IFAS COMPUTER COORDINATORS
NOTES FROM June 10th 2005 REGULAR MEETING
A meeting of the ICC was held on Friday, June 10th, 2005. The meeting was chaired and called to order by Steve Lasley, at 10:02 a.m. in the ICS conference room.
PRESENT: Twenty-two members participated. Remote participants: Marcus Cathey, Chris Fooshee, Joel Parlin, and Joshua Wilson. On-site participants: Mike Armstrong, David Bauldree, Dennis Brown, Dan Christophy, Marion Douglas, Joe Hayden, Chris Hughes, Dwight Jesseman, Nancy Johnson, Jack Kramer, Winnie Lante, Steve Lasley, Chris Leopold, Richard Phelan, Marshall Pierce, Mark Ross, Mike Ryabin, and Joe Spooner. Fran McDonell and Adam Bellaire from the UF Help Desk were present as guests.
STREAMING AUDIO: here
Agendas were distributed and the meeting was called to order by Steve Lasley at 10:02 am.
We had no new members, but we did have some folks attending who had not been to a meeting before. Consequently, we went around the room and made introductions.
Before we went further, Chris Hughes had a question for Josh Wilson. Chris wanted to know if there were any multi-purpose servers which Josh wished for him to backup to Gainesville in anticipation of the coming storm/hurricane. Josh responded that he would appreciate it if Chris could backup the machine in Escambia County (at the western-most tip of the Florida panhandle).
Steve skipped the "recap since last meeting", simply pointing out that the agendas are always linked at this point to the notes from the previous meeting for review.
Info from the recent IFAS Gateway presentation:
Dennis Brown reported on the May 24th Gateway presentation at Fifield which had been organized by Chad Rooney through Dan Cromer. Dennis said that the turnout was low. Dan Cromer and he were the only ones there for a while; they were later joined by Nancy Johnson and Marion Douglas. The first portion, which Dennis didn't think had even been announced, was a talk by someone from Intel. This person spoke at length about processors, mentioning that slow movement by Microsoft has led them to begin building support into their chips for other companies. (This fits in well with the recent Apple announcement of a partnership with Intel.) Dennis felt that the Gateway desktops looked ugly, but they did have cases and components which required no tools for opening and removal. Gateway has closed all it retail stores and they bought the eMachines line which are sold through 15 different outlets. They are in the process of combining the two companies. Gateway reported that their server-side has always been strong, but that their desktops have fallen by the way. Gateway realizes they are playing catch-up with Dell-dominated UF. Dennis was impressed by their convertible laptop which had a screen which rotated to transform the laptop into a tablet. Joe Spooner said he had tried out one of those and that it was a bit heavy, but seemed nice. His main reservation was that he didn't see that it would be very useful for most to have such a screen capability. Mike Ryabin said that he knew of pharmaceutical companies which used these sorts of machines heavily for their field representatives. All agreed that these machines had their niche.
Mike Armstrong talked about the anti-spam solution which they have been using successfully at Lake Alfred. Mike told us that before they got Exchange they had been using a commercial e-mail product that a lot of ISPs use. Mike was active in a discussion list with those people, which is where he first learned about Barracuda. It looked promising and they had a 30 day free trial, so he ordered one. It is a plug and play kind-of-a-thing, they were very happy with it and they purchased it. Mike had a PowerPoint demo from the Barracuda folks that he went through for us. Barracuda is a quite new company; they launched their spam firewall product in October of 2003 and CREC purchased it slightly thereafter. Mike reported that the company believes that in a few years that over 80% of all security solutions will be delivered via a dedicated appliance, and Mike strongly agrees. He emphasized that there is very little work to running this system as it pretty much maintains itself.
With this system, you purchase the hardware and then pay a yearly (not per-client) subscription of about $800. The company has various models and CREC has gone with the 400 which cost about $4000 and can handle about 10,000 active users and a daily load of 10 million messages. They went with this model, which obviously has greater capacity than they need, because it is the lowest cost model that supported RAID 1. They combined this solution with GroupShield for Exchange and the individual Mcafee VirusScan client on end user machines to provide multi-level protection. They have also modified the network connections a bit to prevent spoofing; they do not allow mail sourced from an "@crec.ufl.edu" address to pass through the Barracuda and only allow such mail to come directly to the Exchange server. Consequently, the only spoofing problems which they have seen are via mail forwarded from the IFAS system which has no such protection. Mike says that their support has been pretty good.
Mike demoed the web console, but emphasized that he basically only goes in once a month to check for firmware updates. If you log on as admin, you get the admin console and if you log on as yourself, you get access to just your own mailbox. One necessary use of the console is to do initial training of the filter. Mike and Allan discovered that it gets most of its best information from feeding it things that aren't spam. Mike has a summary emailed to him each night at midnight. Using the console, you can view the traffic and choose to deliver any messages that were blocked. The console also allows white listing of domains by admins and white listing of individual addresses can be done by end users themselves. Steve relayed from Kevin Hill that he has been speaking with Barracuda at TechEd in Orlando this week and that they would be very interested in giving us a free demo.
Steve asked if the budget request for this year included sufficient funds to switch to Barracuda as a solution. Chris Hughes stated that it did not, but that he hoped we would get a similar-level solution via their request for a filter (see the February meeting notes for more details) that could convert the Gatorlink Spam-Assassin score to an equivalent SCL score. Exchange SP2 has new features that should help as well. Chris noted that the German spam wouldn't have been nearly as much of an issue had the .dat files worked correctly with GroupShield. Chris spent considerable time with Mcafee in debugging that issue. IFAS administration made a decision to block via keyword just after this issue was finally resolved. Since there is some possibility of false positives, Steve asked when that blocking would be removed and Chris said that this would be done when administration told them to do so. Steve pointed out that such a level of micro-management is a sad situation. Chris agreed, stating that he believes Dan Cromer should be delegated the power to make such decisions on his own.
Mark Ross suggested that we revisit this issue somewhere around mid-fiscal year and if the solution we have by then is not doing the job, we might seriously push for a Barracuda appliance solution. Mike Armstrong mentioned that we might need to go with a higher end model to get the end-user functionality we might desire. The pricier models have additional features--not just additional capacity.
During the meeting, Chris Hughes received an e-mail that might be pertinent to the spam solution issue. James Hardemon is apparently now working on adding SpamKiller for Exchange to the UF Mcafee Site License. Mike Armstrong mentioned that they had tried that product and it was not manageable for them.
Chris had asked that the agenda order be modified so he could present a few items before he had to run off.
ICS building 116 is going wallplate:
ICS is getting a new Polycom in their conference room (yes--the very room where we hold our meetings) for which they wish to have Quality of Service (QoS) support. QoS is only available via the wallplate model and that must be done on an entire building basis. Consequently, ICS will be paying roughly $3400 per year for their level 2 networking infrastructure in just that one building alone.
Jack Kramer asked if this had any consequences for off-campus and Chris said, currently, no. Chris did mention that Network Services will not even pull wire at off-campus sites. Chris referred folks to a list of approved low-voltage wiring contractors for that purpose. Steve mentioned that for years his department had used Judy Hulton at Network Services (and her predecessors all the way back to the Digital Design days) to install wiring. Recently they stopped doing this but had specified a means by which they would refer to outside contractors. Steve had been unsuccessful in getting a single pull done via that route for 5 months of trying. At Dennis Brown's suggestion, Steve called Complete Network Solutions and had the drop installed within 24 hours at a cost that was nearly 30% less than what Judy had been charging for years. Needless to say, Steve is quite pleased with the end result and wishes he had known this earlier. Joe Hayden's experience with the vendors on the list was not quite so favorable. He reported that there costs for 1-2 drops were too expensive and when you asked them to do larger jobs of 30-40 drops, they didn't want to handle those. Some ICCers still do their own obviously.
Steve asked if there were any other services besides QoS for which the wallplate model was required. Chris responded that it was necessary if you wished to use VoIP.
Despite the wallplate initiative, there are going to be quite a few switch replacements within IFAS. The list includes Bldg 258 (Weed Sciences Field Building by Microbiology), McCarty C, Reid Hall, Newins-Ziegler, Microbiology and Newell on campus. Chris has completed and submitted plans for Plant City, Marianna, Indian River and Peggy Borum's lab. Chris is still pending on proposals to Entomology, Bldg 152 and Food Science. Dell has some very inexpensive switches (48 ports with 2 GB uplinks for $230) that are being evaluated; ability to handle our vlan needs is the main concern.
July 4th off-line defrag for Exchange:
Dwight Jesseman related that this process will begin at 12:00 am Monday morning and finish completely no later then the following noon. Chris Leopold will be sending an IFAS-ALL on this prior to that time.
Replacement of power supplies on all DCs:
There is a problem with the DC power supplies that prevents the machines from being rebuilt once they fail--which is the current situation with 10 of these boxes. This will be done by district support, but Chris announced that Valerie Carter has turned in her resignation and David Ayers is out currently. They are going to do a security review at the time of replacement as it has come to their attention that some of these locations are out of compliance with the security guidelines.
Removing IPX and Appletalk:
Neither of these moves would prevent use of the protocol within a particular subnet. Chris has learned that Appletalk is bridged between public and private subnets within a building, so printing from a public side computer to a private side printer over Appletalk should still work. Appletalk is currently used across subnets and workarounds would have to be planned for that. Chris has already asked that IPX be removed and is waiting on further coordination to do the same for Appletalk.
UPSs at the BPOPs:
Joe Hayden reported that Network Services is divesting those and Joe said his group has plans to take over that responsibility. Mark Ross reported having problems with those via CNS anyway.
Wireless at remote sites:
Mike Ryabin raised the issue of an urgent need for secure authentication for wireless at Ft. Lauderdale--along the lines of what is provided on campus. Chris Leopold said that this is being investigated by John Sawyer and that if he cannot come up with a solution that Chris himself would figure out how to best accomplish that.
Progress on standing issues:
Microsoft support for IFAS:
Chris Hughes had reported at our last meeting that we may not use UFAD’s Premier Contract and currently must pay $249 an incident through Professional Support Services. Marc Hoit, who was at that meeting, had said that he would have this added to the list of issues that the UF software licensing service considered on behalf of UF. Chris reported that they have previously had Mike Kanofsky enter some incidents for them--something that is not allowed--and have needed to use the per-incident support a couple of times as well. Dan Cromer has to approve opening an incident and there are several that they would like to submit currently, but for which there is no money. Chris feels better Microsoft support is essential. Steve will raise the issue to ITPAC again as a point of information. Chris reiterated how important it is for ICCers to mention the importance of the IT budget to their chairs and to encourage them to escalate that issue to administration. The point is that support for central IT is important and that there is currently a budget request from IT to administration that could solve many of the problems were are currently experiencing. Many were not optimistic that they can get the necessary level of support from their chairs, however. Pushing for an individual item via this route (e.g., funding for a better spam solution) was seen as being much more likely to succeed because the value has to be communicated and that can't readily be done by an ICCer to his chair for the budget request as a whole. The issues are too varied and complicated for that audience. Still, it is hoped that each member will attempt to keep an open dialog going with their faculty and chairs on such issues. When things are brought up from that level they carry much more weight than does any amount of persuasion from IT directly.
Status of ICC and ITPAC recommendations on standardizing IFAS e-mail addresses:
Steve asked where we were on this. Chris Hughes was of the opinion that we are all ready to go and that we are waiting on Jimmy Cheek to make the decision. Dwight mentioned that we are still negotiating whether the Gatorlink folks will work with us on the forwarding. Chris Hughes has approached Mike Conlon on that and Mike said this will not be an issue. Steve asked if this matter is something which he should raise again at ITPAC if no movement occurs and it was agreed that he should. The next ITPAC meeting is scheduled for August 18th.
Office Administrative Install Point vs. Local Installation status:
John Sawyer had reported at the last meeting that this can be considered production. People seem to need help with how to customize their own install. Nancy Johnson in particular mentioned having issues with retaining their FrontPage install from the earlier Office 2000 Premium edition when a new installation was made. The default configuration does not handle that. Dan Christophy, head of the IFAS Help Desk and Marshall Pierce mentioned methods to work around that and Steve confirmed with Dan that Nancy can get support for that from the Help Desk. Documentation on how to customize the install for various purposes is still desired and needed however. The basics to customizing the install are to use a tool from the Office Resource Kit to produce a transform file. Then you can pass this to the setup routine (as in place on the DFS share currently at \\ad.ufl.edu\IFAS\MSOffice2003) via a commandline switch. Apparently John has some of that documentation done, but he is currently out on "new daddy" leave. Dwight asked if there was any possibility of moving that responsibility to the Help Desk. Being a cross-unit issue, that would seem to be Dan Cromer's call, but Dan could not make the meeting and was unavailable for comment at the time. Marshall Pierce provided background on how that project was started as a way of explaining its cross-unit origins. IT/SA was to initiate the service that the Help Desk would then take over and utilize.
As a side issue, Chris Hughes mentioned that the DFS share structure will change dramatically in July after we are rid of the responsibility for supporting Win9X. Every unit will have all of their files available as a share under that directory.
In need of administrative action: hire/fire procedures, "network managed by", FTE for UFAD:
Chris Hughes reported that he has gotten notification from Mike Conlon that we will get access to the APIs we need for our intra-IFAS hire/fire procedures.
Proposal for migrating all IFAS subnets to private IPs:
Chris Leopold said that this had stalled somewhat while trying to work out the stance on the wallplate. The question is how to decide who supports what and where, but Chris said it is "coming soon"--as in a month or so. This changeover would also tie into the desire to put all devices (necessary exceptions allowed) onto DHCP, either dynamically or via reservations in the case of items such as network printers. Chris said that one of the problems with this is that Network Services wants each building connected directly to the core and we don't have enough fiber in place to do that in a number of locations.
Mark Ross asked if there was any chance of securing/authenticating DHCP at the same time we do all these other modifications. Joe Spooner (with his wonderful ties to the UF Microsoft programming community) has a contact who is capable (he has worked for both Dell and CompSys) and interested in programming a callout for that purpose. This person is currently working on his masters degree here and is looking for an assistantship. Joe knows that IFAS has provided assistantships before from IT via Ag Engineering. Joe figured it would take this gentleman about 4 months work to complete the task. A condition of the appointment could include his handing over the source code and providing proper documentation so it could be maintained after he might leave. The use of FXCop could enforce good coding practice. Joe does have some performance concerns with using .Net for this, but Chris Hughes thinks native C++ might make maintenance more difficult; Chris is confident we can maintain the code if it is written in C#.
Mark Ross asked if there were commercial solutions, as he is hesitant to have us "roll our own". The response was that there are solutions, but they are pricey--too pricey for IFAS. If every switch was a managed switch we could easily use the 802.11x authentication to prevent any machine that wasn't within UFAD from getting an IP address; that is the Microsoft preferred method, but, it would require extensive/expensive centrally coordinated expenditures for network infrastructure replacement. The callout method is not actually secure from sniffing (as the 802.11x method would be) but the price might be right and the benefits for overall security would still be enormous. Steve asked if the wallplate initiative had any plans to provide authenticated DHCP, but no one knew of any such plans.
Status of the IFAS Remedy trouble ticket system for IFAS
Dwight introduced our guests, Fran McDonell, head of the UF Computing Help Desk and Adam Bellaire, the programmer responsible for Remedy.
The End User Interface
Dwight showed us all the new Remedy page for clients, aka "Ask the IFAS Help Desk". The interface has been considerably simplified by greatly reducing the "radio button" problem selection categories. The non-IFAS Help categories have also been removed and replaced by a single link to the UF Help Desk client screen
. When one of the categories is picked, it automatically becomes the "Topic" of the ticket. This can be changed later when the consultant works on the ticket. The IFAS Help Desk is originally assigned all tickets and if they can't resolve the issue themselves they can assign the problem to someone else via the consultant's interface. Fran mentioned that the system could be programmed so that the category chosen controlled the ticket workflow--they do that for some things within their system.
There are text boxes where the ticket initiator enters their Gatorlink username or UFID. If they don't know their UFID, they can look it up through a link. The user is also asked to enter their contact phone number and e-mail address along with a brief description of the problem. There is currently no method within this system for an end user to attach files (screen shots, etc.). If the user e-mails the problem to the IFAS Help Desk rather than by using Ask the IFAS Help Desk, the Help Desk consultant will enter a ticket on their behalf. Such e-mail would be the only current method for a user to assist the consultants by attaching supplementary materials. The UF system does have a crude method for a consultant to store and associate such materials with the ticket, but this is not available to IFAS currently. An e-mail to the UF Help Desk automatically creates a ticket using the e-mail subject as the ticket topic; this is not being done currently for IFAS.
Viewing of Ticket Status By End Users
At the top of that page is a "click here" link that an end user may use to display currently open and previously closed tickets which they had previously submitted via this system. By clicking on the "Details/Re-open" link in the "Action" column, Users can see the e-mail exchanges which have occurred on their tickets, but they will not see the internal Help Desk comments of the consultants which are made via the consultant interface. Users can also re-open a ticket here.
The Consultant Interface
Dwight then showed us the latest IFAS Remedy Web interface for support personnel use. A test ticket was created to demonstrate use of this system in generating tickets on behalf of your users. You can do this by entering the Gatorlink username or UFID of the person with the particular problem and then clicking on the "New Ticket" button. This brings up a "New Ticket Contact Info" form where the "New Ticket" button is grayed out. You have to choose a primary contact method via the drop-down list box at the bottom of the form before the "Submit" button is activated and you can generate the actual ticket. If you had put in the Gatorlink name or ID of the person with the problem in the previous page, the rest of the fields are filled in for you (with the exception of the "contact" field where you can put in alternate contact info):
The New Remedy Ticket Form
- F. Name:
- L. Name:
- Network Managed By:
If you are creating a ticket for a user, the ticket isn't actually created until you follow through with one of the various options on this page. A new ticket is displayed in a form that has many options. One of these is required, that being the "Supported Service" option. This corresponds to the category radio buttons on the end user ticket request form, but provides a much finer granularity in categorizing the issue. If you select the "General Topics->Projects" entry, the ticket will be taken out of the general Help Desk queue and placed in the Projects Queue. This provides a way of keeping track of internal issues separate from end user issues. There are fields where the consultant can enter information pertinent to the problem, including a drop-down list box for OS and text fields for "Software" and for the "Problem Account Username". The "Problem Summary" field is blank on a new ticket, but this is where the ticket topic would be on an existing ticket and where you can modify that topic to make it more descriptive of a particular problem.
It is not readily apparent from the interface, but many of the items at the bottom of the form represent mutually-exclusive choices for methods of handling the ticket. (Note: this is likely the weakest and most confusing portion of the interface currently.) You may do one of the following at any given time:
This drop-down list box includes the Gatorlink usernames of available consultants (i.e., IT support folks within IFAS). Adam was asked if those could be listed by actual name rather than Gatorlink username; he believed that was possible and said he would look into doing that. You can use this field to assign/re-assign a ticket to a particular support person for resolution. That person will get an e-mail notifying them of the assignment. Note that anyone can reassign any ticket to anyone else.
This drop-down list box allows you to refer a problem to a group outside of IFAS. Currently, this list includes: CNS Net Services, CNS Open Systems Group, Active Directory Support, and the UF Bridges Help Desk. For some reason, the "Refer Ticket" button is not grayed out prior to selecting the target--this is inconsistent to the more logical button inactivation which is implemented in the "Assign Ticket" function in the line above and should likely be fixed.
- Refer by e-mail
This text box allows you to type in an e-mail address or list of e-mail addresses in order to refer the problem to someone who is not in the "Refer" list.
- Send e-mail to client
This button is used when you have resolved an issue and is the method for notifying the client of that. The ticket is then closed by default, but you may indicate that you wish it left open by using the checkbox given here. This is also where the "Client Kudos or Complaints" field (wherein I believe kudos is misspelled) comes into play; those are not sent to the client, but are kept for internal use.
Other options available include:
- Save the ticket
This button is used after using the consultant interface to modify the information within the ticket, when you want those changes saved.
- Mark the ticket as pending
This button is used when you have just gotten a new ticket and you wish to indicate that a solution is in the process of being formulated.
- Close the ticket
This button is used when you are completely done and want to close the ticket.
- Send the ticket to UF Help Desk
This button assigns the task to the UF Help Desk and would be used for problems outside our purview.
Dwight showed us the Remedy Web Reports site. This allows you to see all the tickets and you may request a particular report if needed.
Getting on the Consultants List
If you want to use the consultant interface for the IFAS Remedy system or the reports system, contact Dan Christophy with your username and he will see to it that you get added to those systems. All unit support staff are strongly encouraged to request this access. If you are in the system, then tickets can be assigned directly to you rather than being referred by e-mail. This makes it easier on the one assigning and plugs you into the process where you belong.
Unit Admin Comments on System
Mike Ryabin mentioned that incorporation of the local admins into the work flow is very important and that he hesitates requesting that his clients use the system until such time as he gets immediate notification that a ticket has been submitted. It had been discussed prior that the ticket would be assigned based on the Network Managed By (NMB) field. Fran related that this can be done, but that Dan Cromer had requested that all items go first through the Help Desk. Although this meets the "single point of contact" criterion, it causes more problems than it solves for our system as a whole.
Some means should be instituted to inform all support staff, both the Help Desk and the relevant unit support staff. Unit support staff are essentially peer extensions of the Help Desk and cooperation/interaction between those two groups is currently quite poor to the detriment of all; this system is an excellent opportunity to address that issue. There are manual methods whereby one or the other of the two groups can make sure the other is kept in the loop on all relevant tickets. The Help Desk personnel could assign or refer all tickets relevant to a particular unit support person and unit support persons can make certain that all their completed support issues are entered in the system. The former would keep the unit support involved and the latter would help maintain a central list of problems across IFAS so overall solutions (possibly automated) can be considered.
Many felt that assigning tickets based on NMB would improve the system, however. It would encourage interaction outwards from the Help Desk while assuring that a record of the tickets is kept for centralized scrutiny. The corollary of this has been raised from the IFAS Help Desk as well, however (courtesy of Ed Steele). There have been a number of cases where the Help Desk initiates a Remedy trouble ticket based on user input, determines that problem should be elevated to unit support and refers the ticket to the appropriate person via "refer via email" process. In this case it has often been the case that the Unit support person investigates and determines that problem is not a server side issue, but does not relay the findings back to Help Desk support or to the user for follow up or provide any input as to what could be causing the problem. In other words, the unit support persons drops the ball. Some days later, the user calls back to report the problem again and gets a different Help Desk tech, who makes out a new ticket, etc., etc. Meanwhile, the user fumes and the problem festers until the user elevates to a higher administrative level. A portion of this problem can be addressed by having the client specify the particular tracking number and keeping good records of progress within the system. However, for the system to work to its potential, unit support personnel clearly have to be more involved with the process as a whole. Realizing that unit support is the first line of support (for those units lucky enough to have that) would be a big step in the right direction. There are issues getting the contact list for the NMB solution, but apparently that is being pursued.
Viewing the IFAS Help Desk Ticket Queue
The very topmost link on the IFAS Remedy Web interface front-page allows a consultant to view the entire Help Desk ticket queue. The tickets are listed in table view with the oldest at the top (note: it might be more useful if the sort order was reversed). The various column headings are:
This field is a link which you may click to edit that particular ticket.
- Entry-Id preview
This field is also a link which you may click to view a summary of that particular ticket in a small window.
- Time/Date In
This field lists the time and date when the ticket was first created.
This field is the number of days since the last time any entry had been made on the ticket.
- UFID lookup
This field is a link to a directory lookup (by UFID) on the person with the problem.
- Name lookup
This field is a link to a directory lookup (by name) on the person with the problem. This might be useful if someone (mistakenly) has more than one UFID.
- Network Dept
This lists the Network Managed By code related to the person who has the problem.
- Problem Summary
This is either the category chosen by an end user entering the ticket via the "Ask the IFAS Help Desk" or it is that field entered or edited by the support staff.
- Assigned to
This field is not very useful in this and Adam plans to remove it. The reason for that is that the value here is only useful when the ticket is actually in an assigned status.
- Updated by
This field displays the UFID of the person who last updated the ticket.
- Gatorlink ID history
This field is also a link that will take you to a list of all past problems entered for that person.
The rows, each representing a particular ticket, are also color-coded as follows:
This is the default for regular tickets in the queue.
- Light Blue
This color is used to mark pending tickets.
This color is used for tickets that are currently assigned to someone specific.
Dwight announced that Fran and Adam have agreed to do Remedy training, and he was wondering who thought that was necessary. Joe Spooner suggested that this be done in MCC G001 and recorded using Camtasia. That way it would be available for people to view at their leisure and also in the future for orientation of any new OU Admins that come along. I am sure that ICC volunteers could be obtained to help with that by being at the session and asking the sorts of questions new users of the system might have. It is hoped that Dwight will follow-up with Fran and Ron Thomas on that.
Windows 9x is supposed to be gone from the network by the time we have our next ICC meeting. Chris will be counting on it being gone and will be making significant network changes that would disrupt network access for any Win9x machines. Steve noted that nothing has gone out to IFAS-ALL on this and Chris Hughes suggested that this should have come from the VP's office once the decision had been made at the ITPAC.
MOM is up and operational. It is monitoring every server that is properly named with the "IF-SRV" prefix, except for those managed by Kevin Hill. Other servers will be added when they meet the naming convention requirements. Notifications are still a work in progress. A connector is going to be extended with the remedy system so that when a MOM incident occurs a Remedy ticket will be opened. UFAD has now installed MOM as well. so we will be doing connectors with their system so we can see problems with the DCs.
Prior exit procedure discussion. The Exchange exit procedures have been reinstated to the Permissions Removal Website and are functional. If you have talked to a user according to the process documented here, including assuring that their Gatorlink is not forwarded back to IFAS, you are allowed to remove their mailbox via this site. If you have an employee who leaves, don't e-mail Chris or Dwight anymore, but rather use the Permissions Removal Website to handle the necessary permissions removal yourself. The only thing that is not removed currently is NMB, but as soon as we get access to the APIs to do that (and that has been promised) then the application will clear that setting as well. Dennis Brown asked if that included the OU Admin accounts. Chris responded that it did not. Those will be handled by a separate process whereby if your normal account is no longer in the IFAS OU, your associated ADMx accounts will be deleted. Assuming you have applied permissions properly via groups and not via the ADMx accounts directly, access should not be difficult to reinstate should that prove necessary (via accident or otherwise).
Chris is also working on a web application where OU Admins will be able to increase mailbox quotas for people. You will no longer have to bug the Help Desk or Dwight to handle such issues. Since the mailbox has to be taken off-line for this to occur, the process will be scheduled to perform its function at midnight.
Jack Kramer is having his department set his affiliation in the UF Directory to Departmental Associate. He wondered if this would allow him to keep his IFAS e-mail account. Chris Hughes related that such an affiliation essentially makes him an employee of that department and so, yes, the IFAS e-mail account will be retained.
Chris Hughes was asked about training. He is not very excited at the prospect (as documentation is indeed often tedious), but will be creating Camtasia movies of the processes useful to OU Admins. He hopes Dwight or someone with a better speaking voice than himself can be acquired to provide the audio track.
ePO Reorganization and Exclusion Lists
Chris Hughes has taken over ePO management from John Sawyer. Chris says this will be happening in 2-3 weeks and predicts that by the next ICC meeting everyone will be angry at him concerning ePO as he intends to be the "epo Dictator". There will be a single set of policies that come from the top level and inherit down to every machine. If you don't like them, you may comment on them :-). Every machine will have ePO installed, and every machine will have current DATs--Chris guarantees that. Chris speculated that Kevin Hill will be setting up his own ePO server. Everyone will have view access to ePO but no edit access. If you require valid exclusions, it is likely that everyone needs those, so they will be going on at the top level. This is needed because a reinstall knocks out the local exclusion list and that has caused great and repeated problems for our web servers (by blocking port 25--SMTP on web forms), for example. If you have security tools which you like to run that McAfee catches, the exclusion will be on the multi-purpose servers so you may e-mail Chris or John to have those included in that repository. That will prevent a virus reading any local exclusions and using those as an infection vector. If you have any questions or problems with these procedures, please e-mail Chris.
Joe Spooner commented on this taskforce. There is now a website for this committee and an IT-TASKFORCE-2005-L mailing list to which you may request to be added. They have had one meeting already on May 19th in this same conference room where we meet. The group was charged "to assist IFAS in the maximum use of the technology that we have", to "focus on assisting in information delivery to internal and external clientele" and to "try to complete our task in the next three to four months".
They were tasked to review the Final Report of the Infostructure Task Force July 1, 1997 and to specifically focus on our IFAS web-based information structure. The group was divided into three sub-committees: a survey sub-committee, a website sub-committee and a report update sub-committee. Joe is chairing this latter committee and is on the website committee as well. The website info group is concerned with the need for a webmaster and how we provide funding for that, including the details below that position in terms of software costs, etc. They also need to determine what sort of system we want for management of our websites. Chris Hughes believes the committee should decide what they want to accomplish and what software they want to utilize and then leave the decision of hardware and its support needs to the IT/SA staff to detail.
Joe is concerned with the short time which they have to do their job and the lack of IT specialist input into certain of the decision making processes. Joe mentioned that we should be seeing a survey which will give ICCers a chance to voice our opinions. Please take good advantage of that! They will be looking for items in the 1997 report that have or have not been accomplished and then proposing models for the future that can better assure that recommendations are actually enacted this time.
Dwight was interested in whether or not spam would be specifically addressed by the survey. If not, he wants to pose the question to IFAS-ALL so that pressure can be built into next year's budget for a better solution. Marion Douglas, who is chairing the survey sub-committee, was asked if he could see to it that this issue was incorporated into the survey. Joe Hayden agreed that the spam issue needed grass-roots support to assure proper funding. Chris Hughes believes the current system is functioning "okay" and that we have improvements coming down-the-line which will be the most satisfactory way of addressing the issue. Steve can't help but see a great advantage in having an easily maintained appliance such as the Barracuda perform this function however. Time will tell.
Steve brought up the issue again of having an ICC representative attend the quarterly faculty meetings. Joe had expressed interest prior, but now reported that he had been told that it was not his place and that Dan Cromer should represent IT at those meetings. While Steve doesn't disagree with having Dan attend those, he strongly feels that ICC representation there could be extremely helpful to all.
Joe has strong feelings that our software and applications development is by far the weakest link in the way resources are allocated within IFAS IT. He noted that EDIS is being offered in this taskforce as a solution for an IFAS content management system?! Joe correctly discerns that our IT functions are continually crippled by the fact that we don't have processes to effectively manage, control, deploy and measure our IT systems. Mike Armstrong said that it is difficult for action to occur in an environment where administrative examination via committee must occur as the means to getting useful things accomplished. Joe expressed his concern that such was the case here.
Chris Hughes proposed drafting a joint statement from the ICC to Jimmy Cheek stating that action is required to address our IT framework. Mike Armstrong said that his unit had already made a series of presentations to IFAS administration saying that the reason they were reluctant to join UFAD was due to the lack of commitment by IFAS administration to IT. Obviously, it all comes down to money. Joe Spooner hopes to obtain more than the subjective data of the past taskforce report, replacing that with hard data that demonstrates how improvements in the overall functioning of IFAS can be made by operating differently--including the real money savings that can be expected. Joe has a number of examples of public organizations that are successfully paying attention to their IT operational frameworks and thereby providing actual measurable benefits.
Chris Hughes asked who in the ICC ran their own file servers and/or web servers. This touched off a long discussion as to the inefficiencies in that vs. the needs of units not being addressed by central IT. The discussion then turned to how FTE and department-purchased equipment savings are of no concern to central administration and will not be persuasive arguments in effecting change. Units could provide funds to central IT for some of these services, but when that has been done in the past, the results were poor because the administration did not provide the necessary support to IT to make them successful at growing their services. Joe Spooner believes that this is due to the lack of processes in IT to look at the bigger picture of how services might be organized, maintained and monitored. Joe Spooner believes SLAs for providing services to units could support a new model. Joe Hayden said that has been suggested in the past and has gone nowhere. Joe thinks we need to look closely at what caused that to fail. There seems to be a culture within IFAS of hiding the details of how things actually do or do not get done. The lack of data in this regard makes measuring the current situation and comparing to future possibilities next to impossible.
Hurricane preparedness/contingency planning
Mike Ryabin has been tasked with creating a hurricane preparedness/contingency planning document. This requires coordination with UF and IFAS IT. Particularly in the case of the latter, there are no documented procedures or even contact individuals with whom to coordinate. Steve urged Mike to put his needs in writing as a request to Dan Cromer and see if Dan can address those. If that is unsuccessful, you could have your center director raise the issue to Joe Joyce. This is not a problem that is unique to Ft. Lauderdale.
The meeting was adjourned extremely late at approximately 1:04pm.