IFAS COMPUTER COORDINATORS
NOTES FROM October 12th 2007 REGULAR MEETING
A meeting of the ICC was held on Friday, October 12th, 2007. Due to continuing renovations in the ICS conference room, this meeting was again moved to Entomology (Bldg 970, Rm 1014). The meeting was chaired and called to order by Steve Lasley on time at 10:00 am.
PRESENT: Twenty members participated.
Remote participants: Bill Black, Dennis Brown, Dan Christophy, Dan Cromer, Kevin Hill, Nancy Johnson, Dave Palmer and Louise Ryan.
Benjamin Beach, Andrew Carey, Francis Ferguson, Diana Hagan, Wayne Hyde, Winnie Lante, Steve Lasley, Chris Leopold, Ligia Ortega, Mark Ross, Wendy Williams and Matt Wilson.
STREAMING AUDIO: available here
VIDEOCONFERENCE ARCHIVE: Here (while available).
Note, this does not include the content display--only the camera and sound.
Agendas were distributed, and the meeting began on time.
Remote participation trials:
Steve had tested the functionality of Entomology's mobile VSX7000 Visual Concert (rarely used there due to the great number of cables involved) for transmitting People+Content via point-to-point. It had worked fine in that situation both prior and during a test this morning. When connected to the bridge today, however, sending content failed with a "the far system is not capable" error. Consequently, Steve removed the Visual Concert box from the equation and used P+C IP to send his desktop to a Polycom which Dan Cromer kindly provided. That got content into the videoconference, but it was not what was hoped for.
It was later discovered that there is an admin setting on the VSX7000, under "call preferences" for which H.239 was not checked (thanks goes to Francis Ferguson for locating that option and Patrick Pettus via Dan Cromer for suggesting it). Apparently the Polycom-to-Polycom P+C test worked by utilizing proprietary means which the bridge could not handle without that option being enabled. If ICS is not ready by November we should have the visual concert working properly at Entomology by then as our fallback. Steve apologizes for incomplete testing on his part.
The Polycom session was streamed via the web and the link for that was announced via the ICC-L; many thanks to Patrick Pettus for making that available. The Polycom session was also recorded and will be available via the web for a time at http://126.96.36.199:7734.
You will need to install the Codian codec and restart your browser for the web-based streaming to work; this has caused some problems for some folks. If all else fails the direct link to the codec install is here.
Initially the recording of today's meeting was named "cdmcu-2_12Oct07_08.40" and it was placed under the "top level folder" link. Patrick Pettus said he would rename it and move it to the IFAS folder at some point. Since we have the audio archived, long-term storage of the videoconference beyond a few weeks should not be necessary. It is nice to try out all these methods, however, and get experience with them prior to the eventual fielding of questions from our users.
Local audio was recorded once again thanks to the loan of a nice Olympus Digital Voice Recorder WS-320M (which saves audio in WMA format and which connects directly via USB for uploading) from Dennis Brown.
Steve noted that Dave Palmer, Extension Agent for Hillsborough County and ITPAC member, has joined the ICC-L since our last meeting. No other new members were noted.
Recap since last meeting:
As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.
Next ITPAC meeting is November 14th
Steve noted that the November ITPAC meeting is the Wednesday following our next ICC meeting. That will provide one more chance for public comment via the ICC on the latest drafts of the UF-IFAS Web Policy and UF-IFAS Domain Name Policy documents which Ligia Ortega and Diana Hagan have been working on.
Steve would like to remind the ICC that we have been asked to consider these. Our charge is to pass along a recommendation on these matters to ITPAC with the goal of eventually getting policy implemented via IMM. Unless further objections are raised, we will take these before ITPAC with the blessings of the ICC.
UF-IFAS Web Policy and UF-IFAS Domain Name Policy drafts for review and recommendation
Ligia passed out copies of the latest drafts and went over the changes which had been made since last meeting. Via a suggestion from the ICC, the extensive "resources" section was removed from the policy and placed into a separate document. Also removed were the explicit mentions of staff by names so the policy would be evergreen regardless of staff changes. They also made a couple more typographical (punctuation and capitalization) fixes to incorporate a few additional suggestions they had received in the past month.
Mark Ross asked whether the end result of getting these policies accepted could be the collapsing our current 700+ websites into a more reasonable number. Ligia admitted that it would be a lengthy process which would involve much education of departmental chairs and others in order to move in the needed direction. Folks need to be taught how the current proliferation of sites hurts our overall web presence and be convinced that the gain will be worth the pain. Ligia imagines that there will need to be considerable assistance offered in any transition as well, just as they had done with SFYL, for this project to be ultimately successful.
Dennis asked if anyone has been designated yet to work with the departments on this. Ligia said that this hadn't been decided yet, but that it would likely be someone from the ICS web team.
Diana offered to supply "talking points" for ICCers to take to their departments in building grassroots support for this major effort. Without such support, this obviously cannot succeed. Ligia had provided the following points to Ashley Wood on the subject of "IFAS Domain Name Policy Potential Benefits":
- Improves our search engine relevance rankings: 10 Web sites with 10 pages each will each rank lower than a single 100 page Web site
- Makes information easier to find by our site visitors (all in one place) and reduces confusion about IFAS units and their functions and services
- Gives better impression of IFAS overall (through better organization and rankings on search results).
- Saves money on potential and current software purchases (site traffic analysis software, potential content management systems).
- Eliminates current security and permissions problems (too many domains exceed the capacity of current Microsoft software).
- Will help with management of files and sites, and has potential for improvement of organization of each site.
- Will also help with transition to a content management system later.
- Will help with graduate admissions by making professors and their web sites easier to find, and would give a more accurate snapshot of each department and unit and the services and information they provide.
Steve urged any OU Admins out there who might be opposed to this effort to speak up. We want to address any concerns early on and not have this effort derailed at some later date by lack of communication.
UF IT Advisory Committee for Network Infrastructure meeting
Steve gave a brief rundown from yesterday's ITAC-NI meeting. Steve mentioned that Dan Miller had accepted his offer to be secretary for that committee and he will be doing the official minutes. At this time, Steve intends to stick with his usual web format for those and host them within the ICC website for his own editing convenience. Steve has been writing unofficial "ICC Notes" on those meetings since he became a member of that committee late last year. We will see if the suggestion is made to move the minutes elsewhere later. You are encouraged to check the minutes for the complete details. The agenda covered the following items:
- Reclamation of underutilized IPv4 space - Marcus Morgan
- Network Edge Protection and 802.1x - Chris Griffin
- UFL.EDU to UF.EDU branding project
Chris Leopold went over some of the details of the network edge protection and Dennis Brown asked if wireless would be included in the wallplate. Chris noted his concern that this project is morphing over time and that it is difficult to pin-down the exact details of certain aspects since they are still being worked out. Obviously the rollout is already behind schedule and there is no real indication that it won't slip further behind as time goes on.
IT Governance sub-committee status report
There has been no reported movement on this standing agenda item; it is still pending high-level hiring decisions.
UF Calendar Project
Prior UF Calendar Project discussion. Wendy Williams had no news to report on this matter. As mentioned last time, Steve believes the project is basically awaiting the needed commitment of resources; whether that will materialize is not known.
At our last meeting, Dan Cromer reported that Meeting Room Manager was being purchased as a replacement for the Extension Calendar. Mark Ross has now implemented a trial site for Meeting Room Manager. Mark said it was his understanding that this is now intended to be used for scheduling Polycoms and other equipment which is tied to specific locations. Most who have looked at this wonder how it can possibly replace the function that the current Extension Calendar provides. Rather, it appears to simply extend Outlook in ways which most feel are unnecessary for the sorts of activities which IFAS regularly engages in. Regardless, we now have the Enterprise version for 50 simultaneous seats at a reported cost of around $18K.
The UF Exchange Project
Dwight Jesseman was unavailable for an update on this, but we will keep it on our radar and try to keep everyone informed of the progress as the project continues.
The Wallplate Project
Steve is still awaiting the proper time and method to use in addressing his own department's cost concerns regarding the wallplate project.
Recommendation: autogroups for *selected* roles
This is generally not discussed (and wasn't again this month) but is being kept on the agenda for future consideration. Basic role autogroups are now in place within UFAD.
Split DNS solution for UFAD problems
As a standing issue, Steve would like to remind folks that he is investigating alternate solutions for the split DNS issues. Initial tests look promising.
If anyone else would like to help test this, please get with Steve. Since a split-DNS solution is not expected to happen any time soon, this might really help out with our user experience in the meantime.
Listserv confirm settings
Considered complete and will be taken off future agendas.
New IFAS IP Plan
Considered complete and will be taken off future agendas.
SharePoint Test Site
Prior SharePoint discussion. Ben Beach provided an update on the status of the Sharepoint test site as our production WSS site for internal "intranet" use by IFAS. Ligia has done a mock-up of what a MOSS implementation for IFAS content management might look like. Ligia envisions this as a "portal" for internal IFAS use which could, among other things, replace the use of IFAS-ALL-L for various announcements.
Steve noted that Ben's challenge, if he understands correctly, is to structure the WSS site in a way that provides file sharing and workgroup functionality for IFAS--for example, providing an alternative to e-mail attachments--while creating a structure that is both maintainable and which can accommodate a possible future incorporation of our web content management needs via MOSS.
Specifically, we need to figure a maintainable way to map our existing UFAD permission structure into the more role-based structure which is envisioned for SharePoint. Steve asked, and it was confirmed, that the intention is to distribute out the ability to create new resources (which will no-doubt lead to diverse access permissions) while managing search capabilities across the entire structure.
Diana gave a brief tour of how EDIS editors are using MOSS for the workgroup collaboration involved in publishing EDIS documents.
Ben took us on a brief tour of his current efforts with the SharePoint Test Site in creating document sharing areas for each unit within IFAS.
For backup and restoration purposes, Ben has divided the entire site into six separate areas for Administration, Centers & Programs, Departments & Schools, Extension Offices, Research Centers and Service Units. With this structure, should the database for one area become corrupted, the others should still remain operational. These separate application areas will link back to a single shared documents area, and the same will be done with tasks and calendars. That resolves the permissions problems by structuring things so hierarchical inheritance within unit areas can take care of much of the permissioning.
More discussion ensued on what structure to use. Mark strongly suggested getting something out there for testers to bang on. If we don't do that, Mark fears we can spend forever spinning our wheels trying to create "the perfect structure" without getting the practical experience we need to determine the best overall plan. Diana mentioned that a certain level of granularity will be necessary if notifications are to work; Mark countered that we can't have it too loosely structured or it will quickly grow out-of-hand. Ben said that he is developing a spreadsheet which will list all the SharePoint groups and their corresponding nested UFAD security groups. This will be available to answer questions of who gets/has access to particular areas. Since additional security groups will need to be created for this purpose, we will need to develop a naming convention for those as well.
Ben has also asked various offices to describe their current procedures for file sharing so that he can map those into concrete explanations of how to replace that function using SharePoint. This will allow him to show users how to change their business processes in order to start using this new service. Steve mentioned that this aspect is critical. Otherwise many will take one or two looks at SharePoint, be overwhelmed, and decide to avoid it. ICCers are encouraged to play with SharePoint and get input and/or questions to Ben for resolution; the more involved we are at the early stages, the more likely we are to end up with something which best meets our needs.
Virtualization of Core Services
Wayne Hyde gave a brief overview of where we are with our server infrastructure. The SAN hardware has been acquired and Wayne is working with Dell to try and get it installed for testing by October 22nd. There will likely be about a month of testing before this goes live. Wayne had his initial SAN design call with Dell yesterday morning; apparently Wayne is already so well versed (after reading 2K or more pages of documentation) that the Dell tech thought he had done a few SAN installs already!
According to Wayne, we are in the process of ditching DFS replication; we just have too much data for DFS-R, despite what Microsoft claims. We are going to have two physical file server front-ends (FEs) to the SAN. The OUs will be carved-up so they are split between the two FEs and each FE file server will have a tape library so that backups will be done as per normal. If a FE dies, we'll attach the LUNs to the other FE and only suffer a minor outage. If the SAN goes belly up, then we will have an extended outage. The storage which is currently on if-srv-file02 will be re-purposed as volume shadow copy space so that service may be reinstated--something that all users (and Chris Leopold who currently has to restore everything from tape) will no doubt appreciate greatly.
Once this all goes live, pretty much all our servers will be virtualized, replacing quite a number of old hardware boxes that have been limping along.
IFAS WebDAV implementation
Still no movement has occurred in getting this documented.
Vista TAP and Vista Deployment via SMS and WDS
Most groaned at the idea of wide Vista deployment, mentioning numerous application issues which they feel make Vista still not ready.
Steve mentioned the trouble which Winnie Lante reported recently with Vista. She had logged on with her if-adml credentials and could not escalate an Explorer window as if-admn so that she could access network resources for software installs, etc. Steve reiterated his current solution for that: running an alternate explorer shell—for which he likes XPlorer. That program is free, does not require an install and can be run from a CD or flash drive. Unlike Vista's own Explorer, this can be “runas”ed with alternate credentials with no trouble. Steve noted that, since this application requires no installation, we might even consider eventually placing XPlorer.exe on the netlogon share and changing the if-adml script to run that program with the alternate credentials; doing that might simulate at least part of what we have been used to with WinXP and the if-adml script which Chris Hughes wrote for us under that platform.
Re-enabling the Windows firewall
Steve asked Wayne if he envisioned re-enabling the Windows firewall and where that was in the priority list. Wayne didn't know the exact priority of that, but it would add another layer to help protect machines from attack by other UF hosts which might become infected. Consequently, Wayne does envision working on doing that once time allows.
Exit processes, NMB and permission removal
Prior exit procedure discussion. We skipped this item for now, since there was no news to relate. Steve wants to keep this on our radar however.
ePO version 4 is being investigated for deployment
ePO version 4.0 is out and Wayne has posted the documentation. He has a trial configuration running and demonstrated the new web interface.
Dashboards greatly simplify access to queries and will make monitoring much easier:
Also, the integration with active directory is much improved:
Wayne wanted to remind folks that he doesn't currently push out VirusScan 8.5i due to potential problems with clients which may use some other anti-virus solution. Currently, you may request that he do that for your unit, but in the future he hopes to permission things to give OU Admins the ability to do this for themselves. He doesn't know how much access he will provide for applying policies but with consider that as well.
Wayne indicated that this version should be a great improvement over version 3.6 where currently over 50% of our computers are lumped into the "Lost and Found" folder. Deployment will be complicated due to the fact that ePO 3.6 is running on the same hardware as Exchange. Wayne envisions having both 3.5 and 4.0 running at some point and working on migrating machines over to the new system.
Polycom: private IPs, maintenance and contingency planning
Steve mentioned his recent experience with getting maintenance for Entomology's new Polycom VSX8000. This unit is being installed by AVI into Entomology's main lecture room along with a Crestron wall-mounted touch panel system for control. When it came time to upgrade the software on that new Polycom we discovered the 90 software warranty had expired (as far as Polycom was concerned), though we had not had the unit for that long. AVI is still working out the details of that with Polycom. In the meantime, Steve asked Polycom for a maintenance quote and was given a price of $950 for one year. This was the lower of their two plans and did not include on-site service--something which would have upped the price to $1730. Furthermore, although the quote was dated 10/10/2007, it covers the period 10/1/2007 to 9/30/2008. Thus we were already set to lose 2 weeks of what we were paying for! Steve has held off on this for now until we weight the costs/advantages.
Patrick Pettus is of the opinion that all IFAS Polycom units should be kept under maintenance. The three-year maintenance which was bundled into the first major IFAS Polycom purchase ran out a short while ago, but units were not advised of that fact. Steve understands that reinstating a lapsed maintenance contract is considerably more costly than renewing one on-time. Clearly we need to do a better job of handling this in the future, and Dan Cromer said that this was the intent. The latest round of purchases was again bundled with 3-year maintenance ($950 @) according to Dan. This time it will be made clear to each unit that continuation of that will be their responsibility.
Chris Leopold would like to arrange our Polycom systems to have private IPs rather than public numbers. He believes that communication outside the UF network would best be handled via the bridge. The reasoning there is that it would give outside organizations which may have firewalls a single point to configure for access through those. This would permit an external organization to open up their firewall to videoconferencing with all IFAS via a single configuration change rather than requiring that they ACL individually for each Polycom which they might wish to include.
Chris would like to pursue discussions on that with Patrick Pettus, Tom Hintz and others to see if this is feasible. Naturally, exceptions would have to be allowed for as well when necessary.
Steve mentioned that, while this would necessitate removing the ability to do point-to-point VCs to outside UF (i.e., dialing directly via IP#), improved access for doing ad hoc conferences via the bridge should make this proposal much easier to accept. The potential advantages to outside organizations for access to all our systems via the bridge might offset any perceived "inconveniences" which this may cause on our end. Steve noted that he has had only a few outside VCs over the last few years. One was for a course which was taught at UNC and VCed to FAMU and UF; this would have required a bridge in any case. The other was a VC with an outside law firm which failed due to issues with a firewall at their end (the symptoms of which were that we could see and hear them but they could not see or hear us).
Dan Cromer wanted to make everyone aware that the new Codian bridge has some nice functions with regards to controlling the on-screen format of bridged VCs. If you press the "Far" button on your remote, you may rotate the layout of the individual displays within discussion mode (continuous presence where all sites are shown with one main site being displayed larger) via the left/right cursor controls. The up/down cursor controls allow you to switch among discussion, presentation or voice activated modes.
Dan also mentioned that deployment of all the new Polycom units would require distributing responsibility for that out to the various units and district support folks. All units and CEOs (actually all counties, since some counties have more than one office) which do not yet have H.239 capability are either getting a new Polycom unit or getting a P+C IP license. You can get a good idea of where things will change by perusing the IFAS Videoconferencing Site and looking at the P+C column within the list of sites.
Dennis mentioned that Dean Delker had given him an IP# to access today's conference and thought we might want to publish that. Dan Cromer replied that the preferred method for all access will be via conference ID. Dennis could have used our usual "7830130" conference number to join once the conference had begun (about 15 minutes before 10am). Conference IDs for scheduled conferences are available on-line. Alternatively one may use the Codian auto-responder via conference #7830000 (for the main UF menu) or "7830001" for an IFAS-specific menu. By pressing the "Far" button on your remote, you can then use the cursor buttons to navigate the Codian's interface for creating or joining an ad hoc conference. (Note: when creating a new conference you must PREFACE the number with "#" when entering--prior to doing that the digits you press will be taken as camera preset controls rather than as digits in the proposed conference ID.) We want all systems to be registered with the UF gatekeeper and to use conference ID#s. We also want to avoid publishing the direct IP# of the bridge.
Kevin Hill asked if the new Polycom units could be shipped down. Dan replied that this was complicated by the various parts being packaged separately. They were working out the details of deployment first via the Northeast and Northwest districts--working south from there. The bad news for Kevin is that his Southern district will have to wait a couple of months down-the-road; the good news is that they should have the details of that well worked-out by then.
Daniel Solano asked via Ben Beach if they could get one of the old Polycom SP128s for use as a spare. Dan stated that we plan to remove all Polycoms which cannot handle H.239 and do not intend to redistribute them.
E-mail alias removal
Dan Cromer had proposed removing "@mail.ifas.ufl.edu" aliases from our mailboxes. The impetus for doing that was to prevent complaints from people who are receiving spam messages from addresses which they do not use and would rather not have. Dan had proposed a web application which would allow users to specify their desires regarding alias removal and Steve strongly supports that, as he would like to pare down all extraneous aliases. Steve believes there is no one in his unit which would object to having just the single "GatorLink@ufl.edu" smtp setting (although "@my.ifas.ufl.edu" would still need to persist for purposes of forwarding from Gatorlink). Steve also feels that we should stop creating "@ifas.ufl.edu" and "@ad.ufl.edu" aliases for new mailboxes; that is simply propagating a situation which we don't really want or need.
A google query shows that our web pages include many out-of-date references to "@mail.ifas.ufl.edu" (not to mention gnv.ifas.ufl.edu). Mark Ross stated that he opposed crawling our web pages and "fixing" those, as did Steve and others. Chris Leopold pointed out that web site content managers would likely overwrite many of the changes we might implement anyway.
Dan Cromer related from Dwight Jesseman that we are going to begin using Barracuda as part of the UF Exchange project. This is will provide yet another reason to remove extra aliases because it will send spam notices to each of the aliases and users will get multiple notices for a single incident--one for each of their aliases.
Note from the future: Dwight related that he had spent some time on the phone with Barracuda on the following Monday. He learned that there is a "Unify Email Aliases "feature which will fix the above issue.
There were no patches related to our Office 2003 and 2007 install points. There were several critical patches, however, and machines should have rebooted last night to install those via WSUS.
Dan Cromer relayed a request from Nancy Johnson that we offer a slipstreamed version of WinXP SP2 on the install site. The problem with that is finding someone to maintain it. That involves considerably more work than what Steve does to maintain our Office install points. Since SP3 is in beta currently, and will be out supposedly in the first half of 2008, that would likely be a good time to post a new version to the IFAS Software site.
Office 2007 issues update
Steve mentioned that the recent Excel 2007 calculation fix may not resolve all issues--particularly with the Office Compatibility Pack which provides capabilities for saving in Excel 2007 format from older versions of Excel.
Steve also mentioned that Office 2003 SP3 is out now, but Wayne is not pushing that via WSUS. Microsoft is pushing it now via Windows Update, however. This service pack involves security changes with broad-sweeping consequences and Woody Leonhard is advising against deployment at this time.
Job Matrix Update status
Chris Leopold said he wants to work with Dan Christophy to expand that matrix to include the Help Desk and to better assist in directing folks to the individuals who may best help with an issue.
Admin Helper Script and IE7 update
This item is being left on the agendas so it remains on our radar. Steve suspects that this issue will come back to the forefront as Vista deployment proceeds.
Remedy system status
We again skipped discussion of the woes with this system. Again, Steve feels that the basic problems could be addressed and resolved for the most part if a person was assigned to following through with that.
Alachua Heart Walk
IFAS IT is signing up team members for the October 13th Alachua Heart Walk. Donna McCraw has created a great promo message "from Bob Dylan" about the Alachua Heart Walk. (Requires the latest Flash player, so if the message is blank, try an update). Please consider joining in this worthy cause.
The meeting was adjourned a bit early, at about 11:50.