|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Message from Dan Cromer to the ICC-L: All, Great news, Patrick and James now have the video bridge working with Lync, though it can't be used with the old method of connecting to the video portal, and presence is still shown as unknown. To connect to a conference, type {conference ID}@video.ufl.edu, for example, 7839999@video.ufl.edu, in the "Find a contact" search field. Note that the longer vcs.video.ufl.edu isn't used. The contact will show below the search field. You can either right-click and select "Start a video call", or double-click to open the connection, then start video. Testing is still underway, so let Patrick know of any issues. Dan |
People were indeed able to connect to the bridge for this meeting via Lync, so it appears that those issues have indeed been resolved.
Francis Ferguson reported that he was using Lync today and had experienced video "freezes" of long duration twice during his connection, though the audio continued during that time. Others mentioned seeing the same thing. It was mentioned that disconnecting and reconnecting resolved these issues. Nobody seemed to be able to guess why this might be occurring, however, other than to suggest it was due to transitory issues with the network transport. Dan Cromer speculated that a control packet gets dropped and the client then thinks the video connection is gone, but he didn't know what could be done about it specifically.
Kevin Hill mentioned that he had been having the same issue previously with both Lync and Movi, but after updating all the drivers for the camera as well as its software he had noticed a dramatic improvement. Kevin connected today using Movi, BTW.
WAN (previous discussion)
Updates from James Moore
Updates not available...
New 'Trouble-Ticket' Entry Page for CNS
Back on the 16th of February, CNS announced a new 'Trouble-Ticket' Entry Page available at http://request.it.ufl.edu.
They noted that "this change applies only to direct requests to CNS, regarding CNS-specific services, such as networking, hosting services, mainframe systems, etc." Tickets for the UF Computing Help Desk should continue to go to http://helpdesk.ufl.edu/. The plan is to merge the two into one in the not too distant future, however.
CNS also reiterated: "As always, if you are reporting a system outage or other emergency, please send us a ticket, but also telephone us at 352/392-2291. We have staff on deck 24/7 to field emergency calls and we want to make doubly-sure that we do not miss yours."
Migration of DNS and DHCP Services to New BlueCat Platform
CNS provided more details on the plan to migrate to the New BlueCat DNS and DHCP Server. It appeared to Steve that this was primarily a central IFAS IT issue but Chris Leopold wasn't available to discuss this.
Shared Infrastructure Advisory Committee reports
It would appear that the SIAC committee intends to post their monthly reports in a more timely fashion--which is good news. The latest posting currently is the January report.
UF File Express still in round-2 beta testing (previous discussion)
Steve asked Dan Cromer if there was any news on when this service might be officially launched. Dan reported that it is really close now; he believed it to be a political rather than a technical issue that was holding things up.
Steve asked about the anonymous access option wondering if the URLs were sufficiently obscure as to provide some confidence against broad access. While Steve understands that restricted data shouldn't be shared in that manner, he believes users would feel better knowing that it would be difficult for third-parties to casually discover posted documents unless they had been sent the URL for access.
Dan agreed that this would be the case, though acknowledging that "security through obscurity" is not best practice by any means.
SharePoint training by Dan Holme (previous discussion)
Steve asked for feedback from anyone who had attended. Surprisingly, Erik Schmidt had posted links to recordings via the CCC-L:
jump to other SharePoint discussion this month
Campus VoIP improvement implemented (previous discussion)
Updates not available...
UF FAX server project (previous discussion)
The service is now in final testing and the details have been pretty much finalized as shown in the documentation provided via Dan Cromer.
Steve mentioned that, with Dan Cromer's assistance, both he and Winnie Lante had successfully tested both outgoing and incoming faxing.
Winnie said that now that incoming faxes arrive as PDF files, she feels quite comfortable with the new system. She mentioned that Steve and she were both a bit confused about how the incoming faxes were delivered. They had expected to have to add the service account mailbox into Outlook in order to receive these, but the incoming faxes went both there and to their personal accounts. Both of them liked it this way because they felt having to check the service account would just make the process more difficult.
Dan Cromer responded that this will be configured as per user request; we simply provide Telecommunications the fax number and the email address. That address can be an individual address, a service account tied to a security group for controlling access, or even a mail-enabled distribution list. How you set the email up is up to you.
Dan has not tried a distribution list, but he believes that would be the way for a group of individuals to get the faxes delivered directly. Steve pointed out that he was using a service account, however, and that the messages were still coming to his mailbox as well as that of the service account. Dan wasn't sure why that was the case but said he would investigate.
Dan reported that this is in "soft launch" currently and is available for people to use right now via telecom request.
Russell Hunter asked about what this service might mean with regards to faxing P-Card paperwork to PeopleSoft, wondering if this would permit bypassing having to printout everything for sending over a traditional fax machine. That is indeed the case though you will need a scanner to generate images of the receipts and other necessary attachments. Allan Burrage reiterated something he had mentioned at a previous meeting, namely that he has a pretty slick solution for generating images of the P-Card cover sheets to help automate this process even further.
Dan Cromer pointed out that an additional advantage of this service is that it would be a "local call" for any remote site, including all RECs and CEOs. That can save money in long-distances charges. Dan added that, initially, the faxing service would track long distance use but would not be charging back for that unless it turned out to be a bigger problem than anticipated.
Upcoming requirements for InCommon Silver (previous discussion)
Updates not available...
Implementing the Mobile Computing Security policy (previous discussion).
Avi Baumstein had provided an update regarding PGP software to the CCC-L list a couple of weeks ago:
|
Message from Avi Baumstein to the CCC-L: Updates to UF's PGP Whole Disk Encryption client are now available at: https://infosec.ufl.edu/itworkers/pgp This is primarily for compatibility with Mac OSX 10.7.3, but there are also updated versions for all platforms. More information is included in the release notes. We have performed limited testing of this version and encountered no problems, but strongly recommend that IT groups test the software on their supported hardware before chancing it on user's laptops. |
Steve wondered if anyone had considered using PGP WDE yet, mentioning that this is probably the right solution for any Macintosh laptops. He added that he has now encrypted 14 Win7 laptops using BitLocker and has about 10 more to do before getting to the Windows XP "problem" laptops. Those he hopes to either replace or upgrade those to Windows 7 and plans to integrate BitLocker into his build process on all future laptops.
Wake on LAN support coming to campus: (previous discussion)
Updates not available...
New Secunia site license (previous discussion)
Updates not available...
KACE agent deployed to IFAS (previous discussion)
Kevin Hill asked if the spreadsheet containing an exported snapshot of IFAS machines from Kace (see previous discussion) had been updated. Dan Cromer responded that it has not and he would reinvestigate how to start getting that on a recurring basis.
Domain Policy and redirect duration (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
Updates not available...
UF Exchange Project updates (previous discussion)
Chris Hughes had posted some information relating to Outlook prompting continually for credentials as discussed two meetings ago:
|
Message from Chris Hughes to the ICC-L: Kerberos isn’t currently working for UF Exchange. What is occurring for the different settings is detailed below.
Kerberos support is supposed to be added by the UF Exchange group this Sunday, February 12th. This should resolve the errors and password prompts for users who have Negotiate or Kerberos selected. It should also improve NTLM and Outlook Anywhere access since the number of sessions will be greatly reduced. Thanks, |
Steve asked if this issue was continuing for folks, having believed he had seen it again just last week. Others agreed it was happening. Dan Cromer responded that the change mentioned by Chris Hughes had been delayed somewhat but is now scheduled for an upcoming maintenance window.
Sakai e-Learning System now in production (previous discussion)
Updates not available...
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Electronic Copy - Print Output Cost Reduction program (previous discussion)
The committee tasked to look into this has been dissolved. Here is a copy of the email to the Committee members from Lisa Deal sent this Tuesday:
|
Dear Committee, thank you for your willingness to participate in the managed print discussion, and for your patience. I sincerely appreciate the candid feedback I have received as we began this process. The existing UF copier/printer contracts are expiring and UF Purchasing will be re-soliciting to create new contracts. The new contracts will be structured to provide a cost per copy model, including supplies (other than paper) – so no major capital outlay will be required on the part of a UF department. The value of those contracts should be self-explanatory to departments, as such, the managed print portion will not be mandated. In keeping with senior leadership’s support, Purchasing will be requiring use of UF’s contracted vendors when acquiring new copying/printing equipment. Additionally, Purchasing has identified at least one large administrative VP unit that is willing to serve as a pilot for implementation of a managed print solution to demonstrate and measure savings. Given the change in direction, your participation in the process as a formal committee member is appreciated but no longer required. Some of you will be engaged to provide technical advice on specifications and business process as the solicitation moves forward. As always, I appreciate your feedback on the Purchasing processes and contracts at UF. |
Steve noted that UF has backed way off the original plan for this project and that Dan had posted to the ICC a draft of the "Invitation to Negotiate" that UF would be using as a means of requesting proposals from vendors. Dan asked if anyone had had the time to look at that document. Steve and Dennis responded that they had looked through it briefly and that they both felt it was very thorough and well done.
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
Santos Soler wasn't available, but Steve reported that he is busy preparing the new cluster and planning the migration. Steve wanted to reiterate that video files will have to be moved off the web server prior to migration; for Steve's unit this will be a big deal because they have four dozen or more "web site" under control of various groups within sub-folders of their main web site. Creating the proper folder structure and permissioning for that will alone be quite a chore, as will assisting each group in understanding how to add and link files.
If you had forgotten this or the other migration issues which Santos had detailed prior, please click on the "previous discussion" links at the top of this topic to drill back down through past discussions.
File server migrations (previous discussion)
Updates not available...
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)
MDT 2010
Updates not available...
SCCM for IFAS
Alex York mentioned that OUAdmins were welcome to get with him for access to his test system. Steve has access though he has not had time to investigate nearly as much as he would hope. If any training could be provided, that might help Steve and others get over the initial hurdles that have so far prevented much investigation. Alex thought perhaps that Nick Smith might be able to play a role there and said he would discuss that with him.
Kevin Hill asked whether there was an SCCM root or if everyone was just rolling their own at this point. Alex responded that on UF campus everybody has their own SCCM installation though there is a central Configuration Manager initiative which Alex is assisting with. For IFAS, Alex is trying to roll our own SCCM currently and he would hope that Kevin would participate with that rather than develop separately. Kevin asked about bandwidth issues for deployment from campus repositories. Alex responded that a secondary site server could be set up at the remote site if traffic proved problematic; that would permit local caching of deployment packages. This has been done for CREC who used SCCM for OS deployment as part of their recent migration to UFAD.
Dan Cromer said he hoped that whoever participated would share their work with all because he really wants for IFAS to be able to patched things like JRE and the like. Alex said that participants could grant read-only access to packages as a means of sharing their development work on SCCM. Steve noted that the problem with JRE specifically isn't the packaging as much as it is with how/when it is pushed out; it really needs to be done at startup to avoid installation issues. Steve said that Alex had noted this could be done with a task sequence and the timing controlled via maintenance windows. Steve admitted that the details were well beyond his current understandings of the SCCM system or he would already be doing that. Maybe with Kevin and others getting involved some synergy can be developed it getting these things moving forward.
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Re-enabling the Windows firewall (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection? (previous discussion)
Steve asked Alex where he thought we were headed with this. Alex responded that SCCM could deploy this currently for individual units that wanted to go that route, but he was not sure what Wayne Hyde had planned for IFAS as a whole. You can deploy it, run it, it will competitively uninstall McAfee and it will work well; seeing the status, however, will be an issue. With FEP 2007 R3, Alex cannot delegate the Forefront admin console to OUAdmins. He can provide read access, but you would see everyone's machines and thus have a difficult time sifting through things to see alerts on your systems. This issue will be fixed with the 2012 version fortunately.
Long-term, Alex said that he expects this to eventually be managed centrally from UF for Windows machines, once the 2012 version is out and the central SCCM structure is finalized. Once Wayne gets back to a more regular work schedule Alex expects we can have a better discussion about where and how IFAS should head with this. Dan Cromer pointed out that UF pays about $180k/year for McAfee currently. He doesn't think that will go away completely because of its cross-platform support, but the cost savings that we might accrue by moving the great majority of Windows machines to FEP would seem to provide considerable financial incentive.
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Updates not available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
IFAS efforts toward Green IT (previous discussion)
Updates not available...
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (previous discussion)
Updates not available...
Moving away from the IFAS VPN service (previous discussion)
Updates not available...
VDI desktops as admin workstations (previous discussion)
Updates not available...
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool in production (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
see the new virtual infrastructure section above...
ePO updates (previous discussion)
Updates not available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Dan Cromer had pointed the ICC to some test snapshot ports to SharePoint 2010:
|
Message from Dan Cromer to the ICC-L: All, Thanks to continued hard work by Ben Beach and Matt Wilson, we now have IFAS SharePoint 2010 sites for testing. Some of the links have not been updated, so may point to the old server; use the direct link for accessing each. This is on private IP, so you need to be on UF network. Also, this is a snapshot in time, so files are not updated from production, but we need thorough testing to make sure that the system will work for us before moving to the UF environment, which at this time is planned for some time in April, after the next cumulative update to SharePoint, and to give plenty of time for testing.
Dan |
The point of this test system is give folks a chance to determine that everything still works on SharePoint 2010 prior to migrating from IFAS hardware to the UF SharePoint system. Please check things our thoroughly and send Ben Beach any issues which you might discover.
Dennis Brown asked about quotas on SharePoint. Matt Wilson responded that he didn't believe Ben had any quotas in place currently other than the very hard limitation of available disk space. Matt Wilson said he had spoken to Joe Gasper and UF is getting a vastly bigger backend for their SharePoint install. He doesn't know what UF's quotas are but said he would ask.
Steve asked about the "mysites" feature that had apparently been an issue since UF would not support those. Matt responded that IFAS had 280 such sites and only eight of those had actual data over one 1MB. Consequently, he didn't think this would be as much of a concern as we originally thought.
Steve was glad this looks like it is finally happening, mentioning that it has been a long time since we originally thought we would be migrating centrally. Matt pointed out that it has been three years now!
Winnie Lante explained briefly her experience with SharePoint and said she was seeking help in long-term planning for the expansion of SharePoint usage within her unit. Matt suggested that she get with Ben Beach to discuss what structure might best suit those needs. Dan Cromer added that he would like that to be brought back to the ICC prior to implementation as well in order to have a broader discussion of what might be the best organization to have across all IFAS units.
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
Patching updates... (previous discussion)
Microsoft
The March Microsoft patches will include six bulletins (one "Critical," four "Important," and one "moderate) covering a number of vulnerabilities.
McAfee provides podcasts on the highlights of each month's offerings.
Skype
Skype version 5.8.0.154 was released to address an unspecified security issues along with various performance enhancements.
Adobe
There was another critical security update for Flash. Oops, I meant yet another!
There is also a patch for an Adobe Acrobat/Reader 10.1.2 printing issue should you run into that.
Oracle
More Java updates were released since our last meeting as well.
Apple
An update just came out the other day for iTunes (10.6) which included some security fixes.
Other discussion
Kevin Hill asked if anyone had heard whether UF would be moving the central Secunia CSI to 5.0 anytime soon. Kevin was interested because that version is supposed to provide the capability for uninstalling applications--something the current version cannot handle. Steve said that he had not heard, but suggested Kevin contact Joe Gasper for details.
Steve asked if Joe Gasper had moved to CNS and Dan Cromer responded that this was indeed the case. CNS is currently down two positions since Luis Molina and Buck Buchholz left. They are currently looking for new hires there and some realignment of duties, including Joe Gasper, is likely to occur from that.
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
Remedy system status (previous discussion)
Big Blue Button proof-of-concept server
Dan Cromer had announced this early last week:
|
Message from Dan Cromer to the ICC-L: All, I've configured a proof-of-concept server with Big Blue Button version 0.8 beta-3 for testing videoconferencing at http://meet.ifas.ufl.edu. This demo environment is set up now with just a single anonymous meeting. I'd be interested in your testing experience, particularly for those outside Gainesville. So far the only failure I've seen is for a desktop machine in Okaloosa County, where version 11 of Flash wasn't available. The advantage of this open-source platform is that Extension clientele can connect with no licensing or authentication limitations, though authentication could be required. Dan |
Dan Cromer said that this system is now in beta 4 and some features were broken in that update. This is one potential option for replacing Elluminate. Blackboard bought Elluminate and "Collaborate" is the new re-naming re-structuring which has gone on there. This is another potential option. The option currently preferred seems to be Adobe Connect and Cisco Webex is yet another system to be considered.
The advantage Dan sees for Big Blue Button is its ability to integrate into Sakai. Additionally, licensing may become an issue with the other non-open source solutions.
Steve asked about progress with the LOA1 project and whether or not we might be able to permission SharePoint sites to such accounts in the not-too-distant future. Dan Cromer said that the "QuickReg" project is in "soft-soft" deployment within Sakai currently and one can work with Kris Kirmsee to get a "project" for that. Outside end users can then go to a location within Sakai and create their own Gatorlink account for access. Credit card charging is not currently supported, however.
Steve asked if such accounts could be permissioned within SharePoint because Steve sees SharePoint as being a great tool to replace the continuing need for custom web application development within IFAS. Matt responded that LOA1 is a role within Shibboleth and they have Shibboleth authentication for that. Apparently, it has been made clear that LOA1 credentials will NOT be imported into UFAD, which may make permissioning more difficult. Matt suggested that Microsoft is working with Shibboleth and that a connector may eventually become available that would allow this even though UFAD permissioning is apparently out of the question.
After the meeting, Dan Cromer provided an update on the status of his test site saying: "I have temporarily placed the meet.ifas.ufl.edu Web site out of service due to its older and vulnerable Java version. Alternative sites for review are at http://pilot.education.ufl.edu/ and http://demo.bigbluebutton.org/.
Results of GPO disabling for non-portable devices (previous discussion)
Updates not available...
WebDAV issue with Mac OS X Lion (previous discussion)
Updates not available...
The meeting was adjourned just a bit early at about 11:47.
