IFAS COMPUTER COORDINATORS
NOTES FROM May 11th 2007 REGULAR MEETING
A meeting of the ICC was held on Friday, May 11th, 2007. The meeting was chaired and called to order by Steve Lasley, at about 10:02 a.m. in the ICS conference room.
PRESENT: Nineteen members participated.
Remote participants: Mari Jayne Frederick, Joel Parlin, Mike Ryabin, Louise Ryan, and A. D. Walker.
David Bauldree, Dennis Brown, Andrew Carey, Lance Cozart, Dan Cromer, Marion Douglas, Wayne Hyde, Dwight Jesseman, Nancy Johnson, Winnie Lante, Steve Lasley, Chris Leopold, Mark Ross, and Wendy Williams.
STREAMING AUDIO: available here
Agendas were distributed, and the meeting began roughly on time.
Steve reported that he knew of no new members or other personnel changes since our April meeting
Recap since last meeting:
As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.
Report from the May 3rd ITPAC meeting
Details are available in the ITPAC meetings notes, but there was some discussion at the ICC about the choice of Elluminate as a collaboration solution for UF. Mari Jayne Frederick from TREC mentioned that they use Elluminate at Nova Southeastern University (NSU) for courses which she is taking there. She is quite familiar with it via use there and believes it is a great tool. MJ related that NSU has theirs integrated with WebCT just as UF intends. Mike Ryabin in Ft. Lauderdale mentioned that they had just had a demo of Elluminate and that the people there who saw that liked it. Mike believes it is definitely a step up from NetMeeting for use with Polycom videoconference support. Mike said that one great feature is that the system can adapt to different data rates among participants from dial-up to broadband.
Steve also noted that 4H and AT are joining to get a redundant pair of Polycom RSS 2000 streaming servers. Dan Cromer said that this facility is supposed to be available to all. The system works by having the server join a conference as an end point. It then streams out the videoconference over the Internet while recording it at the same time. This would have great utility for the ICC as it would allow remote users w/o Polycom to obtain the video/audio stream via Windows Media Player. Use of data plus content would then permit us to eliminate our current streaming and NetMeeting desktop sharing methods.
Report from the May 10th ITAC-NI meeting
Steve pointed folks to his notes from this meeting. Steve encouraged everyone to take a close look at the Wall-plate Project Plan web site, become familiar with the details of the proposal, and speak with their chairs about how this would impact their unit.
Steve mentioned a couple of areas of concern regarding how this is taking place. First of all, the process is not being faithful to the earlier discussion regarding the port allocation model (i.e., the basic subscription rate). Rather than develop an algorithm based on location and function, they have apparently fallen back to giving units a base allocation founded on a cursory "active port count". This certainly facilitates moving forward, but it means that the more active ports a unit is currently using, the more they will get paid for off the top. Since the active port count which was done overlooked non-managed workgroup switches (i.e., they did not perform any sort of DHCP MAC census) there will have to be some negotiation as to what actual "active port" counts may be. If additional ports are on a charge basis ($5/port/month was discussed), the cost of growth down-the-road for some units may be considerable. That aspect has not been clarified, however, and perhaps such growth will be accommodated via central funding. The point is that we have to decide on some basic subscription level at some point to prohibit wasteful proliferation. That needs to be made clear right from the start so that units can make the best decision regarding opt-in/opt-out.
The second major concern is that no service level agreement has been drafted or discussed; this is in contrast to quality of service being the first of two central focuses for IT reorganization efforts at UF. With the potential for enforcing port allocation by denying ad hoc workgroup switch implementation, the trade-off between security and flexibility should be made very clear from the start. Given that the initial cost to a unit of having all ports individually managed is (very roughly) 10 times greater (i.e., cost of new drop vs. a $20 switch), we need to carefully evaluate the security vs. flexibility issue. How long would it take to get an ad hoc temporary workgroup switch implemented under such a scheme? This would be necessary on occasion in order to compensate for the lead-time required in providing new wiring drops back to the managed switches. Wiring is the responsibility of the department and a new drop can take anywhere from a few days to a few weeks depending on the current situation.
Dan Cromer mentioned that he will be having a meeting this afternoon with Marc Hoit, John Madey and Tim Fitzpatrick regarding the requirement of wallplate for VoIP. Dan feels there is no technical reason why VoIP can't be supported through our HP switches. As a fall-back, we should at least be allowed to purchase Cisco switches and implement VoIP where needed rather than have to wait up to three or four years for wallplate implementation at our various on-campus locations.
Steve asked Dan whether he knew if John Madey was going to the department level (e.g., Entomology) with the proposal or to the IFAS level. Dan did not know for certain, but assumed that the departments would be contacted directly in addition to upper IFAS administration. The promise of migration to VoIP vs. the potential inability to do so if a unit opts-out will be one of the weightier decisions for each unit to make. If one does not opt for VoIP initially, they would have to wait for the 5-year replacement cycle (which could potentially be 8-9 years from now for some units) to be able to consider VoIP. That is not something to take lightly. UF wants to move everyone to VoIP to save what are currently $350K per year Centrex costs.
Mike Ryabin asked about what this campus VoIP implementation might mean for them at Ft. Lauderdale. While the wall-plate project is currently limited to on-campus units, Dan Cromer mentioned that a number of RECs are in the process of getting 100MB high-speed connection upgrades to FLR via local providers like Bright House Networks (a central Florida provider with a 1GB connection to FLR). This is in the process at Lake Alfred, Apopka, Wimauma and Plant City. These sorts of upgrades should make VoIP feasible at those sites, and Ft. Lauderdale could, potentially, get a similar connection to FLR as well. Both Mark Ross and Dan Cromer commented that VoIP systems are clearly more expensive than alternatives currently, but VoIP is the direction UF is headed.
Chris Leopold mentioned that there are many IFAS buildings which are not listed on the current three year schedule, so he believes this is actually at least a 4-year plan. This area around ICS Building 116, where our meetings are held, is a prime example.
Dennis Brown asked whether VoIP phones would require an additional network drop. Chris Leopold explained that the phone would plug into the existing drop and the computer would chain off the phone. The phone is a trunk device and they send two broadcast domains down a single wire; your phone registers with the QoS network and your PC registers with the data network. Steve pointed out that this is the rationale behind the 2nd question which will be asked of units concerning participation: "Do you wish to have 10/100 or GB (gigabit) to the desktop?". If you want GB to your PC you will need to pay for a very expensive GB phone. Dennis suggested that phone costs may come down, but Steve pointed out that even when standard non-Cisco VoIP phones are supported (which they will be eventually) there is still the $100 Call Manager license to consider; that sets a minimum phone cost right there even if handsets themselves were free.
IT Governance sub-committee status report
Steve knew of no movement to report on this front.
Recommendation: autogroups for *selected* roles
This item was not discussed but is being kept on the agenda for future consideration. Basic role autogroups are now in place within UFAD.
Split DNS solution for UFAD problems
Apparently, no further movement has occurred on this matter since the issue was raised. It is an important but difficult matter to address, which the UFAD admins are aware of and which they hope to find the time and a way to correct.
UF Calendar Project
Wendy Williams gave a brief update, saying that this committee is meeting every two weeks and that they have a very ambitious agenda. Two individuals have volunteered to set up open source test systems; Clint Collins of the Bureau of Economic and Business Research will be running Zimbra and Craig Lee of Journalism will be running UNL Event Publisher. Those demos are to be in four weeks, but Wendy will not be able to make that meeting. Wendy believes the scope of this project is extremely broad, expecting to cover events down to the course level. They also plan to distribute out the ability to add events and the control/monitoring of that is a concern to Wendy. Mark Ross once again voiced his concern with open source software; he is facing three web applications which were developed using open source and which are now abandoned.
SharePoint Test Site
Ben Beach was out sick but Chris Leopold mentioned he had been looking into all the cool templates which are available. Steve had looked into adding a web part to the ICC section which would display the ICC web site, but noticed he did not have the permissions to attempt that. Mark Ross mentioned that the main thing we need to do is decide what we want MOSS to do.
Virtualization of Core Services
Wayne Hyde talked about the status of his efforts. The main problem with providing redundancy for our file server via virtualization, is replicating the data via DFS. The staging area for that must be large enough to hold the four largest files. Unfortunately, we have some huge files kept (likely inappropriately) on our server.
Chris Leopold said that he is very bullish on the potential benefits of virtualization. We may, for example, be able to combine our MPS and DC functions at remote sites into more flexible virtualized services on a single box. Wayne mentioned that we hope to buy a second virtual host server from the hardware savings of virtualizing many of our current servers.
Wayne is in the process of upgrading to WSUS 3.0 and it is not going particularly well so far. An in-place upgrade did not work and the original 32-bit build has .NET related performance issues regarding CPU utilization. This causes it to reject clients at times, though they eventually connect. Wayne is now attempting a 64-bit version to see how that goes. In any case, WSUS 3.0 is working and it promises to address the svchost 100% CPU utilization issue by pushing out a new improved WUA client. There have been some reports that the hotfix and new Windows Update Agent are not working for all.
IFAS WebDAV implementation
As was the case last several meetings, Steve passed over discussion on this project because he is aware that no movement has occurred in getting this documented.
Vista TAP and Vista Deployment via SMS and WDS
Steve stated that the Mark Minasi seminar was wonderful and that it was possibly the best thing along those lines that UF had ever done for the IT community. Most of the ICCers present had attended and all agreed. Steve asked Dan Cromer where/how the ICC might formally express our appreciation for that. Dan thought it appropriate for the ICC to e-mail a statement to Marc Hoit. The event was coordinated by Fedro Zazueta's assistant, Anne Allen, and she certain deserves a round of thanks; Dan suggested cc'ing Fedro with the message to Marc. Steve said that he will do so on behalf of us all.
Mike Ryabin asked if any of the materials from the seminar could be made available. Because of copyright, the only real solution there would be to loan around one or more of the available hard copies which attendees received. Certain of the sections of Mark Minasi's talk are covered, in even greater detail, in his newsletters. In particular, the discussions on Bitlocker and Vista deployment are well-covered in issues #59-62. As an alternative source, the topic of Windows Vista User Account Control is well-covered in a TechNet article by Mark Russinovich. There is also a good BitLocker article available, by Byron Hynes who co-authored "Administering Windows Vista Security: The Big Surprises" with Mark Minasi. Services Hardening in Windows Vista is another topic which was covered and for which good alterative coverage is available. Physical security with PnP is covered by Jeremy Moskowitz in another TechNet Magazine article, "Managing Hardware Restrictions via Group Policy". While at it, Jesper Johansson's article "New ACLs Improve Security in Windows Vista" is well worth a read; it covers a few details which Mark omitted.
Steve mentioned that we might also schedule a videoconference discussion forum on the matter if there was sufficient interest.
Lenovo and GovConnection Contract
This matter is/was not a project item, but Nancy Johnson took this opportunity to mention that she has been trying to coordinate the dispersal of information regarding this contract. Steve expressed his appreciation for the information she has forwarded to the ICC on the matter. Donna Doty has yet to post information on the Purchasing Site concerning this new contract, so details are difficult to come. Nancy has made some materials available which I have now moved to the ICC site. There is a spreadsheet of the available Lenovo configurations, and a datasheet on the HP Compaq 8710w Mobile Workstation. The HP laptop has a 17" screen, which is something that Nancy is looking for, but it won't be available until June or so. Lenovo does not have a laptop with such a screen.
Note from future: some HP and GovConnections (Lenovo) materials have now been posted on the UF purchasing site. Also, a DDD was released detailing this contract as well as another for office supplies via Mr. Paper and Office Depot.
Nancy said that Lenovo is willing to configure with an image we supply, but the UF image of Vista is not yet ready. They are also willing to ship with WinXP in the meantime. Also, in lieu of further information, you can always contact Jacqueline Micklos, our HP Sales Rep, directly for system quotes.
New IFAS IP Plan
Chris Leopold related that subnet 4 (the Livestock Pavilion and Animal Science) is the last public subnet yet to be returned. There are about 30 hosts with public numbers and Chris needs to get with Larry Treadaway and David McKinney to make the arrangements about moving those.
Move to IF-SRV-WEB
Mark Ross reported that the move is complete and FTP is turned off on our web server. The active sites which were broken by the move have been fixed for the most part. There are likely some less-used broken sites which haven't been noticed yet. This all means that we have another project complete and off our list; kudos to Mark!
Mark mentioned that he is working with the software group to come up with a set of documentation requirements for those needing custom applications. A number of sites were developed as custom applications, the developer is long gone, and no documentation exists to aid in fixing problems or continuing maintenance of such sites. Mark wanted the ICCers aware so they could relay this to any of their users that might be affected.
Exit processes, NMB and permission removal
Prior exit procedure discussion. Progress on this is still pending. We remain where we have been for quite some time. Dan Cromer did mention that it is his intention to have a new IFAS database developed which would extend, but not duplicate, the information available via Biztalk from PeopleSoft. Specifically, however, Dan wanted to know how best to manage continuing IFAS mailboxes for faculty who retire but do not have Emeritis status. It was decided that this was not a technical issue and that the ability to handle this via the assignment of "Departmental Associate" and NMB by the units could take care of the matter. The rest of that is an administrative issue of how such details are incorporated into the exit processes.
Discussion continued on how to eventually remove folks. Dan mentioned that Mike Conlon is working on a solution for that whereby certain categories will require periodic renewals to remain active.
We also briefly discussed the status of .pst files on the file server. Although, at the last ITPAC, Mike Conlon related that he uses .pst files from a server in order to maintain his own high-volume account at a reasonable 500MB quota level, Steve wanted to make it clear that Microsoft does not support .pst files on network shares. This leaves us in quite a dilemma over how to manage things long term without an e-mail archival solution.
Listserv confirm settings
Administration has finally agreed with the Feb 05 ICC and May 05 ITPAC recommendations. This has been or is being implemented on all of our lists--including the IFAS-ALL-L.
Job Matrix Update status
Chris Leopold has published a new matrix which he would like us to study and comment on. Steve would like this extended to cover, on as granular a basis as practical, the technical IT contacts for a wide variety of issues. He would also like it to be kept up-to-date and for changes to be announced via ICC-L notification. We want to make our support processes as efficient as possible, including using the Help Desk where appropriate, but allowing direct assignment of tickets which would be simply reassigned by the Help Desk in any case. What Chris needs to know, is how best to break these services down into categories that would indicate to unit IT support how to proceed most efficiently in obtaining support.
Public folder file deletion policies and procedures status
Movement on this is apparently still pending.
Office 2007 issues
There were no new issues, however, Steve did mention that he had updated the Office install sites (ufad\if-admn credentials required), for both Office 2003 and 2007, with the latest patches.
Steve noted that he has added some documentation regarding our e-mail services (ufad\if-admn credentials required). One item discusses the off-line address book and potential sending problems for Outlook MAPI senders when people with whom they correspond move from using Gatorlink to having an Exchange mailbox and vice versa. Another is the beginnings of a section on configuring handheld devices to access Exchange. Finally, Steve has a page on configuring LDAP directory access to UFAD. Specifically, Steve describes a way to set up students (those without an IFAS mailbox who are using Outlook with Gatorlink via IMAP) to utilize the GAL for name checking. Dwight has previously documented LDAP configuration for Outlook Express.
Steve mentioned that he has certain users that are experiencing intermittent, but very annoying, slowness within Outlook. From what little Steve has been able to glean so far, the symptom is that Outlook begins using a very large portion of the CPU time; no other processes are hogging the CPU at all. During those times, the Outlook interface becomes non-responsive. Sometimes the delay is simply 10-20 seconds switching a preview from one message to another; other times the delay is minutes. If you kill the Outlook process and restart, sometimes things are fine again, and sometimes they are not; eventually, however, the problem will return in a few minutes or a few hours. It will likewise, resume normal function on its own as well. Because of the timing of this appearing Steve wonders if one of this week's patches might be responsible, but has seen no similar notices on the patch management list. Consequently, Steve is at a loss on how to proceed. Dwight has determined that the server is not the issue. If any others of you notice this, Steve would appreciate it if you would please share your experiences with the ICC so we can perhaps work together on identifying the problem and a solution.
Note from the future: By the weekend, reports had started to appear which implicated the latest IE patch. This happens only with Outlook 2003 and then only on machines which have IE7 and which have received the spyware block list via logon script (ufad\if-admn credentials required). Apparently, the problems with this patch are all rooted in having a large ZoneMap with many URLs in the Restricted Sites Zone. It has been confirmed that uninstalling the update fixes the issue and that Outlook 2007 does not have the issue. The only way to keep the update and avoid the slowness with Outlook 2003 is to set Outlook to start at the "Outlook Today" page:
- In the Navigation Pane (Navigation Pane: The column on the left side of the Outlook window that includes panes such as Shortcuts or Mail and the shortcuts or folders within each pane. Click a folder to show the items in the folder.), click Outlook Today.
On the Outlook Today page, click Customize Outlook Today.
Select the When starting, go directly to Outlook Today check box.
Click Save Changes
- If you use an Exchange server account, you'll see Mailbox - Your name.
- If you use a Personal Folders file (.pst) (Personal Folders file (.pst): Data file that stores your messages and other items on your computer. You can assign a .pst file to be the default delivery location for e-mail messages. You can use a .pst to organize and back up items for safekeeping.) as your mailbox, you'll see name of the .pst.
- Note You may have more than one .pst. If so, the one that is the default delivery location is the one with .
It hardly seems possible that this avoids the issue, but it does--the mechanism of that fix is not understood AFAIK. There is no indication that Microsoft intends to address this issue further, so the above fix may be needed until we can move affected users to Office 2007.
Interestingly enough, the most recent post on this issue which I could find does not mention this fix, but does provide more details of the why and how of this problem.
Free Microsoft Exams
Chris Hughes had let Steve know that Microsoft is offering a free exam for first-time students and faculty. He thought that some people in our departments might be interested. David Burdette from CNS is going to add it to the IT Academy documentation sometime soon also. Steve wanted to thank Chris for sharing that.
The meeting was adjourned on time at about noon.