|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Message from Wendy Williams to the ICC-L: Hi All, I wanted to give you an overview of what was discussed in the IT Directors meeting. Both Dan Cromer and I attend these meetings so feel free to direct questions comments to both of us or the list. I was a few minutes late so I might have missed a couple things. And my note taking ability is not perfect.
|
IT Reporting Relationships
Dan Cromer had shared an email sent by Jack Payne to the Aministrative-Council-L list:
|
Message from Jack Payne to the ADMINISTRATIVE-COUNCIL-L: All, There have been several recent events in IFAS IT systems that have caused me to look at ways to ensure better service. I'm concerned that IFAS has no central authority to direct training and coordinate procedures, which has left gaps in our support model. UF has a similar issue and is moving to a more centrally coordinated and managed environment. We need to take similar steps to ensure our system is better coordinated, managed to a common standard, and thus more dependable. To accomplish this, I have asked Dan Cromer and Joe Joyce to develop a plan to address these issues. We will coordinate the plan development with you and through our regular IT governance processes. Thank you for your support of this effort. Jack |
As it is not at all clear exactly what this is referring to, Steve asked Dan Cromer if he might explain.
Dan said that two instances out of more than 10 thousand connections to the bridge in the 2010-2011 fiscal year were what had initiated this investigation. Dr. Payne experienced difficulties the last two times he was involved in videoconferences and was upset by that experience. Basically, Dr. Payne has directed Dan to find some way to fix the problems.
One thing Dan has already done is to talk with John Pankow about having calls to 392-2533 (Video Services) redirect into a specific "real-time problem" queue with the UF Help Desk. Right now, one gets a recording to call 392-HELP and when there gets put into the normal Help Desk queues.
Training appears to be part of the problem. Videoconferences often fail due to simple things like not knowing how to control the volume, etc. Dan suggested that we develop some baseline knowledge that is expected of all operators or at least create an inventory of who does have the expertise to assist in such circumstances. Dan said that he would appreciate ICCers comments on how this situation might best be addressed.
Steve said that the way he handles this within his department is that he tries very hard to be on-hand at every single videoconferencing event to make sure things work as they should. Obviously, that can't happen everywhere.
Dan also said that we certainly need to better set overall expectations by our users about the circumstances that can improve the probability of having successful videoconferences. One such problem that occurs frequently is last minute bridge requests. Users need to realize that a lot must happen behind the scenes to pull off successful bridges conferences and that waiting until the last minute to make arrangements increases the probability of failure exponentially.
Dan already has a list of the VC support folks across the IFAS units, but he would like to have a good idea of the operational knowledge of each so that deficiencies might be eliminated via targeted training.
Jimmy Anuszewski asked if a FAQ or troubleshooting list had been developed for the lay person. Dan said that this had not been done but is definitely needed. There was further discussion on where such documentation might go, either on the web, SharePoint, the IT Wiki, or even a printout at each VC location. The main problem is that we don't have a technical writer on staff to work on such matters. Consequently, things get done piecemeal or not at all--depending on the kindness of individuals willing to put in the effort. Perhaps IFAS needs to consider hiring someone to get this done right--someone who had the time to focus totally on the issue.
New 'Trouble-Ticket' Entry Page for CNS
Dan Cromer had shared an email from Ayola Singh-Kreitz of the UF Computer Help Desk with the ICC that the new Remedy version which is currently in used only by CNS, is set to go live for all on Friday, June 1st. There is training now available on-line. To access that one must first:
Once the above steps have been taken one can then logon directly.
Dan Cromer said he realizes that this system is complicated, but that he will be pushing very strongly for people to begin using this once it is announced on June 1st. He wants all problems to be recorded so we can track them and see what the most common problems are, as well as to justify our positions.
Steve offered that this would be a tough sell. In his department it would essentially amount to a "shadow system" for what he already does; as such it would just add more work and delays into the entire support process. Dan asked Steve if he keeps track of everything he does; if not, how does Steve know how well he has done his job? Steve said he knows he is doing a good job by the response he gets from the people he supports. Steve said he only has to sell his value to his chairman--at least currently. Steve believes the current system works well in his case. Jimmy said that he too gets direct feedback from his administrator. Adding "paperwork" can only make effective support personnel less effective in his mind.
Steve suggested that this might be more useful for departments that do not have their own support staff. In such cases, both the help desk and those with issues needing to be addressed want to have a "paper" trail they can follow to assess performance. In departments with well integrated support staff, however, such a system would be a burden without appreciable reward to the department itself--a perfect example of how pleasing the upper administrators makes life more difficult in the trenches.
Dennis Brown asked if there was any way we might help improve Remedy so it better suited our needs. In the past, Dennis has been disappointed with various aspects of the system. Now that we will no longer immediately see tickets submitted by our users, the system would seem to be worse rather than better in at least that key regard. Dan said that we will have input via conversation with the Help Desk director.
Migration of DNS and DHCP Services to New BlueCat Platform (previous discussion)
Updates not available...
UF File Express still in round-2 beta testing (previous discussion)
Dan Cromer had responded to someone on the CCC-L list that this project has been held because it is being redesigned to encrypt all stored data for security reasons. He did believe it was close to going "live" however.
Campus VoIP improvement implemented (previous discussion)
Updates not available...
UF FAX server project (previous discussion)
John Madey had a presentation on this system at Peer2Peer (00:45 point in recording).
Andrew Carey had announced that a Lync update (Microsoft KB2689469) resolves an issue affecting the new Exchange-integrated incoming fax solution.
This was made in response to Scot Matusz reporting an oddity with the fax Exchange account created for their fax lines: "All Lync conversations by a person with the fax line Exchange box added to their Outlook profile are being copied to the conversation history in fax email box. Any Lync conversations you may be having are available to everyone who has access to the fax line Exchange box."
Andrew said that if departments have configured their WSUS servers to supply clients with Lync patches, they should now update automatically.
Upcoming requirements for InCommon Silver (previous discussion)
Steve noted that implementation has been slightly delayed and is now scheduled for June 3rd at 6AM.
Chris Leopold said that we applied the needed GPO settings quite some time ago and we should be good. If there was anyone having authentication problems we surely would have heard about it by now.
Dan Cromer asked where Chris was with using fully qualified domain names with DFS. Chris said we aren't there yet, but that the WINS deadline has been pushed back. The issue is that our DFS structure is based on NetBIOS names rather than fully qualified domain names. Consequently, we will have to nuke the entire structure and rebuild it during some upcoming maintenance window.
Steve offered that he would be pleased if this helped with name resolution issues which seem to frequently occur--where you remote into one box (you think) and end up on another; or, you have to look up the IP# of a machine in DHCP to get to it. Chris said that they had discovered an issue whereby on boot a machine would get registered with IPv6 but not IPv4. Chris believes they have that under control now. Regarding the elimination of WINS, Chris believes that will improve things dramatically because many of the resolution issues are WINS related.
Implementing the Mobile Computing Security policy (previous discussion).
Updates not available...
Wake on LAN support coming to campus: (previous discussion)
Updates not available...
New Secunia site license (previous discussion)
Updates not available...
KACE agent deployed to IFAS (previous discussion)
Steve noted that Dan had posted another Kace spreadsheet; these should be coming monthly now.
Domain Policy and redirect duration (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
Steve asked if anyone had heard about CNS going live with the UF WPA2/8021X Wireless Network. The web site at least appears to have moved out of test and it appears the "UF" SSID is now being broadcast along with "UFW".
Dan confirmed that this is now in "soft live" and can be offered to folks in situations where it seems warranted. Dan would appreciate holding off on spreading the word widely, however; rather he would like us to wait for CNS to announce that. On Sunday they turned on NAC validation. Currently it will provide a warning if your machine is not patched, but by Fall it will deny connection.
Jimmy Anuszewski noted a recent article in the Alligator mentioning an iPhone application "called UF Wi-Fi will allow students and faculty to easily access UF Internet from their phones by removing the hassle of repeated logins." He uses it and it seems to work great.
UF Exchange Project updates (previous discussion)
Updates not available...
Sakai e-Learning System now in production (previous discussion)
Updates not available...
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Electronic Copy - Print Output Cost Reduction program (previous discussion)
Updates not available...
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
Chris Leopold provided a brief update in Santos's absence, but there hasn't been much change since our last report.
File server migrations (previous discussion)
Updates not available...
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)
MDT 2010
Updates not available...
SCCM for IFAS
The very recent release of Systems Manager 2012 and UF's plans for a centrally-managed 2012 Configuration Manager Server was discussed at Peer2Peer by Paul Smith (02:09 point in recording). Andrew Carey will be heading this up.
Paul wanted everyone to know that all the sessions from MMS 2012 at are now viewable online for free and should be available for a year. Paul said that another great resource is the TechNet Virtual Labs for System Center. For information about the UF CM 2012 server progress you are encouraged to join the UF SCCM listserv at SCCM-L@lists.ufl.edu.
Alex York said that he had run into a major bug that prevents restoring backups. Until Microsoft solves that there can be little movement ahead.
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Re-enabling the Windows firewall (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?
Updates not available...
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Updates not available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
IFAS efforts toward Green IT (previous discussion)
Updates not available...
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (previous discussion)
Updates not available...
Moving away from the IFAS VPN service (previous discussion)
Updates not available...
VDI desktops as admin workstations (previous discussion)
Wayne Hyde reported a couple of weeks ago that he had pushed an updated image out which added:
Wayne added that he's still testing Lync with redirection for webcams and microphones, so we shouldn’t expect it to be 100% yet. He did ask that we feel free to test it out and send him our feedback. With the next update he plans to add the SysInternals pstools.
Wayne is still taking suggestions on what software to host, so please let him know if you have ideas. He would also appreciate our support in getting the word out to our faculty and staff that VDI is now available for their use.
Goto http://virtual.ifas.ufl.edu to check it out.
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool in production (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
see the new virtual infrastructure section above...
ePO updates (previous discussion)
Updates not available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Dan reported to the ICC-L near the end of April that the upgrade to SharePoint 2010 had been completed. He had asked that we please let Ben Beach, Matt Wilson, and him know immediately if we discover any failing processes. Now Dan would like to plan moving to the central UF service (UF Connect) but there are some questions, particularly with SFRC and their financial shadow system. Dan wondered if any other departments had any concerns with making the move.
Steve said that he wasn't really clear on what the pros/cons might be and asked if there was any significant financial or support time savings that IFAS might enjoy with such a move. Chris Leopold seemed to think the savings would be minimal. Chris Leopold pointed out that this will limit our flexibility; we would not be able to install web parts or use third-party bits. IFAS would not be allowed separate web apps and thus would not have the isolation that we have enjoyed to-date with our departmental sites. Dan Cromer pointed out that we could still make changes if we moved, but that those would have to go through a governance process. Chris seemed to have more concerns about going that route than did Dan. Dan did say that he wanted the experience of putting everything into a single site collection prior to migrating.
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
Patching updates... (previous discussion)
Microsoft
The May Microsoft patches included 7 bulletins (3 "Critical," and 4 "Important") addressing 23 vulnerabilities in Windows, Office, and .Net.
McAfee provides podcasts on the highlights of each month's offerings.
Oracle
There were new releases of JRE but they were performance updates rather than security updates.
Steve noted that he has installed SAS and pointed it to JRE7 during the install. Steve isn't sure how to test it properly, but at least some of the graphing functions do work, so Steve was pleased. He noted that JREv6 is going end-of-life in June so this will be necessary. Steve isn't aware of any way to fix this after the fact, however, and hates to think of reinstalling the few dozen copies of SAS he has in his department.
Wayne said that he had executed the following SAS command to find out the java path:
proc options option=jreoptions; run;
then modified the JREOPTIONS line in the sasv9.cfg file accordingly. It would be wonderful if it would be this easy to move from JRE6 to JRE7, just by editing a text file. Steve will investigate. When Steve ran this on SASx32 where he had pointed to JRE7 during install, he got the following results:
JREOPTIONS=( -DPFS_TEMPLATE=C:\Program
Files\SASHome\x86\SASFoundation\9.3\tkjava\sasmisc\qrpfstpt.xml
-Djava.class.path=C:\PROGRA~1\SASHome\SASVER~1\eclipse\plugins\SASLAU~1.JAR
-Djava.security.auth.login.config=C:\Program
Files\SASHome\x86\SASFoundation\9.3\tkjava\sasmisc\sas.login.config
-Djava.security.policy=C:\Program Files\SASHome\x86\SASFoundation\9.3\tkjava\sasmisc\sas.policy
-Djava.system.class.loader=com.sas.app.AppClassLoader
-Dlog4j.configuration=file:/C:/Program%20Files/SASHome/x86/SASFoundation/9.3/tkjava/sasmisc/sas.
log4j.properties
-Dsas.app.class.path=C:\PROGRA~1\SASHome\SASVER~1\eclipse\plugins\tkjava.jar
-Dsas.ext.config=C:\Program
Files\SASHome\x86\SASFoundation\9.3\tkjava\sasmisc\sas.java.ext.config
-Dsas.jre.libjvm=C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
-Dtkj.app.launch.config=C:\PROGRA~1\SASHome\SASVER~1\picklist -Xms128m
-Xmx128m )
Java Runtime Environment options
NOTE: PROCEDURE OPTIONS used (Total process time):
real time 0.03 seconds
cpu time 0.01 seconds
Steve found lots of sasv9.cfg files (like 39!), however, and it appears a conference with Wayne is in his future.
Adobe
A new version of flash was released last Friday to address security vulnerabilities. The latest version is now 11.2.202.235. They also had a security update for Shockwave Player.
In addition, Adobe announced security updates for Illustrator, Photoshop, and Flash Pro. The bad news here is that they are only fixing the latest versions (CS6) that were just released. Their recommendation for old versions is to be careful what you open. Nice.
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
Remedy system status (previous discussion)
Updates not available...
Big Blue Button proof-of-concept server (previous discussion)
Dan Cromer announced a second try at a BigBlueButton proof-of-concept server:
|
Message from Dan Cromer to the ICC-L: I’ve set up a basic production BigBlueButton (BBB) server at http://meet.ifas.ufl.edu on public IP address. Please test as you have time, and let me know what you think. In particular, after going through the introductory videos, I suggest going to the “More Demos” page to see the three pre-set class examples, and the option to create your own meeting, for which the direct link is http://meet.ifas.ufl.edu/demo/create.jsp. I recently learned that UF is not planning the central BBB environment until next year. The system does not yet have any security access requirements; I’m thinking that a basic system with username with shared password for presenters would be sufficient. This would allow IFAS presenters to set up meetings, then send the link to the meeting to clientele. Since the meeting links are somewhat obscure, like http://meet.ifas.ufl.edu/demo/create.jsp?action=invite&meetingID=Dan%27s+meeting (this meeting is over) I think we could even avoid requiring a password for those invited to attend, though I’d be interested in your feedback about that as well; perhaps meetings to discuss private matters would need a password for all, though I’d prefer that such meetings use Lync. I’m arranging for a test to see how many simultaneous user sessions the server will be able to handle successfully, and will pass that along. |
Dan would like ICCers to try this out and see what they think. UF is going to slowly ramp up BBB centrally (full production in Summer A of 2013) and this little install by Dan allows us to get a look at it prior.
Some authentication scheme needs to be developed, but Dan would like to keep that as simple as possible so that one only needed authentication to create sessions, not to join them. Moderators can kick off anyone they want so this shouldn't be too big of a problem.
One advantage of BBB over Lync is that it only requires JRE and Flash rather than having to install some specialized software on a machine.
Computer games on UF/IFAS systems
Dan Cromer recently reported that security and inventory scans have revealed computer games on UF/IFAS systems. He asked that if we discover such games on systems we support, that we please assist the computer user with removal.
Results of GPO disabling for non-portable devices (previous discussion)
Updates not available...
WebDAV issue with Mac OS X Lion (previous discussion)
Updates not available...
The meeting was adjourned well ahead of usual at about 11:00 AM.