ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM March 9th 2007       REGULAR MEETING


A meeting of the ICC was held on Friday, March 9th, 2007. The meeting was chaired and called to order by Steve Lasley, at 10:00 a.m. in the ICS conference room.

PRESENT: Twenty-one members participated.
Remote participants: Bill Black, Francis Ferguson, Kevin Hill, Louise Ryan and A. D. Walker.
On-site participants: David Bauldree, Benjamin Beach, Dennis Brown, Andrew Carey, Dan Cromer, Marion Douglas, Wayne Hyde, Dwight Jesseman, Nancy Johnson, Jack Kramer, Winnie Lante, Steve Lasley, Chris Leopold, Kamin Miller, Mark Ross, and Wendy Williams.

STREAMING AUDIO: available here

NOTES:


Agendas were distributed and the meeting was called to order at 10am.

We were pleased to have Jack Kramer, ICC Emeritus ;-), attend our meeting. Jack is now situated in Titusville and plans to stop by Gainesville from time-to-time to keep track of things here.

Report from the chairman

New members:

Zahid Khan has left his job at GCREC's Plant City campus and is now working for UF Video & Collaboration. Joel Parlin's duties are expanding to take over the Plant City campus as well.

Steve introduced Wendy Williams and Andrew Carey. Wendy is filling the CALS IT Director position formerly held by Joe Spooner. Wendy had related the following background information to Steve via e-mail:

I started with computers while in college here at UF. 
My first machine was a dual 5 1/4 floppy 8088 with a 
snazzy amber screen. I thought the amber looked better 
than the green...8-) I graduated with an English degree 
and pretty soon found myself the go to person wherever 
I was for computers. I decided that it would be nice to 
work with them as a career so I started work at a 
ComputerLand here in town. Within three months I was 
their top tech. I stayed there as a service 
technician/road tech for about three years then went to 
Koss-Olinger Financial Group as their Network Admin. 

I basically rebuilt the network from the Cat-5 up and 
then managed and grew it over the last 11 years. I've 
worked with NT, Server 2K/2003, Exchange 5.5 through 
2003, Exchange Activesync, SQL 7 and 2K, Windows 3.1 
through XP Pro and various other sundry items. Some 
phone system experience and Cisco equipment. I've 
probably forgotten something...

I like technology and gadgets personally and like to 
play video games (console) when I have time (not much). 
I have a PPC 6700 phone and an ipod (both of which I 
love).

Andrew has already been heard from on the ICC-L and was introduced in his absence at our last meeting. Chris Leopold added that Andrew has been working on planning for replacement of the multi-purpose servers (MPS) which we have at our sites throughout Florida. The lease period on those is soon up and we need to plan their replacement. Chris invited ICCers to provide input on that; those wishing to do so should contact him. We are very pleased to welcome both Andrew and Wendy to the ICC and look forward to working with them.

The only other personnel changes Steve is aware of involve Patrick Desire, who is a student that has been working part-time with FRED providing IT support. His supervisor, Stephen Reese did not feel Patrick's role was such that he should be invited to the ICC, but Patrick did recently have ufad\if-admx accounts created for his use.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Report from the March ITAC-NI meeting

Steve briefly recapped what had been discussed at this ITAC-NI meeting. There were updates on progress in wall-plate rollout planning as well as changes in telecommunications charges that may affect various units--particularly those with key systems. Six security standards/guidelines for IT staff were also discussed there. Folks are referred to the ICC notes of that meeting for further details.

Upcoming ITPAC meeting

Steve reported that the next ITPAC meeting will be May 3rd; that means we will have one more ICC meeting prior, in case anyone wishes any issues to be raised there on behalf of the ICC.

Policy

IT Governance sub-committee status report

Steve reported that he had heard of no progress on this. He believes it is still waiting on changes at the very top.

Recommendation: autogroups for *selected* roles

This item was not discussed but is being kept on the agenda for future consideration.

Split DNS solution for UFAD problems

Steve asked if anyone had been at the February 15th UFAD meeting, and whether or not anything transpired on this issue. Chris Leopold reported that it was discussed briefly, but that no indication was given as to this being consider high priority. Chris said that Dwight Jesseman had done a good job there walking folks through the DST issues. Chris had also raised the issue of DCs which haven't been deployed and some other projects which have been outstanding for several years. Chris feels that he may have stirred some action on that matter.

Projects

Sharepoint Test Site

Steve reported that Ben Beach has configured a test server for evaluation of Sharepoint's utility as a collaboration and content management solution for IFAS. The IFAS Web Committee (see Marion Douglas for more details) is investigating the content management side of this. Sharepoint, however, could offer IFAS a number of valuable collaboration tools as well.

The test site is available at http://my.ifas.ufl.edu and access is controlled via Gatorlink credentials. Ben has created a preliminary structure for various groups across IFAS, including a spot for the ICC beneath the Support section. You are encouraged to play with this site, but should understand that anything done there may go away at any time as the system is torn down and rebuilt to address various issues they might discover regarding its operation. Ben intends to incorporate MS Office Groove into this eventually.

For those interested, SFYL (SolutionsForYourLife) meeting minutes are available currently within the shared documents area of the "test" tab on the Sharepoint test site. Diana Hagan has also made a Draft Sharepoint Charter document available within the "IFAS home Shared Documents area".

Virtualization of Core Services

Wayne Hyde indicated that virtualization has actually replaced certain services previously running on older unsupported hardware, including our WSUS server. He very recently virtualized IF-SRV-GIS as well; it had been running on unsupported hardware that was failing. The Sharepoint test server is running under VMWare ESX Server as well. To provide redundancy for other important core services, Wayne plans on virtualizing a secondary file server, and possibly the web and SQL servers. Wayne is testing backup software for this currently. Two types are planned: backing up the entire VM as a snapshot in time, plus file-level backups within the VM using Veritas.

Dan Cromer mentioned that the cost of various software packages to support this project has been substantial. Steve mentioned that when he heard how long it would take to restore our file server under present circumstances, he was very much in favor of proceeding with all due haste, however. Wayne has created a template of a Windows 2003 Server with SP1 and all the latest updates; he can create a new server and customize it with the Sysprep tools in about 6 minutes. It took about 4 hours to clone IF-SRV-GIS. With ESX, you can do two types of clones: off-line and on-line. The on-line clone took about 2 days; this basically uses volume shadow copy and is very slow. The off-line cloning works pretty well, however, if you have all the proper drivers available. See this article for a brief description of the snapshot, cloning and templating capabilities available via VMware Infrastructure 3.

IFAS WebDAV implementation

As was the case last meeting, Steve passed over discussion on this project because he is aware that no movement has occurred in getting this documented.

Vista TAP and Vista Deployment via SMS and WDS

Steve mentioned that he had not heard where the Vista TAP group was since our last meeting in regards to completing the creation of a standard Vista deployment image for campus use. They intend to create documentation for deploying and customizing with the various deployment tools as well.

Chris Leopold mentioned that he has been shifting some jobs duties around amongst his staff now, with the addition of Andrew. Chris wants Ben and Andrew to collaborate on Vista deployment issues and we should see a new job matrix available within the new few weeks.

Nancy Johnson asked whether help was available to loading WinXP on new machines that may come with Vista. WinXP is still available on the OptiPlex line and will be until January 2008 (thanks to Mari Jayne Frederick for that tidbit and for Dennis Brown for mentioning during the meeting). The Dimension line, however, is already only available with Vista. It makes sense to purchase those with the cheapest version of the OS possible and, for the time being, put WinXP on them. No one from the Help Desk was available to say whether or not they could help Nancy. Mark Ross might be able to assist via a RIS image; Nancy would have to get with him to set that up. Steve also offered to assist Nancy with doing it the "old-fashioned" way via CD install--should she wish.

There are login script issues currently with Vista and there are problems with logging on via if-adml accounts (to do installs, etc) and then escalating an explorer windows to if-admn credentials so you can access network resources you might need. Mark Ross mentioned that you can escalate Firefox on Vista and access network resources that way--though he is not recommending that as a general solution. Wayne reported that the only way to get an Explorer window running under if-admn credentials is to kill the currently running Windows Explorer and runas Explorer with if-admn credentials before Explorer is reloaded by your default account.

Removal of WINS

This issue has been tabled indefinitely. In fact, Chris Leopold requested that it be removed from the project list and Steve said he would comply with that request.

New IFAS IP Plan

Chris reported a bit of progress since his last status report on this at our December meeting. We are down to the last couple of subnets, 207 in Fifield (which supports Environmental Hort in Mehrhoff) and 4 (which supports the Livestock Pavilion) and Chris hopes for that to be done within a month. As usual, there have been a lot of issues on the plate, including level 2 (wiring) which has been needed around the state recently.

Steve asked about getting wireless installed at ICS. The renumbering is complete here and the Auth VLANs have been populated to the switches; also, Marion already has the access point equipment on hand. Chris said that if Marion could get him the access point today, he could get it deployed next week.

Removing Appletalk from all IFAS subnets

Chris Leopold confirmed that this had been implemented and this project can be removed from our list. Anyone using Appletalk will now be limited to use within their own subnet. If you need to cross that boundary you will have to use some protocol that utilizes IP.

Move to IF-SRV-WEB

Mark reported that this is going to be quite a mess, but that he is pushing ahead quickly to get it done. Subwebs and FrontPage extension issues are making this very unwieldy. You should become familiar with the "\\if-srv-web\website$\websitename.ifas.ufl.edu" UNC access route for uploading so you can assist your site editors when sites are moved. There are groups within UFAD (under the Central IT OU) which define the various admins on each site, so you can determine who should have access there via ADUC. FTP is going to be turned off. Folks off our network will have to VPN in to access their sites via the UNC route for management until WebDAV is implemented on all; that is going to be secondary to the move, however, and will not be available for all sites immediately.

Chris also reported that our LiveStats web reporting software has been bought-out by Microsoft; we are waiting to see what effects that might have on our situation, and Mark is investigating our options there.

Exit processes, NMB and permission removal

Prior exit procedure discussion. Progress on this is still pending. We remain where we have been for quite some time.

Listserv confirm settings

This is another of those issues which had stagnated due to lack of resources to pursue. There is current news on the issue, however. Dwight reported to Chris that L-Soft, makers of our LISTSERV software, are being sued and have filed for Chapter 11. That puts that important category of software on somewhat shaky ground.

Operations

Admin Helper Script and IE7

Steve asked where we are with replacing the Admin Helper Script. Chris is not sure how best to implement that and wondered how many folks are using IE7. Wayne reported that we have 500 installs of IE7 out of over 3000 machines. Kevin Hill reported that SWFREC is 100% IE7 with no issues and Bill Black, South Central District Support, reported that he is putting IE7 on all new machines. Mike Armstrong had reported previously via the ICC-L that IE7 is not supported by Peoplefirst currently.

Chris intends to ask Andrew to add a test for IE version and run the Explorer-based script for those and the IE-based script otherwise. From the discussion, it appeared that not enough IT support folks are aware of the admin script issues yet to really provide input into this. Steve noted that individuals can gain control over the script by placing a copy on their own netlogon user area and requesting that their if-adml account be modified to point there instead of to the template at the ifas root. One can also place scripts on their own netlogon location and access those via the Run box (ala, \\ad.ufl.edu\netlogon\ifas\entnem\user). The netlogon area is the only networked area available to if-adml accounts.

Chris also noted disappointment with a number of OU admins who have been around some time and still do not know how to manage their OUs. He urged those folks to peruse the IT/SA Services Documentation (ufad\if-admn credentials required) to learn how to do those various and assorted management tasks. Steve is always looking for feedback on how to improve that documentation. If anyone has any questions they can always contact Steve and he will do his best to help.

IFAS Remedy System

Based on primarily positive response from the ICC, Dan Cromer had intended to announce this system to all users via IFAS-ALL. Discussion ensued, however, of existing problems with the system. Dan mentioned that Wendy was not in the system yet and that Adam Bellaire (the person who maintains the Remedy system) is not in the system so one can assign a ticket to him. Winnie Lante mentioned the annoyance of Admin names not being sorted alphabetically. Mark Ross complained about the overall slowness of the system. There seems to be some indication that e-mail notifications still aren't working quite right, though getting good data on that is difficult. Steve had dropped the Remedy system from our project list recently, partially because he thought some of these issue fixed (the notification for example), and partly out of frustration for ever getting other issues addressed. There is no lead assigned to this other than Dan Christophy and he seems to be too busy to attend to it as is needed. There is also still a need for training folks on how to use the system so that users and their admins are properly kept informed of the status of a ticket. Wayne mentioned that it would also help if users were informed to provide as much information as possible within the ticket request. Winnie mentioned that even the Help Desk isn't putting sufficient information into the tickets to help address the problems, so that aspect isn't just a concern in regards to our end users.

Dan Cromer offered that he would personally get more involved with this matter. He has a programmer that is close to be free to devote to this project. He intends to get with Fran and see if we can get some of the problems fixed. Steve will move this back to the Projects list for our future meetings.

Status of IFAS DBA replacement

Dan Cromer reported that a number of very good applicants are available and that Chris Leopold was to arrange the interviews by today. This position is not supervised by Chris, but rather will remain in the Software group. Besides being our DBA, the position will have secondary responsibilities for software development. Chris Leopold is on the interview committee along with Petraq Papajorgji and Jiannong Xin from the IFAS IT Software group and Donna McCraw from the IFAS IT Business group. Dan hopes to have an offer ready by the end of next week.

Daylight Savings Time changes

Dwight reported that the initial plan was to run the Exchange update tool over three consecutive weekends up to this weekend. Microsoft then came out with improved tools which Dwight tested and ran over all mailboxes and public folders last weekend. Dwight has so far had just a single complaint, though Steve suspects that many simply haven't noticed issues yet. Steve's department has public folders which have appointments 1 hour off now, but the correct time had been set in the subject line prior and it should not be an issue.

Should such changes occur in the future, we should likely:

  1. Better coordinate how and when the OS patches are delivered.
  2. Run the fix-up tools as soon as possible after that occurs.
  3. Make sure users are warned not to correct appointments by hand in the meantime.
  4. Urge users to include the appointment start time in the subject line as a failsafe mechanism

Office 2007 issues

Steve tried to update Andrew on our past discussions regarding pushing out the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats tool. Nancy Johnson had been wondering why that hadn't been implemented. There had also been some discussion on the ICC-L regarding perhaps setting a GPO for the co-managed computers that enforced the older document formats to be the default for any Office 2007 installs. Opinions varied on that later issue, but all seem to agree pushing the compatibility tools out to our Office 2003 users is a good idea. There is the issue of exactly how to push that out. Mark Ross thought that we could probably extract a .msi from the .exe file (via /c or /x command switch) and that AppDeploy.com might have some help on that (which it does).

Kevin Hill reported that he has deployed Office 2007 to a subset at SWFREC as upgrade installs and is controlling default file format to the older version via GPO. There have been a few problems in saving documents to a networked drive for which MS is working on a fix. There has also been a likely related issue of leaving temp files on the networked drives.

Security updates

Steve brought up the issue of there being yet another new Quicktime update this week. Unless you install the Apple Software Update tool with a new install of Quicktime, an end-user cannot patch Quicktime to a safe level. If you do, it keeps trying to get the user to install iTunes. Mark mentioned that this is another application which can be extracted as a .msi and installed via GPO. There is an .ini file which you can configure to stop asking for updates and not do iTunes. Mark had done it this way at Plant Pathology prior to his move to IFAS IT.

Steve reported that there are supposedly no critical updates being released by Microsoft this month (though there are some known exploits for which there are no patches),

Status of Volume Shadow Copy on the file server

Nancy Johnson asked if this was working again. Wayne replied that it was not. It appears we may need to replace some of the drives on the server with higher capacity drives so we can have a drive for this facility to use. Having it store to the same volume as the data causes the I/O load to increase too much.

Status of our Public folder file deletion policies and procedures

This is another example of an implementation that has been on hold due to inadequate staffing levels and the lack of time to follow-up with such matters. Implementation, as previously discussed, is awaiting documentation.

Other Discussion

Providing ListServ Service

Dan solicited discussion about our listserv service and how we should manage it. He noted that a number of options should accompany any listserv list request. Steve suggested we create a form for list requests that included the options we would need to know to create lists efficiently. Dwight mentioned that Dean Delker had developed a set of questions which he asked people requesting a list. It would be good to get that from Dean to assist in developing the proper form. We should also include assistance on what situations are appropriately managed via lists as opposed to Outlook Distribution lists. Dan thought he might be able to get his programmer to implement that. It potentially could even generate the e-mail to the listserv that generates the list.

Dan also noted that he would like all the ICCers to know how to manage lists, particularly how to add subscribers. Dan noted that the command for that is:

Quiet add ESA-SECTIONA-L emailaddress@ufl.edu User's Name

The "Quiet" portion omits notification of the subscription to the subscriber. One may use an Excel spreadsheet to create a text file of such commands for a long list of folks. The list header should temporarily be set to "validate= no" so the owner won't have to confirm each addition--and then set back to validate= "yes" directly after.

Steve mentioned we need some targeted documentation to help "train the trainers" on this matter if we are going to efficiently push out list management to the list owners themselves.

WDS on MPS

Kevin Hill asked about the status of the new drives on the MPS servers. Those were deployed last year to support WDS and image deployment at remote sites. Wayne reported that this effort has stalled due to insufficient time and staff.

Dropping POP

Dwight asked if the ICC had approved halting FTP. Steve said that it didn't matter because this was a security issue and (as Wayne says) "security trumps all else"! Dwight asked if he could remove POP then using the same rationale. The ICC approved dropping support for POP prior, but that recommendation was made under the impression that POP wasn't supported on Exchange 2003--which proved untrue. ITPAC had approved the ICC recommendation but asked that support be continued for those needing it for phone cell access to e-mail. Long story short, Dwight can likely remove POP without complaint.

 

The meeting was adjourned a bit early at about 11:45am.