|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Message from Dan Cromer to the ICC-L: After testing this afternoon, I realized that Lync "Attendee" can be used by anyone under Windows, at least to attend Lync Online Meetings. After setting up an online meeting, the meeting link can be sent to any e-mail address. From there, when the student (or other recipient) clicks on the meeting, they’re given a choice to connect with Lync Attendee, Web browser, or phone. They can download Lync Attendee if they don’t already have it installed; I think the best approach would be for the guest attendee to click on the link for “first time use” to download Attendee before trying to join the meeting. This can’t be tested on computers already having Lync installed, as the meeting link will automatically start Lync, if it’s there. In addition, I’ve also successfully tested the Lync federation with Lync users @microsoft.com and Microsoft Live Messenger, though Live Messenger only has audio and video, no screen or application sharing. Since I see presence for users @dell.com, I suspect that it is also working, though I haven’t yet had a chance to test. AOL federation isn’t yet established; I understand James is working on certificate issues for some other university systems. |
Some "hiccups" have been noticed in the move to Lync. Winnie Lante had experienced difficulties connecting to bridged videoconferences, for example. The {conference ID}@vcs.video.ufl.edu} connection method did not seem to work and she also had difficulties in going directly to the bridge and trying to join a conference via the keypad.
Dan Cromer had responded as follows:
|
Message from Dan Cromer to the ICC-L: The transition from OCS to Lync is not complete. When it is, everything should work. There was no way to configure and test the Lync connection to the bridge until the production server and environment was in place. Video (Patrick) and CNS (James) will work together to get it done. I’m not sure why Winnie was unable to use the method described below to connect, as it just worked fine for me in two separate tries. One test you can use when you pull down the keypad and enter a character, it should show at the bottom of the screen window. If you don’t see “Entering ID” in the blue area at the bottom, along with the numbers you typed, then you’re not sending the DTMF signals needed and should disconnect and reconnect. You can also use the dial pad to enter “##”, and it will change to far camera control, so you can use the keys on the dial pad for moving the selected conference down. With this you use “2” for up, “4” for left, “6” for right, and “8” for down. Using the far camera controls allows you to change the view of the conference. |
Kevin Hill noted two other "operational oddities":
Dan Cromer responded with:
|
Message from Dan Cromer to the ICC-L: This is something I suggest you test several times until you get comfortable. Even on campus (and with OCS in the past) I’ve had network issues that caused audio or video not to work. One obvious question is whether you un-muted your mic, as the default is to connect with it muted. I’ve also had the case where the speaker sounded like a chipmunk or Donald Duck voice, as if the speaker had just deeply inhaled helium. Other times it happened that the bridge was seen, but dial pad keys had no effect. In these cases, the only fix seemed to be to disconnect and call back. OCS/Lync connection to the video bridge is not nearly as usable as with Movi, so should only be considered for occasional use. If common videoconferences are planned with the video bridge, Movi should be the choice application, though at about $100/license it isn’t something that is affordable for all. |
Russell Hunter had mentioned that he was able to receive messages from outside (federated) entities using OCS but could not reply or establish a call. Dennis Brown mentioned having the same issue, though it wasn't clear if he was referring to what Russell mentioned or what Kevin was experiencing.
In a separate e-mail Dan said:
|
Message from Dan Cromer to the ICC-L: If anyone is having problems connecting with Lync to other UF Lync users, please let me know. Russell is speaking of problems using Lync with outside contacts, such as Dell. UF OSG is working to resolve the issue, though I’ve had a successful connection with Bill Campman from Microsoft. OSG and video groups are also working to resolve the Lync connectivity to the video bridges. I did update the wiki page at http://wiki.it.ufl.edu/wiki/Lync. |
The main issue with Lync/OCS currently is that it will not connect to the bridge and thus cannot be used to participate in bridged videoconferences. Dan Cromer explained that the issue has to do with creating an encyrpted connection between the Lync and Tandberg systems; one or the other will not accept the certification to allow connection. Dan Cromer is hopeful that Patrick Pettus can coordinate with James Oulman to get this fixed sometime next week.
[Note: According to emails to the CCC after the meeting, Lync Mobility is still a work in progress; that is expected to be ready in a couple of weeks apparently and will allow the use of newly released Lync clients for mobile devices.]
WAN (previous discussion)
Updates from James Moore
James Moore was unable to attend, but plans to be here in March to provide us an update.
UF File Express moves to round 2 beta testing
Dan Cromer announced this to the ICC-L last Friday. You may try it out at https://file-express.ufl.edu/folder.php.
Dan had shared the following email from Shawn Lander (the project lead):
|
Message from Shawn Lander: We are done beating on it and making changes. Thus, you can start testing again and it won’t magically stop working for a time. https://file-express.ufl.edu/folder.php All features relating to the user and admin side of the application are done. On the user side we have a really good uploading process that will handle large files. We’ve successfully had two people uploading GBs of files at the same time (I was uploading 13GB in 7 files and Christopher was uploading 7GB in 3 files). On the admin side of things we have three levels of access:
Barb [Sedesse], Iain [Moffat] and I have all three levels of access. Ayola [Singh-Kreitz] is set up as a VIEWER. Kiem [Tran] is set up as a DELETER. The control of permissions is done through UFAD security groups that currently reside in the EG-ADM OUs. This will need to change and then the application updated. There may be cosmetic changes to a few things left to be made (i.e. the email sent when a folder is force deleted needs to be reworded). The FAQ and HELP sections of the website need to be filled in. Please beat on it and let me know your thoughts/comments. Please review all help text from popups and the like. To answer a question before it is asked… the application works best in the latest versions of Firefox and Safari. It works decently with IE but only if Silverlight or Flash is installed. It works with Chrome (and better if Gears is installed). IE seems to have bigger delays in starting and doing uploads since it depends on the different plugins (especially when the file is large). Firefox/Safari use native html 5 commands and, as a result, begins things immediately. At some time IE will start supporting all the needed html 5 commands and get on the ‘best’ list. Thank you for your time. -shawn PS: If you tried anything earlier than now (9:30pm on Thursday) you may have received an error caused by shutting down an editor and blindly saving settings (they shouldn’t have been saved). |
Steve said that he had only taken a quick look at the test site. He asked if anybody had tried this yet, but no one had apparently. Winnie asked what the allowed file size would be; Steve didn't know at the time, but looking this up later (on https://file-express.ufl.edu/) it appears that they plan to allow "unlimited number of files of no more than 5GB each."
UFIT news site announced
Dan Cromer had shared the announcement of a new UFIT news site whose goal is to "deliver timely, important news items that will assist faculty and staff with their academic, service, and business process needs."
Dan has asked Tracy Gale of CITT to come to our March ICC meeting and make a brief presentation similar to the one she made recently to the IT Directors where she discuss developing news stories for this new news service.
Dennis Brown has agreed to assist Dan Cromer in developing IT news stories for IFAS and both have asked for wide involvement with that being a team effort would be the best approach.
SharePoint training by Dan Holme (previous discussion)
Registration for these February 20th and 21st sessions is now available. Details were posted to the ACTIVEDIR-L previously by Erik Schmidt.
Campus VoIP improvement implemented (previous discussion)
Voice messages left on the UF VoIP system (Cisco Unity) are now being forwarded to associated Exchange accounts. When a voice message is left, two emails are triggered per voice message, both listed as coming from "Cisco Unity Connection Messaging System <unityconnection@voip.ufl.edu>":
Message from <sender> (<phone number>)
This is the first to arrive and contains the message itself as an attached .wav file.
An outside sender is generally listed as "Unknown sender."
Message notification: Voice message from <phone number>
This message arrives soon thereafter and provides a count of the number of pending voice messages as well as the sending phone number and time details.
Interactions between Unity and Exchange lead to the following message management considerations:
Note that this doesn't mean the WAV attachment has been played/heard. A message can get easily become marked as read automatically depending on option settings within Outlook:
Marking the message as unread within Outlook reverses this process; doing so triggers the voicemail system to move the message back into current messages and turn the phone's message waiting light back on.
Deleting a voice message from within the Outlook Inbox triggers the voicemail system to remove the voice message from its system and to clear the message waiting light on the associated phone if the message had been unread.
Deleting a message via the voicemail system (i.e., via phone) will delete the corresponding WAV file message from Exchange while the associated "message notification" email will remain untouched. This conserves space on Exchange while maintaining call tracking.
Moving a voice message to another folder outside the Outlook inbox preserves the message within Exchange. The effect on the voicemail system is the same as with message deletion: the voicemail system removes the voice message from its system and clears the message waiting light on the associated phone if the message had been unread.
A number of ICCers, such as Winnie Lante and Dennis Brown indicated that they had not been getting these emails. You can use Wayne's Powertools to check your membership. Winnie and Dennis, for example, do not appear to be in the group yet. If you need someone added, please let Dan Cromer know. He will need to know their phone number and email address; remember that prerequisites include having both an Exchange e-mail account and UF VoIP phone number.
UF FAX server project (previous discussion)
Steve noted that he has now successfully used the out-going fax via Outlook. Initially he had an unusual issue that took Curtis Weldon a bit of time to ferret out. Steve had entered his email address into the "E-mail:" field of a service account (general tab) at some point. This somehow threw off the ldap lookup routine used on the fax server and caused a "Requested #571 Delivery not authorized, message refused: sender not authorized ##" bounce message.
Dan Cromer had provided Steve with instructions to test the in-coming fax capabilities with some test numbers, but he never got that aspect to work. Apparently, CNS is still discussing how to handle the incoming fax service. Dan had provided the following instructions which he suspected would be subject to change:
Incoming fax numbers must be pre-staged to UFAD and coordinated with UF Telecom. This process is still under development, and may be modified.
(Not yet implemented) Submit a Telecom Service Request (http://telecom.cns.ufl.edu/ServiceRequest) to have your fax number converted to the fax server service, or request an additional fax number. Costs are the same as standard VoIP service per number.
Create a UFAD security group in your OU in the form: {Unit-OU}-FAXadm-{incoming fax number}
For example: IF-FAXadm-3925757
This is the group for all who will have access to the fax mailbox.
Create a user service account in your OU in the form: {Unit-OU}-FAX-{incoming fax number}
For example: IF-FAX-3925757
The password of the service account must be shared with any Mac users for access to the fax inbox, so set it with that in mind.
Assign the corresponding security group as owner of the service account.
Set the fax number in the service account properties “Telephones” Fax field in the form (nnn) nnn-nnnn. Example: (352) 392-5757
Request that the unit Tier 2 Exchange support person (Scott Owens for IFAS) mail-enable the service account.
Assist users as necessary to add the fax service account to their Outlook configuration.
Steve mentioned that he had some folks in his unit try out the sending side of things and that it seems to work fine. Steve turned their paper FAX coversheet into a PDF form to assist in creating those. Incoming has been held up because CNS wants to handle group assignments for that in-house rather than distribute it for security reasons. They were fearful that someone might "hijack" the President's fax number for example. In any case, they are apparently still working out the workflow details on how to request that. During BitLocker setup, the keys may be saved to a USB drive and then copied to a secure area. Steve has been doing this even for his UFAD joined machines just to feel a bit safer.
Upcoming requirements for InCommon Silver (previous discussion)
Updates not available...
Implementing the Mobile Computing Security policy (previous discussion).
Steve mentioned that he has begun the slow process of getting the laptops in his department encrypted. He plans to use BitLocker where possible. He stills has some laptops running WinXP or Win7 Pro which will need to be rebuilt prior.
Dennis asked if we really needed to encrypt all laptops or only those with restricted data. Steve is of the opinion that all faculty are likely to have restricted data of some type, especially student information within emails. While he isn't sure that Outlook's offline cache is readable, Steve suspects the risk is substantial.
If try out BitLocker on a UFAD joined machine but cannot view the key in UFAD via ADUC ("BitLocker Recovery" tab on the computer object) please let Alex York know; there were some permissioning issues with Steve's if-admn account initially that prevented this for him and Steve is not sure if that has been corrected for all OU admins yet. For machines not joined to UFAD, one would have to archive the keys otherwise, but this is fairly easy to do.
Please note that portions of this discussion relating to UFAD key archival are recorded in a later section of these meeting notes that deals with disabling/deleting computer accounts based on computer password age.
Steve noted as he had at earlier meetings that PGP WDE is much clumsier than BitLocker.
Wake on LAN support coming to campus: (previous discussion)
Updates not available...
New Secunia site license (previous discussion)
Steve mentioned that he has started to put UF's Secunia PSI on his laptops because of how infrequently he can get ahold of those to even look at their patch levels. Dennis Brown said he has been putting in on many of his desktops as well. PSI updates several of the third-party packages automatically (flash included) and it also will help raise awareness of patch levels; consequently, Steve feels adding this is a good idea.
KACE agent deployed to IFAS (previous discussion)
The GPO was enabled earlier this week. If you have machines for which you want to manage deployment manually you may make use of the ". IFAS-OU-PreventKace" security group in your organizational unit. All these groups are members of ". ifas-if-kace-client-5.3.46801_DenyRead".
Dan Cromer reported that he put the current KACE counts for IFAS online at \\ad.ufl.edu\IFAS\Software\KACE. He also said that he is working with UF central IT services to set up a recurring count report until some form of console or dashboard can be developed.
Dan mentioned that access to the console is not granular and that is why we haven't been allowed to view that. Dan wondered if anyone cared who saw our machine software details and it appeared that no one was very concerned.
Steve pointed out that Wayne can provide read access to the Secunia console as well upon request. Steve said that he hasn't really been too interested so far because he can use PsInfo to query a machine for software remotely as necessary. Wayne's Power Tools can search across machines for a particular application/version as well--though the database is not always up-to-date -- particularly for laptops.
Kevin Hill mentioned that SWFREC has its own WSUS server and thus he has access to the Secunia console for his unit. He said that this was working out well for him.
Domain Policy and redirect duration (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
Updates not available...
UF Exchange Project updates (previous discussion)
Dennis Brown asked why UF Exchange doesn't have the capability to restore mailboxes to account for user errors in managing things. Steve speculated that this would be a huge drain on people resources. Wendy Williams agreed that restoring mailboxes was a lengthy procedure. Kevin Hill said that Exchange 2007 could restore individual mailboxes, but it was not a quick and easy process. He mentioned that some folks would appreciate aging out after 13 months rather than yearly because of once-a-year emails many have to attend to. Steve pointed out that someone would no doubt then want 14 months.
Steve wondered if Exchange 2010 had some feature that might make some kind of restore less burdensome on the administrators, but none of us have the experience to know. It might be something worth asking at a Tier 2 meeting if Scott Owens is willing, as Dennis related that his faculty expect that level of service and are surprised it doesn't exist. The Exchange admins should at least know that this is an ongoing issue with our users--even if addressing it is deemed too difficult at this time.
Sakai e-Learning System now in production (previous discussion)
Updates not available...
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Electronic Copy - Print Output Cost Reduction program (previous discussion)
Updates not available...
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
Updates not available...
File server migrations (previous discussion)
Wayne has worked hard on getting all the campus departments moved to the new file server cluster. He sent out a notice to the ICC-L explaining the situation and Steve updated the associated IT/SA Services Documentation on File Services to better reflect the new situation. In particular, Steve posted Wayne's table for mapping cluster node shares to the current DFS structure.
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)
MDT 2010
Steve noted that his deployment system continues to work quite well and has saved him many hours of work overall (though there was considerable front-end load in setting that up).
SCCM for IFAS
Alex York has been making strides on a new SCCM installation using the recent infrastructure upgrade. Alex is excited about the possibilities and is planning a demo to the ICC at an upcoming meeting.
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Re-enabling the Windows firewall (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?
Steve had intended to ask Alex York about what it might take to get us there but he was not available at the time. We will readdress this at an upcoming meeting.
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Updates not available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
IFAS efforts toward Green IT (previous discussion)
Updates not available...
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (previous discussion)
Updates not available...
Moving away from the IFAS VPN service (previous discussion)
David Essex of the IFAS Help Desk had asked what ports were utilized by the IFAS VPN. Wayne Hyde responded with a link to a Microsoft knowledgebase article on the topic, providing also the short answer:
VDI desktops as admin workstations (previous discussion)
Updates not available...
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool in production (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
see the new virtual infrastructure section above...
ePO updates (previous discussion)
Wayne updated ePO to 4.6.1 and also checked in VirusScan 8.8P1 and the latest McAfee agent two weeks ago. Soon after he began pushing VirusScan 8.8P1 out to machines that have 8.8 installed.
The new ePO console has quite a few improvements, one of which is the ability to initiate a client task immediately from the ePO console on a managed system. If the client is behind a firewall, the task will start once the client checks in with ePO. Wayne has been working to adjust some permissions on the OU admin role to get this to work.
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Updates not available...
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
Patching updates... (previous discussion)
Microsoft
The February Microsoft patches will include 9 bulletins (4 "Critical" and 5 "Important") covering 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight.
McAfee provides podcasts on the highlights of each month's offerings.
Adobe
The latest version of Acrobat and Reader (10.1.2) apparently caused issues with viewing reports in PeopleSoft. The problem seemed to go away -- likely due to tweaking that was done on the server-side.
Oracle
Trouble is brewing for Java with regards to SAS and likely other software which support a particular version of that Software The last public update of Java version 6 is slated for July 2012. Steve wanted to know if anyone had installed SAS 9.3 to work with JRE v7 yet and whether or not that worked, but apparently no one had. JMP is another program that relies on JRE version 6 as far as Steve knows and there are likely others.
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
Remedy system status (previous discussion)
Results of GPO disabling for non-portable devices (previous discussion)
It turns out that successful WMI filtering of laptops is not really possible. As a result, many laptops that had been using offline files had that feature inadvertently disabled. This caused issues for users in at least two units.
Steve also mentioned it having escaped his recollection at the time this temp fix was first proposed that offline files is needed in order to index redirected folders. Disabling it removes the ability to quick search files on the server. There may be some workarounds but they look too cumbersome to consider. Steve is surprised he hasn't had complaints--he can only assume not many folks actually use the search feature.
As a result of these issues, the GPO has now been unlinked. That means that newly-built machines will have offline files enabled and you may re-enable it as necessary on current machines.
Let's hope the root cause of the problem can soon be discovered and addressed.
WebDAV issue with Mac OS X Lion (previous discussion)
Updates not available...
Shredding hard drives at the Hub
Winnie mentioned that she had learned how to use the drive shredding service that is now available on campus at the Help Desk in the Hub. Winnie said that you need to enter the serial number for each drive you wish to dispose of and mentioned that the form system which they require utilizes an ancient laptop. It asks for the associated department but has no IFAS units listed in its drop-down menus currently. They are working on that but currently don't care what department you designate.
The meeting was adjourned about 40 minutes early at around 11:20 AM.
