IFAS COMPUTER COORDINATORS
NOTES FROM September 8th 2006 REGULAR MEETING
A meeting of the ICC was held on Friday, September 8th, 2006. The meeting was chaired and called to order by Steve Lasley, at 10:00 a.m. in the ICS conference room.
PRESENT: Seventeen members participated.
Remote participants: Ben Beach, Francis Ferguson, Chris Fooshee, Mike Ryabin, Mitch Thompson, and A. D. Walker.
David Bauldree, Dennis Brown, Dan Cromer, Marion Douglas, Diana Hagan, Wayne Hyde, Dwight Jesseman, Winnie Lante, Steve Lasley, Chris Leopold, and Mark Ross.
John Sawyer, UF Security, listened in via the stream as well.
STREAMING AUDIO: available here
Agendas were distributed and the meeting was called to order at on time at 10 AM. Although we had trouble with the in-place projector cable, a spare permitted connection of Steve's laptop directly to the projector so those at the meeting could view his screen--which was also shared out via NetMeeting. Trish Capps reported difficulty connecting via NetMeeting which eventually resolved itself.
Note: Steve would like to note that we still have roughly one dozen people with admin accounts that are not subscribed to the ICC-L or otherwise involved with the ICC. Steve has sent out an e-mail inviting those individuals, but received no response.
Steve noted that Omar Abdelghany, from CALS, is now subscribed to the ICC-L. Omar e-mailed Steve: "I am the systems administrator for the McCarty Hall B and D 2nd floor computer lab and offices (academic affairs, assistant dean...etc.) I work with Joe Spooner on different issues like trying to resolve issues with logon, technical issues".
IT has a new OPS staff member. Dan Cromer has hired a .5 FTE programmer to assist in the web migration. His name is Eshan Maanas Chittimalla and he goes by "Maanas". Steve also noted that Steve Bloom has retired from SWS and that Chris Hughes began his new job today at the College of Medicine.
Dennis Brown had mentioned that it would be good of the ICC to take Chris Hughes out to lunch at the Olive Garden after our next meeting, if he is available, since we hadn't done that prior to his leaving. Dennis will be arranging that and notifying all of any details.
Recap since last meeting:
As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.
Annual ICC elections:
Steve confirmed that he and Dennis Brown had consensus support to continue as chair and vice-chair respectively.
Report from August 22nd ITPAC meeting
Steve gave a brief rundown of what had transpired at the August ITPAC meeting, relating that he felt our recommendations were well received. You are referred to Steve's ITPAC notes for all the details.
IT Governance sub-committee status report
Since Chris Hughes has left, Steve asked if there is anyone in the ICC willing to take over from where Chris left off. Dennis Brown reported interest in that, but wondered about the direction to take. Dan Cromer suggested waiting until things progressed just a bit further at the UF level. Dan noted that the IT Governance Charter has been published. Members of that committee will include Marc Hoit, Mike Conlon, Dan Cromer, and Jan van der Aa. All available details have and will be published on the UF IT Reorganization Site. Dan related that their first meeting will be next week. At some point after that there will be a proposal for discussion and Dan felt that this committee might become involved at that time in supplying feedback.
Recommendation: autogroups for *selected* roles
Steve once again wanted to refer ICC members to earlier discussion so they might consider this matter as time allowed.
IFAS Remedy System
Steve yet again expressed his frustration concerning the lack of movement on fixing e-mail notification issues with the Remedy system. He noted that Marc Hoit mentioned wanting to expand the model which the UF Help Desk has used with IFAS to include other campus units. Maybe something will be done at that time. Clearly this is not a high priority within IFAS IT currently.
IFAS WebDAV implementation
Steve admitted that he had been slow on the uptake regarding the http://files.ifas.ufl.edu page which Chris Hughes had created to ease access to the IFAS WebDAV implementation. Steve went there and viewed the source of that page, showing folks how that page had been designed and how the special links used there obviate the need for accessing https://files.ifas.ufl.edu directly via IE and its "File, Open > Open as web folder" method. It also eliminates direct access to the root and the concomitant long wait that occurs there while permissions are enumerated across the entire DFS structure. An example of this linking method is shown below:
STYLE="behavior: url(#default#AnchorClick); text-decoration:none"
<img src="http://itsa.ifas.ufl.edu/folder.gif" align="middle">
<font color="#000000" face="Tahoma" size="1">ENTNEM</font></a>
Note that you can create your own custom launch page with links to deeper locations by altering the path in such code and saving it as an html file. That file could then be distributed as a custom "links page", for example, to users.
Steve mentioned that he had wondered to Chris Hughes about the practicality of creating a simple web application that could help assist folks in posting files to the server and e-mailing links rather than attachments. Imagine a treeview control on a web page that would provide an interface for locating the desired target folder within our DFS structure, uploading a file to which they browse and then pasting a path to the clipboard. Then it could launch a new e-mail message into which to paste the link. For speed considerations, the directory tree could be populated from a cached snapshot and a button could be made available that would update that via inspection of the DFS--this is assuming that on-the-fly population would be too slow. Of course, it would require a web programmer, but shouldn't be a huge undertaking. Chris had found the suggestion interesting and even mentioned having access to a sample application that might lend itself to easy modification for this purpose.
Mark Ross and Winnie Lante both said that he had been unable to save files using the WebDav setup, but Steve demonstrated how either drag-and-drop or copy-and-paste worked fine to move files in and out. Steve did note that editing in place does not work via WebDAV; rather files must be moved locally, edited, and then replaced on the share. Diana Hagan mentioned that when links were placed into e-mails to a location beneath the root, such as http://files.ifas.ufl.edu/public, one only got the http://files.ifas.ufl.edu redirection page. (This is because that page is implemented as a custom error page.) The solution to that is to specify the url via the secure http protocol, https://files.ifas.ufl.edu/public, instead. This permits direct read access anywhere into the DFS file structure (permissions allowing of course).
Dwight noted that no "ufad\" prefix is needed on the username when supplying credentials; this is great, but might actually confuse some folks, since secure websites do require that.
The ICC approved that the WebDAV access method be advertised for general IFAS usage once documentation was in place. Diana Hagan had kindly offered to work on the documentation for that and will run it past the ICC for comment and modification prior to general notification. The goal with that is to provide simple instructions which our users can follow for placing files and e-mailing links to those.
There was a discussion of how this internal file sharing method could be extended for collaboration outside of UF. The Gatorlink Account Management project will provide us a simple way of creating guest accounts having a 7-day expiration. Those could be used for permissioning for short-term access needs. Longer needs could be addressed by creating a standard Gatorlink with the "departmental associate" role.
Wayne Hyde had some concerns about the public folders and the large number of accounts which will have access, with WebDAV, from anywhere. Currently, people are storing private data in this inappropriate location. Wayne recommends that we institute a retention policy--at least for the main public share--that files be deleted after remaining there a certain length of time. This could be implemented via a script that traversed the folder examining the creation dates. Exclusions could be allowed for as necessary for special purposes. Steve supported this proposal, but suggested incorporating a "~Policy-Please Read" file (and similarly named folder with a second copy of that file) within the public folder. This file would include an explanation of the policy and the reasons behind it; the naming prefix would assure it sort to the top in a directory listing and thus be more likely to be seen--and hopefully read.
IFAS does need a location where it can place files for public access using Gatorlink credentials to folks outside of IFAS, and that is the purpose of the ifas\public folder. Mark Ross was concerned with such widespread sharing via WebDAV at all, thinking this might be better handled via sFTP. Dan Cromer mentioned that sFTP, and doing away with FTP, has been on his to-do list for a very long time, but resources to implement that have just never been available. Nobody disagreed with a well-planned move from FTP to sFTP in principle; however, it would require a great deal of end user coordination and thus is not readily accomplished with our current resources.
Mark suggested that the icons used for the public folders be altered to indicate their special status. Perhaps they could be colored red and possibly include some other indication that files can only be placed there temporarily.
During the discussion it occurred to Dwight that he could use the notification feature of the server's quota management system to deliver an e-mail to a person when they deposited a file anywhere within the public folder. Dwight quickly instituted a test of this which delivered the following message when Steve placed a file there:
Deletion Time for Files Saved in the Public Folder
To: Lasley, Steven E
User UFAD\sel saved E:\DATA\PUBLIC\TestDocument.txt to E:\DATA\PUBLIC.
Files saved in the Public Folder will be deleted in 3 Days.
If you need additional information or assistance, please call the IFAS
Help Desk at (352) 392-4636 or Suncom at 622-4636.
The ICC supported this method, but believes that the policy should be documented and that this documentation should mention that unencrypted private information (HIPAA, FERPA, credit card info, etc.) should never be placed in the public area. John Sawyer mentioned via e-mail that there are existing tools (Spider from Cornell, for example) to search for SSNs/CCs on servers. That might be good for use with the public folder to locate inappropriately placed information so it could be moved and file owners informed directly of the risk. Users should also be warned that they should never place their only copy of some file into this location.
We all agreed that policy would state that files placed in public folders will be deleted after three days. The actual retention time will be extended to five days, however, to account for weekends and holidays. We may consider simply hiding the files for a further period, at least initially, just to facilitate restoration should the need arise. The first iteration of this should likely make a copy of all the files elsewhere to facilitate the expected initial demand for returned files. Also, notification should be made to IFAS-ALL prior to implementing the deletion process.
Vista TAP and Vista Deployment via SMS and WDS
Since Chris Hughes has left, Steve asked whether Torrance Zellner were going to step into this role temporarily. Dan Cromer responded in the affirmative, saying that he had spoken with Torrance this morning. Dan noted that RC1 is now available and Torrance is working to get an image for our deployment. Steve asked if the efforts of Chris Hughes regarding WDS and SMS was going to be continued or dropped. It is Dan's hope that this can be continued, but that isn't certain at this time. Steve encouraged Mark Ross to considering working with Torrance on deployment issues, since Mark is the one currently within IFAS who has direct experience with automated deployment of Windows.
Dan mentioned that now is the time for units to identify users wanting to be early adopters of Vista. He noted that Erik Schmidt had put out the following notice on this:
"As a function of the UF Vista TAP group, we are at a point where we
are in need of groups that are willing to install and support Windows
Vista RC1 on some number of client workstations. RC1 has proven to be
very stable and there are working versions of McAfee virus scan
available for it now. At this point, we expect the biggest issues to
be with user education.
Because of the potential user education issues, we’re recommending
that you carefully select ‘power users’ and/or users that don’t have
exotic software or application needs. You probably have users that
would want to participate and would be understanding of any possible
issues along the way. Ask your tech support crew, they’ll certainly
be able to identify appropriate users. We know that the core apps
like MS Office and virus scan work properly, so more basic system
profiles would probably be most appropriate. We also know that your
current group policies for XP should work fine with Vista.
If you are willing to assist the UF Vista TAP group with this process,
PLEASE let us know as soon as possible at email@example.com. We can
then work to determine how many users you will be able to move to Vista
RC1 in this ‘live’ testing phase. We would like to have 350 Vista RC1
workstations deployed by October 31 and then push for about 3000 RTM
deployments by June 2007. This will require active participation by
much of the University, in particular the larger units.
As always, thank you for your help and support. Together, we can all
be better prepared for the arrival of Windows Vista!"
Mark Ross mentioned that he doesn't believe RC1 is ready for use by any of his users. Steve suggested that Dan have Torrance put together a notice for the ICC that would explain, for those so desirous, how to become involved in this phase of the program. Dennis Brown asked if there were any resources available so that each unit wouldn't have to learn and overcome difficulties with Vista individually. Dan mentioned that there is a Vista Upgrade Advisor which helps over the initial hurdles of hardware compatibility. Dan has now placed the installation file for that on https://files.ifas.ufl.edu/SOFTWARE/Vista.
Removal of WINS
Since Chris Hughes has left, Steve speculated that this may just be tabled indefinitely. Mark asked what the issues were and Steve mentioned he did not have the details in mind but could refer him to the previous ICC notes on this. The heading for this topic in the notes always links back to the next earlier discussion, so one can drill back to see all such previous discussion. WINS has improved in recent versions and there are fewer servers in use; this has led to fewer problems. It was felt that dealing with this issue could be deferred indefinitely while more pressing matters are addressed.
New IFAS IP Plan
Chris Leopold popped into the meeting just long enough to report on the current NAT pool exhaustion issue that is causing problems across IFAS for accessing locations outside of UF. He had Steve go to http://net-services.ufl.edu/network_information/graphs/graphs.html and view the "EWAN Class Statistics" and "IWAN Class Statistics".
Note from the future: This was resolved later that afternoon by Chris Griffin with Ed Steele's assistance. They identified that the source of intermittent NAT problems was that the NAT pool had been configured to use the entire 220.127.116.11/24 range, but IT/SA had meant to return only the 18.104.22.168/25 portion. The communication error was due to a typo in a previous e-mail exchange. This caused an IP conflict with our RRAS system that uses the 22.214.171.124/25 public range. The NAT address pool has now been corrected to the proper range and the current issue should now be resolved.
Steve relayed that David McKinney wasn't able to make the meeting, but was interested in how the IP renumbering would affect his unit. Dan Cromer said it was his understanding that, when IFAS Exchange is centralized with UF, Animal Science would move to that; Dan didn't believe we had the resources to handle doing that currently. Dwight said the direction taken with DHCP would really be an administration decision made between the VP and the department chair that would affect what might happen and when. IFAS does have a set of numbers configured and available for Animal Science's use, and Steve had e-mailed a screenshot of that DHCP configuration for Animal Science to David, in case he did not have access currently. Dwight had offered to David that they could use IFAS for DHCP and that he would be given the access to administrate that. Dennis and Mark are two examples of ICCers who perform that role for their units using the IFAS DHCP server.
Steve mentioned that Chris Leopold had given him some documentation to review regarding our standard configurations for DHCP, DNS, file permissions and printer sharing. The plan is to create a section of the secure portion of the ICC site that helped organize such documentation and further controlled its distribution to those for whom access was desirable. This might be implemented as a web front-end to properly permissioned private folder shares on the backend. Details are still being considered.
Move to IF-SRV-WEB
Chris Hughes made considerable progress before he left, having moved everything off IF-SRV-WEB02 except http://reports.ifas.ufl.edu, which is used to provide departments with an alternative method of accessing Cognos data from Peoplesoft. That information may be moved to the fileserver rather than being left on the web. Some preparation has already been done for that, but the site was created with OU names rather than the departmental numbers--and that is where things stand currently.
Steve mentioned that the replacement web position (vacated by Marshall Pierce), as well as the replacement AD Admin position (vacated by Chris Hughes), are now being advertised. We have received a number of applicants for the web position, but none having IIS web administration backgrounds similar to the position. Chris is very anxious to get his staff replaced, but wants to make every effort to assure that we get a good list of candidates and hire the best person we can find for these jobs. The hiring committee consists of Dan Cromer, Chris Leopold, Wayne Hyde, Dwight Jesseman, Ligia Ortega and Steve Lasley and they should begin interviewing candidates soon.
Exit processes, NMB and permission removal
Prior exit procedure discussion. Dan Cromer mentioned that October 16th is the "go-live" date for the GLAM project (see George Bryan regarding access--many details of this are available). Dan has asked Daniel Halsey to work with the UF Biztalk people to develop a website that can consume and process transactional messages from Peoplesoft for our use within IFAS.
Listserv confirm settings
Steve mentioned that some aspects of Listserv usage were discussed at the last ITPAC. Dan reiterated that administration insists on the investigation of all possible alternatives before implementing confirm settings. We are in the difficult position of not having adequate staff to investigate that while, at the same time, being pressured by UF Security to address the issue of our Listserv configuration threatening to get IFAS and UF addresses blacklisted due to spam activity.
Private unit shares for EDIS collaboration
Diana Hagan spoke about her desire to build a collaboration method for EDIS by creating an EDIS folder beneath the Private folder of each unit on the IFAS file server. This would be a location to place files related to publication. They have need for collaboration prior to publication as well as access to associated files for maintenance of certain publications. It was mentioned that we might rather want to create an EDIS shortcut link in each unit's private folder to a centralized EDIS folder so that the storage would seem distributed, but be centralized and thus easier to manage. The ICC seemed to support whatever method Diana thought most useful to implement and we could assist her in getting information out to users on that implementation should she wish.
OU Admin Peer Training
Since our regular ICC meeting time for November conflicts with the Veteran's Day holiday, Steve suggested that we skip our meeting that month and use the extra time to implement our first "OU Admin Peer Training" session.
Dwight began a side discussion on his belief that the GLAM project was going to create a flurry of activity for us at about this time, with people changing the Gatorlink usernames and a resultant need for us to fix various things such as the user file share names and their e-mail addresses. (When someone changes their Gatorlink, the old alias continues to exist for a period of time and both the configuration of that and of the new account must have their forwarding to IFAS corrected.)
Steve wanted to make it clear that that this training would be peer level and would not be an IFAS IT supported service. Steve will plan and advertise this. He will try to support Polycom remote access for those ICCers out in the RECs. We will have to reserve a location and some laptops for that purpose and may even utilize G001 if it is available. The details are yet to be worked out, but Steve intends to begin those soon and will let everyone knows about the plans as they materialize.
IE7 via Automatic Update
IE7 is due to be deployed by Microsoft via automatic update sometime in the 4th quarter of this year. There is an Internet Explorer 7 Blocker Toolkit available should the ICC wish to delay that. Mark Ross intends to "let 'er rip" but we all need to test out IE7 and decide how best to handle user education issues and to manage its adoption.
Exchange Mailbox Retention and backing up of PSTs
Dwight related how our current processes for automating the removal of mailboxes (as initiated via the http://itsa.ifas.ufl.edu/remperms site) are not completely automatic and have to be monitored closely. The script which does that has had problems with the PST creation portion in the past--problems which Chris Hughes had always been able to resolve, but which Dwight fears he might have difficulty resolving should they occur in the future. That portion requires using an SQL based queue that is fairly complicated to debug when problems occur. Currently, the automated processes create the PST files in https://files.ifas.ufl.edu/private/PST/. Most of all, Dwight feels that many of these PSTs are never utilized at all and his efforts in creating them may be wasted.
Consequently, Dwight wanted the ICC to consider an alternative where the mailbox would be disabled and the proper forwarding created, but the actual mailbox object would be retained on Exchange for 4 weeks and afterwards be available from the backup tapes throughout the normal backup cycle duration. This would involve offering access to a PST on more of a request basis rather than spending time generating, backing up and deciding how to eventually dispose of PSTs for all deleted mailboxes.
The ICC supported Dwight's proposal. Dan Cromer additionally stated that we need to get an "e-mail archive request" option incorporated into the IFAS exit procedures so that either the end user (or in the case of an unfriendly termination, the unit head) can indicate whether or not they wish an archive be made available.
Backup of PSTs on the IFAS file server
With regards to PSTs in general, Dwight has had difficulties backing these up when they are open; he has tried a number of options with little success. It bothers Dwight that he can't offer 100% guaranteed backup of those, but he is resigned to accept those few failures, which have only averaged one or two, and do his best to backup those. Dwight will send a notification of this to the ICC-L just so all are informed of the current status. Of course, it would be nice if we could identify the users of those, get with their OU Admins and have them discuss the preferable alternative of keeping that information directly within Exchange.
The meeting was adjourned just a bit late at about 12:05 p.m.