|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Message from Rob Adams to the SCCM-L: All, News travels fast around here…love it!!! I announced that we secured a site license for Secunia at the Campus IT Directors meeting yesterday. As part of the Governance for UF IT, the Information Security and Compliance Advisory Committee (ISCAC) recommended that we move forward with tools to assist the campus with third party patch management in an effort to attain a more proactive stance as it relates to information security (additionally, I have been getting a lot of inquiries for this capability, specifically Secunia). We moved forward with this recommendation and invested in Secunia CSI 4.1 Enterprise (integrated with Microsoft WSUS/SCCM). Includes:
I indicated to the Campus IT Directors that my office would be communicating with them to organize this effort. There was some discussion about setting up a hub and spoke configuration for this. I am happy to entertain architectural changes and centralizing services where it makes sense to the campus IT community to better serve their constituencies. Thanks… |
This CSI software connects to WSUS and SCCM via their APIs. Some videos are available showing the configuration details. Since IFAS already utilizes WSUS, there will be numerous configuration issues to coordinate and being short on time and resources does not help.
Free Windows 7 Deployment Training for UF IT Staff
As mentioned at our last meeting, three days of free training are being offered to IT staff. Registration is required and there will be no remote access or recordings available.
Upcoming Peer2Peer
In case you missed it, last month's Peer 2 Peer event is available as a recording.
Update on domain policy and redirect duration
As mentioned last time, our domain policy is being reviewed by a sub-committee of ITPAC.
CNS wants to host DHCP/DNS solution for all campus (previous discussion)
For now, this is a non-issue within IFAS. As stated last time, a great deal of investigation would need to occur before we could consider moving to this.
UF Exchange Project updates (previous discussion)
Exchange 2010 migration status
Dan Cromer related that the move to Exchange 2010 broke many/most Blackberry devices. Consequently, they are in the process of upgrading the Blackberry Enterprise Server (BES) which is expected to be done by the end of next week. Once that issue is resolved Dan expects a notice to go out about actively migrating. The expectation is that we will all be moved over by the end of June.
Moved all to Proofpoint seemingly without glitches
Steve noted that he had not heard a peep from his users and that seemed to be the case overall. Dennis Brown mentioned that he had one concerned user but that was the only issue mentioned. Steve speculated that this is similar enough to the Barracuda as to be easily understandable by our clients. It also doesn't hurt that so few messages are actually quarantined.
Dan Cromer mentioned that the Barracudas will soon be turned off as all quarantined messages will be aged-out after 30 days. At that time he expects the URL on ProofPoint to change back from http://quarantine.mail.ufl.edu to http://spam.mail.ufl.edu.
Centralized FAX service via Exchange (previous discussion)
No updates available...
Sakai e-Learning System now in production (previous discussion)
No updates available...
IT survey is coming (previous discussion)
We will keep this topic on our agendas until some resolution occurs.
Alternate IFAS domains in e-mail
No updates available...
Electronic Copy - Print Output Cost Reduction program (previous discussion)
Dan mentioned getting an e-mail from our CFO, Matt Fajack, saying that the ITNs will go out in a couple of weeks. Winnie's department has an immediate need and likely cannot wait for that to be resolved. She said that they are currently getting bids from the three state-approved vendors.
myuf Market (previous discussion)
Steve wants to keep this on our agendas in case discussion seems warranted.
Split DNS solution for UFAD problems
Steve wants to keep this on the agenda for future reference.
No updates available...
Regarding the DC replication issues we have been experiencing, Steve had heard that OSG believes they have solved that by removing one troublesome DC. Andrew Carey was not available for comment, but time will tell. Steve has been a bit concerned that central monitoring had not seemed to catch these issues in the past--rather Andrew has had to be the point person on reporting those issues.
No updates available...
New virtual infrastructure being planned and spec'ed out
Wayne Hyde said that he is currently evaluating whether or not to stick with VMware or switch over to Hyper-V with the next revision. The incentive to switch would be cost, but currently VMware's management tools are much superior. A VSphere 4.1 Enterprise license costs about $6000 in up-front costs with one-year maintenance. Then it would run an additional roughly $1000 per year per ESX host server. Hyper-V is "free" and does have some advantages now with R2 as far as dynamic memory. That feature might make Hyper-V a good solution to our VDI infrastructure so that VMs could be easily adjusted with regards to memory needs of the GIS VMs.
Unfortunately, the SCCM 2012 products (which demoed well at MMS last week) won't finalize until after we need to make our equipment purchase.
Regarding the processors he is looking at for these host machines, Wayne believes that clock speed may be more useful that a greater number of cores at this time so he is leaning towards 6-core processors running at a faster clock speed.
There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM
Free Windows 7 Deployment Training for UF IT Staff
As mentioned last time, don't forget that this opportunity is coming up in a couple of weeks. If you haven't registered yet, do so right away.
RSAT for Windows 7 SP1 is out
This is not a Windows deployment topic, but the new version of the Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1) is now available for download. You can now add RSAT to a Win7 SP1 install after-the-fact.
Steve took this opportunity to also mention he discovered that HP's Web Jetadmin tools will not install on Windows 7 SP1 currently. A hot fix is anticipated. Steve hates that HP makes this huge cumbersome program the only means to update firmware on their printers.
Windows 7 SP1 via WSUS
As mentioned last time, Wayne has created a means for pushing this out via WSUS. That said, there is no hurry and various problems have been reported; you may want to run through a checklist of recommended preparations. Steve had heard that it is very important to install SP1 by itself, as there have been issues when it is installed along with other updates. Microsoft is Updating the metadata of the WSUS and Microsoft Catalog items to mark them for exclusive install to avoid this issue. Wayne has created a target group called "7SP1" and it can be used similarly to how IE8 was handled.
Wayne mentioned that he is also creating target groups for IE9.
UF SCCM Support Group
No updates available...
Exit processes, NMB and permission removal (prior discussion)
No updates available...
Re-enabling the Windows firewall (prior discussion)
No updates available...
Services Documentation: Is a Wiki the way? (prior discussion)
No updates available...
Recording lectures for Distance Education (previous discussion)
Protected access for captured lectures
Steve had been assuming access could be controlled the same way sub-folder access is handled for other web sites--namely by denying read access to the anonymous user and adding another controlling security group with read access. While that does do the trick, it also breaks the script which provides the table of contents for stored lectures. We clearly need a better solution.
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations. Dennis Brown mentioned having used the site successfully and Steve added that he had utilized it just yesterday. Santos prefers that we use this rather than e-mail him separately.
Dennis related that Santos had mentioned an issue with the field size for the IP# being too short to handle the maximum of 15 possible characters. Dennis didn't know if that had been fixed yet or not.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
IFAS efforts toward Green IT (previous discussion)
No updates available...
Creating guest GatorLink accounts: singly or in bulk (prior discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (prior discussion)
Steve wants to keep this topic on our radar.
Moving away from the IFAS VPN service (previous discussion)
No updates available...
VDI desktops as admin workstations (previous discussion)
No updates available...
Wayne's Power Tools (prior discussion)
No updates available...
Computer compliance tool in production (previous discussion)
No updates available...
Folder permissioning on the IFAS file server
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Core Services status (previous discussion)
see the new virtual infrastructure section above...
No updates available...
Status of SharePoint services (prior discussion)
IFAS migrating to centralized MOSS
No updates available...
Public folder file deletion policies and procedures status
Nothing further was available on this topic at this time.
Microsoft
The April Microsoft patches will include seventeen bulletins (nine "Critical" and eight "Important") covering a whopping sixty-four vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.
McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".
Adobe
There were new critical updates released for Adobe Acrobat, Flash and Reader. You can view your current Flash version by going here. Flash should be at 10.2.153.1 (10.2.154.25 for Chrome). Acrobat should be at 10.0.2 or 9.2.4; Adobe Reader 10.0.1 was not patched and is supposedly not vulnerable.
MS Office News update
No updates available...
Job Matrix Update status
This is here as a standing topic--no discussion this month.
Remedy system status (previous discussion)
No updates available...
usage of the UF IT Alerts Dashboard page by IFAS
Dan Cromer mentioned that he would like to get IFAS using this site for the posting of IFAS issues. Apparently a number of central IFAS IT people (Dan believed that included Chris Leopold, Andrew Carey and the Help Desk) have the ability to add items there now. Dan wanted input on who might need to do that.
Steve asked whether "phones down at REC" or "network down at CEO" type messages might be appropriate for that. If so, IT staff at RECs and the IT District Support folks might want access. Steve believed we should to make sure we are posting pertinent information there before urging folks to go there, however. Otherwise our users will be disappointed by the expectations we might set.
Dan mentioned that EDIS outages and ECES outages were other good candidates for posting here. Steve agreed with Dan that this would be a good thing; it seemed to him that the main issues would be coordinating with our various IT staff members. We would need to make sure everyone involved knew how and when (i.e., when it might be appropriate) to do that.
Passwords for Polycoms
Marvin Newman related his frustration with not having the administrative password to his own Polycom units. Apparently Video Services changed some settings on his unit that caused problems. He called Patrick Pettus, but Patrick would not give him the password so he could correct the problem. It seemed to be the consensus of the ICC discussion that Patrick has generally been very good at working with folks in such cases. Allan Burrage suggested a well written e-mail explaining the problem to Patrick and copying Dan Cromer and possibly Marvin's director. Patrick has been very accommodating in the past and Allan believed a bit of additional communication would clear up the issue.
Dennis Brown mentioned that Lance Cozart with the IFAS Help Desk was a good resource for Polycom issues as well, though he would not likely be available after normal business hours.
RODC issues at remote sites (prior discussion)
Diagnosis and resolution of this issue has been very slow. On March 22nd, CNS/OSG announced that they would be removing a stale forest trust on UFDC07 that they believed might be causing what they described as "intermittent replication problems across the domain".
UAC settings egregious for users?
No updates available...
PDF-Xchange (prior discussion)
No updates available...
The meeting was adjourned early a little after 11:00 AM.
