|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Message to the CCC-L from Scott Jones: Hello! I've spent the last seven+ years as a software product manager, first for Novell, then for Altiris and Symantec (by way of acquisition). Before that, I was a field consultant for Novell and a network engineer with CNE (local G'ville company). My specialties are network infrastructure and security, Intel-based servers and desktop/software management, both from the technical and business perspectives. I've recently moved back to Florida and need to find a permanent job, either in Gainesville or that may be worked remotely from Gainesville. Tho I would prefer to stay in the product management/marketing/alliances arena (on the business side of things), I'm open to a technical position again, especially if it has some level of architect/manager responsibility. Please take a look at my LinkedIn profile, http://www.linkedin.com/in/hsjones, and keep me in mind for any projects/opportunities you have coming up. Thanks! |
Dan Cromer reported that Steven Clay got a new job with the College of Education. Jie Fan has apparently replaced him.
Last but not least, Louise Ryan is retiring and the Northeast District is looking for a replacement. Louise will work until the end of June and We all wish her the best.
Recap since last meeting:
As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details
[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]
Videoconferencing topics (previous discussion)
End-user Scheduling
Apparently details of this are still pending, but the plan is to provide some subset of individuals access to schedule their own videoconferences on TMS.
Office Communicator infrastructure status (previous discussion)
Dan Cromer reported that the new Office Communicator production system has been implemented. There are still some tweaking going on, but Dwight Jesseman is working on that. You can now connect via Office Communicator from off UF campus w/o using a VPN. Unlike Outlook Anywhere (RPC over HTTP), the OCS system utilizes two public facing servers to handle the connections. [Note: there must be more to it than related here because Steve checked this out from home via a non-domain joined box and was unable to connect unless a VPN was in place.]
Dwight is still working on providing anonymous connectivity to Live Meeting, but that is believed doable. This would mean you could send a Live Meeting link to anyone and they could use that to connect to a meeting. Plans are also in the works to federate with other universities or organizations that have Office Communications Server (OCS).
Technically this is in production now, but Dan has been waiting until a few of the extra details have been worked out before announcing it to all.
Winnie asked if there was going to be a 64-bit version of OCS. Dan said he expected so, but wanted to warn people away from installing the 64-bit version of Office 2010. Many addins, such as the OC addin for Outlook, do not have 32-bit versions and so will not work with the 64-bit Office 2010.
Note: the installation documentation for Office Communicator is available on the UF IT Wiki.
New VC gateway status (previous discussion)
The Tandberg VCS gateway has arrived and has replaced the old Radvision gateway. Once it is in full production you will be able to access it via a domain name rather than by IP (something like bridge.video.ufl.edu). This gateway has a feature which, once implemented, will allow it to connect to the SIP registrar for Office Communicator. That will allow OC users to see all the Polycom endpoints on their OC Contact list and connect to them.
Steve asked if this would pretty much take PVX software out of the picture and Dan replied that he believed so. Dan pointed out that one user was unable
Dan mentioned that Brian Gray had been unable to get the PVX software to work on a new laptop with the Intel i5 processor and Polycom was no help. Kamin Miller responded that he had it working on an i7 processor machine, however.
Recording lectures for Distance Education (previous discussion)
Steve noted that there is now an "ACCORDENT-L" list and those receiving an Accordent Capture Station should be on that list. Contact Ron Thomas for details.
Ron recently scheduled some site visits with a technician from Professional Communication Systems (PCS) who is assisting with deployment. The locations on campus will include Fifield 2316-2318, Entomology 1027; Animal Science 151, Reed Lab 302, 306 Rolfs, 211 Rogers, along with two Accordent devices for Microbiology. Ron also provided a Technical Tips for Accordent Capture Station Users document.
Steve is interested in hearing if these Accordents will be deployed on public IP and whether or not direct streaming from these is going to be encouraged. There may be some security concerns with Windows-based "turnkey" web appliances.
Dan Cromer related that the streaming is done through a centralized server so he suspected that these devices could remain on private numbers. Santos Soler is meeting with an Accordant technician to setup the configuration for the server side portion. Whether or not the Capture Stations will need to be static numbers is not yet known. Storage is going to be handled centrally and other networking details should be available after Santos works things out on the server side.
Dennis Brown asked about the size of these units. Mike Ryabin reported that he received his already and it is just an ordinary Dell computer with a video capture card running a specialized application. Mike if documentation would be made available concerning setup and use of these devices and Dan replied that such was the plan.
Videoconferencing documentation being posted via SharePoint
Steve mentioned again this documentation. Lance Cozart continues to develop it.
New Elluminate system status
Dan Cromer confirmed that the move to the new Elluminate SAS system occurred as expected on Monday, May 10th. The biggest pain involved having to move current recordings to the new format. Elluminate has a tool, called Publish, which can be used to capture and reformat those. Ron Thomas assisted faculty in doing that.
Steve mentioned that only one of his faculty members had used Elluminate and asked what departments used it heavily. Dan responded that he didn't know of any IFAS departments that were particularly heavy users, but that the College of Pharmacy uses it a lot. Dennis Brown added that Ag Education uses it quite a bit as well.
Steve asked about potential overlap between Elluminate and OCS in function. Dan pointed out that currently only employees have access to OCS, so that system couldn't be used with students. However, if the anonymous Live Meeting connection works then that may change things. Dan also pointed out that Elluminate has features closely tied to distance education (quizzes, etc.) while Live Meeting is more of a general meeting/collaboration tool.
WAN transition to CNS (previous discussion)
Updates from James Moore
James was unable to attend this month. He was testing a work around for a bad MFN design. This work involved upgrading the Milton REC to its temporary MFN circuit without having to send more hardware. James was also tracking a couple of problem tickets with carriers at the same time.
Alternate IFAS domains in e-mail
Steve wants to keep this on our agenda for future discussion. He believes there is no advantage to having multiple aliases and that we should move towards removing those if possible.
CIO position status
Elias Eldayrie will begin as our new CIO on May 28th. Dr. Frazier is retiring.
Identity Management (IdM) Interface Training
Steve asked if everyone had requested the "UF_PA_IDM_NETMGR" role which will allow you to set NMB for your users. If not, your Department Security Administrator can do that for you.
ITAC-NI still meeting (previous discussion)
Last month's committee meeting involved a demo of Cisco's equivalent to OCS. Minutes of all meetings are available.
Dennis asked about how this Cisco product related to the OCS system. Dan Cromer said that both would be going ahead in parallel. CNS has already upgraded to a newer version of Call Manager and has plans to follow along behind the HSC.
Course Management System Conversion to Sakai 3 (previous discussion)
Steve reminded folks of Doug Johnson's announcement of a CMS Transition web site. Doug had indicated that this site expands upon the official IT project site.
myuf Market (previous discussion)
Steve wants to keep this on our agendas in case discussion seems warranted.
UF Exchange Project updates (previous discussion)
Centralized FAX service via Exchange (previous discussion)
Steve wants to keep this potential service in everyone's minds as it seems a logical direction for all to take.
Split DNS solution for UFAD problems
Steve wants to keep this on the agenda for future reference.
There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.
Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM
Issue with offline files and folder redirection
As Steve mentioned last month, he is seeing logon delays for Windows 7 machines using folder redirection to put user documents on the file server. This problem is related to the use of offline files somehow and disabling off-line files eliminates the issue; unfortunately, that does affect searches, however.
Issue with ePO managed tasks on Windows 7
Steve noted that his Windows 7 machines were not keeping up-to-date with the virus definitions. He had tracked this down to the fact that the local agent was not getting the managed tasks. Here is how the console looks on the WinXP machines:
Here is how it looks on Windows 7:
As a result, VSE would not get new DATs until a manual update was run. Generally this happened when Windows notified the user that McAfee was out-of-date. Not only does Windows not report this until the definitions are several days out-of-date, but it also requires users to answer correctly to get the updates to run.
After the meeting Wayne learned what the problem was. First of all, he had disabled the local autoupdate tasks when McAfee pushed out a bad DAT back on the 22nd. That is when the issue started for Win7 boxes. Even when he turned that back on, however, things did not work. It turns out that the ePO tasks don't like getting edited. Apparently, they have to be deleted and re-created. Once Wayne did that, the managed tasks began to turn up in Windows 7 machines again.
Windows 7 deployment
Daniel Solano continues to refine our SCCM setup but at the same time has some problems currently with the PXE boot aspect. There is an alternative in the meantime, however. He has made ISO images of various SCCM Windows OS installs available to all IF-ADMN accounts at \\if-srv-sccm.ad.ufl.edu\images. You can burn one of those to a DVD, boot off it, and perform an off-line install; alternatively you can create a bootable flash drive with these for even quicker deployment. If you let Daniel know the models you are deploying to he can create an image with all the necessary drivers. Daniel pointed out that Dell now packages all the drivers for their various models in cab files that are easily obtained. You are encouraged to get with Daniel and try this out.
Daniel also mentioned that he is working on getting unattended answer files connected to the process. This would allow OU Admins to customize the Windows interface to their own liking. Answer files are pretty easy to create using the Windows System Image Manager tool from the WAIK and the Windows Enterprise media. Once Daniel gets that working Steve suggests that we do a demo of how to create those at an ICC meeting. You could create your own and pass it off to Daniel for incorporation into SCCM.
Mike Ryabin asked if SCCM would be available to off-campus sites. Pulling from the campus SCCM server is likely too demanding on bandwidth for remote use. While SCCM does allow for remote server nodes, that is certainly well beyond where we are with this currently. Until Daniel gets the campus setup better in hand, remote deployment may have to rely on downloading the .iso versions. This can still be a great tool, however, via that method.
Exit processes, NMB and permission removal (prior discussion)
Nothing further was available on this topic at this time.
Re-enabling the Windows firewall
Wayne Hyde has this on his schedule for after the SAN upgrade is completed.
Services Documentation: Is a Wiki the way? (prior discussion)
Steve skipped over this topic but will keep it on our agendas.
Enabling passthrough authentication for http://*ufl.edu and https://*ufl.edu via GPO (prior discussion)
It appears that this will be left to the discretion of each OU Admin.
Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only
You are reminded that the ". IFAS-ICC" email distribution group does not include the broader audience which the ICC-L will reach. Plan your e-mails accordingly.
IFAS efforts toward Green IT (previous discussion)
Status update
Dan Cromer said the Green IT Taskforce will be meeting next on the 19th. They will soon be announcing an Open Forum on Green IT for June 1st at 1 PM. Dan wants to create a wiki page that contains the plan which develops. It should include such things as:
Creating guest GatorLink accounts: singly or in bulk (prior discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
Can IFAS support DirectAccess in the future? (prior discussion)
Steve wants to keep this topic on our radar.
Moving away from the IFAS VPN service (previous discussion)
Steve assumes that moving our VPN to private IP is waiting on Wayne Hyde finding the time to implement.
VDI desktops as admin workstations (previous discussion)
This is another cool service that Wayne has in progress and which is awaiting sufficient time to pursue further.
Wayne's Power Tools (prior discussion)
OU Technical Contact email groups being created
Last month Wayne had pointed out that distribution groups are being created to enable mailing OUAdmins for various purposes. Andrew Carey is working on the script to create those. These will be used for the planned automatic FSR reports concerning file server space usage (duplicate/large files/etc.). Those groups will also be used to email the compliance reports via the tools Chris Leopold is creating.
Beta-testing of computer compliance tool for potential use in login script (previous discussion)
Status update
Chris Leopold is getting very close to being ready to deploy this. His most recent step has been to rework the planned notifications so they avoid getting trapped by the Barracuda. Here is an example of how these will look:
|
From: IFAS_Policy_Compliance_Checker [mailto:itsa@ifas.ufl.edu] IFAS Active Directory OU Administrator, IF-IT-AGCV-WIN7 For more information, see the following URL: http://my.ifas.ufl.edu/sites/services/it/itsa/Wiki1/ If you have other questions or concerns regarding this matter, please reply to this email Thank you UF/IFAS Information Technology - System Administration |
Currently the plan is to send out such compliance notices weekly to the OU Admins of the unit to which any out of compliance machines are joined. Please let Chris know if there are any questions you might have or any feedback you might offer relative to this proposed process.
Folder permissioning on the IFAS file server
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Disabling/deleting computer accounts based on computer password age
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OUAdmin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Status update.
SAN upgrade status
This item was not discussed, but Wayne is nearly done as folks no doubt noticed from his frequent postings to the ICC distribution list.
Inappropriate use of file server storage
Wayne logged directories that were moved during the recent robocopies for the SAN storage upgrade. In looking through those logs is was very easy to see that some folks are using the file server to backup things. He provided the following directory tree as an example:
This person had backed up their laptop to their desktop, vice versa, and then backed the desktop to the file server. Wayne also pointed out that some users don't understand that their "My Documents" have been redirected and so they back those up to their U: drive with essentially doubles up on the storage used and provides no advantage. Wayne would appreciate our help in better educating our users so that our storage space is utilized more efficiently.
Winnie brought up the issue of Unit folders and how people toss things in there and never clean up. Wayne suggested that most Unit folder use would be more appropriately done via more targeted Private workgroup folders. Steve's department doesn't use the unit folders for department-wide forms, but rather for passing files between individuals in different workgroups. Steve wants his Unit folder to be regularly and automatically cleaned out. Due to the difficulty of aging out things at the file level, Steve suggests that simply wiping it clean once a week. This should not be a great problem because everyone should be well warned not to place their only copy on something in such a place.
Wayne pointed out that we also need to get rid of file server permissions done on individual users. Permissioning should always be done with security groups and then those groups should be populated with the users who should have access. The reason for this is that otherwise we can't tell who has access to what. We can easily list the groups people are in but not those individual file level permissions.
Steve added that inheritance should never be broken when applying permissions; if you have any questions or are having trouble setting up permissions, please let Steve know so he can get you some assistance.
The only news was Steve's report that his Window 7 boxes are not getting the managed tasks for some reason, as mentioned earlier.
Status of SharePoint services (prior discussion)
IFAS migrating to centralized MOSS
Status update.
Public folder file deletion policies and procedures status
Nothing further was available on this topic at this time.
Microsoft
The May Microsoft patches included two "critical" bulletins or Windows and Office. A podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".
Adobe
A security update for Shockwave (to version 11.5.7.609) was released on Tuesday.
MS Office News update
We had discussed a little about the new Office 2010 prior, regarding the 64-bit version. Steve noted that there are some reviews of Office 2010 out now that one can use to get a quick idea of the new features it contains.
Job Matrix Update status
This is here as a standing topic--no discussion this month.
Remedy system status (previous discussion)
Steve asked again if anyone had any issues with using the new system.
A funny thing happened to my iPhone the other day...
Francis Ferguson reported that he was looking for contact information on a particular individual. He knew the first and last names and the city, so he used Safari on his phone to go to http://pipl.com/. He had used this site before, but it did not locate this person. Someone suggested he try http://www.411.com/. He had used that successfully before as well, but it did not work in this case either. During this process, something got launched off the 411 site which disabled his Google mail; it had been redirected. He ended up deleting the app and reinstalling it. Francis wondered if anyone else had encountered anything like this before.
The common supposition was that he must have run into some malware--possibly via injection from an ad on an otherwise legitimate site.
Launching MailMeter link wipes out open tabs in Firefox
Dennis Brown reported one of his users running into this problem. According to Dwight Jesseman this is a known issue with Firefox.
PDF-Xchange (prior discussion)
Steve wants to keep this on our agenda for possible latter consideration and noted that Micah Bolen has been using this product for his units.
Interest in Wordpress blog systems, and photo gallery systems that require PHP and MySQL
Santos was not available to report on whether or not he is moving towards supporting such things.
The meeting was adjourned well early at about 11:08 AM
