ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM September 9th 2011 REGULAR MEETING


A meeting of the ICC was held on Friday, September 9th, 2011 in the ICS conference room (now that renovations are finally complete). The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Seventeen members participated.
 
Remote participants: Bill Black, Dan Christophy, Dan Cromer, Kevin Hill, Marvin Newman, Scott Owens, Joel Parlin, Mitch Thompson, and Wendy Williams.
 
On-site participants: Dennis Brown, Francis Ferguson, Kamin Miller, Winnie Lante, Steve Lasley, Chris Leopold, Santos Soler, and Alex York.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman


Member news:

Steve noted that Micah Bolen has left UF/IFAS as of August 31st and is moving to Port St. Lucie. Steve has not heard yet about someone having been hired to replace him.

Steve also noted that Alex York, Andrew Carey's replacement, is now on the job and was, in fact present at the meeting today. Steve regrets not taking the time to introduce the various ICC participants to Alex, but will try to do that at a future meeting.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Polycom replacements

Francis Ferguson said that he is getting a lot of questions at the county level of what the long-term plans are for the current Polycom equipment. Direct replacement with newer Polycom hardware seems inordinately expensive for most and even the cost of maintenance renewals (reportedly around $2000/yr) is out of reach of many CEOs. Fergie wondered if Administration has addressed this issue at all.

Dan Cromer responded that it has been discussed and been decided that replacement would have to be up to the individual units. There are insufficient central funds to entertain doing that off-the-top for all IFAS.

Dan Cromer mentioned that one lower cost option would be to use Movi and/or Lync with a laptop and projector. Kevin Hill is apparently looking into using Movi as a Polycom replacement at Immokalee. It works quite well and involves little cost compared to dedicated VC hardware.

Marvin Newman doubted that his instructors would be happy with such a solution. Dan said that individual units can certainly use whatever they are willing to pay for themselves. Marvin mentioned that Polycom purchased Accordent and Dan replied that how that would all play out is certainly unknown. Steve pointed out that Accordent currently runs only on WinXP which we won't be able to use after April of 2014. Accordent was working on a Vista version (not Windows 7!) before they were purchased so they seem to be quite a bit behind the curve. They had also said that the Vista version would not solve the issue of needing to run with admin privileges--a major concern in Steve's opinion. With the cost of a new Accordent with 3 year maintenance at roughly $30k (quantity one), we will have bigger problems than just the Polycoms with regard to replacement down-the-road. Of course, Accordent integrates to Polycom for the camera/mic so we will/may get a double-whammy depending on how things work out.

Steve added that brand new Polycom units often come with out-of-date firmware and w/o a maintenance contract you have to fight to essentially get what you paid for as firmware updates require a maintenance contract. Not good.

Dan's point was that things are changing so fast that it is difficult to predict where we will be going and he is certainly right. He mentioned Microsoft's purchase of Skype being another potential wildcard.

Joel Parlin said that GCREC recently purchased on of the Polycom QDX 6000 end points that Dell has available for $2600 as recommended by Allan Burrage at CREC. They have been very happy with it even though it is not high definition. Dan Cromer responded that it only has a single display output so you cannot connect both a TV and projector simultaneously, but otherwise it seems quite good.

Videoconferencing topics (previous discussion)

New content server for recording videoconferences

Dean Delker had told Steve that the old Polycom recording device is being retired and has been replaced by a "Cisco Telepresence Content Server." As result, recorded videos should be easy to find by going to http://mediasite.video.ufl.edu and looking beneath the "Videoconferences" folder. This folder structure may change, but the plan is to retain recordings until the end of the term. After that time the files will need to be moved to a more permanent location or can be retained at an unspecified cost. One nice feature of this is that the recording will begin at the scheduled time rather than the connect time; thus there won't be the usual 15 minutes of dead-air time at the beginning of each.

End-user Scheduling (previous discussion)

Updates not available...

MOVI (previous discussion)

Updates not available...

Lync deployment (previous discussion)

Dan Cromer related his understanding that the Lync production servers had been ordered. Dan has asked that these get into production before the end of September but did not receive a thoroughly enthusiastic response on that.

Dennis Brown asked what the urgency was. Dan responded that it was his feeling we could and should have had Lync in place three months ago. Additionally, he is looking for options for a new phone system at Quincy and Lync would be an option for phone replacement there (not complete replacement due to local call needs though). Dan wants to get the infrastructure in place so we can better evaluation such an option. If that could work at Quincy then it might be considered at Immokalee and other remote sites as well that aren't already on CallManager. Dan said that UCF, Indiana University and Marquette have Lync in place and are enjoying the service and associated cost savings.

Campus VoIP improvement to be implemented

CNS announced new VoIP services late last week:

Message from Network Services:
"[NETMGRS] UF VOIP Voicemail Migration Announcement, Friday 9/2, 10:00 PM"


The UF campus Cisco Voicemail cluster will undergo a major upgrade on Friday, Sept 2 at 10pm. The cutover to the new system will cause no noticeable interruption to voicemail service. Saved voicemail from only the past 30 days will be moved, and this will take 1-2 days to complete. These messages will be tagged as "New", triggering the red MWI bar on the phone handset to illuminate. Messages beyond 30 days can be accessed on the old system for up to 1 year by dialing 30202. Additional information may be found under the Announcement section at CNS Telecom: www.cns.ufl.edu/telecom

If you have questions or concerns regarding this matter, please reply to this email as soon as possible.

WAN transition to CNS (previous discussion)

Updates from James Moore

James more was not available to provide his usual update.

WAN update from Immokalee

Steve asked Kevin Hill how he was enjoying the new connection at Immokalee. Kevin responded that the speed was fine, but there have been some reliability tradeoffs. They have had several interruptions in service of 3-4 hour duration that are concerning. Apparently, BrightHouse has fairly frequent issues and since that portion of the path through Tampa is shared with CREC and GCREC (along with Ruskin and Hillsborough CEO) an outage there affects a pretty broad chunk of the IFAS network all at one time.


Policy


Misc topics for notification from recent UF IT Directors meeting:

Dan Cromer wanted to share the following...

  • Plans are for NTLM authentication (version 1) to be removed from service, as it is a security exposure. Current Goal is for by end of December. Security group is pushing Kerberos, though NTLMv2 is acceptable.

    Steve asked Chris Leopold if he saw any issues with this. Chris knew of no services that required NTLM currently and therefore expected no issues. Steve then asked if there would be any issues going the next step and getting rid of NTLMv2. Santos Soler responded that he believed some of our MFPs or any old Samba based equipment.

  • LDAP will require SSL for security purposes.

    Steve tried to think of what that might impinge upon. He hasn't needed/used a third-party LDAP client in quite some time, but he suspected most of those supported SSL. Steve knows that Wayne's Power Tools use LDAP queries, but wasn't sure if there would be any changes needed there--likely not.

  • RDP has been attacked extensively recently, so removing port 3389 access on public IP addresses is suggested.

    Dan Cromer wanted the ICC to say whether or not there would be any impact to IFAS by doing this. There was some discussion that basically boiled down to "no" there would not.

  • Chris Leopold saw no real issues with blocking this port at the UF network boundary other than the need to use VPN to access some of our servers. He also pointed out, however, that he felt this would add only very minimally to UF's overall network security.

UF Strategic Plan for IT

The UF Strategic Plan for IT is now formally approved and published.

lynda.com available

As forwarded to the ICC by Dan Cromer a couple of weeks ago: "lynda.com is an online training resource partner of UF. lynda.com's online training library has over 1,100 courses, ranging from Web development, animation, and video graphics to courses in business software and Microsoft SharePoint training. Go to http://www.it.ufl.edu/training/ to access the service."

Steve encouraged people to share any of the training materials that they found particularly useful because there is so much there to wade through.

New Secunia site license (previous discussion)

Steve mentioned that there will be an SCCM meeting next week and he believes more discussion about Secunia may be available there. Other than that he had not heard anything.

KACE agent to be deployed throughout UF for computer inventory purposes

Chris Leopold said that we would eventually deploy this agent once a new and working version is available. He wasn't very excited about the idea because we have an alternate solution in place for IFAS already in LanSweeper. Chris also believes KACE won't scale to UF-wide needs with regards to database size. Dan Cromer pointed out that this is mainly just a case of IFAS being a good "UF IT Citizen" and supporting this centralization effort. It should cause us minimal pain and we should be able to query that system to get much the same info that LanSweeper provides us via Wayne's Power Tools currently.

Dennis Brown asked if this would only be applied to machines connected to UFAD. Dan Cromer responded that local staff would be expected to install the agent on UF-owned Macintosh and Linux-based computers as well. Dennis asked about student computers, but Dan said that would not be necessary and Steve suspects that would even be contrary to what UF IT desires.

Dennis pointed out that all the computers are falling off inventory now that the lower limit for OCO has been raised (see DDD memo). Steve had thought computers were exempt from that, but Winnie corrected him on that -- which Steve appreciated.

Domain policy and redirect duration (previous discussion)

Santos Soler said he has 72 domains that have expired according to the one year redirection specification in current policies and he has not yet heard back anything on where things are going with rewriting that policy. Wendy Williams said that she had been waiting to hear back from Al Wysocki on this herself. Dan Cromer related having heard that Wendy and Al were supposed to present this to the IFAS faculty. Wendy responded that she understood Al was going to do that by himself. Wendy said she would get back with him and find out where things stood.

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

Lync updates (previous discussion)

Updates not available...

UF Exchange Project updates (previous discussion)

IMAP access to UF Exchange exclusively via imap.mail.ufl.edu

Message from James Oulman:
"[ACTIVEDIR-L] IMAP access to UF Exchange exclusively via imap.mail.ufl.edu" Wednesday, September 07, 2011 3:14 PM


CNS Open Systems will stop providing IMAP access to UF Exchange mailboxes via the mail.ufl.edu name. Instead, IMAP Exchange users should update their mail clients to utilize imap.mail.ufl.edu as the IMAP server name.

The reason for this change is that mail.ufl.edu is load balanced in such a way that IMAP users experience problems. To address this imap.mail.ufl.edu is load balanced in a manner optimized for IMAP connections.

IMAP users should update their clients to use imap.mail.ufl.edu ASAP.

IMAP will be discontinued on the mail.ufl.edu name during morning maintenance on Sunday, September 18. At that point IMAP will only function via the imap.mail.ufl.edu name.

Impacted Clients:

All IMAP users should consult the "Connecting to Email" page for mail.ufl.edu where they can find information specific to their client software:

http://www.mail.ufl.edu/connecting.shtml

All IMAP clients not already using imap.mail.ufl.edu will be impacted by this change. This includes mobile devices that aren't using ActiveSync or the Blackberry Enterprise Server.

Mac Mail users:

Mac Mail users should be aware that the Mail.app prior to Snow Leopard will be impacted as it uses IMAP to access Exchange. Snow Leopard and Lion function via Exchange Web Service, so they will not be impacted.

Lastly, it should be stated that this change is ONLY for Exchange users. Gatorlink Email users accessing their mail via imap.ufl.edu are in no way affected.

If you have questions about this change, please check with your departmental IT staff or the UF Computing Helpdesk as they will be equipped to assist you.

UFAD support team moving to CNS Remedy ticketing system

Message from Todd Williams:
"[ACTIVEDIR-L] FW: [NETMGRS] UFAD support team moving to CNS Remedy ticketing system" Wed 8/31/2011 11:15 AM


Going forward CNS Open Systems is asking that our UFAD, UF Exchange, and UF Sharepoint associates use CNS's Remedy ticketing system to submit work requests or report system problems. We believe using this system will help us better track and fulfill your requests. In order to use the Remedy ticketing system we have updated the Open Systems support web page with the information and links you will need to submit, view, and update tickets. This page is located at:

http://open-systems.ufl.edu/support

You must authenticate with your Gatorlink credentials in order to access this site. Use the "Shibboleth login" link in the upper right-hand portion of that page.

In support of this announcement we are deprecating the support@ad.ufl.edu email address as well as the old MAG ticketing system for requests and problems. The support@ad.ufl.edu email address will continue to function and we will continue to monitor it; however, any work requests or problem reports sent to the list will result in us asking you to fill out a ticket. General questions about hosting services that aren't work requests or problem reports continue to be welcome at the support@ad.ufl.edu address.

Steve said that he had just about entered a ticket yesterday; he had set the NMB for a user but that user still hadn't moved into his OU after two hours. He checked again, however, right before finalizing that and the account had finally moved. Chris Leopold mentioned having used this once already himself; he sent them an email separately with the tracking number just to cover all bases.

Documentation updates needed for Exchange client configuration

Updates not available...

Outlook losing connection to Exchange on a frequent basis

Steve said that this issue as discussed last time has appeared to have gone away for his users. Winnie Lante concurred.

Dan Cromer mentioned that Luis Molina had said previously that Steve Lasley was one of the two people in IFAS causing this problem. Steve, Luis, Scott Owens, and Dan had a MOC chat on the matter a few weeks back and Luis claimed that Steve had something like ten connections to Exchange going at once. Steve had indicated that he did not see how that was possible as he was using Outlook on a single machine at the time and had only one instance. Luis asked Steve to change Outlook out then back in to cached mode to create some kind of baseline. Steve did that then never heard back from Luis again, so he had no idea was the result of that investigation was.

Dan Christophy said that he thought this problem had to do with phones trying to connect. Dan replied that this was part of it, but that Luis had said Steve had something like ten connections to one of the mail stores which was causing the CPU to peg. The reason people were getting disconnected apparently had to do with the server being busy and not able to respond quickly enough. Whatever was causing that seems to have been fixed now, but Luis did not follow-up with users to say how/if he had resolved it.

Steve would like to point out that Luis would do well in the future to better apprise unit IT support of such issues (which was never acknowledged widely as far as he recalls). That would help to get unit IT staff involved in reporting on the issue and perhaps help lead to more rapid resolution. Additionally, Steve would like to see post-notification after resolution was believed to have been made. This would do much to help plug unit IT staff into the processes and would encourage a healthy dialog between the service providers and the service consumers--thus helping all involved.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Steve noted that his departmental chairman had felt this proposal was a really bad idea and had complained about it via IFAS administration. The result was that he was appointed as a member of a committee on the matter. The committee, however, was not tasked with deciding whether or not this could/should go forward, but rather with how to make it go forward as smoothly as possible.

While Steve's departmental chairman is not too optimistic about this initiative even from the non-technical cost/flexibility viewpoint, Steve has additional concerns on the more technical side. IFAS has had very much mixed success effectively and efficiently networking multipurpose scanner/copier/printers. Those results seem to vary greatly by product. Without knowing exactly what products/services will be offered any technical analysis seems difficult, but Steve fears selection may take place without thorough investigation of the technical aspects. Steve wrote Joe Gasper about these concerns and this was his reply:

Message from Joe Gasper:
"RE: Managed print committee..." Tue 8/30/2011 6:28 PM


...I was out of town for the first meeting and I'm working on getting an update on what was discussed or if there are any documents I can share at this point.

I was hoping you or Santos would be on the committee...

I do run my own Windows print server (R2 core) and have a mix of HP MFPs and Canon/Ricoh MFPs. And from lunch with Santos most days, I know all the difficulties he has to deal with in IFAS. :-)

There are MFPs that can work well in our environment. It's the diversity and low end devices that I know plague Santos almost daily. Reducing to just a few models with a more workgroup/department level performance would greatly reduce issues, improving performance and availability. I know this from taking my own department from 40 network printers and standalone fax machines, down to 20 printers/MFPs and only 3 different drivers.

We are not going down a road that hasn't been traveled by many other universities (and businesses); we are not cutting-edge when it comes to this initiative. I believe we'll find our technical requirements can be met.

If I have been given more to share by the next ICC meeting, I'd be happy to participate - at a minimum, getting a list of issues IFAS has encountered would be helpful to ensure we have a best look at what parameters will need to be covered.

Steve strongly encourages Santos and others who have struggled with networking MFPs to send Joe some of the details of that. Steve will try to follow up with Joe on how this proceeds and then keep the ICC apprised of what he learns.

Steve added that, according to his chairman, the scope of this may be broader than initially indicated by Elias Eldayrie at our January meeting. There is some indication that the intention may be to eventually remove all individual printers (by attrition) and force sharing of more centralized devices handled via whatever vendor is picked. Steve finds it hard to believe that such a program can actually be enforced. Others, including Dan Cromer and Wendy Williams, had heard that participation will be voluntary so we will just have to wait and see.

The party line that it currently cost $.07 per page and would save beau coup dollars is a very coarse estimate at best. Even if the true cost savings potential was known, Steve suspects that faculty would be willing to pay that price (whatever it was) for the convenience they currently enjoy. This process will be interesting to follow in any case.

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.


Projects


New web cluster

Santos Soler reiterated what he had said last time, that they are still waiting for the 10GB switches that will allow connecting the new storage. Until that has arrived and is in-place, he can't really proceed with any migrations.

Chris Leopold related some of the problems ITSA has had in acquiring these Cisco Nexus 5548 switches. The bottom line is that the lease arrangements finally have gone through, but this is a popular switch and Cisco is having some supply problems with it currently.

MPS/DC refresh

Updates not available...

New SQL cluster

Updates not available...

New virtual infrastructure being implemented

Wayne Hyde is out helping care for his new twins, but he still managed to file a report via Steve:

Message from Wayne Hyde:
"Wayne project status" Fri 9/9/2011 7:36 AM


The two VNX5300 arrays have been installed and configured for testing. So far so good. I’ve created the LUN layout that we’ll be using and am doing tests with the ESX hosts and a Storage Server 2008 R2 VM.

Testing storage server 2008 R2 has gone well. I’ve robocopied some OU shares over to the test VM and let SIS rip on them. A few OUs have seen dramatic SIS savings which is good and bad. Bad because it means there is lots of data being duplicated. Good because it makes me less mad about 10 copies of the same files someone made. The big change from the old file server layout is that each OU will have their own LUN on the SAN which can be expanded as needed. There will be no more competing for free disk space aside from the 88TB of file server space.

Once our tests with DPM backing up WSS08R2 are done we’ll get the new 3 Dell NX3000 HA nodes ordered. We’ll be running an active/active/passive configuration as stated before. The virtual file server node names will change from IF-SRVC-FILE1/FILE2 to IF-SRVC-FILER1/FILER2. OU’s A-F will be on FILER1. G-Z will be on FILER2.

As a stop-gap measure the new VDI deployment for the fall courses has been deployed on two of the new R710 vSphere nodes. I had to drop a Fiber channel adapter in each to attach to our current SAN, but it allowed me to migrate the virtual desktops to give us more breathing room until all of the new infrastructure is in place.

The two Cisco 5548 10Gb switches are scheduled to ship on 9/18.

I patched the passive file cluster node last night and will patch the active node tonight at about 5am. (production file cluster)

I’m allegedly on full-time leave until October 1. I guess full-time only covers the first 40 hours a week, so it explains why I’m still working 10-30 hours a week. Need something to keep me busy between diaper changes and feedings at night :). From Sept 1 until March 1 I’ll be working half time.

Wayne also clarified things a bit when Steve got confused by explaining that the R710's for the ESX cluster hook directly up to the VNX arrays. The NX3000 nodes are just file cluster nodes like our current ones. The VNX arrays just provide block storage (like hooking up a USB disk to your computer) and the NX3000's do the NAS component (shares, file serving, etc)

Chris Leopold related some details of recent tests of the beta version of the new DPM software. Chris has a few issues with the current DPM, mostly related to remote management. He feels the new version will improve things considerably, however. This will involve us moving from MOM to SCOM. The new DPM also promises to provide the means to centralize a management database for all servers and to permit interoperation with third-party VSS writers. That latter ability may help with backups for some third-party systems down-the-road if it all pans out.

IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

MDT 2010

Steve noted having recently viewed an interesting video from Tech-Ed Australia 2011 on the features of the upcoming MDT 2012 version. Other than that, he is still having great success with MDT 2010 and continues to recommend it highly.

SCCM for IFAS

Steve said that Nick Smith had gotten with him to help assist with access to SCCM. The backend database had been moved and that broke things for Steve. Nick now has Steve back where he was but he still can't deploy the agent except manually. Steve is waiting on Nick to have time to assist further but hasn't been insisting at all due to how well MDT 2010 is working for him.

Chris Leopold recommended that Steve get in contact with Alex York on this as well. Chris reported that CREC has had some issues with ConfigMan and he intended to have Alex look into that. In the long run he wants this with Nick at the Help Desk, but there is a considerable server-side aspect to this complicated setup that will require considerable continuing ITSA support as well.

Dennis asked about what services Chris thought SCCM might eventually bring to IFAS. Chris responded that the long-term plan would be to integrate with a UF-level SCCM structure. It appears that much of the actual management will be distributed, however, and IFAS will use SCCM to provide OS deployment via PXE boot. SCCM can also handle third-party application installations AND updates. The confusing issue there is that Secunia promises to help with that as well via integration with WSUS and/or SCCM, so there are a lot of details to work out. The promise, however, is that we can one day centrally supply very strong tools for OS and application deployment/update management. It is another one of those situations where spending a considerable amount of time up-front could save a tremendous amount of currently distributed effort. Finding the time to get this all going is the challenge, of course.

Exit processes, NMB and permission removal (prior discussion)

Updates not available...

Re-enabling the Windows firewall (prior discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (prior discussion)

Updates not available...


Operations


Print server (previous discussion)

Shortly after our last meeting, Santos Soler sent the following to the ICC-L:

Message from Santos Soler:
"[ICC-L] Last meeting" Mon 8/15/2011 11:37 AM


Good morning!

Printing issues:

As some of you have experienced in the last couple of weeks there is a problem that affects the HP Universal Drivers.

Problem:

HP updates their driver to support more of their devices. We update to the latest version of the driver and some printers start printing garbage.

Solution (workaround):

I will need each person that manages printers to change their drivers to one of the HP Drivers that have a version at the end.

Example:

EYN-hp2300n - HP LaserJet 2300 Series PCL 6 is using HP Universal Printing PCL 5 Steve Lasley can change this to HP Universal Printing PCL 5 (v5.1)or(v5.2)or( v5.3) which ever works with all the functions needed, usually the latest works best but not always. This way when we upgrade to the latest version (v5.x) your printers will not be affected. After changing drivers you may need to check the configuration for features like duplexing etc.

You can do this by running an MMC with your if-admn credentials, adding the “Print Management” snap-in, and pointing it to if-srvv-your_print_server_here. On campus this will be if-srvv-print.

  1. Select the printer and right click properties
  2. Go to the Advanced tab
  3. Click on the driver
  4. Select from the list

Screen shot:

Print server drivers

WARNING: As you can see you can select any driver on the server, please stay within the HP universal drivers with versions. There are PS, PCL 5, and PCL 6 three of each to choose from. Changing other printers to any other driver can cause the printers to print garbage in a lot of pages and waste paper not to mention the disruption to the users in your area.

If you see any printer from another area you don’t support let us know.

Please let us know of any problems.

Santos wanted to encourage everyone to get all their printers set to use a driver with a version number before any updates cause further issues. He had noticed some had been done but many had not. Steve and Winnie mentioned having done this only with printers that had had issues previously, but Santos wanted to encourage this to be done for all in order to prevent future recurrences of this same problem.

Recording lectures for Distance Education (previous discussion)

Protected access for captured lectures

Santos said that he really couldn't offer any easy solution unless IFAS was to purchase the Accordent management solution. The cost of that is roughly $20k, however, and without Ron Thomas pushing for that at the Dean's level, acquisition is extremely unlikely. The only solution Santos can offer is to create yet another set of share structure on both the web and media servers. Very messy.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (prior discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (prior discussion)

Steve suggested that maybe Andrew Carey can influence OSG to consider implementing this now that Andrew has moved to that group. That would certainly be nice, but with Net-Services pushing their single Cisco solution (which doesn't really meet IFAS needs) this will be a difficult sell Steve supposes.

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (prior discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Core Services status (previous discussion)

see the new virtual infrastructure section above...

ePO updates

Updates not available...

Status of SharePoint services (prior discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status

Updates not available...

Patching updates...

Microsoft

The September Microsoft patches will include five bulletins (all "Important") covering a number of vulnerabilities for Windows and Office.

McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".

Adobe

There was yet another new version of flash, but it is not a security update. The latest secure version is still 10.3.183.5.

More importantly, it is time for the quarterly updates to Acrobat and Reader next Tuesday -- critical as nearly always.

Apple

Apple has been updating iTunes on an annoyingly regular basis lately. It seems to be hard to keep iTunes off people's machines due to the popularity of the iPods, iPhones, and iPads.

MS Office News update

Updates not available...

Job Matrix Update status

This is here as a standing topic--no discussion this month.

Remedy system status (previous discussion)

Updates not available...


Other Topics

Departmental servers within IFAS (previous discussion)

Steve noted that we had discussed this last time but there were not ICC members attending who could provide details from the unit perspective. Dennis Brown had to be away and he is the only frequent ICC participant greatly affected by this. Other departments that maintain departmental servers on-site unfortunately do not participate here for whatever reason. Consequently, Steve asked Dennis if he would provide us with his viewpoint and Dennis kindly consented.

Local flexibility needed

Dennis said that his department is a world-class department and he believes that is the case, in part, because they run their own servers. When they need to do something they are able to do it without having to negotiate the often tricky politics of asking that a new service be implemented and supported.

Dennis provided the example of their in-house trouble ticket system which they implemented about a year ago. Remedy was not meeting their needs and handling this matter themselves provided a resolution that IFAS was apparently never going to supply. In fact, there were some appearances that IFAS had tried to stop or at least delay Dennis from implementing his own solution. Those sorts of things have not exactly engendered trust of IFAS IT by Horticultural Sciences, certainly.

Remaining nimble amongst quickening change

Dennis also indicated that he sees the trend as one where everything is moving to the UF-level. If they are indeed going to be forced to stop housing their own servers on-site, Dennis feels that moving to IFAS would shortly lead to a "double-move" when IFAS was assimilated as well. He would much rather move just the one time, if that proved unavoidable. On top of that, he feels that the IFAS ITSA group is understaffed and over extended.

Dennis said that the trend to user led innovation continues as well. Neither IFAS nor UF IT seems very amenable to those types of things, but the trend is inarguable. He recently found some users who were completely bypassing local storage and using Dropbox. Dennis believes IT needs to be more forward thinking and quicker to react. He mentioned wanting UF to provide a dropbox service at the campus level for example. [Steve noted that this is apparently a work in progress, but could not speak to how quickly it might be implemented.]

Encouraging development of unit IT staff

Dennis also said that he felt it would be a shame if the IT people at the unit level weren't given the opportunity to use and learn server systems in general. He believes that permitting such things enhances the overall IT situation at UF and would provide an advancement path within UF for IT careers beginning at the unit level and leading eventually to more centralized job roles.

Retaining local focus

Dennis would like IT at all levels to focus more on the various unit-level needs to compete at the international level. He feels that UF is heading to a situation where focus is diverted to such things as saving money via green initiatives--which is fine as such, but which do not really directly address unit mission concerns. He feels we need to be more focused on the local research and academic needs and not just consider how best to implement the next generation of the same old services.

TSM backups vs. DPM with IFAS

Dennis mentioned that he has been working with CNS to provide additional backups and had had very good results. Among other things, Dennis liked that CNS offers out-of-state data storage redundancy for disaster recovery. Dennis saw this as another positive reinforcement that moving past the IFAS level directly to UF was a better way to go.

Steve asked about what quantity of data was involved and what the charges had been. Dennis responded that so far this had been free over the last year. He believes some problem with their accounting department has caused a delay in charging. When asked, Kamin thought that the eventual charges would be on the order of $1/day for what they were doing currently.

Dan Cromer asked Dennis which of the functions he had talked about could not be accomplished were his servers housed in Bldg. 120 as opposed to being somewhere in Fifield. Dennis responded that he fears IFAS would not supply the resources and secure access he requires. He gave the example of how they currently have local tape units on some servers and they need to change those out daily.

Chris Leopold asked Dennis how he would feel about IFAS providing DPM at no cost as an alternate backup solution. Dennis said that he plans to phase out the tape drives as they age and stop working; CNS Tivoli Storage Management (TSM) can then handle their needs. Dennis again mentioned the superior disaster recovery of CNS's offering with their Atlanta-base redundant storage.

Chris allowed that IFAS did not have out of state storage and could not afford shipping things off to Atlanta. However, he feels our DPM implementation is reasonably redundant with the data distributed across three separate locations, albeit within a mile of each other. When Chris looked at TSM, the costs of using that for all IFAS were astronomical. He suggested that once Dennis starts getting actually charged for that service he will see what Chris means.

Unit-level servers may be nixed via central policy

The other aspect where Chris believes IFAS has the advantage is in return to operation time. With TMS data would have to be downloaded off a LAN, pre-staged to disk and then you would have to load it from there. Very time consuming, depending on the amount of data one has, and unacceptable for IFAS as a whole Chris feels. With the IFAS DPM implementation, should our main storage die for whatever reason, DFS can be altered to point to the off-site read-only DPM copy and users could have access to their data nearly immediately. This is not the best solution possible, but quite good and something you can't get from TSM.

Chris also mentioned that the last time he checked the TSM agent did not have throttling ability. This is bad for IFAS at the WAN sites because bandwidth is at a premium. With DPM we have the ability to throttle those connections and control how much bandwidth to use and when to use it. This is another reason IFAS has not gone with the CNS solution. Chris didn't mean to suggest the TSM was bad; it is a centrally offered and subsidized service that everyone is paying for regardless of use. IFAS however can offer a guaranteed free backup solution that Chris feels is well worth Dennis's consideration. It could be implemented as quickly as tomorrow for Dennis's systems if he wanted. Chris offered that if CNS does start charging or if there is a point where Dennis can foresee his hardware failing, he would hope that Dennis would at least consider what IFAS can provide.

Chris pointed out that IFAS offers free co-location in their secure server room which would be a considerably better environment than Horticultural Sciences could afford to supply locally. Chris related that a standards policy has been issued by UF Security stating that servers must be housed in a secure environment. Whether or not Horticultural Sciences meets those criteria, Chris did not know for sure, but there is an obvious effort to secure our server resources at all levels. Chris clearly feels that doing so with IFAS makes more sense than either trying to do that yourselves or by going with CNS currently -- both from a service and a monetary perspective. CNS no longer does co-location in any case; they host only virtual environments.

Does free from IFAS equal loss of control?

Dennis added that CNS has a "service for money" model that pretty much leaves the details to the service consumer. He feels IFAS has the tendency to look over your shoulder more and gave the example of what files might be stored on a file server. If Horticultural Sciences is paying for that storage then it is their own business. When IFAS pays for it, IFAS wants to manage that for efficiency. Understandable, but still a burden for units willing to pay for their own way. What IFAS considers "best practice" isn't necessarily what each unit and individual feels might be best. Chris countered by saying that IFAS is moving to single instance storage on its file server and the example Dennis used will not be an issue much longer.

Dennis requested that he and Chris take further discussion "off-line." He truly feels that he will have no choice but to move his local services before too long, but wants to do that only once. Doing so with UF eventually makes the most sense to him. He wanted to take the focus off his department, however, and look at the situation more broadly. He wants to look at where computing is going, what new services are going to be offered, and how soon.

Unit fears echo IFAS level fears

Steve said that his overall concern (not running local servers himself) is that IFAS continue to maintain their own machine room and services. He believes ITSA can and does provide better service than can be gotten at a more commodity level such as CNS is targeting. Steve is concerned about such a move for many of the very same reasons Dennis would be concerned about moving his servers to IFAS.

CNS will assimilate ITSA so why move in two steps?

Dennis said that he believes the money for services is eventually all going to come from the upper levels and the lower levels are always going to be struggling to get the resources they need. Once CNS has gobbled up all the smaller departments they will come looking for IFAS level stuff. The only thing that is going to prevent that is IFAS administrative standing up and saying no. Chris responded that as long as he had a job "they will have to pry the IFAS data center out of his cold dead hands" until they prove to him that they can do it better.

Dennis pointed out that CNS runs our WAN now and that everyone is moving to Wallplate. Chris can fight it, but the progression is clear. Chris might move up to CNS one day; central UF has certainly grabbed many fine IFAS employees over the years.

A plea for IFAS unity

Dan Cromer expressed his belief that we within IFAS can do more in a better fashion by working together. He doesn't accept that servers have to be housed at the unit level in order to provide the things that departments need. He would like to accommodate unit needs without units having to house their own local resources and feels that we can do that if we all pull together with cooperation from both sides.

Dan Cromer optimistic that CNS can host IFAS servers but would need to lower costs?

Dan Cromer said that this IT centralization movement is a direction that has been set by the UF President. He has told Elias that he wants one IT. Elias, in turn, has told Dan and Elwood Aust from Operations Analysis that he wants their IT units to be moved into the central organization as much as we can. Dan said he sat down with Elias and gave him a spreadsheet saying that IFAS is providing services currently for half the cost of what CNS would charge even after CNS is supplemented at the rate of 50%. While Dan said he supports Chris Leopold's position, he is more optimistic and said he is ready for IFAS to be moved to CNS as hosted services or to have our equipment moved over there. However, we are not going to do it until it provides the good-old Joe Joyce mantra of "as good or better service at an as good or better price."

Unit cost and service level concerns carry little real weight

Steve asked about who gets to decide what those costs really are or what the levels of service actually are. It is not going to be the unit IT staff or their clients, that is for certain. Dan responded that the IT folks will have their input to ITPAC and Joe Joyce; ultimately it with be the Senior VP would makes the decision. Steve took strong objection to what he believes is only lip service by administration to lower level concerns. Steve feels that was demonstrated loudly when the ICC was asked to develop a recommendation on the WAN SLO and bring it to ITPAC. Only when Steve arrived at that ITPAC meeting ready to present did he learn that ITPAC was not going to consider the ICC input and that the decision had already been made without input from the IFAS IT governance structure.

Benefit of centralization to units in question

Steve said that centralization of IT is not for the benefit of the units, but rather for the benefit of IT and central administration. IT may be better managed overall, but that doesn't necessarily translate into the units being able to do more of the things they feel they need to do. Steve said he moved his file services to IFAS because they can provide that better than he can himself. Steve doesn't feel he needs any local servers currently, though other departments may. If he did, however, he knows his chairman would support that. Steve doesn't feel that centralization is necessarily the best answer for everything. The higher up you move things, the farther they are away from the folks who actually use them, and the less influence service consumers can inject into the conversation. Steve is concerned that Dan may be too "optimistic" and that he maybe isn't pushing hard enough to keep resources that would better serve IFAS if left in-house. Steve fears that Dan may be so willing to make IFAS appear as good "IT citizens" that he is not fighting for what might truly be best for our units.

Perhaps there is a reason distributed services work so well within IFAS

Dan said that Steve was not alone in his lack of optimism. He gets an earful from Chris daily. Steve then said that he hopes Dan listens closely to that once in a while then and Dan said he did. Steve then asked how much of that Dan relayed upwards. Dan replied that he relayed all of it both to Joe Joyce and to Elias. Dan said they hear them and don't have an answer. When Dan shows them a spreadsheet with the kind of service we provide and the costs we incur in doing so it quiets them considerably.

Some not pleased with slow movement under centralization

Steve mentioned that we needed to draw this interesting but perhaps not too fruitful discussion to a close so we could finish with our agenda. He asked Dan if he had any final comments and Dan wanted to state that he felt the move of the IFAS WAN to CNS had been a great success and that service had improved 100%. Kevin Hill took exception to that noting that it took two years to get a new circuit in at Immokalee. He is certain that this could have been accomplished within a quarter of that prior. Dan had to agree to disagree on that matter. Dan said he hears all the time from remote sites that the service has improved, giving Pete Vergot in the Northwest District as one example. Kevin reiterated that if the time it takes to implement a new WAN circuit is any indication of what we might expect from other centralized services then the concerns are real.

2012 Prudential Davis Productivity Awards Call for Nominations

Steve mentioned some confusion because there have been several calls for award nominations recently. One other is the 2011 UFIT Awards. Those are now solely team-based awards and seem to be primarily if not solely for central IT departments such as CNS. The 2012 Prudential Davis Productivity Awards, however, seem like a good opportunity to nominate the ITSA group for well-deserved recognition and Winnie Lante offered to lead such an effort. Steve is willing to help as he can and hopes that the whole ICC would support that effort as ITSA clearly does an admirable job with the staff and resources provided.

Browser update

Dan Cromer wanted to know if anyone had heard feedback from their users on the "browser update" email he had sent to IFAS-ALL-L. Nobody reported having heard much. Of course, IE is updated by WSUS on managed machines and Chrome is done automagically. Firefox might require user intervention, but users of 6.3 should be prompted and hopefully will comply.

usage of the UF IT Alerts Dashboard page by IFAS

Updates not available...

RODC issues at remote sites (prior discussion)

Updates not available...

UAC settings egregious for users?

Updates not available...

PDF-Xchange (prior discussion)

No updates available...


The meeting was adjourned a bit early at about 11:50 AM.