ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM February 8th 2013 REGULAR MEETING


A meeting of the ICC was held on Friday, February 8th, 2013 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Nineteen members participated.
 
Remote participants: Bill Black, Bill Caltrider, Wei Cao, Dan Cromer, David Essex, Russell Hunter, Wayne Hyde, Marvin Newman, Javier Real, Mike Ryabin, and John Wells.
 
On-site participants: Jimmy Anuszewski, David Blackman, Dennis Brown, Winnie Lante, Steve Lasley, Matthew Nash, John Sowers and Wendy Williams.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman


Member news:

Steve had somehow missed the fact that Ihab Soliman had replaced Nick Smith in the half-time support position at FSHN a couple of months back. Ihab works half-time for FSHN and the other half is spent with the Help Desk. Nick is now full-time Help Desk. Please join Steve in giving Ihab a hearty welcome.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)


Video Services support fronted by the UF Computing Help Desk

Updates not available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Kevin Hill had reported that the Jabber client at \\ad.ufl.edu\ifas\SOFTWARE\Jabber-was-Movi won’t install on 32 bit clients. He had asked Dan Cromer if there was a 32 bit install available, or if we should fall back to the older Movi client. Kevin also was unable to install the newer client on Win8-x64; the install complains about “graphics card or driver not supported”.

Dan Cromer has responded that he had reverted back to Movi for Windows 8, and had reported the issue to Patrick Pettus. Cisco’s response to Patrick was “wait for the next version release”. Dan was not aware that the software wouldn’t install on 32-bit clients. Dan suggested trying http://video.ufl.edu/Movi.zip.

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Possible end-point refresh in the works (previous discussion)

Dan Cromer had sent the following:

Message from Dan Cromer:
"[ICC-L] Video equipment inventory, your assistance needed." Tue 1/29/2013 3:26 PM


All,

As we have discussed in ICC, since most of the video equipment we have in IFAS was purchased late 2007, we need to consider a plan for future use, whether replacement by H.323-type units or other alternative. Rather than send two files to all in the list, I’ve upload the documents to the IT-ICC shared documents folder at http://my.ifas.ufl.edu/sites/services/it/icc/Shared%20Documents/Forms/AllItems.aspx. These Endpoint Usage spreadsheets show the usage for calendar year 2012. The 2012 Endpoint Usage A-Z is sorted by site name, the other file is sorted in descending order of number of connections to the bridge. Since this report comes from the UF Tandberg Management System (TMS), only connections to the bridges are shown, so there may be other endpoints not on the lists.

Please check the list for your site(s), and email me if:

  • You have an endpoint not listed
  • An endpoint on the list is no longer in service
  • You have a need for one or more additional units
  • Other information that you consider useful for the purpose of the inventory.

Please take care of this sooner rather than later, I’d like to get your feedback quickly, so set a deadline for yourself of Monday, February 4th. Thanks.

Steve asked if anyone had gotten back with Dan and couple of folks, including Winnie Lante responded that they had mentioned a couple of codecs that were not on the list.

Steve had gotten back to let Dan know of a couple of codecs in Entomology that were not listed. Because Dan has frequently expressed the belief that software solutions (Lync, Movi, PVX, Adobe Connect, etc.) should/will replace codecs, Steve made sure to include the following in his response as well:

"You should be aware that swapping out a Polycom for an AVer (or whatever) would not be particularly easy or even possible in some of our four A/V-integrated rooms – at least without great expense. A similar problem exists for adding camera(s) and microphone(s) to a room PC for the purpose of software-based videoconferencing (e.g., Lync, Skype, Movi/Jabber, Adobe Connect, etc.). I believe it is important that we have a clear idea of those difficulties and costs (which will vary with each room at each site) to include in any assessment. One of the reasons the Accordent Capture Stations went unused at a number of locations was failure of this sort of consideration."

Steve feels that good endpoint recorder support could help make up for quite a bit of that. The remainder of this discussion topic is in the "Recording lectures for Distance Education" section of the notes below.

Lync updates (previous discussion)

Updates not available...

WAN (previous discussion)


Updates from James Moore

Updates not available...

VoIP at RECs

Message from John Madey via Dan Cromer:
"[ICC-L] FW: IFAS Research Centers Migration to VoIP" Thu 1/31/2013 3:24 PM


As we’ve added additional RECs from various locations / area codes, we’re starting to run into a dial plan conflicts. For example, all Apopka ten digit numbers start with 40741……which conflicts with a 5 digit number on campus 40741 [Air Force ROTC:352.294.0741]. The good news is we can partition the calls for each site using our Unity Connection and Call Manager, however, it will take a little time to set up and convert the existing RECs to resolve this. This will also enable the RECs to do 5 digit dialing internally as well as when checking voicemails or using the automated attendant features. We are planning to deploy Immokalee first using this set up.

So, I wanted to give you a heads up – again we can resolve, just need to configure first, test and then deploy. I anticipate about ten days to complete. Feel free to pass along any questions or concerns that might arise.

Other WAN news

Dan Cromer related having a conversation with John Madey concerning network support for "on campus" sites that are on the edges of where the network currently reaches.

Phone bills to be paid for centrally?

Dan also said it is looking like all phone services may be paid under the RCM model. This would take all intra-UF phone bills away with the costs all being paid for centrally. Elias did this in his last job and saved money overall by reducing administrative costs.

Mike Ryabin asked about current charges for VoIP phone connections. As far as anyone knew that is still set at $11/phone/month currently. Mike said they currently pay about $400 per month for the PRI plus annual maintenance for the box; since they have roughly 150 phones there is no incentive to move to the central model...unless, of course, is does indeed get paid for off-the-top at some point. Dan said that Ft. Pierce is in a similar situation to Ft. Lauderdale on this.


Policy


Content Management System (CMS) for UF: Entering purchasing phase

Since Fall 2011 there has been a UF Web Content Management (WCM) task force charged with identifying "UF’s web publication needs, review the available options, and recommend an enterprise solution." Apparently the solution has been picked and a survey has been sent out for the purpose of gauging the size and scope of the initial implementation. Steve asked if anyone had further details, including what product was selected.

No one really had any further information but Wendy Williams took it upon herself to email Eric Olson on the subject during the meeting and he got right back. Eric explained that the three front runners are still Oracle WebCenter, TerminalFour SiteManager, and Adobe Web Experience Management. He said that the plan is to get these vendors to provide pricing proposals and to come to campus for demonstrations. The on-campus visit would give all IT and Web authors the chance to see them live; it’d also let the committee and purchasing have a chance to discuss the details. Eric also related that he'd love to hear from people who are interested in the project. They want to select something that UF IT and Web people will love and need our help to make that happen.

Wendy and Jimmy Anuszewski are frequent attendees of the "Web Managers Meetings" that were held monthly and are now held every other month. It is their opinion that there is really no ongoing discussion between that group and the WCM, although one would think that might be valuable to both sides. Wendy said that there are a few in the Web Managers group that appear to enjoy bucking any centralized trend; that might have something to do with the disconnect but she didn't really know.

Steve mentioned his dismay over the fact that the Web Service Committee notes were way out of date currently, with the latest posting being September of last year. Wendy emailed pertinent folks on that topic as well and heard back that the Chair's notes for October and December are done and were just posted in response to Wendy's query. Thanks Wendy!

Authentication Management policy draft (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

See remedy section below...

KACE (previous discussion)

Archival of computers no longer reporting

Message from Elizabeth (Lissa) Palmer via Dan Cromer:
"[ICC-L] FW: KACE - archival of computers no longer reporting" Thu 1/31/2013 3:39 PM


The decision has been made to limit most KACE Reports to machines that have been live and syncing to the KACE server in the last 60 days. This will give a more accurate picture of software and hardware on current computers.

This new 60 day limit will apply to the monthly KACE department reports that are posted to the UF Project Inventory Connect site in the next couple of days. I can get any department/college reports that asks for it a report that includes all computer in KACE for their department.

We will also implement a 6 month inactive cut-off for computers in KACE. Machines that have not reported to KACE in the last 6 months will be archived off and delete from KACE. I can send any department that wants a report of these deleted machines a report when they are archived. If a machine does come back live and reports into KACE, the inventory record will be re-added to KACE, minus any history logs.

Please let me know if you have any questions. Thanks again for your participation and feedback on this topic.

CNS working to implement NAC for UF wireless (previous discussion)

UF wireless still too hard?

Updates not available...

UF Exchange updates (previous discussion)

Outsourcing of student email?

Updates not available...

Outlook asking for re-authentication

Steve had the opportunity to speak with Andrew Carey about this yesterday. They are aware of the problem and continue to pursue a solution. The main hurdle was finding individuals who were experiencing this on enough of a recurring basis to allow for troubleshooting. James Oulman has a couple of subjects meeting that criterion and is working with Microsoft to resolve the issue. They have tried various configuration changes that might affect performance to see if that might help but so far it doesn't appear that this is related directly to the expected cause of failing to respond in a timely fashion due to load.

Getting an Exchange mailbox created

See Remedy discussion later in notes.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Now that the ICC web site has moved to the new cluster Steve had some questions about how that is all put together. In particular Steve has noticed that the server he accesses for file management of the website is not the same as the one providing the web service:


c:\>ping if-srvv-webdata.ad.ufl.edu

Pinging if-srvv-webdata.ad.ufl.edu [10.227.242.160] with 32 bytes of data:
Reply from 10.227.242.160: bytes=32 time<1ms TTL=123 
Reply from 10.227.242.160: bytes=32 time<1ms TTL=123 
Reply from 10.227.242.160: bytes=32 time<1ms TTL=123 
Reply from 10.227.242.160: bytes=32 time<1ms TTL=123

Ping statistics for 10.227.242.160:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
     Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

c:\>ping icc.ifas.ufl.edu

Pinging arr.ifas.ufl.edu [128.227.242.197] with 32 bytes of data:
Reply from 128.227.242.197: bytes=32 time<1ms TTL=123 
Reply from 128.227.242.197: bytes=32 time<1ms TTL=123 
Reply from 128.227.242.197: bytes=32 time<1ms TTL=123 
Reply from 128.227.242.197: bytes=32 time<1ms TTL=123

Ping statistics for 128.227.242.197:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
     Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

c:\>nslookup 128.227.242.197
Server:  ufdc-ssrb01.ad.ufl.edu
Address:  10.241.173.11

Name:    if-srvv-webarr.ad.ufl.edu
Address:  128.227.242.197

Steve had asked Santos Soler if he could provide a brief overview as to how that is all plumbed network-wise (hostnames for the various components and how they interact) for us. Santos had hoped to do that but unfortunately became busy elsewhere. We will try to readdress this topic at a future meeting.

Windows 8 Deployment? (previous discussion)

Steve mentioned a problem Winnie had related via the ICC-L a while back. Someone had purchased an HP Windows 8 Home edition laptop and wanted the OS replaced back to Windows 7. When Winnie tried to do this she found that secure boot had been enabled and she couldn't immediately figure out how to get Windows 7 on the box. She never did find exactly how to disable that before she finally decided to go with Windows 8 Enterprise due to concern over finding the right drivers for Windows 7. Ihab Soliman responded that he had run into this problem already himself. He found that the UEFI formatted HDD was causing the problem--not secure boot per se (though that requires UEFI). The solution for him was to change a setting in the BIOS of the machine to allow for Legacy Support. This allowed him to downgrade his faculty member’s machine to Win 7.

Steve said that the Minasi workshop raised some questions in his mind with regards to "previous versions" and the fact that this is being deprecated and replaced with "file history." Wayne Hyde responded that restore previous versions for a network share is still there, which was a relief. Wayne also suggested that those who do not want to "absolutely positively hate windows 8" should install classic shell.

There was some discussion about how the frequent flip-flopping between desktop and metro is confusing even to us and will completely throw a number of users to the point where they would beg to move back to Windows 7. Keyboard short cuts are the answer, but it may be hard to get the accepted. The writing is on the wall but there will definitely some pain ahead for early adopters.

Wayne's biggest pet peeve Windows 8 has to do with the difficulty of mousing to the corners when RDP'd into a Windows 8 box.

SCCM for IFAS

Work continues on the central SCCM plans.

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?

UF is apparently considering Symantec Endpoint Protection as a replacement for McAfee. Steve is guessing our hopes for a resource-friendly solution such as Microsoft's will be going up in smoke for the sake of cross-platform compatibility.

Dan Cromer said that Wayne is on UF's endpoint protection committee. Dan (along with Wayne) has tried repeatedly to make the point that we don't need a one-size-fits-all solution. We already have nearly everything we need to implement a Microsoft solution that would fit the needs of the great majority of our users (Windows) well.

Wayne shared the following:

UF EPP Requirements

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Investigating a way to meet our needs (listen to this at roughly the 5 minute point in the audio recording)

Steve continued his push for a distributively managed endpoint recording system, meeting recently with Al Wysocki and making him aware that:

  1. we have the need for and upcoming problem with lecture capture (Accordents near end-of-life),
  2. that a managed endpoint recording infrastructure might be a good flexible solution for DE, but also for all sorts of recording needs for Extension and administration as well,
  3. that Video Services doesn’t really supply that as a robust and dependable service, and
  4. that Steve would appreciate Lance be given Dan Cromer’s blessing to research options for such a solution as he had the broadest and deepest knowledge available within IFAS on the matters.

Dan Cromer expressed the opinion that this is all just a matter of working with Patrick Pettus and Dean Delker on this. He said that they have the capability of recording any bridged conference and we just need to work out how to do that.

Recording on the bridge currently falls short

Steve responded that he is aware that Video Services has the capability and in fact the ICC meetings are recorded in that fashion. However, the service is clumsy in a number of important aspects:

  1. First of all, just checking the box and requesting that a VC be recorded doesn't mean it is going to happen. Steve has had several occasions where everything was specified correctly in the request, but the recording did not happen for one reason or another. Without access to TMS it is impossible to check to see that this has been set up properly.
  2. Managing the recordings after-the-fact is even more of a problem. There is no control over who can access these, and there is no formal method of requesting and obtaining the recordings. Steve has waited anywhere from weeks to months to obtain a copy of those.

Perception by AT, Video Services, and Dan Cromer that the current service is sufficient

Dan said that he understands these problems but that we have to work through them. Dan said he had a meeting with Fedro Zazueta (Director of Academic Technology), Mark McCallister (Associate Director of Academic Technology), John Pankow (Coordinator & Senior Engineer with Video and Collaboration Services, and Patrick Pettus (Video Conferencing Engineer with Video and Collaboration Services) and they consider this to be a production service.

Steve responded that he didn't believe Dan was doing a good job of getting our viewpoint through to these people. Steve said he has sent a number of emails to him detailing our needs and the issues, but feels that Dan is not passing those along. Dan then suggested that Steve try the bridge recording saying it was too late today but that Steve needs to use it and find out why it isn't working. Steve responded that this meeting was being recorded, and that Dan wasn't listening to what Steve has been saying.

What can we do to be heard by those who might help?

Steve reiterated the weaknesses he had already mentioned and Dan responded that we need to work around those weaknesses. Dan kept indicating the onus was on us to get this working well when Steve has been doing everything he can think of to work through channels in order to get our needs listened to and addressed. He has talked with his Chairman who has talked a couple of Deans as well as Joe Joyce. Steve has contacted Dan directly asking to talk about this but Dan has not called back as asked. Other OU admins have written to Dan and the Deans about this matter expressing similar concerns to Steve's own. Steve wants to know how we can get our concerns through to them if Dan is to be our conduit for this.

Current system feels like "best effort" rather than production

Dennis Brown had related that he uses the bridge as backup to the Accordent hoping that he might get a single useful recording out of the two methods. The last two terms Steve resorted to the same tactics but he doesn't feel comfortable telling his people that the recording will be done and we will be able to get a copy of the recordings within any given timeframe. There is no advertised service for moving the recording off AT systems to the IFAS media for longer term use and control. The whole thing feels like a "best effort" try rather than a true production service.

Flexibility of an endpoint recording solution

Marvin Newman asked how this related to replacing the Accordents and Steve explained that an endpoint recorder could record any bridged VC by connecting to the conference. Dennis added that this would be more flexible because it could record anything that went through the bridge and would not be limited to the few rooms that had working appliances. It is Dennis's hope that we could get something with better quality that would be more easily managed to meet our needs for access and long-term storage of the recordings.

If resources are short perhaps someone is missing an opportunity?

Steve said that he agrees with Dan that the best solution would be for our needs to be handled centrally, but he doesn't know how to get their attention and he doesn't know how to get anything done at that level. Steve suspects they are short on resources to apply to this. He has indicated to Dan his feelings that this would be a good fit for a Tech Fee project proposal and that such a thing could help address the scarce resources. Steve is convinced that students would support such a proposal as more and more they are looking for asynchronous access to class information. But that is outside Steve's hands; such a proposal coming from Entomology would not fly and one for IFAS would likely not either as we would need the blessing of AT. Steve doesn't know what to do; he just knows that in 14 months the Accordents will be gone and that they never really did the trick in the first place.

A plea for leadership

Steve told Dan that he would greatly appreciate whatever help he could provide toward getting something moving on this. Steve doesn't know what else to do beyond what he has already done. Steve offered to provide Dan any and all information he can, but we need help on this one. Steve is concerned that, if we are going to leave this to Video Services, he appears to have no way of being heard by those who can help him--let alone whether or not they are willing or able to address our needs.

Difficulties in heading any single direction

Marvin Newman asked if we were heading to a single system. Some use Accordent, some use Articulate, and others use Sakai, etc. Steve said that Dan Cromer had expressed in emails to Steve that he believes we are moving toward a "webinar" approach via Adobe Connect. Al Wysocki is using that and feels it might be a good answer as well. The problem Steve has with that is the difficulty of integrating another microphone and camera into our room systems. In all four of Entomology's rooms currently the microphone and the camera are provided by the Polycom. You can redo these rooms and add-in separate microphone and camera systems outside the Polycom, but it really jacks up the price. Then you need sound processing, programming (in certain rooms) and all sorts of things. These are the sorts of issues that have to be taken into consideration when we talk about which direction we should go. Steve feels Adobe Connect could be great if the instructor is sitting in their office at their own computer and each student is doing the same on their end. Trying to integrate that into a normal classroom lecture, which by-the-way many of Steve's faculty prefer, is beyond our local resources. Going a single direction is difficult for any number of reasons.

John Sowers mentioned one of his faculty is using Elluminate and is happy with that currently. Steve noted that Adobe Connect is to be the replacement for that and it works similarly.

integrating various traditional and upcoming methods may be best solution

Mike Ryabin related having had a discussion with Patrick Pettus on this topic a couple of days ago. Also, Al Wysocki visited Mike's REC on Wednesday and they discussed this as well. Mike said that he understood from these discussions that they are looking into some integrating solution that would handle connecting Polycom, Adobe Connect, Skype, etc. under one umbrella. Patrick is leaning towards Polycom or Cisco platforms because they already have some of the infrastructure set up for that. Al had indicated that they are testing some third-party solution currently, but exactly what direction this might be going is still undecided apparently.

Our timeframe towards a solution is ever shortening

Mike also said that it was agreed that those with traditional videoconferencing infrastructure should not have to rebuild everything in order to try and support something that might not even satisfy faculty requirements. Mike concern over any and all of this is the timeframe; that aspect seems quite up in the air. Steve noted that movement on such things has traditionally been at a snail's pace at least in part due to lack of staff resources to apply to researching solutions.

BlueJeans being investigated as an integration solution

Dan Cromer mentioned that he has contracted for a 60-day trial of BlueJeans. This is a cloud-based integration solution whereby all sorts of endpoints could connected to the cloud and could correspond together. Dan said he would be sending out more information on this shortly. Mike mentioned hearing from Al Wysocki that there were some issues with BlueJeans that might make it not suitable, but Dan said that is why he is investigating via this trial. Dan suggested that another alternative might be Lync 2013 if and when it has Skype integration.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

DirectAccess pilot (previous discussion)

Updates not available...

Regarding the Anyconnect VPN, Chris Griffin recently said asked that people use https://net-services.ufl.edu/provided_services/vpn/clients/ to obtain their clients. That location has versions of Anyconnect which work directly for Windows 8. He also noted that individuals should install both the "win" and "gina-win" files in that order. Chris indicated that these details will soon be linked from new documentation.

VDI desktops as admin workstations (previous discussion)

Some IFAS IT folks have figured out that http://virtual.ifas.ufl.edu is a great way to access the RSAT tools from a Macintosh or an iPad. In doing so, however, some had tried to run a custom MSC from their desktop within a VDI session but found that their ADMN account does not have access to their regular GL’s desktop folder. The solution is to place the MSC file to your personal folder on the file server and run it from there; both sets of credentials should have access in that case.

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex York can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Wayne has been busy as usual. DPM wasn't playing nicely with SIS (Single Instance Storage); consequently Wayne has now de-SIS'd the file cluster. As a result we have lost approximately 10TB of savings that we will probably have to try to get back by cracking the whip on various abuses such as those users who are backing up their local C: drive about six times to the file server. The space loss will be semi-permanent. Wayne said that we likely won't revisit deduping technology until we replace the file cluster in 2015 or so. We do have surplus disk space currently.

Wayne is building a DR (Disaster Recovery) server that that will house snapshots of our file cluster data. He believes this is going to hold our long-term backups thanks to the new sub-file "chunk" de-duping in Server 2012. We'll still have tape, but the new de-dupe gives the ability to save a whole lotta space.

Wayne has already made a copy of all the IFAS data with this and the space savings is around 50%! Our DPM Server is going to backup to disk from our data center to a second data center and this will also get backed up to tape. Additionally, long-term backups are planned to a Server 2012 box that does chunk de-duping and we will be able to keep backups going back maybe 1-2 years every 3 months or possibly every month.

Wayne also revoked the old 512bit WSUS cert, installed a 2048bit cert, and got Secunia 5 "somewhat" working.

Other projects include SAN firmware upgrades and vSphere upgrades. It never ends.

ePO updates (previous discussion)

Wayne Hyde has recently updated the security-tools folder with more recent versions of VirusScan and the McAfee Agent that are more friendly with Windows 8. The current Agent is 4.6 Patch 3 and the current VirusScan install is 8.8 Patch 2 (though Patch 3 was recently released). Patch 3 apparently only installs on Windows 8 and Wayne is investigating if a slip-streamed version of that will still install as patch 2 on Windows 7 and backwards before making that available.

Wayne has pushed out the latest agent (4.6.0.3122); it is currently on about 2900 machines and we have a couple of hundred still using the old agents and a bunch w/o any agent at all (many of which may be orphaned computer objects). Wayne will send out a list for us to investigate shortly.

ePO 5 is in beta currently but that may not be released before UF switches away from McAfee to either IBM or Symantec--or if we proactively switch to Forefront.

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Dennis Brown reported an issue with one of his users. This person can't open files in a particular folder directly from SharePoint. They have to copy these files locally in order to open them. Dennis was referred to Ben Beach for resolution as Ben is still our resident SharePoint expert, but Dan Cromer suggested checking that this person was using IE as that might be the problem.

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

The February Microsoft patches are expected to include 12 bulletins (5 "Critical", and 7 "Important") covering various vulnerabilities in the usual suspects. A risk assessment is available here.

McAfee provides podcasts on the highlights of each month's offerings.

Adobe

Adobe released a new update for flash yesterday.

Jimmy noted that Apple has a system update to go along with this for their built-in anti-malware system.

Java

Java appears to be perennially vulnerable; the only question is how widespread the latest exploits are disseminated at any particular time. We definitely need to get everyone who requires Java to version 7 and keep those updated as quickly as possible. We also need to figure out exactly who needs Java and where; the latest versions can be set to disable Java content in the browser for example, if use by local applications is the only need.

Here are some interesting links on last month's brouhaha from @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 02:

More evidence that the Java issue will never be resolved may be found in the recent article Java Security Feature FAIL: Researcher Bypasses Java Sandbox, Security Settings. Mozilla has begun Firefox plug-ins; this is a move that all browser vendors should consider.

Oracle released their scheduled Critical Patch Update (CPU) early so at least they appear to be listening...somewhat.

Java and SAS

David Blackman mentioned about SAS breaking when Java is upgraded. Steve knows that one can painfully uninstall SAS (thoroughly!) and then reinstall it pointing to Java 7 in the process. This will fix any SAS installation that is broken by upgrading to Java 7. Steve has supplied a test program you can use to test for success. Just paste those contents into the Editor windows within SAS and then use the Run > Submit menu.

Steve had yet to try a much simpler method that Wayne used successfully, however. After the meeting Steve was successful and wanted to share the details here:

Note: Steve performed this successfully on a SAS 9.3 x86 installation which was on a Windows 7 x64 box and where the installation was pointed to JRE6 during install. The paths may differ slightly with other versions and may vary depending upon what JRE that SAS was told to use at install time.

Basically, all one has to do is find the "sasv9.cfg" files within "C:\Program Files\SASHome\x86\SASFoundation\9.3\nls\en" and edit this line:

-Dsas.jre.libjvm=C:\PROGRA~2\Java\jre6\bin\client\jvm.dll

so it reads:

-Dsas.jre.libjvm=C:\PROGRA~2\Java\jre7\bin\client\jvm.dll

You have to open that file with elevated privileges in order to save it (elevating Notepad is one easy way).

MS Office News update (previous discussion)

Winnie Lante has been struggling with an Office 2010 install that lost its activation. Supposedly it is enough that a remote user connect via VPN from time-to-time in order to keep an Office install updated. In this case that did not work. Ihab Soliman had kindly offered a script of Nick Smith's to fix that (edited slightly here thanks to Bill Black):

Office activation (64bit)
Open elevated cmd
cd \Program Files\Microsoft Office\Office14\
cscript ospp.vbs /sethst:kms.ad.ufl.edu
cscript ospp.vbs /setprt:1688
cscript ospp.vbs /act

Office activation (32bit)
Open elevated cmd
cd \Program Files (x86)\Microsoft Office\Office14\
cscript ospp.vbs /sethst:kms.ad.ufl.edu
cscript ospp.vbs /setprt:1688
cscript ospp.vbs /act

The "/sethst" and "/setprt" parameters point to the keyserver and specify the port to use. Those two lines should only be needed for non-domain joined machines -- which was the case with Winnie since this was Windows 7 Home version. Unfortunately, this still didn't work for Winnie even with a confirmed good VPN connection. Dan Cromer finally supplied a MAK so Winnie could get Office activated.

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)

Apparently very few if any are satisfied with our current Remedy ticketing system:

Message from Dan Cromer:
"[ICC-L] FW: UF Computing Help Desk Remedy Phase 1 Needs" Thu 1/17/2013 10:12 AM


All,

UF Help Desk, as am I, is dissatisfied with the current BMC Software Remedy problem reporting system. I don’t believe it serves the need of us in IT, as it is difficult and time-consuming to enter problems by IT staff, and isn’t even that simple for users. Ayola Singh-Kreitz, Manager of the UF Help Desk, is asking for a list of problems that we in IFAS have with the current system. Please reply with any comments you have about it, and I’ll consolidate and forward to her.

Dan

From: Singh-Kreitz,Ayola
Sent: Thursday, January 17, 2013 9:53 AM
To: Cromer, Dan
Subject: UF Computing Help Desk Remedy Phase 1 Needs

Hi Dan,
Thanks for giving me a couple of minutes this morning.
Attached is our original set of requirements.
Please feel free to add/comment on any items you may agree/disagree in terms of MUST haves!
I’m hoping this 2nd round will serve us better and assist us in improve our current processes.
Thanks,
Ayola

---
Ayola M. Singh-Kreitz
UF Information Technology
(352)392-1305
UF Computing Help Desk


Getting an Exchange mailbox created

Mari Jayne Frederick asked ask about why it takes so long to get MBX's created using BMC remedy. She had submitted a BMC request Jan. 31st, assigned it to David Essex, and still has not heard back. She said that "this used to only take 1 day when we went through IFAS."

Steve responded that she should email Scott Owens directly. Everyone else concurred, although Wayne warned that Scott was out today. Everyone agreed that Scott provides superior service with anything email related.

David Essex related his frustration with the new Remedy system. They, of course, very much want to follow-up on tickets just as quickly and efficiently as possible, but the system makes that nearly impossible. Until we get a better system, David suggests direct email as being a much better route than to use. Steve mentioned that the rest of us have avoided David's frustration by not using Remedy; unfortunately, David hasn't had that option and we definitely feel for him on this. So long story short, for now use direct email to the help desk or to whoever directly handles the service for which you require assistance. In the case of email, that would definitely be Scott Owens.

Re-inventing the wheel?

Russell Hunter said he came to IFAS from a state agency that used Remedy very successfully and which had none of the drawbacks we are experiencing. He is wondering why UF is trying to reinvent a system when working versions are already in place elsewhere which we could simply adopt. Dan Cromer responded that the solution isn't as simple as just buying a turnkey system. The cost per seat for Remedy is about $150 per seat; on top of that it takes a whole lot of infrastructure and development to customize it to specific needs. UF doesn't have the resources to spend on that. This is why there is a study underway to investigate what might be done to find a replacement for it.

Other Topics

The "UF_N_ALL_IT_WORKERS" Security Role

There had been some discussion lately on the ICC-L and the CCC-L lists regarding the fact that employees with "IT job titles" have been assigned the "UF_N_ALL_IT_WORKERS" security role. Assignment of this role forces your password security role to a P4 status which means, among other things, that you must change your password every 90 days and cannot reset that password except in person. As mentioned by Alex Thompson on the CCC-L, "individual workers can go to my.ufl.edu > Main Menu > My Account > My Roles and see if they have been auto-assigned this role."

Dan Cromer has stated that "IFAS has been granted exemption from the in-person password reset policy, and the IFAS Help Desk staff (and I) have the ability to reset a password for those outside main campus. This was put into place in past years, so those of you who are newer may not be aware of it. I’ll pass this back to UF Help Desk supervisor so that she can remind those working there that anyone off main campus may be referred to IFAS Help Desk. Our process is to call back to the unit phone number listed, and request to speak to the person needing assistance, or other method of avoiding being spoofed." When Dennis Brown contacted Nancy Hodge-Weiffenbach for clarification she responded that she was unaware of any written policy about the IFAS exemption, and suggested contacting Ayola at the help desk to clarify the “in person” waiver that Dan indicated.

At the meeting, Dan corrected the above saying that he didn't have access to reset passwords but that he believed David Essex was the one who did; this is something that Ayola was willing to do for us to help us out with the issue.

New feature for the IFAS Mobile app (previous discussion)

The IFAS Mobile app for the Directory now allows searching for people within a unit:

Message from Dan Cromer to IFAS-Announce-L:
"FW: Directory Mobile" Wed 1/16/2013 11:30 AM


Dr. Xin and the IT software development team have added a nice new feature to the IFAS Mobile app for the Directory at http://m.ifas.ufl.edu. This feature allows you to search for people in a unit. Try it on your mobile device, I think you'll like it. Please remember that the IFAS Directory is only as good as the unit Directory Liaisons keep is up to date (the list is http://directory.ifas.ufl.edu/Dir/searchdir?pageID=9), so help them with any changes needed.


The meeting was adjourned about 15 minutes early around 11:45 am.