IFAS COMPUTER COORDINATORS
NOTES FROM May 9th 2008 REGULAR MEETING
A meeting of the ICC was held on Friday, May 9th, 2008 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.
PRESENT: Twenty members participated.
Remote participants: Tom Barnash, Bill Black, Chris Fooshee, Joel Parlin, Mark Ross, Mike Ryabin, Louise Ryan, and A. D. Walker
David Baudree, Benjamin Beach, Dennis Brown, Dan Cromer, Marion Douglas, Francis Ferguson, Wayne Hyde, Winnie Lante, Steve Lasley, Chris Leopold, Jeanne Tucker, and Wendy Williams
STREAMING AUDIO: available here
Agendas were distributed and the sign-up sheet was passed around.
Steve reported that we have had no new members since our last meeting. Wendy Williams has apparently had some staffing changes, however, with Mayank Raj getting IF-ADMx accounts. Wendy doesn't feel the need for her OPS staff to be official members of the ICC, but Raj works with her doing programming for CALS and some of us may bump into him on occasion--thus Steve wanted to let everyone know.
It also appears that the ICC will be losing at least six members as well due to the UF staff layoffs. Those include:
Additionally, Dan Cromer reported that Tom Hintz will retire at the end of November and Ann Hutcheson by January. Neither of their positions will be refilled.
It was also mentioned that Mark Ross plans to leave in about three to six months. His wife has accepted a lucrative position in North Carolina and Mark will be following her there. At this time it is believed that Chris Leopold will be allowed to refill that position and Chris hopes to get someone knowledgeable in IIS who also has experience in SAN storage and virtualization to provide backup for Wayne.
Due to the bumping rights allotted USPS staff, it will take some time to sort out all the eventual changes these layoffs will cause as folks with greater seniority attempt to relocate in similar positions throughout IFAS--possibly leading to others losing their positions. There is every reason to believe that further reductions will be needed this Fall as well.
Steve knows we are all unhappy that layoffs proved necessary and hopes that we do what we can to help those who are displaced by this.
Recap since last meeting:
As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.
News from the May 8th ITPAC meeting:
Steve will be handling the official ITPAC minutes
Steve noted that he will be doing the minutes for ITPAC now, since Ann Hutcheson is retiring soon and will be in and out from now until January. This is really no extra work because Steve has been doing "ICC notes from ITPAC" ever since he became a member in 2002.
Full details of ITPAC meeting soon available
Steve gave a brief overview of what was discussed at ITPAC but will here refer readers to the minutes for complete details; those will begin to be written just as soon as Steve can finish with these ICC meeting notes.
ICC recommendation for Barracuda management
Steve noted that he had rewritten our recommendation somewhat since our last meeting here with Mike Conlon but had retained the same overall intent. ITPAC supported that recommendation unanimously and Mark Rieger will be presenting that at the UF Exchange Advisory Committee meeting next week. Hopefully we will be successful in getting the default settings changed. If not, we now have the backing of ITPAC for making our recommendation official for IFAS users in any case.
Dennis Brown asked if ITPAC was strong in its support for this and Steve responded that no one had anything negative to say regarding this recommendation. On the contrary, Michelle Quire mentioned concern that e-mails from international contacts to her office had been blocked and she fully supported our efforts.
Concerns regarding a website analytic solution
Dave Palmer raised concern that IFAS have a defendable web site statistics solution, pointing out 3-fold differences he had seen between the script-based Google Analytics methods he has been using and the server-log based Urchin which IFAS currently employs. It is important we have a defendable solution as these statistics are used to justify program funding. Most discussion revolved around the fact that a server-log based solution would be preferable, though Urchin may not be the ideal product; we had gone with Urchin at this point for cost reasons. Dave had concerns that Urchin cannot provide the folder-level details we need--particularly if we move forward with the proposed web site consolidation. Doing that will mean that many sites formerly within their own domain would exist as sub-folders within some departmental/unit site. It is important that the owners of these can still get the statistics they need.
Action on the proposed domain policy delayed further
ITPAC voted unanimously to request that the VP create a sub-committee to investigate a web analytics solution for IFAS. That committee would be tasked with determining what statistics we require and then finding a suitable solution which would provide those. Because of its interrelation with consolidation, further motion on the proposed domain policy (which the ICC has discussed previously at great length) was tabled for consideration by the proposed sub-committee. Steve pointed out that while IFAS does need a suitable analytics solution, support for the consolidation effort is every bit as important; he hopes that we don't get side-tracked there as consolidation is the first and necessary step towards a much needed content management solution for IFAS.
Proposed web policy may be moving towards publication as IMM
At the same time, Ashley Wood wanted to get moving on the proposed web policy which the ICC had previously discussed and reviewed at length. It was proposed that ITPAC vote to submit the web policy draft to the VP for publication as IMM 6C1-6.90-3. Since some ITPAC members wished to review the document again prior to voting, it was decided that we would vote via e-mail sometime in the near future.
The consolidation of IT, ICS and EMR
The intent to reorganize IT, ICS and EMR was first made generally known via last November's ITPAC meeting. At that time there were no details available. It is now known that the three directors involved (Dan Cromer, Ashley Wood and Jack Battenfield) have met a number of times to discuss how this might best be done. The three groups are going to be consolidated into a single group in some fashion.
Concern over the potential for further attrition in IT/SA staffing
Steve expressed great concern that IT/SA not lose staff from this consolidation. At ITPAC, Ashley Wood mentioned wanting to move the web server administrator position out to the ICS location. The already under-staffed IT/SA group needs to keep that position in house as it assists with many server administration duties beyond merely keeping the web server running. IT/SA was hobbled when Dwight Jesseman left for UF Exchange because of the many other duties he had performed which now must be handled by the remaining staff. IT/SA should not be asked to go through that yet another time with the web server administrator position. Staffing layoffs (using Animal Science's loss of their IT support position as one example) will likely increase the loads on IT/SA staff overall; this is no time to consider placing more pressure on the group which maintains our core server infrastructure.
Dan Cromer responded that we shouldn't make any comments until a more official decision has been made on how the reorganization will go. The three directors are working on a proposal which will go back to a faculty committee chaired by Larry Arrington of which Dave Palmer is a member. Dan feels that discussion should await that proposal being made available. While Jimmy Cheek has indicated that the combination of those three departments will happen, the details of how that will occur are still very much undecided. There is no timeframe currently--only a statement of direction.
Wendy Williams countered that, based on her experience, the opportunity to influence any decisions may have passed by the time any proposal is published. She sees value in getting some discussions going beforehand and feels that the ICC is an appropriate forum for that. We should feel comfortable voicing our opinions on such things and making those known prior to decisions being made.
After hearing this, Dan agreed with Wendy and suggested that it would be appropriate for the ICC to discuss these matters. Dan further suggested that the ICC chairman request of Joe Joyce the opportunity for input into the reorganization process prior to any final decisions being made.
Ben Beach thought that the ICC should have input to the discussions of the three directors as well, pointing out that members of our group cover all three of those areas. Steve then asked Marion Douglas of ICS how he felt about the proposal for moving the web server administrator position out to the ICS location. Marion mentioned that he had not heard of any of this prior, but that his first reaction was that he did not see the benefit of doing that.
Wayne Hyde voiced his concern that such a move would hurt IT/SA in a similar fashion to losing Dwight. Chris Leopold stated that his group is already understaffed and overworked. They do, however, have a good set of group dynamics with his staff being cross-trained on the various server administration duties. Chris assumes that the ICS group is more development oriented and Mark's position is server oriented. Chris really hopes to replace Mark with someone who can perform the IIS duties but also help with the considerable workload which the SAN and virtualization efforts entail.
Steve will prepare a request to Joe Joyce along the lines Dan suggested with the hope that our input would be heard and considered.
Comprehensive IT risk assessments will be REQUIRED soon
Steve again asked if anyone had attended Achilles training and could tell us what that entailed. Dennis Brown responded that he had gone through the training recently. Dennis said that Achilles is basically a database that was written by Mark Kovacic and is now being maintained by Jim Hranicky. You may use it to define assets of value to your department and state how you will secure those.
During training Dennis was walked through how to use the tool, but since he didn't come to training with a prepared list of assets it was difficult to develop those on the fly and get a good feel for how useful Achilles might be. Dennis said he recommended to Kathy Bergsma that participants be better prepared by suggesting they come with a list of assets so they could more easily apply the tool to realistic situations during the training sessions.
Steve asked Dennis if Achilles provided a basic framework of things you might want to consider and that each user would have to figure out how to plug their particular situation into that. Dennis agreed with that synopsis saying the tool provided all sorts of details which one should consider for each of your assets of value.
Steve then asked if the assessment was mainly pertinent to those units who run their own servers. Dennis responded that he felt we are all doing our best currently to secure our areas and that the risk assessments are just a way for central management to assure we are doing that. As part of this, each unit is supposed to create a committee to work on risk assessment; this does not cover only computer resources, but rather anything of value to your unit. Wayne Hyde added that, while he has not yet attended training, this will not just be focused on central IT; each department will have to be individually involved.
UF Exchange Project updates
Steve relayed Dwight Jesseman's indication that they were currently considering MailMeter by Waterford Technologies as an attachment archiving and HSM solution. They have it installed currently and are running a series of tests.
Wayne mentioned that IFAS no longer has any Exchange servers; he recently unplugged those.
Split DNS solution for UFAD problems
Steve wants to leave this as a standing agenda item, but realizes that a solution will be a very long time in coming due to the complexities involved.
Marc Hoit is leaving UF
Dan Cromer mentioned hearing yesterday that Marc Hoit has accepted the position of Vice Chancellor for Information Technology at North Carolina State University. Dan suspected that this move would be effective July 1st but had not heard the details.
SharePoint Production Sites
Prior SharePoint discussion.
Steve had unintentionally skipped over this topic at the meeting, but Ben Beach relates that there is nothing new to report other than he wants to encourage people to start using this facility.
IFAS WebDAV implementation
There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on agenda as a standing item.
Vista Deployment via SMS and WDS
Steve finally (quite a while after most knew apparently) found the explanation of why drive mapping fails when the user is a member of the local admins group along with a registry hack that apparently fixes the problem without resorting to the scheduled task route which launchapp.wsf uses. Googling “EnableLinkedConnections” provides plenty of details.
All this may be moot, however, because Group Policy Preferences hold great promise for replacing most if not all the functions for which we are currently using logon scripts.
Exit processes, NMB and permission removal
Prior exit procedure discussion.
Chris Fooshee had difficulties following the "Exit procedures and permission removal documentation" (IF-ADMN credentials required) when asked to remove computer access for an employee who was being laid off. This raises the issue of how past procedures have lost support over the time since Chris Hughes left and what we can do to repair/replace those and get them properly documented again. Steve realizes that IT/SA is extremely busy, but hopes they can find some time to investigate these processes and determine which can be maintained. Steve will gladly update the documentation accordingly.
Re-enabling the Windows firewall
Steve wants to leave this matter as a standing agenda item for future discussion. Wayne mentioned that he has plans for doing this on Vista but not WinXP; the latter has only an incoming firewall that is essentially ineffective in any case.
Controlling power settings via GPO preferences
We will leave this on the agenda for future discussion.
Report generating system
This matter relates to crumbling exit procedures addressed above. Matt Wilson has spent a number of hours trying to get this going again, but has been pulled away recently onto other tasks. Hopefully, Matt will have time to revisit the issue soon.
Core Services status
Progress on the new file server
Wayne Hyde related that IF-SRV-FILE02 had suffered a nasty hardware failure, though we are still good on IF-SRVV-FILE03. Consequently, however, they are stepping up efforts to migrate file services to a new cluster. They have had a two-node file server cluster which they have been using for testing and have been robocopying the fileserver data to the SAN nightly. A new PowerEdge 2950 is on order and should arrive shortly. This will be incorporated into the existing test cluster (an old PE2850 and an old PE1850) to permit migration off IF-SRVV-FILE03--hopefully by the end of the month. That three-node cluster will be a temporary solution until another 2950 can be acquired; after that there will be a four-node cluster with the two older machines left there as an emergency safeguard.
As mentioned at previous meetings the only major client-side issues in the migration will be with Macintosh users who cannot utilize DFS. Migration will go OU by OU. There may be a short outage of service during off-hours while they deny access to your fileserver files for one last robocopy and re-point DFS to the new cluster node.
Volume Shadow Copy
The new cluster will be running Windows Server 2008 and Volume Shadow Copy will be enabled. We expect to be able to retain two weeks of snapshots at any time as mentioned at our last meeting. There will be some training necessary with our users to teach them how to recover files. Wayne is going to disable the "Restore" button so that users of shared folders don't tromp on the files of others. Users will either have to find the file they need reverted and right-click on it to grab previous versions or they will have to go to the folder where the file was and view previous versions of that to find the file they deleted. In any case, this will be a great improvement over the current restoration process which is to bug Andrew Carey to restore files for you.
Wayne mentioned that soft quotas had been implemented previously, but we will need some form of hard quota on at least the unit level in order to prevent things from getting out-of-hand. Unit storage will be distributed across 2TB volumes such that 1TB will be free initially; the volume size will be an effective hard limit in itself. If anyone needs individual quotas implemented for users, please let Wayne know. In the meantime, since IF-SRV-FILE02 handled the soft-quotas and is now out-of-the-picture, there will be no more e-mailed nasty-grams sent for overages. There is only about 200GB of disk space left on IF-SRVV-FILE03, so the migration is sorely needed from that aspect as well.
ePO version 4 status
Wayne had related previously via the ICC-L that VirusScan 8.5i with Patch 5 does NOT support Vista SP1. The known issues include that the Port Blocking feature does not work and network scanning performance is reduced with Vista SP1 installed. A hotfix must be installed on top of patch 5 to make it compatible with Vista SP1. This hotfix can only be requested by submitting a ticket through the corporate helpdesk, and having it escalated (be sure to tell the customer to reference KB 615037). Wayne has done this but has now found out they require him to run their diagnostic tool on a Vista SP1 installation before they will give him the patch; he plans to do that on Chris Leopold's computer later today. Wayne will place the patch on the DFS share \\ad.ufl.edu\ifas\SECURITY-TOOLS when he finally gets it.
Wayne mentioned one report of SP1 disabling the on-access scan, but Steve has not seen that with the three such installations he has done. Wayne speculated that this instance might be fixed by uninstalling VirusScan and reinstalling the version with the slip-streamed patch 5. Patch 6 (containing the fully QA'd hotfix) is expected to be released in August of 2008.
Be aware of the scheduled conferences site
Dan wanted to remind people that there is a web site that lists scheduled videoconferences along with their associated conference IDs.
Calling into a videoconference via phone
Also, if your Polycom unit is not configured with the UF Video services gatekeeper (though it should be) you can still connect to an ongoing conference via the IP# of the Codian bridge, 22.214.171.124. Calling this IP address followed by two pound signs "##" followed by an established conference ID number will go directly to the conference (e.g. calling 126.96.36.199##7830721 would have worked for this meeting today).
If you dial in on the phone, there are two numbers available and each must be handled differently. The number documented on the UF Video services site (at bottom) requires entering the full conference ID. This number utilizes a male voice on the auto-attendant. There is an alternate number, (352) 273-4998, which utilizes a British female auto-attendant and which requires that you only enter the last four digits of the conference ID.
Francis Ferguson mentioned the fact that cell phone users should be made aware of the need to mute the microphones on their phones should they use them to connect.
Making an H.320 (ISDN) to H.323 (IP) videoconference connection
Dan Cromer was successful in making a connection to an H.320 style ISDN dial-up videoconferencing system yesterday. The connection was made with Florida Crystals and was arranged by Patrick Pettus who used the Radvision gatekeeper to associate an ISDN number (from a T1 they use having 23 available ISDN numbers) to a particular H.323 Extension (E.164) number. Once the Polycom unit here was set to utilize that Extension number, the remote site then had an ISDN number to use for calling directly into our Polycom system.
Dan said he is trying to get the matter of continuing Polycom maintenance support worked out. That is supposed to be up to each unit but it is important that those are maintained. Steve mentioned that Entomology's two units are not under maintenance. Their old VSX7400 went off maintenance a while back w/o notice; maintenance on that had never been mentioned prior to that happening and we were unaware. With the new "fancy" touch-panel VSX8000 system which was put in room 1031 of Entomology last year, the maintenance prices quoted were too extravagant to consider. Dan mentioned that Polycom encourages that maintenance be purchased through the resellers. Tom Hintz has been working primarily with Wire-One and VSGI on that.
There are three critical and one moderate Microsoft patches this month affecting Office, Windows, and Microsoft security products. Additionally, Adobe Acrobat Professional 7.1.0 and Adobe Acrobat Standard 7.1.0 updates came out two days ago.
Windows XP SP3 is now available. It does not include IE7. Here are some useful links for info:
Tom Barnash related via e-mail that:
I have deployed it to a few machines with no problems via the direct download and install. I have also used nLite to build a custom XP disk with SP3 integrated, that worked fine as well. It does seem to make XP faster than before, but that may due to a clean install.
Wayne said he did not plan to push out WinXP SP3 for at least a couple more ICC meetings in order to give time for any potential issues to be well worked out.
Steve asked Chris Leopold if he could update the IFAS Software site (ufad\IF-ADMN credentials required) with the slipstreamed Vista SP1 and the slipstreamed WinXP SP3 images. Chris wasn't sure that WinXP SP3 was available in that form yet but would look into it. When Joel Parlin mentioned that the Vista versions were already available on the UFAD site, it was suggested that Chris place a link to that location on the IFAS Software site rather than hosting it separately.
MS Office News update
Steve had reported an issue with a security update for Microsoft Office Outlook 2003, KB945432, which came out in March. The issue is discussed in an article entitled "In Office Outlook 2003, you cannot open Macintosh binary attachments after you install security update MS08-15". This has been most often discussed as affecting .jpg attachments sent from Mac users, but it also seems to affect Word documents--that is how it came to Steve's attention.
When an Outlook 2003 user with this update installed receives an e-mail from a Mac user that contains a Word attachment and tries to open the attachment, they are asked to "Select an encoding that makes your document readable":
Regardless of what is selected, the document opens displaying garbage. Removing KB945432 allows the attachment to open just fine; reinstalling it causes the problem to return.
There is a hotfix documented that Steve has obtained and tested; it does indeed resolve the issue. He has copied the hotfix to \\ad.ufl.edu\ifas\SOFTWARE\MSOFFICE2003\OutlookHotfix951678 for the convenience of all.
Public folder file deletion policies and procedures status
This matter is pending migration to the new file server cluster.
Job Matrix Update status
Steve wants to leave this matter as a standing agenda item for future discussion and offered to help maintain that if Chris wanted.
Remedy system status
Dan Cromer had sent out the following notice to IFAS-Announce-L on April 30th:
New computer problem reporting system
IFAS IT has instituted a new feature in our Remedy Computer Problem Tracking System. If you have a computer problem for which you want assistance from the central IT Computer Help Desk, sending e-mail to email@example.com (or firstname.lastname@example.org or email@example.com) will automatically forward your message to the problem ticket queue, where Help Desk technicians can review and respond. Be sure to include full information about your problem in the message.
This provides an alternative to the Web page entry form at http://support.ifas.ufl.edu, which is the preferred method for submitting problem reports because it allows you to categorize the topic of your problem. The Web interface and now the e-mail submissions allows for tracking of your problem. Naturally, if you can't use a computer for Web access or sending e-mail, you'll still need to call at (352) 392-info (4636). Units having a local computer support person should contact him/her, when available, as the first level of assistance.
Phone numbers posted on Help Desk web site need updating
Wayne pointed out that the phone number at the bottom of the IFAS Help Desk web site needed to be changed from 392-5180 to 392-INFO. This is also true of the "Contact us" page on that site. Mark Ross said he would take care of that.
Joel Parlin asked about the MPS servers, wondering about the timeframe within which they were due to be replaced. Chris Leopold said that this should begin to occur in about six months; they have until September 2009 before the current leases (which had been extended 2 additional years) run out. One of the holdups there is the desire to use a single PE2900 or PE2950 machine as both a RODC and a virtualized MPS. This would allow savings on the extra chassis, memory, etc. to be converted into extra drive space. Chris has to coordinate with UFAD to assure that they can accommodate this for the DCs, moving to Win2k8. They also want to utilize the Microsoft Hyper-V component for Win2k8 which will not be released for six months.
Storage on the MPS servers will vary depending on need. Should they wish, RECs will have the opportunity to contribute extra funds and expand storage to meet their needs rather than having to provide their own server solutions. In such circumstances, the RODC and the MPS servers would likely be kept on separate machines.
Louise Ryan asked if they were plans to expand the number of locations to which MPS servers were deployed. Chris responded that this is under consideration. Chris hopes the consolidation of the MPS servers with the DCs will free up some funds to do that.
REC IT staff rolled into District Support?
In relation to IT/ICS/EMR consolidation and the budget cutbacks, Dan Cromer mentioned that he is proposing to the deans and Joe Joyce that they consider consolidating IT support by reviewing the coverage areas across the state. Dan is proposing that IT staff at RECs would also support some surrounding extension offices. Chris Leopold asked if it wasn't true that District Support staff currently assist at some RECs. Dan admitted that this was true, but stated his interest in balancing things out better than we currently do.
The meeting was adjourned in record time at 11:17 am.