IFAS COMPUTER COORDINATORS
(ICC)
NOTES FROM August 8th 2014 REGULAR MEETING
A meeting of the ICC was held on Friday, August 8th, 2014 in the Sorta New UF/IFAS Communications Building. The meeting was chaired and called to order by Jimmy Anuszewski at about 10:00 am.
PRESENT: 27 members participated.
Remote participants: Wayne Hyde, Dewayne Hyatt, Kamin Miller, Kevin Hill, Joel Parlin, Marvin Harrison, Bill Black, Angelo Daniels, Tom Barnash, John Wells, Ben Beach, Brian Hurt, Daniel Preston, Winnie Lante, Taylor Jamrok, David Bauldree, Scott Owens and Karen Porter.
On-site participants: Jimmy Anuszewski, Wendy Williams, Dennis Brown, Steve Lasley, Dan Cromer, Tennille Herron, James Moore, Eric Benvenuto and Santos Soler.
STREAMING AUDIO: Might be available here
Recorded Video: Not great, but it's here.
NOTES:
Agendas were distributed and the sign-up sheet was passed around.
Member news:
Matt Nash has moved onto to bigger and better things, leaving an opening in the F&RE Department. We wish the best of luck to Matt.
Recap since last meeting:
As per his usual procedure, Jimmy pointed folks to the notes of the last meeting, without going into any details.
Security:
New draft security Standards and Policies (previous discussion)
Dan Cromer announced that the Shared Infrastructure Advisory Committee wanted to work on a formal project for Four Levels of Security with a training component before access is granted. A quick quiz would be given before a Gatorlink would be given with a second level determining Administrative Rights to computers. A third level would allow access to administer other users' computers and a fourth level would allow contracting to purchasing or acquiring virtual servers. As soon as something is drafted, Dan will send out a transcript to the ICC.
Updates as available...
Implementing the Mobile Computing Security policy (previous discussion)
Dan stated that there is going to be a review of current mobile policies after a survey of other universities and their mobile policies showed faults within those who had stringent policies in place.
Digital Signatures was brought to the table after some discussion on the ICC Email List. Dan stated that there is a project in the works that will hopefully set the standard for a campus-wide solution. In the meantime, users will have to work with what ever utilties are available, including paid services.
Updates as available...
Patching updates... (previous discussion)
Microsoft
The July Microsoft patches included 6 bulletins (2 "Critical", 3 "Important", and 1 "Moderate") covering 29 unique CVEs in the usual suspects. A risk assessment is available here.
Adobe
There was a security update for Flash Player on July 8, 2014.
Java
The scheduled quarterly updates are expected on Tuesday, October 14th.
Apple
Apple updates can be tracked here. Rumors of the new OS X Yosemite can be found here. Looks like a Fall release of the user friendly system with no details of network improvements yet.
VLC
There was an update to the video player, VLC, on July 26. You can find the download here.
Other
Updates as available...
Videoconferencing and WAN discussion
[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]
Videoconferencing topics (previous discussion)
Patrick Pettus has taken a new position within UF Video (in Network Services) and Abraham Turell is the contact person for any endpoint and conference issues. You can contact him at video@ufl.edu. Patrick will still handle anything having to do with infrastructure.
Acano is slowly getting up to speed. By now, the call manager integration should be done and hopefully Lync is integrated by now. Acano help can be found here. Dan stated that it operates very well. Currently it is integrated with Lync beta. You can enter your conference in Lync and join the Acano conference. Also, it is currently limited to Chrome (chat is unavailable). Other browsers will become compatible as bugs are worked out. There are native clients available (Windows, Mac, Androids and iOS). Recording is not enabled yet and the URI that neeeds to be used are lengthy, possibly creating problems for Video Conference (Polycom, Cisco, etc) users that have to use a remote to input the ID.
Endpoint security concerns (previous discussion)
Updates as available...
Replacing Polycom endpoints with some Lync-based solution (previous discussion)
Updates as available...
Possible end-point refresh in the works (previous discussion)
Updates as available...
Movi/Jabber Updates (previous discussion)
Updates as available...
End-user Scheduling (previous discussion)
Updates as available...
Lync updates (previous discussion)
Horizonview, otherwise known as VMWare View, has been updated and now includes Lync 2013. Dan encouraged everyone to explore the Virtual Desktop to atleast become familiar with it in case users have problems. It is good to have and use.
Updates as available...
WAN (previous discussion)
Updates from James Moore
James introduced Eric Benvenuto who is already working REC's and becoming an asset.
James also gave us an update on the addition of capacity upgrades in some panhandle REC's and SE Florida REC's. He also discussed dynamic VPN's being installed, allowing direct connections instead of being redirected after coming through campus. VOIP's are also being installed and also updated on several areas.
Bill Black commented on drones that are being used to watch over specific situations (controlled burns, etc) and as an educational tool.
Updates as available...
Wireless printers (previous discussion)
Updates as available
VoIP at RECs
Updates as available...
Phone bills to be paid for centrally? (previous discussion)
Updates as available...
Policy
Cloud Services (previous discussion)
Updates as available...
Notes from last month's SIAC meeting
Updates as available...
Last month's IT Directors Meeting Notes
Updates as available...
PrintSmart initiative (previous discussion)
Updates as available...
New IT Service Management Initiative
ITSM Awareness Training is now available; this apparently will be required of any IT staff that will use the service management tool. To access the ITSM Awareness Training Course, login to myUFL > My Self Service > Training and Development > Request Training Enrollment and search for OIT100 ITSM Awareness.
Content Management System (CMS) for UF: Entering preparation phase (previous discussion)
The ICS will be hosting a meeting for all interested in the T4 migration. The meet will be on August 14th at the Straughn Center, from 9am until 11am. You can RSVP here. Also, there is a blog discussing the ICS progress with T4 here.
Tennille Herron stated that she doesn't believe there will be problems with the T4 migration with those sites that are traditionally coded. She stated that ICS will provide updates to the IFAS Web List and the ICC list as they come across problems with each migration.
Dan asked Tennille why the conference, on August 14th, will not be video streamed or recorded. Tennille stated that she found out on August 7th that they will be in a room with no video capabilities. Dan stressed concern that the meeting was not going to be streaming nor be recorded, considering many people from REC's or those that cannot attend the meeting need a way to watch. He told Tennille Herron that there are ways to stream and record by using MediaSite and to check with Al Williams.
If you have any questions, you can email Tennille at webteam@ifas.ufl.edu.
Steve Lasley mentioned he wasn't sure who exactly should be going to the conference. Tennille said it was going to be focused more on developers than on content managers.
There was concern about not receiving confirmations for T4 Training after signing up. Jimmy received an email on July 16th stating the following:
"The Web Content Management team has been working with TERMINALFOUR to ensure that the migration and push to go live with UFL.EDU happens smoothly. We have encountered a small delay in that effort which influences the material presented in the training courses. As a result, we have decided to postpone publishing the courses until the issue has been resolved. Our goal is to provide the optimal training experience for the user.
You will be notified once the course you requested has been published. You can also visit www.webservices.it.ufl.edu for any additional updates."
As far as Jimmy knows, date(s) have not been set.
Authentication Management policy draft (previous discussion)
Updates as available...
New 'Trouble-Ticket' Entry Page for CNS (previous discussion)
Updates as available...
KACE (previous discussion)
Updates as available...
CNS working to implement NAC for UF wireless (previous discussion)
Updates as available...
UF Exchange updates (previous discussion)
Dan reported no updates except to say the upgrade to Exchange 2013 has been delayed several times, now expected to be moved into production by the end of September. It is supposed to be a seamless transition, with mailboxes being migrated from old to new while both systems are running. In our last meeting, all ICC volunteered to be moved in first group as pilot testers.
Updates as available...
Canvas Selected as the Centrally Supported Course Management System (previous discussion)
CANVAS BOOT CAMPS and SEMINARS – Support for the Transition to UF’s New Course Management System
To assist faculty and academic staff with the transition from Sakai, UFIT is offering three-hour “Canvas Boot Camps” and 30-minute “Canvas Transition” seminars.
1. Canvas Boot Camp
This is a comprehensive, three-hour workshop. Instructors will learn to create pages, modules, assignments, quizzes, and discussions; and learn how to grade in the Canvas Course Management System.
2. Canvas Transition
This is a 30-minute seminar for attendees to learn the similarities and differences between Canvas and Sakai. Highlights of the seminar include a review of the fit-gap analysis of the two systems and information about resources available for new course creation and migrating existing courses into Canvas.
To learn more about the Boot Camp or Seminar, see the dates they are offered, or to register, visit: http://training.it.ufl.edu/ufit-workshops/
Alternate IFAS domains in e-mail (previous discussion)
Updates as available...
Split DNS solution for UFAD problems (previous discussion)
Updates as available...
Projects
New web cluster (previous discussion)
Updates as available...
Windows 8 Deployment? (previous discussion)
Updates as available...
SCCM for IFAS
Updates as available...
Exit processes, NMB and permission removal (previous discussion)
Updates as available...
Services Documentation: Is a Wiki the way? (previous discussion)
Would be really nice if more people could contribute to this.
A wiki has been created at http://my.ifas.ufl.edu/wiki/icc/. Everyone in the ICC distribution group should be able to add/edit.
Operations
IFAS IT Updates
I wanted to give the staff at IFAS IT an opportunity to give updates on different projects that are currently in the works. Wayne Hyde gave the following updates:
Santos Soler is working on Powershell Scripts for the network drives. See here for more information.
Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)
Updates as available...
Print server (previous discussion)
Updates as available...
Recording lectures for Distance Education (previous discussion)
Updates as available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Jimmy will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted. So Jimmy will leave it here.
DirectAccess pilot (previous discussion)
Updates as available...
VDI desktops as admin workstations (previous discussion)
Updates as available...
Wayne's Power Tools (previous discussion)
Updates as available...
Computer compliance tool update (previous discussion)
Updates as available...
Disabling/deleting computer accounts based on computer password age (previous discussion)
Updates as available...
Core Services status (previous discussion)
Updates as available...
ePO updates (previous discussion)
Updates as available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Updates as available...
Public folder file deletion policies and procedures status (previous discussion)
Updates as available...
MS Office News update (previous discussion)
Updates as available...
Job Matrix Update status (previous discussion)
Updates as available...
Other Topics
Event updates from Wendy Williams
Wendy gave us an update on several things that are going on over the next Fall semester. Peer2Peer (link will be provided when they update their site) has been scheduled to take place on October 16, 2014, from 8am-12pm at the UF Law School, 180 Holland Hall. Topics will be listed as they are provided.
Wendy mentioned an Adobe training day on September 16th. More information will be provided as it comes along.
There will be a Technically Speaking event (the last Technically Speaking event featured Mark Minasi) on Nov. 5th and 6th at the Reitz Union. More information will be provided as it comes along.
A ribbon cutting on August 27th will be help for the Marsten Science Library.
Permissions on file server: Home folders
Jimmy is keeping this here due to continuing problems.
Dan Cromer had wanted to discuss multiple access to user folders. He could think of only one reason for this to be allowed, when one person leaves and another person needs temporary access. In fact, this could be accomplished without providing access to another user's folder by having admin move the needed folder to another appropriate folder, either Unit or Private. Dan wanted to re-emphasize the standard configuration and usage of Unit, Private, and User folders.
Steve began documenting permissions of the file servers a few weeks ago under the new ICC wiki under the topic "How should permissions be configured on the various shared folders?" and Santos has continued that process.
Wayne Hyde expressed his concern about broad and basically uncontrollable access to unit folders. Steve had thought that those with the "UF_PA_IDM_NETMGR" role could only set NMB to point to their own OU(s) or clear them; it turns out that anyone with that role can set NMB for anyone to any unit. Wayne feels (and Steve agrees) that this situation makes it very important to control what information is posted to such folders. This isn't being handled very well in most cases currently and is truly out-of-hand in many cases.
Steve pointed out that he clears his Unit folder every weekend and has labeled it so folks are aware:
It had never occurred to Steve to use Entomology's Unit folder for any kind of permanent storage. Apparently Entomology is in the minority on this, however; many use the Unit folder to distribute templates and other such materials. There was considerable discussion about trusting units to use these resources properly, but the fact is many are not and keeping things as they are is just an invitation to a breach that IFAS will sorely regret.
David Depatie expressed the importance of teaching users about how to best use the file server and all agreed that user cooperation is an important part and maybe the most important part of all this. There is more that can be done to lead folks in the proper direction, however. Steve pointed out that it has always puzzled him why his unit is the only one (at least that he knows of) that redirects My Documents to the Home folders for folks.
Wayne has a plan to rename Private to Groups for our workgroup shares, but there are technical reasons related to our backup methods why this should be done at the next fileserver refresh and not before.
Wayne mentioned that Santos has created scripts to automatically create Home folders; this should help encourage proper use of the file server. Those scripts will be demonstrated during the meeting.
[Note: there are portions of Wayne's Power Tools that can help with cleanup of Home folders as mentioned earlier in these notes.]
Wendy Williams took the position (and Dan Cromer agreed) that either ITSA should take away the Unit folders because they are too unsafe, or ITSA should let us use them while providing the tools to help monitor them. Santos pointed out that monitoring is really only possible when dealing with a small number of files and folders; the size of most Unit folders makes this a nearly impossible task, however, in his opinion.
There was considerably more discussion on this topic. It is obviously good to raise this topic often to make/keep all OUadmins aware of the risks. It will be a continual struggle and hopefully we can continue to move gradually towards a more secure and maintainable situation. It won't happen overnight, but it won't happen at all unless we all remain vigilant.
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve or Jimmy. Wayne stressed to make sure that the "managed by" attributes are set correctly.
From the 8-8-14 meeting:
Santos Soler has written Powershell scripts that will allow an automated creation of folders, user groups and users. The scripts are well documented within and need to be run as Administrator. You can find the scripts at \\ad.ufl.edu\ifas\software\powershell. You can either follow the commented instructions within the scripts or go to the 15 minute mark of the audio recording.
Dewayne Hyatt has been busy upgrading 2008r2 to 2012r2 deployment.
Wayne has been trying to repair the SQL problem that occurred on August 7th.
Updates as available...
SAS depot updated
The SAS 9.4 installation depot (\\ad.ufl.edu\ifas\SOFTWARE\SAS\SAS9.4 ) has been updated to permit installation on Windows 8.1.
FAQs for new hires
Updates as available...
Adobe licensing (previous discussion)
Updates as available...
Getting rid of Windows XP
Do it....now. Wayne stated that XP machines are down to 27 boxes. Steve mentioned that Microsoft stated IE support is going to be limited, leaving people to wonder if Windows 7 will be losing some sort. Hopefully we hear more. Windows 9 is expected to be out in April, 2015.
Misc.
DeWayne Hyatt also stated that DNS records are going to be getting cleaned very soon and that 16,000 DNS records that start with IF will soon be getting whittled down.
Dan Cromer also spoke of the new docking station for the Surface Pro 3 (around $200).
Wayne Hyde will be looking into a problem that some people are encountering with Remote Computer Management event logs being blocked. More info to come as he looks into it.
That's All Folks!
The meeting was adjourned at 11:25 and the next meeting will take place September 12...3 weeks into College Football season!
|