ICC Home / Members / Meetings / Peer Support / Documentation / Projects
|IT Taskforce 2005 recommendations to be forwarded to ITPAC for review prior to publication.|
|All IT Listserv lists to be configured for "confirm".|
|Convert GAL display names to lastname, firstname format.
Standardize all e-mail accounts to
Ashley Wood to create a standardized e-mail signature block template.
Win 98 to be phased out.
|IFAS IT support two e-mail clients, OWA and Outlook.|
|Support IFAS OU Design Agreement
IFAS e-mail accounts forwarded for one year
|Policy set to authorize central IT to install anti-virus, security patching, and other approved management software on IFAS computers.|
|Remove GNV e-mail addresses.
No longer support POP protocol except for those users requiring it be available for cell-phone access to Exchange.
|ICC receive notice of software plans, and be given access to the software, 14 days prior to implementation when possible.|
|Policy for implementing e-mail anti-spam procedures.
ITPAC Chair to send all formal ITPAC recommendations to VP's office by memo.
|Endorsed the revised AD budget.|
|Endorsed IFAS converting from IFASDOM to UF AD.
Endorsed having a revised log in banner.
|Policy that all IFAS members have an @ifas.ufl.edu e-mail account. No forwarding allowed to commercial accounts.
Policy that no personal Web sites allowed on IFAS sites.
With continued input from the ICC, Steve intends to continue to develop this list into a form that might best assist Dr. Joyce with his expressed interest in responding to our outstanding issues. For policy-matter recommendations which are accepted by administration, the ICC will stress the importance of IMM publication as the means for completing and formalizing our IT recommendation process.
Chris Hughes enumerated some of the issues which he believed still require administrative action from ITPAC recommendations. In amongst those was the issue of unit-managed groups moving towards co-managed. (See the IFAS OU Administrative Design Agreement for details of the current structure.) Kevin Hill stated that unit-managed groups would work towards inclusion in co-managed as centralized IFAS IT developed a supportable and sustainable infrastructure that is funded and staffed appropriately. Kevin did not feel we were there yet and Chris Hughes agreed. Chris also expressed concern, however, that many co-managed units were still not following proper procedures (the machine naming convention, for example) and that this would cause increased problems as we moved ahead.
Discussion diverted at this point to documentation issues. Mark Ross indicated that he believed many OU admins are unclear on procedures to take in resolving various issues with their users. Dennis Brown agreed that he would appreciate clearly documented procedures for various necessary functions. Chris mentioned that, while he has developed the User Lookup Tool, Permission Removal Tool and Reporting Tools to assist OU admins in some of these functions, there is currently no one to do the documentation that is needed. Dan Cromer reported that IT currently has five vacant positions and that staff and funding shortages are among the factors that force documentation to lower priority. Steve would like to reiterate that he is attempting to fill this need somewhat via an IT/SA Services Documentation site (which requires IF-ADMN credentials for access). Steve is always looking for feedback on how to make this more useful.
Dwight Jesseman would like all of the aspects of IFAS IT rolled into one web page and everyone seemed to feel that some position or portion of a position should be dedicated solely to web-based documentation for IFAS IT as a whole. Dwight felt that this should not be a function within IT/SA, but rather one that would provide a service that encompassed all aspects of IFAS IT, including the HelpDesk and the software group. Steve would like to point out that the need for better documentation has been recognized by ITPAC in its Recommendation for Improving IT Processes. IT has not taken advantage of that opportunity, however, to either reallocate resources or request additional resources to this important issue. It is Steve's opinion that resolving the documentation issues would be the single task within IT that could have the greatest positive impact on improving our IT operations as a whole.
Chris Leopold mentioned how the death of Jack Haldeman many years ago now, was a great blow to IT's documentation and web development efforts--something from which they have not yet recovered. Joe Spooner relayed John Battenfield's announcement that, upon the recommendation of the IFAS web manager search and screening committee, Ms. Ligia Ortega has been selected to head the IFAS web management team. Ligia has accepted the position, and her first official day with IFAS will be September 19. Ligia is currently the web master for the College of Dentistry, and she comes to IFAS with outstanding organizational, communication and technical skills. She also comes with superb recommendations and a great sense of enthusiasm for “Solutions for Your Life” and building a web team to meet IFAS's needs. Ligia will be located in Building 60 (back behind ICS), and she will report to Ashley Wood.
We then spent some time discussing the proposed cost-shared purchase of a new file server for IFAS. Mark Ross, Winnie Lante, and Steve Lasley's departments have now expressed interest in contributing to that. Several members felt that more could be done to advertise that opportunity and to organize further support for it.
Chris Hughes asked that other outstanding UFAD issues requiring administrative action be noted to the ICC so they can be raised to administration via ITPAC.
Microsoft contract support for IFAS
George Bryan reported that any unit who wants to add on TAM hours to their contract can do so and it will be tracked separately. George believed that 40 hours worth of that support ran on the order of $7000 dollars. George pointed out that hours can be used rather quickly if additional resources are needed to resolve an issue, however. If the original support person needs to consult with another, you can essentially get billed 2 man-hours for each hour of support. A $245 per-issue option might make more sense for those things which we suspected might take considerable time to resolve. Dwight Jesseman noted that Dan Cromer has always supported the $245 support calls when they have been necessary and Dan said that we could look at the possibility of adding on to UFAD TAM--it is just a matter of wisely allocating our scarce resources.
Review of our anti-SPAM methodologies
Dwight reported that, after some initial testing, the programmer had to go back and make some modifications to SMTPTracker's processing of SpamAssassin header tags--specifically relating to spam that was sent with an attachment. They have since gone through further testing and that problem has been resolved. Dwight e-mailed Steve Ulmer last night and the forwarders have been put in place. Dwight will change the MX records one-at-a-time over the next week and test them, starting with the smaller domains. Chris Hughes noted that IFAS's purchase of this SMTPTracker event sink will be made available to any other unit in the University who wishes to take advantage of that.
Dennis asked Dwight to please keep the ICC updated on that progress, as he wants to let his users know when the improved anti-spam solution goes into effect. Dwight mentioned that notification had begun with the September 6th ". IFAS-IT News - All" e-mailing concerning the need to assess the proper functioning of users' Junk E-mail folders and inform him of any problems. Those folders do get corrupted on occasion, and Dwight has to login in with a service account to actually see the settings for that (which are implemented as hidden messages) and delete those so they can be recreated properly. This fix takes Dwight about 7-8 minutes to perform. Proper end-user manipulation of those folders is documented. Junk E-mail folders can (but should NOT) be deleted by the end user if they are using Outlook 2000 or 2003 by right-clicking on the folder and selecting the delete option. Outlook 2003 does not support that, so that is yet another good reason to consider upgrading folks via our LIS install point.
The best way to test for whether someone's Junk E-mail folder is working properly, is to use an outside account (like Hotmail or Gmail) and send a message to them with just the subject "test" and nothing else. If that message gets delivered to their inbox, you can be quite certain that something is amiss and contact Dwight to correct it.
Steve started a discussion on the latest round of e-mail spoofs pretending to be from IFAS IT which are being sent to most if not all of our users. Dan Cromer wanted all ICCers to relay the fact that any official notice from IFAS IT will always include a signature block with the name of the person in IT who is sending the message. Chris Hughes also mentioned that Outlook users can double-click on who it was sent from and if it pulls up a description of the user, it is a valid e-mail. If it pulls up just an e-mail address and their name, that could be a forged e-mail.
Dwight reported that he has created the draft of a website designed as an explanation to end-users about the proposed e-mail address changes. He had forwarded the link on that to Dan and several others for feedback. Once Dan is satisfied with that he will pass it along to Joe Joyce for his approval. Dan has already composed a notice for Joe to send out to IFAS-ALL announcing this change.
Chris Hughes stated that we will likely have problems with the implementation of portions of this because it does not conform with how UFAD is planning to e-mail enable users. UFAD is planning to mail enable to the UF Preferred Business Address, which is a user changeable address and includes no validation. Our plans are to enable to their Gatorlink address. Users will be able to break the forwards from Gatorlink to the IFAS mail server, and also disable their e-mail if an existing employee does not change their UF Preferred Business Address upon leaving UF. There apparently is a conflict over the "Exchange" attribute which we wish created in the UF Directory to control the automation of our processes. Chris Hughes was unable to get a response on that and has passed it on to Dan for follow-up. Dan has passed it on to Mike Conlon, who acknowledged that it could be a useful attribute, but who related that it would not be given high priority at this time. Dan said he would ask for clarification on the possibility of that implementation before December 31st, but it seems likely that we must plan to make our changes without the benefit of that. This will necessitate some redesign of how the processes will work.
Prior exit procedure discussion. Chris Hughes is curious on the status of hire/fire procedures. Chris had gone through a lot of effort with David Hermelbracht, the Assistant Director of IFAS Personnel Affairs, to define some procedures. They were passed up to his supervisor and Chris has not heard back on the status. Dan Cromer said that he had e-mailed Mary Anne Gularte (Director of IFAS Personnel Affairs) without response. Steve asked if Chris needed to push a bit more from the bottom on this or if Dan would try again to pull from the top. Dan said he would ask her again for a response.
Office install point documentation status and the ITPAC recommendation on Changing IFAS IT e-mail client support
Steve let everyone know that John Sawyer had provided him with documentation on the IFAS Office install site and that Steve had incorporated that into his documentation library (IF-ADMN credentials required). Steve mentioned that Nancy Johnson had issues with creating a transform due to her users' need to retain an older version of FrontPage during any Office upgrade. Steve mentioned that if the present documentation was insufficient for her needs that there were a number of folks in the ICC, including within the IFAS HelpDesk, who had the expertise to help with that.
Moving all IFAS machines and printers to DHCP from static addressing-who handles DHCP requests and how can OUadmins monitor that server
In Marshall's absence Dwight reported that a new Dell PowerEdge 2850 DHCP server had been purchased for IT. It is also going to host RIS and ADS, eventually migrating to only ADS. Vista (aka Longhorn) promises to greatly improve deployment practices via ADS and a file-based disk imaging format called Windows Imaging Format (WIM) down-the-road. Dwight reported that there will be no service outage with the migration to that new server. Chris Hughes said he will be creating a single RIS image that will install a current patched version of WinXP on any machine that is PXE-enabled, with as many drivers as he can locate and which people say they want included. It will also support an Office install via msi, as well as some other packages which people have asked for via msi. It will also support updating should there be a security incident on those patches.
Mark and Steve discussed issues of getting data off end-user machines so it may be backed up properly and so that machines may be rebuilt quickly and efficiently. Mark says that many simply have problems with keeping all their data on the server--mostly due to false impressions. Chris Hughes mentioned that WinFS technology may eventually improve our abilities to deal with this in the future (Vista SP1), permitting automatic replication of particular files (based on metadata associated with those files) to a WinFS server for backup.
Mark Ross said he was not willing to give up his DHCP control until he had the capability to do reservations for himself on the central system. Chris Hughes said that such delegation would not be possible until at least release 2 of Windows 2003. Should that version not support this, IFAS IT plans to build a web interface to provide that functionality to OU admins. Currently all OU admins have view access to DHCP. In any case, Dwight Jesseman said that any DHCP reservation requests he gets are done the same day.
Status of the IFAS Remedy trouble ticket system: e-mail notifications not working in all cases; some tickets languishing in the queue
Dwight did not have an update on the progress in implementing ticket assignment via NMB. Chris Hughes did say that he had gotten the technical contact by OU information to Adam Bellaire.
Proposal for migrating all IFAS subnets to private IPs
Chris Leopold confirmed that a re-scoping/consolidation of our IP addresses is being planned in conjunction with Marcus Morgan. This is motivated, among other things, by the need to reduce the rule set size for the Windows firewall re-enabling. It is also fueled by the push to move all resources (where possible) onto private IP. This will cause some issues, for example, for Polycom access, and those issues will be worked out. Dwight mentioned someone who was using a public number to allow printing to his office from home. Dwight wondered if there was a document he could point to that stated the requirement for that to be moved to private IP. Such backup documentation would make Dwight's task considerably easier. Chris Hughes said that UF security policy should cover that issue. The technical solution in this case is relatively simple anyway, because such a case would require a VPN connection regardless, and a VPN connection would then support printing over private IP.
Chris Hughes reported that the UF L2TP IPSec VPN is now in full production as of Tuesday of this week. The solution which Chris provided for making this easy to implement for users works well for WinXP clients and can now be utilized in a supported fashion. This installation is available on the IFAS Software Site. This should only be distributed within IFAS because this was an IFAS-designed product. Mark Ross asked if Chris could document the configuration which his program sets; Chris said that it was rather complex, but that he could document that. Steve reminded folks of how well this works via "logon using dialup connection" when using wireless--avoiding the need to do separate WIPA authentication and immediately providing a UFAD connection with drive mapping and the whole works.
Steve raised the question of users outside the IFAS OU not having dialup rights to use the IFAS VPN. Dwight related that they can be added to a security group by the HelpDesk, however, that will give them this capability. Users do not have to have their NMB set to within IFAS (i.e., they don't have to become a member of the IFAS autogroup) to permit such VPN access. Chris noted that, due to the efforts of George, the IFAS service accounts are now in the IFAS autogroup and would not have this difficulty.
Dan asked about the status of the new ISA version of the IFAS VPN (if-srv-isa.ad.ufl.ed). Dwight reported that John has reached an impasse on that prior to leaving. The project is basically on hold until John can be replaced. Perhaps his replacement will be proficient with ISA and can continue that work to completion. This project is not deemed critical at this time, however. The rationale for using ISA was to provide IPSec filters for non-UFAD clients outside of campus, and to protect our network by assuring they were patched and had proper anti-virus protection before allowing connection. Chris Hughes pointed out that we don't have IPSec now, however, and we won't until the subnets get reorganized\consolidated.
Wireless options for the remote sites
Steve asked Chris Leopold if anyone had contacted him about wireless at remote sites. Chris said that there have been several requests and that the current plan is to implement a solution along the lines that Mark Ross has developed for his department. For remote sites, however, the critical portion is the authenticated VLAN issue. Currently the only real viable solution is a fairly expensive Bluesocket device.
Status of OU management training materials
Chris Hughes had said that Dean Delker is working on this and Steve asked for clarification. Dean has been assigned the task but does not currently have the software for doing that. Dwight mentioned that Dr. Sabine Grunwald's Macromedia Breeze server can provide the same functionality as Camtasia in this regard and that Dean would have access to that if he wished. Chris Hughes stated that he has been using Macromedia Captivate software at home (which he is confident is what Breeze is using) and that it is substantially better than Camtasia in his opinion.
New Backup server
Dwight spoke briefly about his new 6 drive PowerVault 136T LTO-3 Tape Library LTO-3 tape library. This device handles 100 LTO-3 tapes with a native capacity of 400GB each (800GB compressed). This gives us between 40 and 80 TB of storage capacity. In the past we had been able to provide data backup, now we will have the capacity to permit full server backup and disaster recovery via a restore CD. Dwight is going to use the new library in conjunction with our older 2-drive PowerVault 132T LTO-2 library, but has not yet decided on the particular configuration; this is a rather complicated issue to which he wishes to give careful consideration before proceeding. Dwight calculates that our retention time will now also be able to be increased from 4 to 10 weeks with this new equipment.
Patchlink is gone; moving to WSUS
This is in progress and the move has already been made for AEC, Ag Engineering, Agronomy and Animal Science. (As you can tell, it is being done alphabetically.) Aquatics was a stumbling block there and Chris Hughes moved on to the task of going through each multipurpose server and doing the delegation of permissions to the shares, printers, DHCP, and setting the NTFS permissions properly. He has gotten as far as Indian River there. When that is complete, Chris will begin installing IAS and pushing out WSUS to those servers as well.
If you have a unit that is on campus, Chris can fairly quickly add you to WSUS upon e-mailed request. This involves creating a group for your unit within the WSUS server and then editing your GPO to specify that group. The current policy is quite aggressive. It will patch your server at 1 AM. If your server is off at 1 AM it will patch it 1 minute after you login. If the machine is on when a patch comes out that does not require reboot, it will install it immediately. If the machine is patched, WSUS will report that fact. Once we have all the machines in WSUS, we can then do reports on machines that are not patched. We are downloading all patches, including SQL and Office.
Joe Spooner gave us a progress update. The survey should go out soon. The results of that will provide us with some data detailing what our perceived needs are. Review of the 97 report is complete with the result that about 25% of its recommendations have been implemented in some fashion or other over the past 8 years. Joe said there is likely a 5-10% error there based on the fact that they were told not to involve FAS and FAS had made some accomplishments. The second phase of Joe's subcommittee will look at IT structure and organization at some top land grant institutions (UCDavis, Texas A&M, Minnesota, Illinois, Iowa, Minnesota, Ohio State, Penn State, Wisconsin) to see how we compare and where we might improve. Joe intends to suggest a pilot service model for IFAS IT that will better support IT service maintenance for the future. Joe said they focused particularly on the IT management problems within extension, because they represented the most difficult and worst case scenario with regards to IT support.
Kevin Hill had suggested that we drop this section from regular inclusion in the ICC agendas, due to the fact that we no longer had regular committee meetings. It was decided that AD issues were really no longer separate from other IT/SA issues and that details which would have gone into this section prior can now easily be incorporated elsewhere.
Mike Kanofsky relayed via Dwight that he and UFAD are aggressively pursuing the intermittent slow computer startup issue with Microsoft.
Steve said that he wished to keep this section of the agenda pending replacement of John Sawyer. Although the Network Security Subcommittee never really got its feet off the ground, Steve feels it could eventually perform an important and valuable function; he believes it is worth maintaining through the current personnel change over.
Regarding replacing John, Chris Leopold reported that the position had been posted and that we have 10 qualified applicants. The interview committee will consist of Chris Leopold, John Sawyer, Kathy Bergsma and Steve Lasley; interviews should commence late next week.
Steve asked if we could assume that action on most of the security-related agenda items (Windows firewall, ePO reorg, and the new VPN server) would be postponed until after John's position had been filled. Chris Leopold said that these would all be deferred to John's replacement.
Access to results from the machine startup-script changes
Chris Hughes has improved the information gathering methods within our machine startup scripts to include the collection of information on software installed and services running on our machines. This information is stored in SQL server which is under the administration of Richard Lee. Because Chris does not control that storage resource, he feels obligated to turn over the task of providing OU Admins access to that information to Richard. It was hoped that reports might be made available along the lines of what Chris Hughes had done via his reporting site. Richard was not available for comment (though he was listening in), but Dan indicated that Richard had other higher priority tasks which would preclude him working on that. Steve asked if there was any method, even non-automated, for an OU Admin to obtain information upon request. Again, Dan said there was no staffing to support that. Richard indicated via e-mail after the meeting that, if provided some of the details, he would see if this was something which he could work with Chris Hughes on.
In the interim, Chris Leopold urged ICCers to begin to consider what reports they would like to see, once the workload issue can be resolved.
Migration to the IFAS Print server
Dwight was surprised by this agenda item, having not requested it himself. Dwight said that the server is built and just needs to be racked. He added that this would be a difficult task to coordinate. He first has to poll all the stakeholders who have printers shared off of various servers and talk to them about how they want to proceed with the migration. He suspects he will have to proceed department by department, but many details must first be arranged with each. Dwight would like to incorporate logon scripts as the means of mapping printers for individuals. Chris Hughes said that he will send out a document detailing how this matter was handled at the College of Business. Chris thought that we might want to consider a similar route within IFAS.
Dwight also reported that, in addition to the print and DHCP servers, there are two DNS servers that are also being replaced. No loss of service will occur due to that migration.
Proposed website changes; FPSE, moving to new server, and w: drive mapping
In the absence of Marshall Pierce, Chris Leopold stated that he doesn't believe we have an official plan to move forward with a migration to the new web server. Chris feels this is in critical need of further discussion. One matter which has been raised was the removal of FPSE, but Chris doesn't believe this to be a viable option. Chris needs to know what the ICC thinks on this matter. Due to Marshall's absence, this will have to be delayed, but Chris hopes we begin to think about the matter and hopefully have some discussions on the ICC-L or have a special meeting to discuss that. This is something that could affect many folks greatly. Joe Spooner suggested that we might want to have the new IFAS web master participate in those discussions.
Funding model for IFAS fileserver replacement
Chris Hughes asked Dan if we could now get a quote prepared for Joe Joyce on this and Dan answered in the affirmative. Chris said he would get on that.
Removing Appletalk and IPX protocols from all IFAS subnets
Chris Leopold reported that IPX had already been removed. He is looking for a unit or units to volunteer for removal of Appletalk. Steve responded that this could be done at Entomology with the proper preparation and notice. The concern is with ICBR, which is housed in Fifield. They still use Appletalk connections to local shares on Macintoshes in Entomology--primarily because they don't understand the alternatives. Steve suggests that a browse-only website might be created for their use. They could build a structure with a folder for each client and then upload the sequence text files for the clients to retrieve from there. All that would be needed on the Mac would be Fetch or some other FTP client and it should be easy to manage both for ICBR and their clients. Relatively little space is required by these files.
The main concern is to not affect users without providing and coordinating alternate solutions.
Chris Hughes said that he would like anyone who has UFAD issues and concerns (excluding the current slow startup issue) to e-mail those to him and he would forward those on to Dan Cromer to be addressed with George and Mike Conlon.
The meeting was adjourned late at approximately 12:20pm. A number of folks met for lunch at Bennigan's.
last edited 10 September 2005 by Steve Lasley