer startup. Any further word on creating new Movi/Jabber accounts?"

On November 14th, Dan Cromer shared a response from Patrick:

"We completely removed the database and started over. While this corrected some of the intermittent issues we were having with Movi/Jabber, we are still unable to import users from AD. I have sent the issue back to Cisco. I’ll let you know when I hear something back from them."

Dan Cromer reported today that the Movi bridge is supposedly working now to add accounts. Dan hasn't had the chance to test that, but it was apparently a lengthy process involving visits from Cisco techs in order to get that working again.

Dan also heard from Patrick Pettus that there had been a misunderstanding about the licensing. We can have as many accounts as we want; the license is for _simultaneous_ users. IFAS has 50 licenses and UF has 25 for a total of 75. We have never had more than 30 in use at any one time, so we have some breathing room there.

Please remember that user accounts have to be added to a security group in order for them to have access. Please get with Dan Cromer if you have any new users wanting to use Movi/Jabber. Dan also mentioned wanting to try using service accounts for Movi/Jabber access, but he hadn't yet had the chance.

ad hoc VC woes

Dennis Brown reported having had problems with the one and only time he had tried an ad hoc video conference. He was able to get with Dean Delker to resolve the problem, but apparently sometimes the endpoint initiating such a conference is muted on the bridge even though local equipment says otherwise. This cannot be resolved locally but rather requires assistance from Video Services. Dennis added that this issue survived a power cycle of the Polycom; all during the troubleshooting process, other remote sites were able to converse with each other just fine.

Polycom PVX Update PVX 8.0.16 for Core i3, i5, and i7 Users

Thanks goes out to Bill Black who shared the discovery of an update for PVX that may extend its useful life. Previously, PVX would not run on many of the newer processors.

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Lync updates (previous discussion)

Steve noted that Microsoft is dumping Live Messenger and rolling that into Skype with the latest Skype update. Microsoft has plans for Lync 2013/Skype federation (audio only apparently) but details and timeframe are sketchy.

WAN (previous discussion)


Updates from James Moore

Updates not available...


Policy


Fall Peer2Peer 2012

There is a video archive of the Fall Peer2Peer 2012 event available at http://mediasite.video.ufl.edu/Mediasite/Play/5f6d98443e234b289651505b3072769f1d.

Steve found Matt Grover's UF wireless talk very interesting; particularly useful was the troubleshooting section at around to 1:12 point in the stream. While the Help Desk Wiki has connection documentation and a wireless FAQ, Matt's succinct coverage of some of the major gotchas was much appreciated. In order to make that information more readily available, Steve grabbed the following screenshots from that portion of Matt's talk:

troubleshooting UF wireless

Apparently Macs have no way of controlling which wireless profile is given precedence, so the above is a fairly common occurrence.

troubleshooting UF wireless

troubleshooting UF wireless

If you are seeing a user's account locked out repeated you might begin to suspect a wireless device with the incorrect password as the cause.

troubleshooting UF wireless

Antivirus and/or third-part firewalls can cause problems for the SafeConnect component.

troubleshooting UF wireless

Because we have a close working relationship with Impulse, the developer of SafeConnect, UF has been able to make that component aware of enterprise patching solutions other than Windows Update.

troubleshooting UF wireless

Other talks

Regarding some of the other talks, Steve found the availability of the Microsoft IT Academy Online Learning Program here at UF a nice surprise. He also was unaware that the UF eFAX service now allows International calls. John Madey mentioned a new Speech Connect service also; this provides a speech enabled automated attendant for Campus VoIP users by dialing 31010 (or 352.273.1010 off campus or via cell).

IT Reporting Relationships (previous discussion)

An IT Management Plan has been finalized and approved and a new organization chart has been drawn. In a nutshell, a compromise was struck between the unit leaders desire for autonomy and IFAS administration's wish to centralize control over unit IT staff. The easy part is over; now we await the improvements that administration feels can result from this plan. How will those dotted lines work in actual practice? The burden there is on Dan Cromer's shoulders but Steve hopes we can all provide him the support he needs to develop and implement a vision for a bright future within IFAS IT at all levels.

Steve asked Dan if he had any comments on this reorganization. Dan replied that he would be happy to answer any questions. He did clarify that he would not be doing a separate evaluation; that would still be done at the unit level. He expects to provide input to those only in exception circumstances...both good and bad.

Feedback from October ITPAC meeting (previous discussion)

The agenda was as follows:

  • Welcome and introductions
  • ITPAC membership
  • IFAS IT re-organization plan (Joe Joyce)
  • Current status of video conference capabilities and needs across IFAS
    • Elluminate update and transition away from Elluminate and update for Adobe Connect (Ron Thomas)
    • Use of PVX (Dan Cromer)
    • Polycom in Fifield (Dan Cromer)
    • Possible use of Cisco Movi or other options (Dan Cromer)
  • Use of shared passwords on selected systems like Accordant (Ron Thomas)
  • Gatorlink Email, students and IFAS Business (Dan Cromer)
  • Second Distance Education Classroom or other use for the space on the ground floor in MCCD (Al Wysocki)
  • Use of EventBrite and use of DCE (Distance and Continuing Education) (Al Wysocki)
  • Mobile Web Applications for IFAS (Al Wysocki and Pete Vergot)
  • Computer access that is denied after 30 days of inactivity – FETL lab (Al Wysocki)
  • UF Domain Name Policies (Al Wysocki)
  • UF Web Content Management Systems Update (Al Wysocki)
  • ICC Update (Dennis Brown)
  • IFAS IT Update (Dan Cromer)
  • New Business
  • Adjourn

Dennis had provided the following notes via the ICC-L:

  • Big Blue Button Demo is here. http://meet.ifas.ufl.edu/
  • In the discussion of service accounts it was suggested that someone keep a record of who has login credentials for service accounts. One possibility would be that Wayne Hyde as ISM would keep a list of service accounts and who had the credentials to them (but not the credentials themselves).
  • One of the reasons for using service accounts for student employees is because student e-mail accounts will soon available to them as e-mail address for life.
  • There was discussion about whether to turn space near the current classroom on the ground floor of McCarty Hall into a second classroom or whether to expand update it for a full “green screen” room. The main purpose of the “green screen” room is for faculty to record lectures for online access. ITPAC chair Al Wysocki sees this as being the future of distance education. In other words less recording of classes in front of students and more in rooms of this type without students. Those on the committee who work in and near McCarty favor the “green screen” room over the classroom.
  • After discussion Joe Joyce seemed convinced that he was going to go with EventBrite for of DCE (Distance and Continuing Education).
  • UF/IFAS Mobile Web and Apps site is at this site, http://mtt.ifas.ufl.edu/.
  • There was discussion about the following IMM, http://imm.ifas.ufl.edu/6_150/6150-3.htm as far as Mac support. The consensus was to remove most or all of the language in section #2 under Policy and Procedures although I don’t believe a final decision was actually made on the language.
  • It was suggested that those in IT with a Mac background be designated officially as Mac experts. The term “Mac Center” was also mentioned. Both of these were meant to make known that these people would help with Mac issues. Using a Wiki help provide Mac information was also mentioned.
  • There was a discussion about the difference between a “mobile web app” and a “mobile app”. The “mobile web app” indicates that the data is stored on a remote server. With a “mobile app” the data is stored on the mobile device. An example of a “mobile web app” is the IFAS Directory. The database for the IFAS Directory is too large to store on a mobile device. However if you’re in a field with no network access you may need a “mobile app” where the data is on the mobile device.
  • IT admins with UFAD computers that get locked out from infrequent use need to be responsible for making sure they don’t get locked out when they are public access computers (for example FETL lab).
  • Wireless devices must be encrypted or they will be denied access to UF wireless network as of August 2013.
  • It was mentioned that in the future ITPAC will meet more often than once a year.

As for his ICC update portion of the ITPAC agenda, Dennis provided the following, again via the ICC-L:

Below are the notes (1-9) that I prepared ahead of time for the ITPAC meeting mainly from the ICC notes from the last ICC meeting. If it was covered earlier in the ITPAC meeting I skipped over it. More explanation of #6 below.

  1. Movi/Jabber does not install on win8, InCommon Silver implementation has prevented new accounts from being created. Possible problems with Movi/Jabber on Macs.
  2. Problems with Lync where video freezes
  3. Wireless WAPs purchased for CEOs.
  4. New circuits installed at Quincy, Apopka and Immokalee with VoIP coming in the next 6 weeks.
  5. UF-wide license for Qualtrics survey software with Survey Monkey continued for a last year.
  6. IT Reporting relationships
    • units generally opposed from what little is currently known
    • plan is to make IT support better at unit level especially where it isn't currently
    • RECs, central IT would play a stronger role in assisting with the hiring of new staff e.g. Lake Alfred, Apopka
    • Proposal will bring IT more to the forefront in the minds of the unit heads
    • Evaluations for OPS IT workers where there weren't previously
    • Inventory support skills at units
    • Situations where IT workers perform other duties - these should be documented
    • Concerns with broad/general language used in the proposal and isn't clear what it might mean
    • Administrative overhead for its own sake is not something ICC favors
    • Concern about how disagreements between units and central IT will play out in evaluations
    • disagreements solved by consensus and in the end unit head wins
    • Some units spoke in support of the plan (Ft. Lauderdale, Ft. Pierce)
  7. Mail-enabled service accounts for student employees, to be solved at the UF level
  8. Getting computers connected to the new wireless is still causing trouble in some units
  9. Units are experimenting with Windows 8 but none have mentioned deploying it yet

When I got to my number 6, IT Reporting Relationships I stated that the units were generally opposed to the policy with what little is known about it. I mentioned that not all were opposed and mentioned that IT in Ft. Lauderdale and Ft. Pierce spoke in favor of the proposed policy. Joe Joyce asked what were the objections and I summarized them in the following two statements which hopefully accurately reflected those expressed at by ICC.

  1. We're concerned that administrative tasks from Central IT will take too much time away from our unit tasks.
  2. Concern about how disagreements between units and Central IT will play out in evaluations. I also mentioned that Dan had said that disagreements would be solved by consensus and in the end unit head wins.

I was also asked for an update on the encryption policy. At the last meeting which was almost a year ago my memory was that Joe Joyce said that we would only encrypt mobile devices that had restricted data. I asked if that had changed. Dan stated that a better wording would be that IFAS will comply with the UF encryption policy except when it doesn’t make business sense.

A draft of the official minutes is available here.

Authentication Management policy draft (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

UF wireless still too hard?

As mentioned earlier, Matt Grover supplied some good tips in his talk at the recent Peer2Peer.

Dennis Brown mentioned that he was having trouble getting a professor's Macintosh onto UF wireless and called the UF Computing Help Desk for assistance. They said to bring it in. Once there they told the professor that they weren't supposed to help him with that and he should see his departmental IT support. Obviously, something got lost in translation but the professor insisted and the Help Desk did fix the problem. Of course, Dennis has no idea what they did to solve the problem, which is unfortunate.

Steve would like to reiterate the need for the Help Desk to find some way to distribute their knowledge on resolving wireless issues out to local IT support--especially if they are referring folks back that we sent there in the first place. Doing so would help everyone. Jimmy Anuszewski noted that he is available to help with Macintosh support should any ICCers run into problems they can't solve. Thanks Jimmy!

UF Exchange updates (previous discussion)

Outsourcing of student email?

Updates not available...

Outlook asking for re-authentication

Updates not available...

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

Steve said that he had been playing a bit with Windows 8 and noted that an easy way to try it out if you have a Windows 7 box with sufficient hard disk space is to utilize a VHD. This way you don't mess with your current configuration but can dual-boot into Windows 8. When done playing you can then just remove Win8 from the boot menu and nuke the VHD. Only the hard drive is virtualized in this scenario and you have direct device support otherwise.

Steve did the above on a newer system and this allowed him to play around with the new Client Hyper-V feature. Not as nice as VMware Workstation perhaps, but it is another no-cost way to whip up some test VMs quickly (like Windows Server 2012 Datacenter edition--90 day free trial perhaps); pretty cool. This could potentially be a more flexible replacement for Windows XP Mode for running legacy apps w/o outside network access down-the-road after that goes end-of-life.

Jimmy said that one of his users has ordered a Sony laptop with Windows 8 and touch, so he will have his first local user to support soon. Steve put Win8 on his home laptop and was able to play a bit with the new touch gestures after downloading new Synaptics software; it is difficult with the tiny touch pad (as opposed to a touch enabled screen) but it did help demonstrate the new features a bit. Dennis Brown mentioned that one of his students had purchased a Windows 8 desktop that he has played with a bit. Al Ibenez said one of his faculty installed Windows 8 on his laptop and it seems to be working fine on the domain currently.

Marvin Newman mentioned having fun with an SAS install on a Windows 8 box. The issue was getting .Net going. .Net 3.5 is not enabled on Windows 8 by default. Steve noted that this is needed currently for Chris Leopold's IPCC program as well.

SCCM for IFAS

Work continues on the central SCCM plans.

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Wayne Hyde finally sneaked this in on us around the beginning of November. Steve had heard of no resultant issues being reported from this long-in-coming (on the project list since Oct 2005) change other than one from MJ Frederick. Wayne explained that they were using a desktop as a license manager for a couple of local ArcGIS installs; the firewall needed to be adjusted to allow that to communicate.

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?

Updates not available...

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Lance Cozart has begun investigating some new offerings from Polycom that would offer lecture recording and a whole lot more. He would like to let others know about this because it might offer a good opportunity to provide a very useful centralized service at the IFAS level. Following are some comments and links provided by Lance:

Polycom seems to have integrated Microsoft into video conferencing and added several new software applications. There are several software programs that tie social media, current VTC endpoint, Lync, SharePoint, IOS devices, and content recording, playback and together. Polycom’s Converged Management Application (CMA) system is needed for these new software programs. The mobile IOS software with Smart Pairing is an interesting concept. Polycom Cloud Axis is impressive in that it ties all the various video conferencing software and endpoint together in an easy to use GUI.

Lance feels that CMA would improve infrastructure in a few ways. First, all Polycom directories have to be manually pushed out to the Polycom’s. This is rarely done and rarely works even if it is pushed out. Polycom CMA would be more compatible than the current system, and should eliminate these issues. Second, Polycom updates would be quicker and would have the most current software version. It is Lance's understanding that TMS is usually a version behind. CMA comes with 100 concurrent licenses to push out for desktop video conferencing. CMA would offer more management features than TMS. Resource Manager is for larger scale networks.

Here are some links to further information, including some videos that help to demonstrate the integration potential:

Software

Infrastructure

Videos

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex York can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

McAfee Agent 4.6 Patch 2 has a bad uninstall bug and Wayne Hyde plans to push Patch 3 shortly. Basically, uninstalling Patch 2, as one might try when IPCC throws an error on a box, can cause a BSOD.

Mike Ryabin had a question about the agent. He noted that Wayne has version 4.5P2 for download on the Security-tools share. Wayne explained that ePO will quickly update that once it is installed and that 4.6 Patch 2 is currently being pushed (again with patch 3 soon to come).

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

The November Microsoft patches included 6 bulletins (4 "Critical", 1 "Important", and 1 "Moderate"). A risk assessment is available here.

The December Microsoft patches included 7 bulletins (5 "Critical", and 2 "Important") covering 11 vulnerabilities. This is the first update for IE10 (Windows 8). A risk assessment is available here.

McAfee provides podcasts on the highlights of each month's offerings.

Adobe

Adobe released a security update for Shockwave Player back in October. That patch fixed six vulnerabilities and was rated as critical; three of the vulnerabilities can lead to Remote Code Execution.

November 6th saw yet another security update for Adobe Flash Player and Adobe Air. But wait! It was deja vu all over again on December 11th. Can we squeeze in another before 2013? Stay tuned.

On November 19th they released a hotfix for ColdFusion 10 for Windows.

There have been warnings of a zero-day exploit for Adobe Reader with little response from Adobe.

Java

Oracle released critical Java patches back in mid-October. The latest (I won't say secure) versions are JREv6r37 and JREv7r9. Yesterday Oracle released JREv7r10 and JREv9r38; those are non-security updates as such, but JREv7r10 does provide "security features" such as the "ability to disable any Java application from running in the browser" so may be worth considering:

new Java security settings

You are reminded that JREv6 will stop being patched after February; after that we will have to move to JREv7; Steve hopes that doesn't break anything too crucial.

Apple

QuickTime 7.7.3 was released in early November which addressed a number of security concerns. A list of recent Apple updates is available here.

Mozilla

Version 17 of both Firefox and Thunderbird were released on November 20th to address numerous security concerns.

MS Office News update (previous discussion)

Steve noted that Office 2013 is available from the IFAS Software Site (IF-ADMN credentials required). He mentioned having tried it out on one machine and asked if anyone else had taken a look. Dan Cromer responded that he had it on a machine and encouraged IT people to begin to take a look at it. He wasn't convinced it is a real improvement over Office 2010.

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)

Updates not available...


Other Topics

Acrobat does not launch after 30 days of serializing with a suite serial number

Steve noted this to the ICC distribution list back in mid-November. He has seen in on a couple of CS6 Suite installs; you try and run Acrobat and it never shows up. If you watch in task manager, the process starts but is killed prior to any visible interface displaying. Steve found a quick fix here.

New IFAS website for mobile platforms

Dan Cromer had announced a new IFAS Mobile site via IFAS-Announce-L saying:

"I'm pleased and proud to announce that the IFAS Mobile site has been placed in production at http://m.ifas.ufl.edu. Use your mobile device Web browser to access it. You can bookmark it, and even copy the bookmark to your device home screen by selecting the "About" button at the bottom left, then follow the instructions. The small icon in the upper-left corner of the home screen will show an alternate "icon only" view."

"Thanks to the IFAS IT Application Development team for these apps, with Dr. Jiannong Xin (Xin) as team manager. Others on the team are Arun Kasala, Brent Ferraro, Jie Fan, Navya Kooram, and Sammy Chan. The IFAS Communications office assisted with graphic design."

HDD recycling

Al Ibanez had queried Dan Cromer regarding the handling of hard drives that were being recycled either for reuse or disposal. Dan Cromer shared that with the ICC-L suggesting that this might be a good topic for the ICC. Dan pointed out the following:

"The UF standard is http://www.it.ufl.edu/policies/security/documents/it-worker-reuse-and-disposal-standards.pdf. Though this specifically applies to devices with restricted data, I see of no reason not to do this for all. This is a good item for ICC discussion. We on main campus have the advantage of being able to put old drives in a bin for destruction. Where we are planning on possible reuse, we use DBAN. I agree that reuse should be carefully considered, based on drive and purpose, for any drive more than two years old. Some are guaranteed for five years, and may be reliable past that."

Mark Minasi returning to UF

Don't forget that Mark Minasi is returning as a presenter in UFIT's "Technically Speaking" series on February 6-7, 2013. Mark's talk will focus on Windows 8 and Server 2012. More details, including registration information, will be posted as soon as possible at http://www.facebook.com/GoGators.UFIT.

New Microsoft Technical Account Strategist

Dan Cromer announced that none other than Dwight Jesseman is our new Microsoft Technical Account Representative. Dan had expected him to stop by the meeting today, but he apparently couldn't make it in time. Wayne said that Dwight had taken this job as a way of staying closer to home and traveling less. It certainly will be a pleasure to work with Dwight again.


The meeting was adjourned way early around 10:40 am. Yay!