ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM August 12th 2005       REGULAR MEETING


A meeting of the ICC was held on Friday, August 12th, 2005. The meeting was chaired and called to order by Steve Lasley, at 10:17 a.m. in the ICS conference room.

PRESENT: Fifteen members participated. Remote participants: Mike Armstrong, Kevin Hill, and Mike Ryabin. On-site participants: David Bauldree, Dennis Brown, Dan Cromer, Marion Douglas, Joe Hayden, Chris Hughes, Dwight Jesseman, Winnie Lante, Steve Lasley, Mark Ross, John Sawyer and A. D. Walker.

George Bryan, UF Active Directory lead, was present as our guest.

STREAMING AUDIO: part one and part two

NOTES:


Agendas were distributed and the meeting was called to order 17 minutes later than scheduled. The lateness was due to another meeting which was still using the room upon our arrival. Our reservations are made for 9:30am to provide time for setting up the remote participation components, but the prior meeting ran right up until our 10am start time.

Report from the chairman:

We had no new members; however, we have a couple of folks leaving us. Marcus Cathey is leaving Agronomy and Microbiology and Cell Science for UF Law School. John Sawyer is leaving IFAS IT/SA on August 16th to become part of the UF Security Team at CNS. We wish both of them continued success.

Steve showed what he had done with the ICC member site, which now includes IT support folks (almost) exclusively. The ICC-L membership is now divided among two security groups in AD so we can separate those who are actual IFAS IT support folks (. IFAS-ICC) and those who merely have an interest in receiving ICC notices (. IFAS-ICC-FANS). Steve requested that ICCers look to see that their information is correct and to report any problems or missing people. Steve also pointed out that the membership table can now be sorted by name, title, unit or location by clicking on the corresponding column heading. This was accomplished via a simple-to-implement javascript sort routine. Thanks goes to Joe Spooner who suggested this method.

Steve skipped the "recap since last meeting", again simply pointing out that the agendas are always linked at this point to the notes from the previous meeting for review.

Progress on standing issues:

Microsoft contract support for IFAS

Chris Hughes had indicated at our last meeting that there might be some initiative to widen the scope of the UFAD MS support contract to cover more of UF. George Bryan said he would love that but that he hadn't heard any more on that from Mike Conlon. Chris said he had heard no more either, but that it was important for IFAS to have some level of MS contract support for us to be considered for the Technology Adoption Program (TAP) for Microsoft beta products--something we have requested for Longhorn and Exchange. That would be, at minimum, an $8400 expenditure. George believes this level of support is something that should be done at the university level, but the question is how to actualize that goal.

George detailed how the TAP program for Exchange has a considerable number of requirements for resources we would have to provide to the program. George was not sure that we could fulfill those this year, but believes we should give it our best shot. The advantage to IFAS and UF would be that we would be essentially upgraded to the next version of Exchange and have access to all the features of that new system--1 year before its official release.

Review of our anti-SPAM methodologies

Dwight Jesseman presented details of what has been termed "phase one" of our upcoming e-mail changes. Currently, all of the IFAS e-mail domains (@ifas.ufl.edu, @mail.ifas.ufl.edu, @fpo, @wec, etc.) are pointed via MX records to email.ifas.ufl.edu. On our Exchange servers we use MS IMF to score messages as spam via an SCL rating it applies and then move likely spam to the Junk E-mail folder for our users.

The proposed plan is to redirect our MX records so they point to smtp.ufl.edu. The Gatorlink mail services have about 6 smtp servers and 16 SpamAssassin servers. Gatorlink's SpamAssassin servers would then mark the headers of all our e-mail to indicate the spam scoring of the messages and forward those marked messages on to us @email.ifas.ufl.edu. The Gatorlink smtp servers are separate from the Gatorlink mailbox system and those servers themselves have an exceedingly high up-time. If mail delivery fails, Gatorlink will queue mail messages and retry delivery later via their sendmail backoff algorithm; only a failure beyond several days would cause e-mail to be lost. Consequently, this re-routing is deemed to present little risk to our e-mail delivery system overall.

The advantage of this re-routing comes from the implementation of an event sink called SMTPTracker. This application will look at the header of each message as they come in and evaluate the SpamAssassin markup, converting it to its equivalent IMF SCL score, and move suspected spam to the Junk E-mail folder. We now have the source code for this application and are confident we can maintain this, even across future Exchange upgrades.

Mark Ross said he thinks the use of an unsupported third party tool may cause us problems in the future. Chris Hughes countered that the developer was available and could provide some level of support. That and the fact that we have the source code make this inexpensive solution seem well worth trying.

The end result of this move will be that end users will not have to handle things any differently than they do now, but we will have greatly improved spam detection. Of course, an important piece of this model is that all users know about their Junk E-mail folders and how to use them.

Dan Cromer mentioned that Steve Ulmer at Open Systems has been very cooperative with Dwight on this plan and Gatorlink anticipates no problems with doing this. Dwight said that Open Systems has the forwarding addresses and they are testing with a separate domain. SMTPTracker must be configured and forwarding must be set at the other end, but this changeover is expected to take place sometime within the next couple of weeks.

As for how spam marking problems will be handled, we can now make use of UF facilities for this. If a message is marked by the system as SPAM in error, the user should forward the entire message (including the report) to report-ham@ufl.edu. If a message that the user thinks is SPAM is not marked as such, they should forward the message to report-spam@ufl.edu. It also was mentioned that IFAS can add rules in SMTPTracker for whitelisting, etc.

Mark Ross asked whether IMF or SMTPTracker would have precedence in the spam scoring. Chris Hughes said that SMTPTracker scores will overwrite IMF's scoring.

Status of ICC and ITPAC recommendations on standardizing IFAS e-mail addresses

As "phase two" of our upcoming e-mail changes, we will be standardizing on "GL@ufl.edu" e-mail addresses. Dwight went over, for the ICC, details of the information provided Thursday at an IFAS e-mail forwarding workshop. Data was presented on the numbers of users we have in various categories and how they will be handled during this transition.

George Bryan and Chris Hughes mentioned that one of the main concerns John Bevis has with IFAS using "@ufl.edu" addresses, is that mail within our organization would never go through the Gatorlink servers. That could be handled by setting up a secondary smtp smart host connector that routed all @ufl.edu mail traffic through Gatorlink first. However, this is not an optimal solution from IFAS's standpoint by any means.

Mark Ross questioned the process for obtaining mailboxes. Dwight said that a request could be made via their web form or via the IFAS Remedy System. Dennis Brown reiterated a common and long-held concern that IT/SA service documentation be gathered in one easily accessible place rather than having to search back through ICC e-mails to find how to access the various services. Chris Hughes suggested that documentation needs be address to Tom Hintz, who is in charge of IFAS IT's web presence. Until IFAS IT does this for themselves, Steve Lasley is providing an unofficial IT/SA Services Documentation site (if-admn OU admin credentials needed for access) that is updated frequently. Steve is always looking for feedback on how to improve that.

Dwight ended this part of our discussion by mentioning that currently any new mailboxes being created are using the new method. We already have all the tools in place to move people to using @ufl.edu addresses. Dwight has automated methods for fixing any IFAS or UF listserv addresses accordingly. Those wishing their departments to be early adopters can contact him for that. Dwight specifically asked if anyone in the ICC had any problems or concerns with the proposed plans. All those present seemed in agreement with the plan and that the goals of having standardized e-mail addresses with all accounts in the GAL would be a big benefit to IFAS.

Chris Hughes stated that, from a conversation he had with Joe Joyce, he thought we could go ahead with the automation plans to automatically create Exchange mailboxes and control forwarding from GL for Exchange mailbox users via a new "Mailbox Managed By" directory relationship and to use RUS to update Exchange with any GL name changes that may occur with the upcoming increase in the length of account names. Joe Joyce apparently indicated that disallowing users to check e-mail at both Gatorlink and IFAS should not be a problem. Dan Cromer feels that we still need to anticipate that contingency, however--casting a shadow of doubt over whether we really can proceed with those much desired features.

In need of administrative action: hire/fire procedures, "network managed by", FTE for UFAD, methods for end user maintenance/other informational notifications from IT

Prior exit procedure discussion. Chris Hughes reported having made some progress on the hire/fire procedures. He is borrowing reports from DCE and the Health Science Center to determine employees who have been terminated. This will allow us to send out notifications, as part of the SQL reporting services, on terminated employees by OU. This is something he had been asking UF and IFAS people about getting for some time and this weekend Kris Kirmse, the Director of IT at DCE, pointed him to reports that are already made and ready to use. These will be added to the reports already available at the reports site. (Note: the IFAS AD reports site is on private IP and you will need to VPN in if you are at home over DSL or the like.) You will also be able to see "true employees" of IFAS, and all the various types of people including OPS, courtesy faculty, research participant, departmental associates etc.

Joe Hayden asked where to find the link to the reports. Steve mentioned that this is both in notes from discussions at earlier meetings (for example) and in the IT/SA Service Documentation. The former is searchable from the ICC homepage with a suggested search term of "IFAS AD Reporting Site". Chris Hughes mentioned that he posts these sorts of things to the ICC-L as well. While he is aware it can be difficult to find information in old e-mails, he mentioned Lookout as being an excellent add-in for Outlook which provides much improved searching.

Office install point documentation status and the ITPAC recommendation on Changing IFAS IT e-mail client support

John reported that he expects to have the documentation completed this weekend. He has already completed the details of how to set up and update the site. He will provide links to how to do transforms, but said the details are documented by Microsoft. Steve said he will try to elaborate on that with the specifics of our circumstances for others in the ICC as time allows.

Steve mentioned to Dan Cromer that it was his understanding that this was still not going to lead us to reducing e-mail client support as recommended by both the ICC and ITPAC. Dan responded that the administration supports the recommendation, but that reality overrules. When a Dean contacts him and needs support on a Macintosh, for example, he must respond by addressing that need. Steve pointed out that we could at least get something published as to which clients were officially supported. This might serve to steer folks more toward the desired platform and provide at least some evidence that the ICC>>ITPAC process can show results. Dan says he has written an IMM on this (among other issues) but is still waiting the opportunity to have those approved for publication by administration.

Chris Hughes said he believed the current recommendations are sufficient for the Windows platform, but that we still need an official client for the Macintosh and Linux platforms. Chris also mentioned that IT/SA has purchased a mini-Mac to use as a test system when Macintosh support needs arise.

Proposal for migrating all IFAS subnets to private IPs

This was noted to be in progress. Steve asked if there was a plan tied to this. John Sawyer reported that there is a plan and that he worked with Chris Leopold on it. IFAS currently has over 100 subnets, which makes things like creating rules for firewalls or IPsec extremely burdensome. The goal is to create a contiguous block of 3 Class-C IP ranges (something around 128.227.133.0 - 128.227.135.0). Under this reconfiguration, if some unit need a public IP they would get a /28 subnet of 14 usable addresses from our contiguous range. The private side would probably be a 10.242.0.0/16 or something like that which would be IFAS specific. There would also be two other Class B private subnets for the VPNs to remotes sites, either 10.251.0.0/16 or 10.230.0.0/16. This would allow us to readily identify IFAS traffic by eliminating a huge disparate range of addresses and collapsing the structure to a more easily manageable size (from over 100 ranges to just 7).

Chris Leopold is waiting on the plan from Marcus Morgan, in charge of Network Software Support (NSS) at net-services, who is UF's "keeper of the IPs". Marcus has been on vacation apparently, but the plan is to move forward with this fairly quickly once it can be arranged.

Dennis Brown asked if he should consider moving his unit to the private side in the interim for security reasons. John didn't think he need bother, but did mention that if he had enough numbers free on the private side that he could setup exclusions for the public side that would push DHCP clients to automatically start getting private numbers. Dennis also asked if subnets 134 and 135 in the farm area were running out of numbers. While that is possible, it hasn't been noted to date.

Mike Armstrong asked about how much input remote sites would have into this renumber process. Mike complained that this was the 4th renumbering mandate from Gainesville since he has been here and he is getting a bit tired of that. John said that he didn't really see this affecting CREC, but that he should contact Chris Leopold for the details.

Status of the IFAS Remedy trouble ticket system: e-mail notifications not working in all cases; some tickets languishing in the queue

Steve reported that the e-mail notification problems have been resolved. Most of the previously noted issues should be fixed as tickets sitting in the queue were mostly due to having been assigned or referred by e-mail to someone who never got the notification. Also, Chris Leopold has reminded his staff to remember to check the queue regularly anyway, to help prevent new occurrences of unhandled tickets.

Dwight related that Fran McDonnell is heading a committee to establish a knowledgebase for the Remedy system. They have already determined the scope of the project and the feature sets desired and are meeting today (which Dwight is missing to be here) to review the vendor list to see who can meet our specifications. They are leaning toward a third party solution.

Chris Hughes said that he has been the holdup on getting the contact list to Adam Bellaire so trouble tickets can be assigned to the appropriate OU Admin based on the NMB attribute of the person submitting the ticket. Chris has the list of contacts in spreadsheet form (if-admn credentials required), but still needs to enter it into an SQL table. Dan Cromer mentioned that he wants the ICC to become familiar with this list of contacts and for the IT Taskforce to tabulate how many computers each support person is responsible for. Dan feels there are numerous inequities in those responsibilities within IFAS.

Mark Ross complained that he still doesn't have access to the Remedy system. Dan Cromer said that he was aware and that the request has been passed onto Adam, but that he didn't know what the holdup is there. Dan Christophy has been asked to follow up on this and apparently has, but without results.

The wallplate

Steve asked Dan Cromer for clarification on whether building 116 was going with the wallplate. Dan reported that Ashley Wood, Director of ICS, had asked Joe Joyce for funds to support that and that Joe Joyce had replied that units wishing to go that route would have to pay for it themselves. Dan was not sure whether Ashley had decided to foot the bill or not. Animal Science is in the process of moving to wallplate and Microbiology is looking at it. John Madey, Associate Director for Telecommunications at CNS, has notified Dan that VOIP at UF is now available separate from joining the wallplate initiative. Places still using Centrex service should consider this as an immediate cost saving alternative ($22.50/curcuit/mo. vs. $26.50/circuit/mo.). Chris Hughes said he understands that UF plans to replace all Centrex phone services on campus within the next year for the savings it would provide. Joe Hayden said that IFAS is in pretty good shape with regards to Centrex as it is only used in a few buildings. Joe also stated that there are cheaper alternatives to VOIP available as a replacement for Centrex services.

Dan also figures it is no great stretch of the imagination to assume they could do such a separation for a QoS port as well--at least, that is what we would hope.

Moving all IFAS machines and printers to DHCP from static addressing-who handles DHCP requests and how can OUadmins monitor that server

This is something that might be handled in conjunction with the collapsing of our subnet space. It is also waiting on our new DHCP server which is on order. Marshall Pierce is the primary on DHCP issues and Chris Hughes said he can give at least DHCP view access to anyone who wants it--they simply need to e-mail him their desire. Chris added that it may take him 2-3 weeks due to his workload, however. Steve thought that would be great as he has been requesting access off-and-on from Chris Leopold for well over a year now. Steve used to have access, but that went away at some point and Chris Leopold could never seem to rectify that. Joe Hayden said that the same thing had been true with him.

When Mark Ross said he wanted the ability to be able to set reservations for himself, Chris mentioned that Release 2 of Windows 2003 may allow delegation such that this would be possible.

Wireless options for the remote sites

Mike Ryabin had asked for clarification on current recommendations. Less expensive solutions which were being investigated by John Sawyer do not appear to be practical. A BlueSocket box ($2347.82) plus $391.30/year for maintenance seems the best bet currently. This will support 50 users and the box has 4 ports which can be plugged directly into access points or into a VLAN supporting those. Matt Grover would be the person to contact, in coordination with Chris Leopold, for remote sites wishing to do this.

Dell Order for IFAS IT/SA

Chris Hughes reported that, as an end consequence of a "good will" offering from Dell for the domain controller power supply and CPU problems we had experienced, IT/SA is getting $81,000 of equipment for $24,000. This will provide Dwight with backup capacity for IFAS as a whole, including a 6 drive LTO-3 tape library that holds 72 tapes at one time. Dwight said this would allow IFAS to extend the current data recovery it offers to complete system recovery.

Report from the IT Infostructure Task Force 2005:

Joe Spooner was unable to attend, but he did provide a written update on the Info Taskforce's status. Steve left it to ICCers to read that document for themselves, but did mention he was somewhat concerned that the Taskforce has apparently been asked to quickly wrap-up their work and turn in their reports. Steve feels that they haven't had sufficient time to do a decent job on their task, particularly considering that none of the members has been granted any relief from their regular job duties to handle this. Note: The Videoconferencing committee, a separate but critical IT-related committee, has apparently already been disbanded without so much as a notice from the chairperson to the committee members.

Report from the AD Committee:

Update on how things are going at UFAD

We were fortunate to have George Bryan, UF Active Directory Project Lead, as a guest at our meeting. George told us that Stephen Cates, past Manager of MIS at the College of Engineering and recently on reserve duty for our armed forces, has been named as the third FTE for UFAD. George also mentioned that with all the integration development they do, they really could use a fourth FTE; George referred to this need as being for someone with "Joe Spooner" capabilities :-).

George said he had a meeting with Chris Hughes regarding the use of MOM. IFAS has offered UFAD the use of some temporary licenses and their MOM server for the monitoring of UFAD's DCs. Currently UFAD only has alive/not alive type monitoring via Sitescope, whereby they are notified if a ping of a server fails twice within any 5 minute span. They also try to browse the event logs weekly looking for problems, but it is not currently the type of proactive monitoring that MOM would allow. UFAD originally had a lot of monitoring set up via that ERP recommended system, but it caused problems for ERP's SiteScope server and UFAD was required to slim that way down so it wouldn't hurt the other, apparently fragile, ERP processes. George noted that the SiteScope system also gave them "tons" of false positives. This proposed usage of MOM should be a win-win situation for everyone and George is going to Mike Conlon for approval on that shortly.

George re-capped the earlier discussion of our nomination for the TAP program for Exchange. One of his concerns there is that our organization may not be of the size which Microsoft is looking for. Another is the exotic nature of our Exchange organization: at UF we have 17 Exchange servers for only 5187 mailboxes! This distributed structure, even with the excellent help of the various Exchange admins outside of Mike Kanofsky within UFAD itself, is intractable to the point of near ridiculousness. George has taken this issue to Mike Conlon who will be passing it on to Marc Hoit. Hopefully we can get some action on that. George would like to see 4 FTEs supporting a centralized Exchange server for all UF, and that is what he has put in the recommendations. George mentioned that the University of Missouri has successfully gone this route.

George said that the list of 17 servers mentioned doesn't even include Academic Affairs, who has at least 5 tremendously large Exchange servers with a SAN backend, Live Communication server and the "whole nine-yards". There would be a tremendous cost savings for UF as a whole to provide Exchange as a centralized service.

George also commented that, although the UFAD project benefited initially from being part of Bridges, he would eventually like to see UFAD as a separate unit reporting directly to Marc Hoit.

Dwight asked George if he felt Academic Affairs would ever join UFAD. Part of the interest here is that Academic Affairs provides e-mail for Janie Fouke, our new Provost; while the president's office belongs to the UFAD organization. This makes sharing calendars between the President and the Provost rather difficult. In any case, George said he had heard many things on this matter from the extreme of Academic Affairs wanting to handle Exchange and web-hosting for all UF, to after Victor Yellen, Assistant Provost Academic Affairs, leaves in November it is a done deal and they are joining UFAD.

George stated that even though UFAD hasn't completely lived up to every detail of their charter, they are under utilized at UF and the value they could provide is potentially enormous.

Dwight asked for a clarification on account lockouts. He wanted to know if a lockout in PeopleSoft was synchronized into UFAD. George said that this was not the case and that any UFAD lockouts were solely the result of bad password attempts against our own DCs. Although it requires 20 incorrect attempts within a 30 minute period to generate a lockout, it turns out that this situation is not as uncommon as one might think. If someone is using Outlook Express, for example, and they change their password in Gatorlink, when they go to send an e-mail, the client is still using the old credentials and can very quickly consume the allotted 20 attempts. Chris Hughes plans to provide a method for every OU Admin to be able to unlock people, but this ability is not there currently. Although, a number of folks do have reset capabilities now (Chris Hughes, Chris Leopold, Marshall Pierce Dwight Jesseman and, of course George and Mike at UFAD)--generally by the time they can get to it from a request, the lockout is resolved simply by waiting the requisite 30 minutes.

George said that he is going to recommend that we participate in the Exchange TAMS program with UFAD and IFAS involvement. He feels it is too big of an opportunity to just throw away. George wasn't so sure about the Vista TAMS but Chris Hughes stated IFAS is already planning to enter that program using a remote site. George believed there may be some other group within UFAD that could take advantage of that as well. Chris Hughes mentioned that it is important to get more UF folks to the MS briefings on those as he was the only UF representative at the last one and that doesn't look good. George said he intends to be at the next one and Chris Hughes said Marc Hoit now intends to attend these as well.

George mentioned that the only problem he has with e-mail enabling all accounts is the handling of the update should they change their username. Chris Hughes stated that IFAS plans to handle this via RUS.

Significant account management changes at UF are being planned and were originally set to be effective September 15th. The hardware for that was ordered late, however, and due to it being ordered in bits and pieces there have been numerous delays. They still don't have the hardware, including an EMC storage access network and an IBM blade-server. None of those ordering decisions were in UFAD's control, but they did order what they were told they could order. It's starting to look like the deadline will have to be pushed back.

George then spoke on the issue of needing to change passwords twice on new accounts to have them synched correctly into UFAD. The planned solution to that began a couple of months ago when George talked with Mike Conlon about using Biztalk to consume the data that could be thrown to UFAD by the Gatorlink account management system. They were going to send SOAP packets and UFAD was going to receive those into Biztalk so we would have redundancy. The plan was to also use Biztalk to update other systems on campus as well as to consume data from other systems on campus. Biztalk could offer a lot to UF in terms of application integration--replacing the crude FTP transfers and "write a file, read a file" methods currently used by 90% of our various systems for inter-process data exchange. George is very excited about the potential here and cited a number of large companies (Boeing and J.C. Penny) that are using Biztalk to successfully integrate their various diverse business systems. PeopleSoft was struggling at sending out SOAP packets, causing all sorts of errors and problems. In conversations with PeopleSoft it became clear that their software was never meant to be a messaging hub, but rather a messaging client.

This prompted Mike Conlon to make the decision to go with Biztalk and $200,000 of software and hardware was ordered for the project with George being the lead. George went through training, developed all the prototypes and proof of concept designs, the entire project proposal and was basically all ready to go. Beyond the Gatorlink account management, Biztalk was planned for support of the UF campus directory as well as for outside vendor support. He then went to a meeting this Tuesday with all his ducks in a row and found out that other participants (Academic Technologies and CNS in particular) had done no ground work and were unable to consume the data as would be needed. Due to seeming confusion among the 5 participants about the scope, Mike Corwin decided to stop work on the project, deeming the risks too great. George thinks this can be resolved and is continuing to work on this. The bottom line is that the project will likely proceed, but with some significant delays. Until that time, we may have to suffer with the "users must change their password twice" synching problem. George did mention that if the project is delayed too long, he will move the e-mail enabling of all accounts to a priority ahead of this.

IFAS AD progress report

Chris Hughes reported that Dean Delker will be making videos to document the usage of the OU Admin accounts.

Report from the Network Security Committee:

Access to results from the machine startup-script changes

Chris Hughes asked about how people wanted access to the data of what services are running on a machine and what applications are installed on a machine. He wondered if it would be sufficient to make the table readable to IFAS OU admins. The problem there might be folks having access to Enterprise Manager. Chris stated that we have processor licensing for SQLserver, so OU Admins can use Enterprise Manager against it at no charge; it would require making a SQL install CD available to everyone, however. This could be done via the protected IFAS Software Site. Dwight mentioned that there were other free downloadable tools which can access this just like Enterprise Manager.

Dennis Brown asked if Chris had looked at any of the data. He said he had looked particularly for older versions of Office and for people that have 3rd-party firewalls because those will need to be removed before we add in the Windows firewall. Steve mentioned that there is likely a wealth of information in there and the more eyes we can get looking at it the better.

Chris reported that he has a program that does an update of every machine that is turned on. If there is ever an exploit--something like the BackupExec exploit that came through previously--we can query every machine that is on-line for specific user accounts or for services or programs that are installed and find out who is compromised quickly and easily.

Mark Ross asked John if Patchlink was "no more" and John replied in the affirmative. The license expired in May and about a month ago they made the GPO change to disable the agent service and set the machines to go to Windows Update. WSUS was set up this week and is up and running. Some work is still needed to get the remote repositories on-line. Steve asked if a script has been run to uninstall the Patchlink agent from all our machines. John said the agents have been disabled but not uninstalled. The uninstall procedure is apparently unreliable. As for manually uninstalling it, Dwight reports that it may or may not be in Add-Remove Programs. If you want a sure-fire method, Dwight recommends stopping the PatchLink update service (it should already be disabled), then going in and removing its keys out of the registry. It is in three spots: one under HKLM\System\CurrentControlSet\services and two under HKLM\software. Finally remove the \Program Files\Patchlink folder where the files are installed.

ePO reorg and exclusion lists

This is just one of many things in queue to do, although Chris Hughes expects to give it a rather high priority. According to Chris, we do have ePO failures occurring.

Report(s) from IT/SA:

status of new VPN server (if-srv-isa.ad.ufl.edu)

The server continues to have problems in that it blocks web access to connected VPN clients. John found an article which specifically addresses this issue and followed it to the letter w/o result. John will keep working on it, but the worst case scenario would be that this cannot be resolved and ISA is pulled off in favor of the standard VPN configuration.

MOM status

Chris Hughes reported that MOM is in production. If you want reports, mail him your server names. If you don't care about reports, you may see him log onto your servers and fix things. MOM has been upgraded to SP1; this caused a few minor errors which Chris is dealing with.

upcoming website support changes; halting Front Page Extensions support?

In the absence of Marshall Pierce, Chris Hughes reported that FrontPage Server Extensions will be enabled upon request for sites needing that, but they will not be enabled by default. Marshall doesn't feel that he can have a rock-solid webserver with FrontPage Extensions installed and they also preclude having a clustered environment. Please be aware of end-user issues with this; it will affect a number of users who may not even know they are currently making use of those features. Steve took this opportunity to mention that this issue has been discussed in detail at the weekly IT/SA meetings. The agendas and audio streams are available (if-admn credentials required).

funding model for IFAS fileserver replacement

Chris Leopold was unavailable, but Chris Hughes stated that if departments want file storage and are willing to pay some amount, e-mail Dan Cromer with how much you are willing to pay. Then IT/SA may actually be able to buy the needed new fileserver. Chris thinks that if they can get contributions totaling about 1/3 the cost of the server (in exchange for guaranteed filespace) that the purchase can happen. A fair current estimate for this machine (and that might be about 10% less upon more thorough investigation) would be $18,418.29. This is a PowerEdge 1850 with 2 PowerVaults with 28 300GB drives and a LTO-3 Tape library and tapes for 4 week backup retention. Costs would be $2.36 annually per GB. Or $2361.32 per terabyte per year with 4 week backup. Additional retention would be $2K per week total cost. Everything is under 4 hour warranty, except backup, which is next day.

Any units who have been considering getting more filespace should consider the benefits of contributing to such a centralized solution.

Other Discussion:

George Bryan reported that UFAD was audited by the campus auditors. They submitted a wealth of detail about the UFAD security configuration, but George has not heard back from them on that.

The meeting was adjourned late at approximately 12:35pm. A number of folks joined John Sawyer for a farewell lunch at Chili's.
 


last edited 15 August 2005 by Steve Lasley