IFAS COMPUTER COORDINATORS
(ICC)
NOTES FROM May 12th 2006 REGULAR MEETING
A meeting of the ICC was held on Friday, May 12th, 2006. The meeting was chaired and called to order by Steve Lasley, at 10:02 a.m. in the ICS conference room.
PRESENT: Seventeen members participated.
Remote participants: Tom Barnash, Wayne Hyde, Joel Parlin, Mike Ryabin, and A. D. Walker.
On-site participants:
David Bauldree, Benjamin Beach, Dennis Brown, Dan Cromer, Francis Ferguson, Joe Hayden, Dwight Jesseman, Winnie Lante, Steve Lasley, Chris Leopold, Mark Ross, and Joe Spooner.
STREAMING AUDIO: available here
NOTES:
Agendas were distributed and the meeting was called to order on time.
New members:
Steve mentioned that Justin Stone has moved from the IFAS Help Desk to Video & Collaboration Services with Academic Technology. One the one hand, this is a serious blow to the Help Desk, with them losing one of their better employees. On the other hand, IFAS has needed video support far beyond what could be met by the half-time IFAS appointment of Patrick Pettus to Video & Collaboration Services. This was an administrative decision that was made to re-allocate our scarce IT resources across our various required service areas. We hope that Justin enjoys and thrives in his new and challenging position.
Recap since last meeting:
Steve pointed folks to the notes of the last meeting, but did not go into any particulars of that.
Policyo
Report from May ITPAC meeting
Steve pointed out the link in the agenda to his notes from the May ITPAC meeting that was held the first of this month, briefly discussing what had transpired there. Steve did not mention that Dan Cromer had asked if the ICC could develop and maintain a recommendation list of hardware and software which they felt could be readily supported. The idea was for a list that people across IFAS could use for assistance in knowing what and perhaps how/where to order IT-related items. Steve believes that, with the proper level of support and input from the ICC, such a thing could be quite valuable. He would require someone to volunteer to lead that effort, however. Steve also feels that such efforts would be wasted, for the most part, if there wasn't a parallel program headed and staffed by IT for actively seeking improved cross-IFAS interaction. As David Palmer pointed out at ITPAC, having such information available is only half the battle; the other half is marketing--i.e., having an effective means for advertising and distributing the value you can provide. As IFAS IT continues to develop in its role as a critical provider of centralized service, Steve hopes they will begin to realize the importance of this. It is all about contacts with our clients--making sure the opportunities are there in both directions and that they are handled well and professionally.
IT Reorg
Steve passed along what little information he had on the progress with the UF IT Reorganization. An all-day University of Florida Information Technology Planning Retreat will be held on May 22 at the University of Florida Conference Center and Hilton Hotel. An agenda is now available for this retreat, which will focus on IT governance and services from an administrative--not technical--standpoint. Due to the desire to encourage frank discussion, this meeting will not be recorded, though it is expected that upcoming events will be. IFAS representatives will include Joe Joyce (VPs office), Pete Vergot (Extension), Elaine Turner (CALS) and Dan Cromer will be there as well. Our own Joe Spooner is helping Marc Hoit plan and organize the event along with Marian Boyle (Associate Director IAIMS, HSC) and Christine Schoaff (Bridges Change Control Coordinator).
ICC IT Governance sub-committee
Chris Hughes could not be at our meeting, but Steve reported that the group had their first meeting the morning of May 5th and it was attended by Chris Hughes, Ben Beach, Dennis Brown, Ligia Ortega and Kevin Hill (remotely via Polycom). Dennis reported that the group discussed how various other universities are addressing IT governance, trying to understand what others were doing and what the differences were. They also took a first stab at documenting how we do things currently. Ben related that this first meeting was basically an introduction into the topic of IT governance. They came up with a resource list for the overall topic of IT governance. That and other related materials for the committee are available with read rights to all IFAS at \\ad.ufl.edu\ifas\PRIVATE\IT-Goverance. Ben mentioned that other states, such as Arizona and Kentucky were well along in addressing this issue. Steve mentioned that AISS at the Health Science Center also has a resource page on IT governance. The committee has decided to meet every two weeks, although this next meeting has been moved back a week to the 26th.
Ben mentioned that this whole topic may be somewhat of a hard sell, because it is all based on committees. Ben also mentioned that he believed COBIT was a good comprehensive framework from which we could draw. Steve mentioned that the mere quantity of information available on this is daunting. Steve's understanding, however, is that the frameworks that have been developed for this speak more to the "Whats and Whys" rather than the "Hows". The devil will be in the implementation details for sure.
Projects
Exit processes, NMB and permission removal
Prior exit procedure discussion. Steve once again noted that he had no update on this project. Dan Cromer said that this has been delayed, in part due to Mary Anne Gularte leaving after a very brief tenure as the Director of IFAS Personnel Affairs. Steve asked about the status of the documentation that Dean Delker had been assigned to create on this. Dan said that responsibilities for that documentation have been moved around and that it had been given to Justin Stone, who has now moved to video services. Dan did not seem to be sure of where it was currently assigned. Steve mentioned Dan Christophy did not seem to be aware of this project when last they spoke. The bottom line is that there has been no progress on this matter.
Dwight Jesseman mentioned that he does have a contact with personnel and that he coordinates with them to resolve issues with possibly abandoned mailboxes. He sends them a list of suspects and they confirm whether or not those individuals are still associated with IFAS in any way. It is a slow process, taking several months, but it has helped Dwight in resolving some of his cleanup issues with our mail system.
Vista TAP and Vista Deployment via SMS and WDS
Steve mentioned that Chris Hughes and Torrance Zellner were heavily involved in the Vista TAP project, having each donated 10 hours per week to the team. UF has committed to deploying 350 machines in production using the May CTP by August 1, so Chris Hughes is trying to identify target machines in IFAS for this deployment. IFAS may be responsible for deploying up to 100 of these 350 machines. Steve relayed from Chris that SMS is now set up and is deploying applications (well, one application, that being FrontPage). WDS is also set up and deploying Vista completely unattended. Both are ahead of schedule and working very well. The May CTP should fix some of the remaining problems with WDS and allow us to use it for Vista deployments on campus and off campus sites as the MPS upgrades are installed. These upgrades include more memory and hard disk space for those servers, as well as the upgrade to Windows Server 2003 R2 and access based enumeration.
Chris Hughes would like to propose a service account in the “". IFAS-LOCAL ADMIN SERVICE ACCOUNTS"” group that would be used to provide administrative access for SMS. This would allow users to install applications via SMS that require administrative access to the machines. It would also allow us to push patches out via SMS. Chris had hoped to write up a document for this proposal for Steve to present at this meeting, but time did not permit. If this is time sensitive, the matter could be handled with the ICC-L.
New File Server
Mark Ross and Steve Lasley have explored using folder redirection on if-srv-file02 (ufad\if-admn credentials required), working with Dwight Jesseman and Chris Hughes. Microsoft documentation on the permissions required describes how it is possible to have redirected folders dynamically created and files automatically moved to the new redirected location via GPO. Unfortunately, this requires that share permissions be set to Everyone Full. While NTFS permissions would still keep things secure in many ways, allowing full control for our users over their private shares could lead to management headaches down-the-road. The issue is that they could then exclude access; this could cause intractable administrative problems for backup, for example. While that can be overcome by taking ownership and then correcting the permissions, this is not a management headache with which we wish to contend. Consequently, we need to develop other methods for creating redirected folder structures and for moving files there.
Chris Hughes has written a script (ufad\if-admn credentials required) that will allow OU Admins to create a redirected folder structure for their Users folder on the new file server. This script will be set to run as a scheduled task on if-srv-file02 at a yet-to-be-determined interval--likely something on the order of every 30 minutes or so. The OUs for which these will be generated will be controlled via a text file which the script will read for input. That file will simply list participating OUs by OU name, one per line. The folder structure to be created will be based on a Template structure that OU Admins create for themselves at \\ad.ufl.edu\ifas\ouname\Users\Template.
Chris is also going to create a script that will assist users in moving their files from a local system to the redirected folder. Details on that are not yet available, but we believe that placing it on a file share for users would probably be the best approach. They could then run it on the machines they wanted to move data on while logged in. Having such a script be so readily available will mean that we need to assure that it couldn't be run unintentionally or be easily misused to do harm. Unless it is handled in the script somehow, there will be a potential for overwriting files with older copies. The script will consequently begin with a modal dialog stating what it intends to do, offering a cautionary note (including a reminder to see the Help Desk or your local admin with questions) and give an opportunity to cancel out.
Interested OU admins can use ADUC to view the ENTNEM "Redirect" OU to see how Steve is planning to use a loopback policy to control this feature. Initially he is planning to use a group-controlled logon script to map a drive to each user's folder on the new file server. Slowly thereafter, Steve plans to try and sell the idea of redirecting "My Documents" for many as well. That will be controlled via membership in a different security group, as folder redirection can be applied variously by group membership in the advanced settings of that group policy. Using a merged computer loopback policy will allow Steve to control exactly which computers have folders redirected and the group membership will control which users are involved. The additional drive mapping will handle access to server-based storage for those using folder direction when they are logged onto machines outside the redirection OU.
Dwight added that FSHN has moved over to the new file server as has CALS. Dwight had not received one phone call about issues with those moves and he wished that Tom Kirby or Joe Spooner were available to provide testimony about how smoothly that process is so that other departments would not be leery about it.
Remedy Project Update
Steve mentioned that he had reported a couple of problems to Adam Bellaire which have since been resolved. The first arose from Steve getting a notification for a ticket (#320253) that was created for someone that was no longer related to his department. Though the ticket listed Steve as the network manager, upon inspection it was discovered that this person had no NMB setting in the directory and was in the Other OU within UFAD. Apparently, when one removes a NMB relationship, it doesn't clear actually clear that field but rather marks that relationship as expired. Adam corrected the code to ignore the Network Managed By if the affiliation is expired, so that this won't happen in the future. The Remedy code had previously just checked that field.
The other issue was with a couple of broken links on the main Remedy page. The links to Ask IFAS Helpdesk and IFAS client self-service were broken because they used addresses relative to that page, whose address of "http://at.ufl.edu/~hdweb/ifas//" has a redundant slash at the end. The URL has been changed to use absolute addressing, which should make the links work regardless of which address was used to browse there.
Steve asked about viewing closed tickets because he feels that there would be much to be learned about various issues by browsing resolved tickets; unfortunately, doing this is rather difficult currently.. Apparently, to view those, one must either know the ticket number (and access that via the "Direct Consult for Ticket" preview feature) or look through each support person's closed tickets (via the "Show tickets assigned to a username" feature in conjunction with the "Check to show closed tickets as well as open"). If you do not know the ticket number or to whom the ticket was assigned, that can be rather difficult to do. Steve suggested that it might be nice to add a feature for looking at recently resolved tickets--perhaps by specifying a time period for which to retrieve those.
Steve also mentioned that he believes the IFAS Remedy system is working well, but that the IFAS Help Desk, in his direct experience, isn't. He has mentioned this to Dan Cromer and to Dan Christophy and we hope to see some improvement. Tickets have been sitting in the queue too long without being resolved or even addressed. Steve asked if any others had been using the system and how responsive the Help Desk had been for them. Dennis Brown mentioned that he had used it to report the IFAS Directory website being down and that it was resolved in about an hour. Dennis received a call and an e-mail from Ed Steele on that in rapid fashion. Perhaps Steve's experience is based on too few attempts, and he will continue to monitor that situation.
Note from future: It now appears that when an OU admin submits a ticket on someone's behalf via the http://support.ifas.ufl.edu website, the HelpDesk does not receive e-mail notification. This is likely a bug in the system that Adam Bellaire can correct and this may explain part of the tardiness on attending to tickets that Steve had noted.
Steve stated that he would like for the Help Desk to be more involved in the ICC community. They perform many of the same functions as the rest of us and likely see an even broader range of problems than do most of us. We could all benefit from interacting more with them and exchanging expertise and experience. Unfortunately, that does not seem to be happening--at least not very frequently. As one example, it would be wonderful if Help Desk staff would post new problems and solutions which they find to the ICC-L so we could all benefit; that is a rare occurrence (though Dean has done so once in the recent past). Steve would appreciate any ideas that anyone from the ICC or the Help Desk might have to improve that situation. This isn't just a Help Desk issue though. We could all do a better job of sharing our expertise. There is no need to wait until asked. If you have found a solution to a problem recently, please post that for the benefit of all. That is how we can build our community and improve the support that each of us is able to provide.
Dan Cromer stated that he is re-emphasizing the use of Remedy to all IT staff so they are diligent about logging all their work there. For example, he has asked the WAN group to create tickets for network circuit outages and to reference those ticket numbers in their ICC-L notifications. Dan feels that this might eliminate the need to notify the ICC-L about resolutions to those as folks would be able to track that within Remedy. Dan used this as an example, but he is hoping that being able to track status via Remedy could eliminate some of the phone calls and e-mails that otherwise tie up his staff's time--this would provide an incentive for his staff to use the system. Joe Hayden said he would prefer that resolutions to circuit outages remain as notifications to the ICC-L. He finds that much easier to track and admitted that he has not intention of using the Remedy system for anything (though Steve noted that he did have access now via his Gatorlink credentials to the Remedy web site). Steve felt that most could keep the Remedy system queue open on their desktop, as it refreshes automatically, and thus could easily track goings on. Dan would like folks to use the Remedy system rather than send an e-mail when seeking help from Dwight, Chris Leopold, or his other staff. With a little practice, it can be done as easily as sending an e-mail and it has the added benefit of keeping an active log of all the issues that IT deals with. Folks tend to forget that quantifying such things can be a very valuable tool in lobbying administration for the support that IFAS IT truly could use to do a better job.
Steve noted that http://at.ufl.edu/~hdweb/ifasask does not appear to require any authentication. While Dan suggested that it did and that Steve must have a cookie saving that, testing seems to indicate otherwise. Note that w/o authentication, this site would allow anyone to send a ticket on behalf of anyone simply by knowing a gatorlink username; that could even be done automatically in rapid fashion via a script. We may want to reconsider that matter as well.
Dwight mentioned that Remedy has a "reports" function to which access is currently limited (as far as he knew) to Dan Christophy and himself. There are some standard reports pre-existing or you may create custom queries. If someone has a particular query to run against Remedy, you might want to try asking Dan Christophy if he would be willing to do that. We would all be interested in hearing the results as well. Dan Cromer was interested in what database was being used there. Dwight speculated that it was MySQL, but he did not know for sure. Note from future: Chris Hughes indicated that Remedy uses an Oracle database and is maintained by CNS.
Steve asked about the knowledgebase component of Remedy that was being considered. Dwight reported that the UF Help Desk had reviewed a number of vendors for that, had developed criteria for our needs and then evaluated the vendor solutions based on those criteria. That was the end of it however. There have been no further meetings or discussions on the topic. Dwight's current understanding is that the project has been cancelled, but he does not know the reasons.
Removal of WINS
Chris Hughes wasn't available to give an update of where we are on this project. Note from future: Chris Hughes indicated that he will notify everyone about WINS via the ICC list sometime during the week of May 21st. He reported that we have enough data to go forward now.
Listserv confirm settings
Dan Cromer said that he is proceeding slowly with this. Documentation is still pending and has been delayed due to other projects. Dan agreed with Chris Leopold that we need to do this very carefully to avoid adverse reactions from users.
Move to IF-SRV-WEB
Chris Leopold reported that the long overdue web migration will kick off on Tuesday, May 16th. At that time, those responsible for the first 50 of our websites will be notified via e-mail of the migration via the following or similar notice:
You have been identified as an IFAS web site administrator. Therefore, you are being
notified of the IFAS web server migration project. The IFAS IT Server Administration
group (IT\SA) has purchased a new web server that will replace our two aging web
servers. You will receive this email once for each web site that you oversee. The goal
of this project is the have all web sites currently hosted on our servers moved onto
this new web server. To ensure that your web site is moved in an efficient and timely
manner, we will require your assistance.
The new server will be running the latest version Microsoft’s web server software.
After being moved to the new server, your web site may have minor compatibility
issues. In order to assist you during this migration, we have created a web site that
explains the migration process, allows you to report the status of your “migrated”
web site, contains methods for identifying problems, and assists you in locating
resources to correct any issues that may occur. Please take a moment to visit
http://migration.ifas.ufl.edu, learn about the migration process, and review and
report on the functionality of your web site.
Based on your feedback, your web site will be permanently moved into the new
server after it is reported to be problem free. If there are problems, we will leave
everything the way it was before until the issues are corrected. You will be
contacted by someone to provide assistance.
Steve mentioned that the current documentation on Best Practices for Testing Web Content still needed some work. That site tries to address a problem that web site administrators may encounter when reviewing their development sites--specifically with absolute links sending them back to the production site. That documentation currently covers two different manual methods of dealing with that. Steve had pointed out the Marshall that the host file modification implementation and removal could be accomplished via a batch file or vbscript. He really recommends that such a thing be developed and documented there. Chris Leopold said that Chris Hughes had developed such a program and that the documentation would be changed accordingly.
Note from future: Chris has completed the hosts file script and placed it on \\ad.ufl.edu\netlogon\IFAS. It is named hostsfile.vbs. When this script is run it will replace the hosts file on your machine with the one on \\ad.ufl.edu\netlogon\ifas after you click ok. When you are finished testing you click ok on the testing popup box and the new hosts file is deleted and the old file is returned. This is waiting on a complete hosts list from Marshall. The initial one did not take into account https sites that have additional IP addresses.
Organization and Documentation for IT\SA
Chris Leopold provided details of a number of steps he is taking with his group to improve their effectiveness. He is preparing an area of his office to be used for weekly staff meetings. That will make those easier to hold and thus less likely to be skipped. Chris has also cleaned up their storage area, creating a location for all needed items and labeling those for easy reference. Chris has also asked his staff to document their service processes. This will begin with the newly revamped DHCP service, the printer service as well as the new fileserver. Chris is documenting Bldg 120 lockdown procedures and developing layer 2 network diagrams. Chris will work with Steve Lasley to publish these materials, as deemed appropriate, in the secure portion of the ICC web site. Yay!
Computer Room Outage
Chris Leopold mentioned again that there would be an outage this weekend beginning at 6 pm in order to replace the UPS in the computer room. He thanked Dan Cromer for repeated sending updates on that to IFAS-ALL over the last several weeks. While the contractor cannot provide a time for completion other than Sunday, Chris believes that they should have things back up by Saturday evening if all goes well. Some of the more critical servers (DNS, DHCP, VPN, Exchange front-end, Listserv and if-srv-web) have been moved temporarily so they can continue in service during this outage .Those servers will remain there for a week or so after the project is completed just to assure against delayed issues arising with the work that is being accomplished.
New IFAS IP Plan
Chris Leopold gave his kudos to Dwight for forging ahead with this project. Chris noted that all non-reservation DHCP clients and printers are being moved to new private numbers--with 13 of those being completed currently. Steve reported that this was done this morning for Entomology. Although the new private subnet was intended to talk transparently with the old private and public subnets during the transition period, Steve did note a problem. After moving to the new range, hosts that had been printing directly via TCP/IP to a statically assigned printer lost their connection. While one could drop to a command line and ping the printer, the printer troubleshooter reported a different result. The problem resolved after setting a reservation for the printer and moving it to DHCP on the new network--and then setting the clients to point to the new address. It appears that something isn't being bridged properly. This is particularly odd in that the hosts had previously been on the public side while the printer was on private--thus it was working across subnets prior to the change. In any case, Steve will be busy on Monday, with Dwight's help, getting all those printers (roughly 20 or so) moved to using DHCP reservations.
Everything will be documented in the DHCP application itself via comment and description fields. Documentation of the excluded range can be handled via setting a reservation in the excluded range and documenting there. The scope name will be the name of the first building it is serving--or some other name recognizable to the group. Our lease time will be set to 3 hours, which means clients will be looking for updates within 90 minutes. Regarding printer reservations, descriptions will have room and building numbers and UF building name designation. Host/device reservations will be documented as are the printers, but a Gatorlink username will be added as well as an additional contact
Public /28 ranges will be applied to the appropriate interfaces on Monday, May 15th.
The following Monday, the 22nd, we will begin identifying those devices needing public numbers and getting those reset at each device. That means you will be contacted about that and you should have a good idea by that time as to exactly what needs public numbers.
Mark Ross brought up the issue of license servers. Applications like Sequencher and LaserGene use license servers. Many of those utilizing such services may be unaware of even using them let alone knowing what server is supplying that; those users may run across a number of IFAS subnets and the server is specified in the software directly by IP address. It will be difficult to handle change those server addresses without breaking clients somewhere as it is doubtful that the details are properly documented. Mark also mentioned that installation of the software often requires a static address, so we may need to do some reinstalls to get those set properly within the programs.
Mark mentioned that he uses printer host names in conjunction with UFAD and DDNS to avoid setting reservations on printers at all. Dwight responded that IFAS wanted to create reservations for printers connected via their printer server because doing so allowed them to document those and better control who had access. Mark mentioned that he prefers direct printer connections rather than running through a server printer queue, but this is not the method that IT\SA intends to recommend do to the greater difficulty it would create for them in managing a very large number of printers for an even larger number of users across a large number of different locations. The ability to map people to printers via logon scripts is deemed an extremely useful management tool in IT\SA's diverse environment.
IT/SA intends to set up printers via DHCP reservations with dynamic DNS. On the server the port would be changed from a specific IP address to the FQDN of the printer based on that dynamic DNS entry. It turns out that some printers want to register themselves with DDNS--versus allowing DHCP to handle that. This breaks things. The proposed solution is to prevent non-secure DDNS via setup of another domain, ifasprint.ad.ufl.edu, that will use AD for DDNS. In that environment, only the DHCP server will have the ability to register with DDNS. Printers will be named OU-MODELx.ifasprint.ad.ufl.edu where x=a, b, etc. as needed (rather than the printer.ifas.ufl.edu that we were going to use).
Chris mentioned that he will be making a request for more broadcast domains. They need to separate Animal Science and the Livestock Pavilion into two broadcast domains. Dr. Borum will have her own due to IPSec needs. Environmental Hort will separate from Plant Pathology and there will be a new /28 public for the Web-based Distributed Authoring and Versioning (WebDAV) project.
Hosting of Unmanaged Servers
Additionally, Chris wants a separate domain for the server room so any hosted but un-managed machines can be isolated from our own servers there. The intention is to provide space in the server room for servers that may run applications that IT/SA does not directly support. Although it makes sense to provide space for unmanaged servers, Chris thinks that service should include a service level agreement that details where IT/SAs responsibilities end. Steve suggested that auxiliary services, such as backup, might be provided for those on a charge basis as part of that arrangement; to simply provide unmanaged space without any charge or cost to those making use of that would seem unwise. Joe Hayden pointed out that insurance will be an issue. For equipment to be covered it apparently has to be registered to the place where it is located. Joe said that would mean that units housing equipment with IT/SA would want to pay IT/SA to register it with their insurance; otherwise it would not be covered in a loss.
Fluke Cable Testing Demo
Our Graybar representative, Mark Wells, has contacted a representative of Fluke Networks on Chris Leopold's behalf. Sometime during the week of the 2nd, a demonstration will be given on some cable analyzing devices. Chris has been investigating the rather expensive ($6-8k) DTX CableAnalyzer series. Those interested in learning about such devices should let Chris know so he can make sure the demo is set up in a room that will accommodate all who wish to view that.
Chris mentioned that Sheard Goodwin of CNS would like to have such a device. Joe Hayden mentioned having borrowed one to chase down a problem in Balm. Mark Ross felt that such a device should always be leased rather than purchased, because of its limited useful life. Joe Hayden said that the company does not lease these. Mark pointed out that you can replace a lot of wire for the cost of one of these.
Re-enabling the Windows firewall
This is still waiting on the IP renumbering.
Operations
Correcting out-of-compliance computer names
On April 28th, George Bryan had sent the following e-mail to Chris Hughes, cc'ing Chris Leopold and Dan Cromer:
The following spreadsheet list approximately 400 workstations who's naming
convention for UFAD as agreed upon by IFAS if out of compliance.
Please inform the department administrators of the importance of adhering
to our established naming standards as listed on www.ad.ufl.edu.
We would request that the unit administrators responsible for these
machines correct this situation as quickly as possible.
All major units in UFAD will be receiving this same report not just IFAS.
We intend to report this to IFAS administrators and we trust it will be
taken care of in a timely manner. Naming standards in UFAD are not just
a good idea but it is mandatory that all units follow these standards.
We have allowed a grace period for correction but now must begin
monitoring compliance. As per our SLA all names of computers in IFAS MUST
be prefixed with "IF-" in order to avoid possible naming collisions with
other units.
Thanks in advance for you immediate action.
The UFAD Naming Standards referred to in this e-mail are documented on the Migration section of the UFAD website. Steve would like to point out that the standard specifies the unit prefix ("IF" for IFAS) only, with the dash being optional. Though we should all be aware of that document, Steve believes it is unnecessarily confusing due to obvious editing oversights such as the inclusion of "ad-host1.coe.berkeley.edu" in the text. Hopefully that document can be updated in the near future and corrected to be less confusing.
On May 4th, Chris responded with an e-mail to the ICC-L:
The deadline for fixing these machine names is June 1. After this date
machines that are still named incorrectly will be forcefully renamed and
rebooted by a script. A list of machines and units that were out of
compliance will also be provided to the administration.
Attached is an Excel document that may help you with renaming machines.
The Excel sheet creates a DOS command that will rename the computers.
This command needs to be run from an IF-ADMN command prompt.
If you have any questions or comments, please let me know.
Dan Cromer wanted it clear that he didn't want central IT to make unilateral decisions about deadlines and other processes that have IFAS-wide impact without ICC discussion. Since this meeting is prior to the proposed deadline, prior discussion was entirely feasible. Steve asked if anyone had any problems with what is being proposed. Dennis Brown noted that, while his OU name is "HORTSCI", he uses "HOS" as a substitute in his naming convention for brevity. Steve Lasley noted that he does the same thing, substituting "EYN" for "ENTNEM".
Steve reminded folks that the maximum length of a machine name in our configuration is 15 characters. This convention is in deference to backwards compatibility with the NetBIOS limit of 15 characters. We should be aware that simply prefixing current names with "IF-" would push the unique endings of some current names past that limit. Consequently some care should be taken with the renaming.
A discussion ensued about how our own IFAS naming convention could help with such things as Wayne Hyde properly locating machines that end up in ePO's "lost and found" container. As was mentioned, some use an OU abbreviation, but otherwise have a naming standard that allows one to easily locate the proper OU. Mark Ross does not use "PLP" in his names, but does have building/room numbers, which is a good and workable solution. We could also handle such things via a description field. Perhaps someone can devise a compromise solution that all would agree to, but the main problem is not with machines managed by people who actively participate in the ICC in any case. Thus, unless the solution was scripted and enforced, we would gain very little for our efforts.
Joe Hayden noted that some exceptions may need to be made due to vendor requirements. Steve Lasley noted that exceptions to any policy should always be permitted if needed, but exceptions must be well documented.
Easing client access to \\ad.ufl.edu\ifas for co-managed computers
Marshall Pierce was not available, but he had mentioned at a staff meeting that he wanted the ICC to re-visit the topic of finding a single drive letter which IFAS could standardize on to map the \\ad.ufl.edu\ifas share. A cursory investigation by Chris Hughes at a previous ICC meeting suggested that "Y:" was the least used currently.
Of course, drive letters are going away eventually and there may be better ways to handle this. For example, Chris Hughes has written a script that will add a Network Places shortcut to \\ad.ufl.edu\ifas for co-managed computers.
Steve mentioned that he struggled with what letters to use in mapping the various "public", "unit" and "user" locations which the new file server will provide. He wishes that the ICC could agree on some standard for that, but in its absence currently plans to use "P:" for public, "T:" for Unit and "U:" for users.
SMTPTracker status update
Steve asked if SMTPTracker has been reinstated. Dwight said that it had, as of about 2 weeks ago. Dwight had held off announcing that because he wanted to make sure everything was working fine--which indeed seems to be the case. It is configured just as before: anything from "@list.ufl.edu", "@list.ifas.ufl.edu" or e-mailed from the Gatorlink system are whitelisted to ensure delivery.
P2P management
Wayne was not able to make the meeting. He was tuned in, however, and said he still intends to create a GPO exclusion list to prevent Kazaa, Limewire and WinMX from running. There are roughly 20 PCs currently with this software and it just hasn't risen to the top of the priorities list.
Procedures for Deleting Expired Computers
Steve mentioned that he has documented Procedures for Deleting Expired Computers on the secure portion of the ICC website (ufad\if-admn credentials required). This site describes the procedure which the ICC has agreed to and also briefly mentions a very good (but potentially dangerous) tool by Joe Richards which will report on old computers (or users) called OldCmp.
Startup script changes
Steve has likewise documented recent Startup script changes (again, ufad\if-admn credentials required).
Other Discussion
WebDAV project
Dan Cromer had Steve go to https://sslgateway.ifas.ufl.edu to demo the beginnings of our WebDAV project. Applications that support WebDAV will be able to make use of this site to provide access to files to which the provided credentials have access. Dan said that we are getting a new server to support this (the DFS root and the SSL gateway) and that it will be an easy way for our users to share documents. Dan hopes that this may provide an alternative to large e-mail attachments by making it easy for people to place files there (e.g., PowerPoint presentations) and mail links to them. Dan realizes we will face a major training issue there, of course. Steve thought we might be able to add context menus to our systems whereby a right-click of a file there could place a link to the clipboard and launch an e-mail message.
Access to files and folders are set up and secured using existing NTFS permissions. Users could download files from remote locations via their favorite browser on their chosen platform (though not all browsers work with WebDAV). Upon entering their AD credentials, they are presented with an FTP-like view into the file server. With IE on Windows, there is the "Open as Web Folder" option which provides something like typical Windows file sharing; and with WebDAV aware applications, such as Microsoft Office, they can work on documents as if they were using local file sharing. They would also be able to use drag-and-drop interface to upload and download files.
This also holds promise for cross-platform sharing. Native SSL support for WebDAV is reportedly available in Mac OS X (10.4/Tiger). Steve has seen reports that other places such as CERN use WebDAV gateways to allow Mac OSX users to connect to the Windows DFS. The University of Iowa, the University of Texas and the University of Michigan all use WebDAV for remote file sharing. Commercial implementations such as Xythos and FileWay from Everywhere Networks show the potential here.
Re-org discussion
Dennis Brown asked Dan Cromer how he was going to address the topic centralizing Exchange should such discussions arise at the retreat. Dan responded that, initially, he does not expect the discussion to go into any technical details; rather they will address the question of what services UF should offer centrally and at what level of service--apart from any discussion of what technology should be used for that. E-mail may be one of those services, but Dan also feels the matter of how we organize for governance is a major concern to be addressed.
Dan touted IFAS as having made considerable strides towards centralization. We have most units using our central Exchange service and even Animal Science and CREC, who run their own Exchange servers, are making initial plans for moving to UFAD. That would place us all on a centralize directory service. Dan said that if UF at some point established a centralized Exchange service, then he foresees no trouble in joining that or moving some of our staff to support that. Dan feels that IFAS is ahead of central campus and HSC as far as centralization is concerned. Dan thinks the ICC functions well, though he wishes more folks would participate; Dan feels part of the reason we don't have a huge crowd at our ICC meetings, however, is that things are going pretty smoothly.
Mark Ross offered a counter viewpoint, mentioning that he believes there are a number of IFAS units who are simply doing their own thing and ignoring the ICC.
The meeting was adjourned on time at noon.
|