ICC Meeting: |
IFAS COMPUTER COORDINATORS
(ICC)
NOTES FROM February 13th 2004 REGULAR MEETING
A regular meeting of the ICC was held on Friday, February 13th, 2004. The meeting was chaired and called to order by Chris Leopold (in Steve Lasley's absence), at 10:00 a.m. in the ICS Conference Room.
PRESENT: Twenty-one members participated. Remote participants: Mike Armstrong, Robert Boden, Marcus Cathey, Kevin Hill, Steve Lasley, Joel Parlin and Joshua Wilson. On-site participants: David Ayers, Jenny Brewer, Dennis Brown, Dan Cromer, Joe Hayden, Ed Howard, Tom Hintz, Chris Hughes, Jack Kramer, Chris Leopold, Richard Phalen, Mark Ross, John (Hank) Sawyer and Brian Sevier.
STREAMING AUDIO: available here.
NOTES:
Chris Leopold welcomed Scott Weinberg and Donna McCraw as new members to our group. Both have been with IFAS quite some time, but are just now participating in the ICC. Chris noted that ITNS is now (finally) at full staffing with the hiring of Jenny Brewer (starting today) as Tim Nance's replacement and Chris Hughes (starting the 27th) replacing the AD Lead position vacated by Mike Kanofsky. Jenny, of course, was previously Dwight Jesseman's replacement as IFAS/IT Northeast District support. This game of musical chairs has turned out well for ITNS! Chris Hughes comes to us from the UF/Warrington College of Business where he has been working for about six years and with AD for the last year and one-half, having converted from Novell. Congratulations Jenny and welcome Chris!
Chris gave a brief re-cap of last month's meeting. As a followup to that meeting's ePO/Patchlink discussion, John Sawyer reported that there is a problem running both of those on a single server as originally envisioned. While Patchlink said it worked with SQLserver, it turns out that they left out the fact that it only works when SQLserver and Patchlink are on the same server (in at least the current version). While there is an issue anyway with the load of having ePO and Patchlink on the same server, this requirement makes that even worse. Although they are promising to fix this within the next couple of releases, John has requested another server to support the expected load. John also related that UF is still on hold with the Kerio Personal Firewall purchase. Apparently it may be competing for available funds with their wish for a secure proxy solution. Dan Cromer previewed the issue of getting the ICC's consensus on whether or not there should be an IFAS policy on ePO and Patchlink that could be turned, eventually, into an IMM. There was considerable discussion at this point and more followed later during the meeting. Jenny pointed out that during the recent rollout of ePO, roughly 600 machine were discovered that had no virus protection. David Ayers, pointed out that county-purchased machines are another thing to consider; some may dictate Norton as the anti-virus solution. Retouching the issue of NAS boxes, Chris noted that they had just purchased the latest Backup Exec with 100 client licenses for desktop and laptop backups. Chris pointed out that ITNS doesn't have the hardware to support a broad backup solution at this time, but is moving in the right direction.
There were problems with the Polycom that were resolved part-way through the meeting, so Chris deferred the AD status report from Kevin Hill and went directly to other matters.
Jenny Brewer demoed the new ePO management console. Firstly, the ePO console will only install from a CD. An ISO image (ePO301.iso) has been made available at \\srvvirus\install$ for that purpose--or Jenny can get you a CD if you wish. Jenny noted there are problems with the console running from remote machines (note: this now seems to have been fixed by putting the Java Virutal Machine on the ePO server at the suggestion of Chris Hughes). When you first run the console, you need to add a server. The server is now "srvvirus". You need to provide login credentials; if you don't have yours, contact Jenny. Finally, port 81, the default, is used. The clients report on port 82 (Patchlink will use port 80). The ePO database is structured by subnet now to facilitate location of "lost and found" machines. Jenny had quite a task in organizing these machines--in a great part due to the lack of uniform naming conventions for machines within IFAS. Jenny demonstrated the information that the ePO console makes available. She discussed how to configure the settings for any subset of machines under your control by stopping inheritance. She warned that you always have to hit the apply button--just as in the earlier version. Although a number of products are set to install by default, the agent will determine the OS and install only those pertinent to that machine (e.g., VirusScan 4.51 vs. VirusScan 7.1). Jenny showed how you have to add a database to enter the reporting system--you use the same settings as when adding a server as stated earlier. If you want to see what agent is on a particular machine, use the "http://machinename:8081" syntax and look at the top of the report for the version number. The "number of infections" report is John's favorite. "Unresolved infections" are of particular interest here. The DAT Engine report shows how up-to-date things are. Since machines that have been turned off don't get updated, it is no big concern when machines are a couple of DATs behind--5 levels behind is another issue. There are currently four update repositories on campus (nt-fifield, srvtask3, srvvirus and one other) and in each district throughout the state (on remote BDC's in an "update" share).
After much ado in getting the audio working ;-), Kevin Hill discussed the status of the AD project. The IFAS OU has been established within the UF AD and provisioned by Mike Kanofsky, of the UF AD, with a few service and machine accounts. These can be used to create other such subordinate accounts for ICC members such that we can begin to try out the various AD tools that we will need. You may contact Kevin for more details on getting a machine pre-staged for joining (Chris and Dwight can also do the pre-staging). This would allow you to begin trying out some of the tools you will be needing with AD. If you have a WinXP box (or Win2k3 Server), you might download the new Group Policy Management Console and start looking at that. Mike Kanofsky is not quite ready to populate the IFAS users container from the UF Directory, as he is busy with other tasks at the moment. Once he does, however, we will be able to begin testing in earnest. With Chris Hughes joining us, we plan to soon have another IFAS AD meeting and get this project going full-steam.
Jenny Brewer made a plea for ICCers to consider renaming machines within IFASDOM in a fashion that would give some clue as to how they might be located. AD will require a strict naming convention, but in the meantime, central IFAS IT and the HelpDesk would be greatly helped if some naming convention was implemented in the meantime.
There was a brief discussion on the possibilities of using mac address control for network access. Chris Hughes mentioned that the College of Business uses a product that tied into whether or not a mac address is listed in ePO--if not, a machine that plugs in doesn't get an IP address. Chris wasn't sure, but he thought this used Meta DNS.
Chris Leopold, John Sawyer, led a discussion of whether or not there should be an official policy that mandates ePO and Patchlink. John mentioned that UF is coming out with a baseline standard for desktop machines. The official policy requiring that patching and anti-virus software be kept up-to-date is found within the official AUP. It had been discussed that, since IFAS has the centralized ePO and (soon) Patchlink solutions, that IFAS have a specific policy mandating their use. After considerable discussion, it was agreed that a policy be recommended, worded something along the lines of: "Central IFAS IT has the right to perform centrally-based software installations for anti-virus and patching onto IFAS computers. Units, groups or individuals can opt-out of such implementations via written justification to the VP, given that sufficient reporting is provided to ensure that anti-virus and patching software are kept up-to-date via other means."
Jack Kramer expressed the feeling that great value can be obtained by taking the time to educate users on the reasons behind these steps and how they work. Once they are convinced, it becomes easy to gain their support. He urged that information be made available, perhaps via fliers or the web, towards this end. He felt this up-front approach would reap great rewards. (Note: Bravo! The producer of these notes agrees 100%!)
Mark Ross led a brief discussion on his proposal for turning off HTML at the Exchange Server. Dan Cromer mentioned that he knew some pretty highly placed individuals that would object to that. Jenny Brewer mentioned that setting plain text as the default might possibly be a good and reasonable compromise.
The meeting adjourned about noon.
|