ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM December 10th 2010 REGULAR MEETING

A meeting of the ICC was held on Friday, December 10th, 2010 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Eighteen members participated.

Remote participants: David Bauldree, Bill Black, Micah Bolen, Dan Christophy, Dan Cromer, Chris Fooshee, Wayne Hyde, Chris Leopold, Marvin Newman, and Wendy Williams.

On-site participants: Dennis Brown, Andrew Carey, Francis Ferguson, Winnie Lante, Steve Lasley, James Moore, Nick Smith, and Santos Soler.

STREAMING AUDIO: available here

NOTES:

Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

We have had a month of active changes in our membership. Javier Real is new to Plant Pathology, Jonathan Potts is taking over at WFREC and Nick Smith is moving to FSHN.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Polycom status

Updates not available...

Office Communicator infrastructure status (previous discussion)

Dan Cromer mentioned that the focus is currently on transitioning to Exchange 2010, but once that is done Luis Molina will have more time to devote to moving us to Lync (the new version of Office Communicator). Users will not have to update their OC clients right away because the old clients will work with the new Lync server system.

Recording lectures for Distance Education (previous discussion)

Considering AMMS for Accordent management

Ron Thomas had asked whether we deemed AMMS worth investigating. Steve definitely believes this is worth looking into if IFAS is serious about lecture capture as an on-going tool for education. Usage monitoring would help us keep track of the value of our investment (which right now seems rather low if one browses the various Accordent stores). The other aspects of interest include access control and centralized scheduling.

Steve asked for other opinions and both Micah Bolen and Dennis Brown spoke up in favor of this.

Steve pointed out that we must have really gotten a deal on that batch of Accordents as he was recently quoted about $12,500 plus $7,500 for 3-years of maintenance on quantity one. We can only hope that we would get a good deal at the next 3-year refresh as we would be looking at around a quarter of a million dollars otherwise!

Santos Soler mentioned that the video server will be moving to new iSCSI storage soon, but that move should be transparent.

WAN transition to CNS (previous discussion)

Updates from James Moore

James reported that the CEO upgrades are moving along. John Wells is moving along in his district and Ben Beach has only four sites left in his. James expects the CEO upgrades to take another 2 months or so before they are complete.

Ordway-Swisher is getting a Metro Ethernet connection in Melrose, Florida.

James continues to try and work through the system to get new circuits at Immokalee and Belle Glade. Apparently, new purchasing policies have been a major holdup on completing that.

Steve asked about progress on network reconfiguration for Polycom that was discussed in October. The goal was to remove NAT from the equation. James said they still need to do more testing on that but the plan would be to have CEOs purchase a CIDR block of 8 addresses with 6 being usable. This would run maybe $20-$25/month, but might fix many of the Polycom connection issues many sites have been experiencing.

James said that Ft. Pierce has an urgent need for wireless and that they have some grant money to put towards that. James is trying to get a quote prepared for that but he didn't have them on the schedule for LAN upgrades until next year. Homestead is looking at wireless as well as VoIP. Again, James didn't have that REC down for LAN upgrades until next year. Immokalee also has some dire needs LAN-wise, so James is scrambling trying to keep up.

Francis Ferguson had mentioned that MOC works much better than PVX software ever did for connecting to our meetings remotely. James agreed the MOS was much friendlier overall.

Policy

MAG group moved into OSG at CNS (previous discussion)

Steve expects both Iain Moffet and Elias Eldayrie to be at an upcoming ICC meeting to discuss this and other topics. Currently, we are hoping this might occur by the January meeting.

Steve noted that the chairmen of the various Topical IT Advisory Committees for UF have now been announced. It would look like the Shared Infrastructure Advisory Committee which is being run by Tim Fitzpatrick may be of special interest to the ICC; this committee will cover topics that cross the boundaries and/or fall in between the cracks of the other topical committees. Dan Cromer noted that he is a member of this particular committee.

Steve wonders what other IFAS folks are representing us on these various committees. Since Elias had mentioned transparency as being a goal, Steve hopes that good agendas and minutes are made available to all; that takes extra effort but would be well rewarded in Steve's opinion by permitting and encouraging wider engagement in our processes.

Dan Cromer pointed out that the IFAS ICC/ITPAC structure is plugged-into the model and that Elias has been impressed with how procedure/policy matters have been handled here. Steve took the opportunity to note that the ITPAC website is no longer being updated since Steve stepped out of that role; it would be nice if the importance of that was realized and maintenance was continued.

IFAS IT is back on the IFAS Org Chart! (previous discussion)

As part of the changes mentioned last time, Dan Cromer now has a new title of "Director of Information Technologies". This finally removes the nine-year-long stigma of IFAS having only a temporary "Acting" directorship for its IT group.

Alternate IFAS domains in e-mail

Steve wants to keep this on our agenda for future discussion. He believes there is no advantage to having multiple aliases and that we should move towards removing those if possible.

Identity Management (IdM) Interface Training

Steve wants to remind everyone of the "UF_PA_IDM_NETMGR" role which will allow you to set NMB for your users. Your Department Security Administrator can do that for you.

Sakai e-Learning System now in production (previous discussion)

Steve asked Dan Cromer if there was any news from Fedro Zazueta about keeping the outside collaboration portion of Sakai working until LOA-1 (self-creation of low privilege GatorLink accounts) was implemented. Apparently they are still working out exactly what they do and do not want Sakai to support and a decision has yet to be made.

myuf Market (previous discussion)

Steve wants to keep this on our agendas in case discussion seems warranted.

UF Exchange Project updates (previous discussion)

UF Exchange upgrade

Andrew Carey reported that everybody is still on Exchange 2007 in spite of the fact that they have much of the Exchange 2010 infrastructure up and running. More storage was ordered and Dan Cromer reported that this has now arrived. Once that storage is in place migrations should be able to begin--likely in January.

Barracuda load issues - replacing with Proofpoint

Dan Cromer had sent us some info on the plan previously:

Message forwarded to the ICC-L by Dan Cromer:
"[ICC-L] FW: Welcome to Proofpoint quarantines." Tue 11/30/2010 12:00 PM

The UF e-mail service is in the process of migrating off of the Barracuda spam filters. ProofPoint has been in place for a long time as the first spam filter barrier, but the quarantine feature has not. This feature offers similar, actually superior, functionality to the Barracudas in providing users with control over their account message filtering. As part of the transition, selected accounts have had the Barracuda filtering turned off, and the ProofPoint quarantine function turned on. The plan is that, ultimately, all accounts will use the ProofPoint quarantine feature, and the Barracudas will be taken out of the mail flow path altogether, to save the additional cost and technical support required for them, as well as eliminate the occasional slowdown that they have caused.

The message below, with attachment, was from James Oulman from CNS to me as part of a pilot group. As a next step, I’d like to have all ICC’ers join the transition group, both to provide a broader group for testing, and to prepare you as technical support for your departments for the ultimate transition. Please let me know if you want to delay this change for yourself, otherwise I’ll pass on the ICC group to James when he’s ready to take on more.

Documentation is being developed, which Dan included as an attachment and the plan is still there to provide access to the ICC folks prior to this being rolled out generally. Andrew Carey has been moved over already (as a Tier 2 meeting participant) and we can expect a message from James Oulman at some point that we have been as well. The site to check is https://quarantine.mail.ufl.edu.

Dan Cromer pointed out that the user can control the level of quarantine and may even remove the filtering (except for infected messages) should they be concerned about false positives.

Centralized FAX service via Exchange (previous discussion)

Updates not available...

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.

IT survey is coming (previous discussion)

Dan mentioned that IFAS might wish to use our own Lansweeper data to prepare reports rather than work with contractors such as is apparently being planned for some locations. With the new SQL cluster, Matt Wilson and Wayne Hyde are bringing new life to querying that extensive database.

[Wayne had recently run a number of useful queries against Lansweeper BTW, including one that pointed out machines that had numerous disk errors (boding imminent doom for disk failure) and another listing the alarming numbers of machines with out-of-date versions of Adobe Reader.]

Outsourcing of DE course development (previous discussion)

Steve asked if this had been advertised to faculty yet. Dan was not aware, but the deal itself is apparently in place now.

Negotiations underway for the Microsoft Campus Agreement

Updates as available...

Projects

New web cluster

Santos Soler spoke briefly about his plans. He hopes to have something like the following:

web cluster diagram

Key elements will include:

Microsoft NLB (software NLB)
2 Application Request Routers (Core server based to reduce update/reboot needs)
2 Windows 2008 R2 64 bit servers
File server (For content, shared configuration)

The redundancy should provide for a very robust and stable system which should remain up 24/7 (unless a complete power failure occurs or the network is knocked out).

This will be a virtualized infrastructure and Santos is awaiting space that is being freed by moving a number of SQL DBs to the new SQL cluster. The ARR boxes will intelligently balance and direct the load as needed.

This cluster will support PHP and PERL but a new addition with be Shibboleth support. Shibboleth will require a single primary alias be used, so units like Entomology which have various aliases in effect (http://entomology.ifas.ufl.edu, http://nematology.ifas.ufl.edu, http://entnem.ifas.ufl.edu, http://entnemdept.ifas.ufl.edu) will have to pick one.

Santos put out a desperate plea that folks take this opportunity to clean up prior to moving. There is a large amount of inappropriate data (obsolete or just plain doesn't belong) on our current web server that needs to be culled. Steve pointed out that his department has many "web masters" in charge of various sections of the departmental site (this after consolidation a couple of years back); that makes cleanup more difficult because so many different folks are involved.

Santos also mentioned that many sites are still using old out-of-date logos. Those sorts of things should be updated as well.

Santos plans to migrate things unit by unit and will send out e-mails to let everyone know when they are being moved so that things may be well coordinated. Most transfers will be done by hand so it will be very involved and will take a good deal of time; but Santos is adamant that it be done "right". Santos will be working on the server-side throughout the remainder of the year and hopes to begin moving folks early in the new year.

MPS/DC refresh

The new hardware is nearly in place across the South Central District; Bill Black still has a sticky installation remaining for the Okeechobee CEO however. Fergie is turning on the last of his new DCs today and Ben still has a couple left. Andrew hopes to get Kevin Hill's systems ready before the holiday and then figure out when they should be delivered.

Andrew pointed out that hardware/DC deployment is the first priority because we are beginning to see increasing failure rates of our old DCs. Once that is done he will turn his focus to migrating the various MPS servers and get the file sharing and print serving in place across the many sites.

Andrew reminded folks that they should contact him if there is a critical need to move a particular MPS over sooner (full or failing).

New SQL cluster

Wayne Hyde reported that the new SQL cluster is now in production and being backed up by DPM. ePO, WSUS and Lansweeper have been moved there already. Wayne's Power Tools (which Steve thinks should be renamed Wayne's Turbo Tools) is querying from there now and seeing a great speed improvement. Matt is going to work on migrating SQL01, SQL03, SQL04, SQL05, SQLDEV databases to the respective instances shortly as well; Matt hopes to have SQL05 done by next week.

The new cluster has 96GB of RAM (as opposed to 6GB prior); this equates to speed as far fewer disk accesses are needed to fulfill queries.

New virtual infrastructure being planned and spec'ed out

Wayne continues to work hard on this plan as was discussed at the last meeting.

IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

Windows 7 deployment

Andrew expressed his hopes that Nick Smith might continue SCCM investigations from where Daniel Solano left off prior to leaving. Nick has had much success with the Microsoft Deployment Toolkit (MDT) and SCCM would be a logical step up with that. Steve noted that he had purchased a very good practical book on MDT recently and would very much like to be involved in any SCCM efforts.

Steve also noted that discussion began today on the CCC list about creating a SCCM support group at UF. Erik Schmidt has already created SCCM-L@lists.ufl.edu in support of that if you should wish to join (send an e-mail to listserv@lists.ufl.edu with a body containing:"Subscribe SCCM-L Your Name").

Exit processes, NMB and permission removal (prior discussion)

Updates not available...

Re-enabling the Windows firewall (prior discussion)

Update not available...

Services Documentation: Is a Wiki the way? (prior discussion)

Updates not available...

Operations

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (prior discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (prior discussion)

Steve wants to keep this topic on our radar.

Moving away from the IFAS VPN service (previous discussion)

Steve assumes that moving our VPN to private IP is waiting on Wayne Hyde finding the time to implement.

VDI desktops as admin workstations (previous discussion)

This is another cool service that Wayne has in progress and which is awaiting sufficient time to pursue further.

Wayne's Power Tools (prior discussion)

The new SQL cluster is now bringing some muscle to bear on a number of services, including these tools, as Wayne noted in a couple of recent e-mails:

Message to the ICC distribution list from Wayne Hyde:
"WPT pages may not be working for a few days" Friday, December 03, 2010 2:04 PM

Matt and I are migrating some ITSA databases (WSUS, ePO, Lansweeper) to the new SQL cluster which will require me to update the WPT code that I haven’t looked at in … a long time.

WSUS has already been migrated to a new 2008 R2 server using the new SQL back-end. There shouldn’t be any client update problems associated with the move.

Message to the ICC distribution list from Wayne Hyde:
"RE: WPT pages may not be working for a few days" Wed 12/8/2010 10:30 AM

The WPT pages are working now and will run much faster if they were heavy SQL hitters (ie: OU Computer Status).

I’ll be replacing Lansweeper with a new version soon that will trim out dead objects and have many other improvements and information. After everything is up and running I’ll split the WPT pages into “old busted” and “new hotness.” The old busted WPT pages will use the legacy databases and will be removed after the new Lansweeper install has scanned most of IFAS.

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Core Services status (previous discussion)

Data Protection Manager status

This service is well into production and being used for all sorts of our backup needs now including the new SQL cluster and a number of remote MPS machines.

ePO updates

VSE 8.8 is expected prior to this year's end. If it holds true to the hype it should be a great improvement (see at bottom)...

"The new release of McAfee(R) VirusScan(R) Enterprise software delivers optimized security with significant system performance improvements[2], including:"

83 percent faster on-access scanning
78 percent faster on-demand scanning
38 percent less memory requirements

The new SQL cluster has also greatly enhanced the performance of our web-based ePO console (signon with "ufad\if-admn" credentials). If you hadn't been using that prior, check it out!

Status of SharePoint services (prior discussion)

IFAS migrating to centralized MOSS

Steve speculated that this is being slowed somewhat due to IFAS already having a fairly complicated SharePoint configuration. Santos said that he understood we first need to upgrade our own system to a newer version before any migration could occur.

Public folder file deletion policies and procedures status

Nothing further was available on this topic at this time.

Patching updates...

Microsoft

The December Microsoft patches will include seventeen bulletins (2 Critical, 14 Important, and 1 Moderate) addressing numerous vulnerabilities--mainly in windows itself.

McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".

Adobe

A security update was made available at the first of the month for Adobe Reader and Acrobat. The latest version is now 9.4.1

Oracle

Java Version 6 Update 23 was released a couple of days ago; it is not a security update however.

Apple

A security update of QuickTime to version 7.6.9 was released a few days ago.

MS Office News update

Updates not available...

Job Matrix Update status

This is here as a standing topic--no discussion this month.

Remedy system status (previous discussion)