ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM February 14th 2014 REGULAR MEETING


A meeting of the ICC was held on Friday, February 14th, 2014 in the NEW UF/IFAS Communications Building. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Fifteen members participated.
 
Remote participants: David Bauldree, Bill Black, Dennis Brown, Francis Ferguson, Kevin Hill, Al Ibanez, and Wayne Hyde.
 
On-site participants: Jimmy Anuszewski, David Blackman, Dan Cromer, Winnie Lante, Steve Lasley, Matthew Nash, Karen Porter, and Wendy Williams.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman

Member news:

Updates not available...

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Security:


Proposed Remote Access Policy

There were further details in the January SIAC meeting notes for those with interest.

Implementing the Mobile Computing Security policy (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

The February Microsoft patches included 7 bulletins (4 "Critical", and "3 Important") covering 31 CVEs in the usual suspects. A risk assessment is available here.

Note that IE is under active attack so patching quickly is a great idea.

Adobe

An out-of-cycle security update for Adobe Flash Player was released on February 4th for a zero-day attack. Microsoft has updates for Flash in IE10 and IE11 on the Windows 8 and Apple uses a clever blocking method with Safari that helps ensure that Flash is updated.

Java

JREv7u51 came out January 14th. This new version enforced signing for Java-based web apps and requires creation of an exception site list for non-compliant apps in order to allow them to run.

Susan Bradley had share an interesting article on Exploiting and mitigating Java exploits in Internet Explorer that really helps one understand some of the issues faced with Java.

Apple

The iTunes 11.1.14 security update on Windows caused many problems.

Other

Version 27 of Firefox was released on February 4th and VLC media player is now at version 2.1.3.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)


On Tuesday, January 28th, The IP address of MCU 3 was changed from 128.227.156.86 to 10.227.156.86 (that is, it was switched from public to private IP). This bridge has been used primarily for ad hoc conferences and this change will generally only affect users that connect by IP directly to this MCU to create ad hoc videoconferences. Patrick had mentioned that this MCU was removed from the MCU pool several weeks ago to prepare for this change and that conferences scheduled using either the old or new scheduling system will not be affected.

Endpoint security concerns (previous discussion)

Updates not available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates not available...

Possible end-point refresh in the works (previous discussion)

Updates not available...

Movi/Jabber Updates (previous discussion)

Updates not available...

End-user Scheduling (previous discussion)

Steve has access for creating and monitoring conferences and had assumed others had at least read access--at least until the proposed training could open that up more. He recently found out, however, that very few do have that. Steve asked Dan Cromer if he might request that ICC folks get at least read access to TMS and Dan quickly shot off an email to Patrick who responded in the affirmative. Steve would suggest that Patrick make use of the "IFAS-OUname-VCschedule" universal security groups that had been created within each OU for this.

Steve mentioned finally running into a VC event update that forced a new Conference ID. He had been asked to extend the stop time of an existing conference and found that this caused a conference ID conflict which necessitated a new ID. That was the first time Steve really understood why IDs might sometimes need to change.

Steve added that TMS requires Java for the web client and that the monitoring portion currently doesn't seem to work with JREv7u51; Patrick expect an update from Cisco to address that because it has been necessary in the past as well.

Lync updates (previous discussion)

Dan Cromer mentioned that there is increasing emphasis on using Lync for training. Donna Dyer in the IFAS Business Office plans to have training for RECs via Lync; Dan wanted local support to know this so that headsets and possibly webcams would be available for local administrative staff to participate.

Blue Jeans (previous discussion)

Dan Cromer mentioned that UF is now looking at Acano coSpace, which does what Blue Jeans can do and more apparently. One nice feature is that it can call out to a video endpoint as opposed to Blue Jeans where endpoints all have to call into it. Acano also encourages on-premises hardware, which is something that UF might be more comfortable with from a security standpoint rather than having such a service hosted in the cloud.

Dan has to renew our Blue Jeans contract by March 31st and he isn't sure if UF will get things rolling fast enough to make a switch this year. Dan would obviously rather go with a UF-hosted solution if possible, but that may have to wait another year; we will have to see.


WAN (previous discussion)


Updates from James Moore

James hasn't been to a meeting for quite some time but Dan Cromer supplied a few updates. Russell Hunter is working with James on an upgrade for Marianna currently.

Dan mentioned that the fiber run to the new Austin Cary Forest facility is going to cost a whole lot more ($50k) than formerly believed. GRU originally thought it could be run overhead, but Clay Electric dissuaded them of that notion with a resultant large increase in the cost estimates.

Dan said that Chris Leopold and DeWayne Hyatt were in Citra today trying to track down some very weird network issues.

Wireless printers (previous discussion)

Updates not available...

VoIP at RECs

Updates not available...

Phone bills to be paid for centrally? (previous discussion)

Updates not available...


Policy


Report from January ITPAC

Dennis Brown attended via phone but was not ready to provide a report; he believes he can gives us that at the next meeting, however, as he did record the meeting and was asked by Al Wysocki to work up some minutes.

Dan Cromer mentioned that there was a proposal at ITPAC to require that students have a service account, but the committee deferred on that. The committee did agree with the ICC "Recommendation for denying access to UF/IFAS computer resources for former students." UF doesn't seem to want to address this at the higher level so it will be up to IFAS to figure out a suitable implementation.

Dan mentioned that the right of having a mailbox has now been removed from the Departmental Associate affiliation--which was news to all of us. Scott Owens gets an error if he tries to create a mailbox for someone whose primary association is just "Departmental Associate." Those with that association who currently having mailboxes can (at least for now) retain them, however, which was a great relief to many. It appears that this whole email business is in such flux currently that no one really knows where things are headed well enough to get information out to the end users let alone local IT support folks.

Dan added that while there is a means in place to migrate from GatorLink to Office 365, there is currently no good means to migrate an account to UF Exchange.

Notes from last month's SIAC meeting

Dan Cromer recently posted the notes from the January meeting--this is much appreciated because the SIAC web page seems to often lag on posting these. It is generally a good read and you are encouraged to check these out.

Last month's IT Directors Meeting Notes

Updates not available...

PrintSmart initiative (previous discussion)

Updates not available...

New IT Service Management Initiative

Updates not available...

Content Management System (CMS) for UF: Entering purchasing phase (previous discussion)

Updates not available...

Authentication Management policy draft (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Updates not available...

KACE (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

UF Exchange updates (previous discussion)

This weekend the UF Exchange group plans on enabling Internet Calendar Publishing in UF Exchange. Documentation is available on the IT Wiki at the bottom of this page: https://connect.ufl.edu/it/wiki/Pages/PowerShell-for-Tier-2-Exchange-Administrators.aspx.

Steve asked Dan for a use case and he responded that he thought it would be useful for outreach purposes. Calendars for such roles tied to service accounts would be appropriate situations for such things he believes.

Outsourcing of student e-mail

Updates not available...

Outlook asking for re-authentication

Updates not available...

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

Updates not available...

SCCM for IFAS

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)

McAffe is on the backburner until we can see which way we will be going. We will either go with what UF finally picks or we will utilize Microsoft's solution via SCCM.

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Al Wysocki had offered to help pay a portion of the costs for Mediasite recording appliances for interested units. Winnie was initially interested, but when she found out the total costs involved it just could not be justified.

Steve mentioned having, perhaps, done a poor job of communicating with Al Wysocki on this issue. Al seemed to believe that interest has waned but Steve believes the need is as strong as ever. What Steve did not believe was a justifiable solution, however, was to implement individual recording appliances as they are simply too expensive and can only cover a single location. Steve would like to see IFAS put some resources into improving recording on the bridge as that would give us much greater bang for the buck and the flexibility to record from almost anywhere.

As one example, it would be great to see this service evolve to where local support staff could control access to recordings and manage the files themselves.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

DirectAccess pilot (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool update (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Updates not available...

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps DeWayne Hyatt can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Chris Leopold was considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Updates not available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...


Other Topics


Adobe licensing

Dennis Brown had mentioned hearing at ITPAC that Elwood Aust believes we are getting close to negotiating a contract with Adobe at last. That would certainly be welcomed by all.

ICC Elections in August (previous discussion)

Steve said that he hoped to be attending the August meeting, or certainly by at least the September meeting as just another member rather than as the chairman. Dennis Brown has shown interest in replacing Steve and Steve would support that as Dennis does have the proper inclusive attitude that Steve feels the job warrants. That said, Steve wishes that others would show interest as well. This is something whose duties could be shared and rotated if we could get the volunteers.

Dennis Brown said that if he takes over he feels the notes would be an important priority but he would appreciate handing off snack duties to someone else. In any case, please get with Steve if you have any ideas or interests in seeing how the ICC works moving ahead.

Getting rid of Windows XP

Jimmy Anuszewski reminded folks that we need to get off Windows XP and we discussed that matter a bit. Winnie was concerned about non-domain-joined machines and would appreciate some statement from administration that might provide her users some incentive to pay attention. The main thing is that we are all aware and ready to address the issues as they arise. Steve feels that most are aware and have good plans in hand.

Kevin Hill asked if there might be any funds available for replacing Windows XP machines within the CEOs but Dan said that administration wants funding for this to remain the responsibility of the end units.


The meeting was adjourned early at about 11:25 AM.