IFAS COMPUTER COORDINATORS
(ICC)
NOTES FROM April 14th 2006 REGULAR MEETING
A meeting of the ICC was held on Friday, April 14th, 2006. The meeting was chaired and called to order by Steve Lasley, at 10:00 a.m. in the ICS conference room.
PRESENT: Twenty members participated.
Remote participants: Tom Barnash, Dan Cromer, Chris Fooshee, and Mike Ryabin.
On-site participants:
Mike Armstrong, David Bauldree, Benjamin Beach, Allen Burrage, Dennis Brown, Kevin Hill, Chris Hughes, Wayne Hyde, Dwight Jesseman, Winnie Lante, Steve Lasley, Chris Leopold, Ligia Ortega, Mark Ross, Hassan Rasheed, and Joe Spooner.
Guests: Jack Kramer.
STREAMING AUDIO: available here
NOTES:
Agendas were distributed and the meeting was called to order on time.
New members:
Steve mentioned that Rick Stone has been replaced at the School of Natural Resources & Environment by Peter Kim. Steve has sent Peter a welcoming message but has not heard back yet.
Chris Leopold mentioned that an offer had been made to a candidate for replacing Josh Wilson as the Northwest District (aka District 1) support person. It is hoped that we have someone in that position very soon.
Steve also noted his pleasure in seeing so many remote support folks who made it up for this meeting. Jack Kramer was back as a visitor and we all enjoyed seeing him again. Jack is recovering well after his heart bypass surgery of last year and is now looking to relocate from Tallahassee to Titusville. Jack wants to get away from the hustle and bustle of the city and to go where the temperatures stay warmer year-round.
Mike Armstrong and Allen Burrage made the trip up from the CREC in Lake Alfred and Kevin Hill was here all the way from SWFREC in Immokalee. It's great to see these guys in person again.
Recap since last meeting:
Steve pointed folks to the notes of the last meeting.
Policy
IT Reorg
Dr. Hoit provided a quick update via e-mail, saying:
I have met with other groups and am now planning a
retreat to develop reorg goals and priorities. I am trying
to have the retreat at the end of this month or first week in
May. The retreat will not be a technical meeting - but a
business process and organizational needs meeting. The goal
is to then start more teams soon after that.
Progress is slower than expected - but moving along.
The next ITPAC has been scheduled for May 1st
Steve reminded everyone that we have been charged by Joe Joyce with providing feedback on the Infostructure Taskforce report to ITPAC. We have an important opportunity to look at that and provide feedback. Steve encouraged everyone to look at that report. If there are projects that are of particular interest to your chairs, directors or faculty, we should earmark those. We should find out which of those might provide the most bang for the buck and push for their implementation. Steve believes there is an opportunity there and he wants to encourage ICCers to do that at the grass-roots level. ITPAC is going to have a fairly important role on following up on that report and because we have a seat on ITPAC, we can have influence there.
Mark Ross asked if Steve could quickly put that report up on the screen so we could perhaps quickly review some of the recommendations. Steve did that, but noted that it would be very difficult to cover this matter within the timeframe of our monthly meetings. When Steve mentioned that the report talks about needs rather than implementation matters, Ben Beach reminded us that the taskforce was specifically asked to address the question of needs only and not any implementation details. Obviously, from our standpoint however, the devil is in the implementation details on many if not all of these matters.
Kevin Hill asked who was responsible for this plan. Steve replied that ITPAC has been given an important role in shepherding the recommendations and action items that are included in the report. The details of how that is going to work exactly are yet to be seen. Pete Vergot, who chaired the taskforce, is now the new chairman of ITPAC and the progress of that committee in this regard will be in his hands. Steve reminded the ICC of what Joe Joyce has said many times: if we have IT matters which we wish to be addressed across our organization we need to have support at the unit level. That is why he looks to the ICC, because he knows that we have the ears of our chairs/directors and faculty. To get things done, it really has to come from the units and faculty through the chairs and directors to the deans; then it has a good chance of making an impact. Steve said that unless we have some ICCers willing to take off and run with these issues, we won't have much input.
Mark Ross said he thinks the whole Polycom issue is important to address. Steve mentioned that there had been a videoconferencing committee chaired by Jane Luzar that fell apart. Mark thinks we need to get that going again because there are many issues there. In defense of Video and Collaborative Services, Steve stated that they do have plans and are implementing improvements to the gatekeeper system. Like the rest of us, however, they are short on resources. At the last Entomology faculty meeting (access restricted to members of the IFAS OU), which are conferenced via Polycom to the RECs, all the VC support folks involved received a new video meeting notification which provided information about the VC, including the conference ID to be used. There is also a link in those which will eventually be used for one of the sites to control the conference in terms of what is shown at each location and how.
Chris Hughes believes a good candidate for a recommendation from the ICC would be the matter of implementing an industry standard IT governance framework to improve overall IT operations, policies, and procedures. Chris agreed to chair an ICC subcommittee on this matter and he will be requesting participation from other ICC members via the ICC-L. Recommendations will be discussed with the ICC and then presented to ITPAC for their consideration.
Chris Hughes provided a link to the $2,461,050 Statewide Information Technology and Interactive Video System special budget request made to the legislature by IFAS for the 2006-2007 year. This request apparently was given the lowest priority of any IFAS special budget request (see first link below) and did not appear to be included in the Governor's budget recommendations. Overall, things look very good for the IFAS budget though, based on the following documents:
- Statewide Information Technology and Interactive Video System special request for 2006-2007 Priority #8 - The lowest of any IFAS request.
- 2005-2006 IFAS Budget (General Revenue Fund: $108,222,276, Lottery Fund: $9,563,810)
- 2006-2007 IFAS Budget Recommendation - Governor (General Revenue Fund: $115,639,730, Lottery Fund: $8,720,592)
- 2006-2007 IFAS Budget Recommendation - Senate (General Revenue Fund: $127,162,873, Lottery Fund: $8,720,592, Hurricane repairs: $15,165,018)
- 2006-2007 IFAS Budget Recommendation - House (General Revenue Fund:$126,543,487 , Lottery Fund: $8,720,592)
Projects
New File Server
Mark Ross and Steve Lasley apparently have both been trying to get folder redirection to work properly on if-srv-file02. Mark had been working with Dwight and Steve with Chris Hughes. Chris and Steve have a meeting planned for Monday afternoon to try to work out what is happening there. It appears that it is a permissioning issue--mostly likely with the share permissions. The problem is that, while folders are created automatically upon redirection, files are not moved to the remote location. Even when the permissions are modified by hand and the files moved there manually, there seems to be an issue with the off-line files feature for those as well.
There is good documentation on the permission required and on how the folder redirection extension itself works. For those interested, you can use ADUC to view the ENTNEM "Redirect" OU to see how Steve is planning to use a loopback policy to control this feature. He is planning to use a group-controlled logon script to map a drive to each user's folder on the new file server. Additionally, Steve plans to try and sell the idea of redirecting "My Documents" for many as well. That will be controlled via membership in a different security group, as folder redirection can be applied variously by group membership in the advanced settings of that group policy. Using a merged computer loopback policy will allow Steve to control exactly which computers have folders redirected and the group membership will control which users are involved. The additional drive mapping will handle access to server-based storage for those using folder direction when they are logged onto machines outside the redirection OU.
Steve is struggling with what letters to use in mapping the various "public", "unit" and "user" locations which the new file server will provide. He wishes that the ICC could agree on some standard for that, but in its absence currently plans to use "P:" for public, "T:" for Unit and "U:" for users.
New SQL Server
This is in production. Richard Lee is the one to contact for those wishing to move things there. Dennis Brown mentioned that he has installed SharePoint services at the request of a faculty member and that he might want to use the IFAS SQL server for the backend database on that.
Remedy Project Update
Since our last meeting, on March 30th, Dwight sent the following notice to the ICC-L preparing IT support folks for the official public announcement of the Remedy system:
ICC,
We plan to officially announce the Remedy ticketing system to all
IFAS early next week. This system provides a web interface at
http://support.ifas.ufl.edu for users to request help in solving
an IT issue. There is an administrator interface as well at
http://remedy.ifas.ufl.edu and all OU administrators should now
have access to that.
The Remedy system has been modified to allow OU administrators to
control the assignment and notification of tickets created by
their own users. This may now be done via the web interface at
http://remedyassign.ifas.ufl.edu. To use this site, you must
logon with your ufad\if-admn credentials. From there you find your
GatorLink username, select it, and are given the various routing
options which you may control.
Currently the IFAS Helpdesk is assigned all tickets. If you wish,
you may pick a single administrator (some units have more than one)
to receive those. If that is done, any tickets your users generate
will be assigned to that administrator. E-mail notification is always
made to whoever is assigned the ticket. No matter who is assigned
(either the Help Desk or some other administrator in your group) you
may elect to receive an e-mail notification whenever one of your
clients creates a ticket.
The assignment and notification can be changed at any time. You may
find this useful, for example, when you go on vacation. If you want
to be part of the Remedy ticketing system, please investigate the
above sites and familiarize yourself with them. IFAS IT will be
requesting that all incoming issues be resolved using the Remedy
system. If you have any questions or problems please let me know.
-Dwight Jesseman
On April 4th, Dan Cromer sent the following message to IFAS-ALL announcing the availability of this system:
Dear IFAS Colleagues,
The IFAS Office of Information Technology is pleased to announce
a new service for our clients. In a collaborative effort with the
UF Help Desk and with other IFAS unit technical support staff, we
are now able to offer the "Remedy" Problem Ticket and Tracking System,
for the routing and resolving of your IT issues. With the Remedy
system, your issue will be assigned a ticket number. You can use
the number to follow the tickets progress and resolution.
Your ticket will be first handled by the UF Help Desk, the IFAS
Help Desk or your local IT support person. If a first level
technician is unable to resolve your issue, it will be escalated to
the next level technician until resolution. The ticketing system
allows for a case to be built on your issue. The ticket records
every technician who works on the ticket and includes the answer to
your problem when it becomes available. Closed tickets can be
reopened if a problem reoccurs, so you do not have to start over with
an existing problem.
If you have an IT problem that needs to be resolved, you have
several options to create a Remedy ticket. You can do it yourself
online by visiting http://support.ifas.ufl.edu and filling in the
problem form. Other choices are to send an e-mail to the IFAS Help
Desk, help@ifas.ufl.edu; call the IFAS Help Desk (352) 392-INFO (4636);
e-mail the UF Help Desk, help@ufl.edu; or call the UF Help Desk
(352) 392-HELP (4357).
Contact the IFAS Help Desk for further assistance if needed.
Dan
--
Daniel H Cromer Jr
Acting Director Information Technology
University of Florida IFAS
Steve noted that he had heard few issues with this. Apparently, Kevin Hill had some problems initially with access to the web interface at http://remedyassign.ifas.ufl.edu for controlling the assignment and notification of tickets. Other than that matter, which has been resolved, all seems well. Steve mentioned that has not started pushing his users toward that system, which likely explains why he has gotten no notifications yet of any tickets being submitted from users in his OU.
Dwight reported that the use of this system did indeed increase after the notification. Dwight urged the ICCers to encourage their users to submit IT issues via this trouble ticket system. Its success will depend on its being used, and if the tickets are handled well and properly escalated (as is expected) the end users should see a big benefit--as should we all. Dwight mentioned that he has not yet begun to redirect support requests to this system, but certainly expects to. Steve said that anything which helped IT/SA control their volume of support e-mail via Help Desk triage would be a welcome move.
Exit processes, NMB and permission removal
Prior exit procedure discussion. Steve said he had not heard where Dean Delker is on developing the documentation which Dan Cromer has designated as the first step in moving this matter along.
Dennis Brown mentioned that he has been getting the ARS Job Action Emails as detailed in a notice forwarded to the ICC by Dan Cromer back in February:
From: Craig, Diane
Sent: Thursday, February 23, 2006 2:32 PM
To: Craig, Diane
Cc: . OFA-ERP Sec-Admin
Subject: ARS Job Action Emails to Begin Next Week
Bridges has completed the testing of the automated job action emails for the
Access Request System (ARS). The first emails will be based on Friday's data
and delivered on Saturday morning. Because the email is triggered by selected
job action reasons (i.e., termination, change in department, retirement, etc.)
you may or may not have an email on Monday morning when you arrive at work.
When you receive an ARS job action email, please remember to reply to the
email, letting us know what action you have taken or with an explanation of
why no action was required. If we do not receive this information from you
within five (5) business days, the individual's security may be disrupted.
Another change made today that we think you will like is that the DSA list on
the My Roles page in myUFL and the Bridges Security Web site
(http://www.bridges.ufl.edu/security/DSA.pdf) is now in DeptID order.
Please call or email if you have any questions. Thank you for your continued
patience and support while we work to improve ARS.
UF Bridges Security
Bridges-Security@admin.ufl.edu
(352) 273-1019
Again, you may want to ask your Department Security Admistrator if they will forward those items along to you so you are better informed of personnel entering and exiting your department.
Steve also mentioned that Nancy Hodge sent out a e-mail recently with information that is pertinent to all Directory Coordinators:
Please note that effective April 21st I will no longer have my cell
phone, 352-316-1704. I've been issued a desk phone and can be reached
at 352-273-1388.
When a person terminates or transfers from your department please
remember to remove any relationships that you manually entered for that
individual, such as Departmental Associate, Consultant, etc. Payroll
driven relationships (TEAMS, Faculty, etc.) will automatically be
removed once the final process is complete. When a person transfers the
Network Managed By relationship can be changed by the new department
once you see your Dept ID on that individuals record.
For those of you in Core offices please be sure that prior to
inactivating a duplicate record the relationships are removed, and
remember to send me an email.
Thanks, and let me know if you have any questions.
Nancy
<>< <>< <>< <>< <><
Nancy R. Hodge
Directory Administrator
UF/Bridges
P.O. Box 113359
Gainesville, FL 32611-3359
Phone: (352) 273-1388
Fax: (352) 273-1009
nhodge@ufl.edu
Nancy coordinates the UF Directory management and is very responsive in Steve's experience. You may want to make sure your Directory Coordinators are familiar with the above notice and know that Nancy is there to help with their questions.
Chris Hughes pointed out that the Network Managed By (NMB) relationship is one of those non-automatic relationships which departments need to manage for themselves. Mark Ross said that there are difficulties in managing that, especially for people who have duties across OUs. One example of that, mentioned by Steve, are those within the Doctor of Plant Medicine (DPM) program. Most of those are housed within PLP, but Steve has been relating a few to his department when they are housed and working in Entomology. Another example, given by Mark, is students who are members of a particular department but who do the majority of their work at a REC. There will be instances where there really is no "right" answer on how to relate certain individuals.
Vista TAP
As per an announcement by Mike Conlon which was forwarded by Mike Kanofsky on April 6th, Vista TAP participation for system admins at UF is now two-tiered. Microsoft wants access to http://connect.microsoft.com to be more limited and the implementation of that will be to create a formal "Vista TAP group". If you want access you must join that group. The prerequisite is a donation of .25 FTE.
Chris Hughes stated that at least two people are supposed to be members of the formal Vista TAP group. Chris will be on that, as will Torrence Zellner of the IFAS Help Desk (this latter being a note from the future, as it was decided later that day at the IT/SA staff meeting). Others willing to donate time and wishing to participate are welcome; you may contact Dom Vila (dvila@ufl.edu) concerning that.
Kevin Hill asked if we can get builds from Chris when they are released. Chris reported that the builds are limited to 10 installs per key and that the keys are associated to memberships in the Connect site. Apparently it has always been this way, though that hadn't been realized prior. This means that Chris cannot dole those out to others or he wouldn't have enough to do his own work. Chris did mention that MSDN is another source of these builds if you have a subscription there.
Chris will instead develop a virtual PC image which will be distributed out. Individuals can then test that via a Virtual PC player that is not yet available. That will ensure that everyone is working off the same image for installation and testing. In a couple of months there will also be builds available, at least on campus, via SMS. Perhaps Remote Desktop access can be provided to some on-campus test machines for access by remote IT support staff--that would at least give them a way to keep in touch with what should eventually be available remotely as well as the SMS development progresses.
There are both weekly and monthly UF Vista TAP meetings. There is lab work Tuesdays and Thursdays for members of the official Vista TAP group.
Chris reported that VirusScan does not work with the current version of Vista, but the VirusScan 8.5 beta is supposed to work with the May release. Also, Windows Defender blocks vbscripts so our admin scripts, for example, do not run. We will be able to change the defaults on that to get around the problem. Chris also warned against joining a Vista machine to the domain. Our license states that we can not use these releases in a production environment and it could cause problems if you used such a machine to edit GPOs, as Vista changes the format of those. If anyone has a 64-bit machine that could be donated temporarily for testing, Chris really needs one. IFAS IT does not have the resources to provide such a machine for testing.
Removal of WINS
Chris Hughes reported that the logon scripts have all been changed to use non-WINS names. The next step is to put out the login script, which still needs a bit of testing because it's pointing to the new SQL server. Hopefully, it won't be much longer before our trial removal may begin.
Listserv confirm settings
Chris Leopold has been getting the impression from some (e.g., the VP's administrative assistant) that they will disapprove of moving all lists to use confirm settings. Dan Cromer re-iterated that approval has been obtained from administration for doing this, and we are still awaiting documentation prior to any notification and implementation steps. Dan expects this project to continue as planned, but that there will be some education necessary for our users.
New IFAS IP Plan
Chris Leopold provided handouts, one of which contained the following general information on this project:
- Purpose
The purpose of this project is to make IFAS compliant with the "Uf Network and Host Security Standard and Procedures" as outlined in the document at http://www.it.ufl.edu/policies/security/uf-it-sec-network.html.
- Goal
The goal of this project will be to re-number approximately 2800 on-campus IFAS hosts to Private IP and to breakup the "IFAS Farm Area", networks 134.0/24 and 135.0/24, into 11 broadcast domains within a six week time frame from project start.
- Implementation>
IFAS is requesting the use of three consecutive /24 public IP address spaces (preferably starting at a natural boundary) and an appropriately sized private IP address space for all IFAS broadcast domains. In exchange for this, IFAS will agree to return no less than 13 x /24, 1 x /25 and 1 x /28 networks that are currently being utilized as public IP address space.
- Issues
At the end of this project, IFAS would have added approximately 1700 hosts to the NAT boundary space.
- Handouts
Chris reported that, two weeks ago, he and Wayne Hyde had conversations with CNS, Marcus Morgan, Dan Miller and Nancy Watson. In that meeting, they discussed the plan and Chris outlined what he thought IFAS needed for our various on-campus subnets. The end result was that we are going to get exactly what we had asked for on the public side (3 consecutively numbered /24 networks starting at a natural /24 boundary). On the public side, we were not able to get all consecutive ranges due to the way CNS is splitting the 10.242/12 space into /16's aggregated behind each core router. Since IFAS has locations behind various core routers, the private address space will not be contiguous.
Overall, Chris is very happy with the numbering details as presented here. Each unit will get a /23 private space for at least 510 hosts, and probably 14 public hosts, which should give everyone considerable breathing room. The numbers have already been added as secondary addresses on each individual interface--at least on the private side. Consequently, we can start moving our DHCP in that direction, excluding the old numbers while leaving the old reservations intact. As early as next week, you may start to see new numbers popping up on your network.
There are other projects related to this one, including moving all printer and machines having static IPs to DHCP reservations with dynamic DNS updates. (This is another note from the future. At the ICC meeting they were thinking of making manual DNS entries, but by the afternoon staff meetings the issues they envisioned with dynamic DNS were resolved.) This should also involve using full qualified domain names for ports on print queues rather than using IP addresses; that will make future IP changes much easier to accomplish.
Chris asked each of the on-campus units to begin looking at their broadcast domains and to begin considering what absolutely must have public numbers. If you have a web server, consider moving it over into building 120 to be housed there; by May 6th we should have the power issue there resolved. All file servers, printers and hosts should go private. Polycom units are a possible exception.
Some discussion followed on why Polycom units need public numbers. Chris has tried to argue to Tom Hintz that those units could use private numbers, but with little success. Technically, public numbers would only be needed if they were to be involved with non-gatekeeper conferences outside the UF system. Currently, the Gatekeeper is viewed as having some liabilities which argue against reliance on that for outside communications.
Kevin Hill asked for and obtained confirmation that renumbering was not intended for remotes sites. Chris Leopold mentioned that CNS requires wallplate participation for anyone wanting to use QoS. Even though we have the equipment to provide that (for example in the ICS conference room as requested by Ashley Wood), they have so-far refused to implement it. Allan Burrage asked whether CREC would have to renumber were they to move from point-to-point to a cable modem or DSL. Chris said that he believes CNS would refuse them public numbers on the UF space if they tried to make that move. Mike Armstrong questioned why they couldn't just do a VPN and keep all their present numbering. Chris said that in the past CNS has refused to route through an ISP's LEC space and push public numbers down a VPN.
Mark Ross requested that PLP and EnvHort be split into two subnets when the renumbering occurred. The current plan lists them as being together, just as they are now. Chris said that he could do that.
Move to IF-SRV-WEB
Steve noted that there is always discussion on this topic at the IT/SA staff meetings. Chris Leopold confirmed that this is progressing, but slowing. He had some discussions with Marshall Pierce and Chang Lin this morning about the need to make an announcement to web admins concerning testing the "-dev" versions of each site on the new web server. They assured him they would be ready by next week. Chris plans to use the e-mail enabled website admin security groups to send out notification, initially for the first 50 sites on if-srv-web02. When and how the process proceeds to the next group will depend on how handling of the initial set goes.
Ligia Ortega wanted to make sure that any announcement made it clear that this move was completely separate from the templates which her office will be providing for the Solutions for Your Life look and feel. Chris said that he would provide the intended notice for Ligia's approval prior to sending that out.
Re-enabling the Windows firewall
Wayne said that this has to wait on the IP renumbering, but he would like to implement that. Kevin Hill mentioned that the firewall changes in Vista are considerable and that we may want to wait for that. Others mentioned that we are going to have plenty of WinXP machines for quite some time. Firewalls can be problematic in breaking things, but are still a good idea in providing another layer of security. There is a trade-off there which we will likely have to continually evaluate when we begin implementation. Incorrectly configured third-party firewalls are a continuing problem for Wayne and he hopes that standardizing on the Windows firewall might allow us to move folks away from those other options.
Operations
Joe Spooner: an RSS to HTML reader is almost ready for production
This application allows people who are not very technically oriented to add dynamic information to their own websites from any standards-compliant RSS feed. The website they have created generates javascript for an RSS feed which can be pasted into a website, with the result being the generation of a CSS-compliant html view of the provided info. Being CSS-compliant, you can style it anyway you wish.
The link to this utility is posted on the secure portion of the ICC website under the tools section at the bottom (ufad\if-admn credentials required). Hassan Rasheed, Joe Spooner's OPS programmer, has done a wonderful job on this application using .Net 2.0 that plays off an open source library which processes RSS feeds. It has been load-tested with about 4000 connections and seems to scale just fine. The source code is documented and is available for whoever may want it. Joe also mentioned that this could generate your own XML database, using perhaps FrontPage, which supports that. (Chris Hughes noted, however, that FrontPage is being dropped by Microsoft.) By posting that XML data on some website, one could then become an RSS provider as well. Steve would like to do this for the ICC news page eventually.
Please check out this utility at your leisure and give it a test. If the ICC thinks it is useful we can, perhaps, take this to ITPAC and then move it from test to production mode.
Dwight Jesseman: SMTPTracker status update
SMTPTracker has been turned off to help Microsoft diagnose a problem we have been experience where out SMTP service hangs. It has been two weeks since Dwight made some recommended registry changes on the server which Microsoft hopes will alleviate our problems. Microsoft has one crash dump on the problem and wants another, but we haven't had the problem since the registry change so Dwight is waiting. Once that is all resolved, SMTPTracker will be re-enabled.
SMTPTracker is obviously not the problem, or at least the entire problem, because we have had crashes in the service since its removal. Microsoft requested its removal, however, to simplify testing and problem resolution. The symptoms people will see as a result of its currently being disabled will include some listserv messages going to the Junk E-mail folder and the Gatorlink SpamAssassin scores not being honored.
Dwight also mentioned that anti-virus software has been removed from our front-end servers at Microsoft's recommendation.
Wayne Hyde: P2P management
Wayne gets a couple of hosts a month that are infected via P2P downloads. He intends to create a GPO exclusion list to prevent Kazaa, Limewire and WinMX from running. McAfee is set to block those, but that is not working for some reason. We currently have about 30 machines that have Kazaa installed, 30 with Limewire, and 20 with WinMX. No ICCers had any problem with Wayne's plans.
ePO issues and our machine naming convention
Wayne related that we have upgraded to ePO 3.6, but are anxiously awaiting version 4 because there are still problems with adding new machines to their proper OU after the original synchronization. New computers, unfortunately, go into lost and found where Wayne is left with the problem of figuring out where they should go and moving them. The fact that many machines do not follow an "if-OU" prefixed naming convention makes this quite difficult.
Wayne also had to make a change to allow network load-balance machines to appear correctly, but that fix caused many duplicate computer entries to be created which he has been busy trying to eliminate. Currently we have 3000 computers with agents and 1476 computers without agents. This means there are either a lot of dead computer objects in UFAD or there is some other agent installation issue. There are some issues with agent installations which Wayne is investigating.
Kevin Hill mentioned having problems with the client software installing automatically via the client install task. This may be a widespread issue that just hasn't been noticed because most install the client manually initially. Wayne asked Kevin to get with him later on that matter.
Wayne Hyde: McAfee configuration - quarantine vs. delete
Steve wanted the ICC to discuss this matter since a bad dat file could cause problems by wholesale deleting of files when machines are set to delete. Unless a on-demand scan is run, this generally isn't too bad a problem--and those are generally disabled, but some OUs do have those implemented and this problem is something to consider. With quarantine as opposed to delete, the cleanup can be considerably simplified. Wayne mentioned that we would have to manage the size of quarantine folders if we went that route.
Third-party software updates - a continuing problem
We had a brief discussion on this matter. Chris Hughes suspects SMS will help considerably with the matter. The Macromedia updates which Wayne pushed out had problems due to the installation being on replicated DFS shares. Due to temporary site modifications which Mike Kanofsky had made during DC rebuilds, a number of on-campus machines were going to a remote MPS and trying to pull those large updates over a small bandwidth connection. This caused (and apparently continues to cause) some very slow machine startups when a machine attempts to pull that patch.
DHCP Callout
Steve related that the UF security group was looking into StillSecure Safe Access as a solution here. Wayne said that they have since ruled this out. Mike Armstrong said that they had looked at that package, but liked Campus Manager much better. Unfortunately, the cost was prohibitive. Mark Ross mentioned that this should be escalated to CNS to see if a better pricing might be negotiated centrally.
Steve also related that John Sawyer believes CNS may donate or offer the service of some older BlueSocket boxes for remote sites. John told Steve that he needs to follow up with Matt Grover but that this sounded feasible. John reported that he had no clue as to the software upgrade and yearly maintenance costs for that though.
Other Discussion
Dennis Brown asked if "ufl.edu" could be added to a default "safe senders" list in Outlook, but this seems to be somewhere between impossible and very difficult to do.
The meeting was adjourned 10 minutes early at 11:50am and a number of us went to On The Border for lunch.
|