ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, September 10th, 2010 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Eighteen members participated.
Remote participants: David Bauldree, Bill Black, Dan Cromer, Francis Ferguson, Kevin Hill, Wayne Hyde, Joel Parlin, Marvin Newman, Scott Owens, Mike Ryabin, and John Wells.
On-site participants: Andrew Carey, Benjamin Beach, Dennis Brown, Jason Do, Winnie Lante, Steve Lasley, and Wendy Williams.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

Steve reported that Jason Do has replaced Vikram Bohra as Wendy Williams's assistant with CALS.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

End-user Scheduling

We are still awaiting details about the reported plan is to provide some subset of individuals access to schedule their own videoconferences on TMS. This is clearly not a current priority as the status has been in limbo for quite some time.

Office Communicator infrastructure status (previous discussion)

This topic was not addressed this month.

New VC gateway status (previous discussion)

This topic was not addressed this month.

Recording lectures for Distance Education (previous discussion)

Recordings of Accordent training now available

The recordings of Daniel Soltedo's Accordent training sessions are now available. Due to technical difficulties, the August 16th training is available partially via WebEx and partially via Elluminate. The August 19th session is also available.

Other useful links include Accordent Support and Accordent University.

Steve mentioned that he had used the Accordent successfully a couple of times and asked others how it was going for them. Dennis Brown said that the three Fifield departments are using it. Each OU Admin is apparently utilizing their IF-ADML accounts to access the system directly; they are not having the instructor start/stop the recordings via the web interface.

Issues with Articulate software provided by the Dean (previous discussion)

Steve wants to keep this topic on the agenda to discuss ongoing issues with that somewhat fragile software. You can drill back to previous discussions on this topic by clicking on the "(previous discussion)" link above.

Videoconferencing documentation being posted via SharePoint

Steve would like to mention again that Lance Cozart has this documentation. Lance continues to develop it. If any of you have schematics of your rooms/systems it would help Lance greatly if you would forward those to him for posting.

New Elluminate system status

This topic was not addressed this month.

WAN transition to CNS (previous discussion)

Connection of UF and IFAS Remedy systems with the CNS Remedy system

This topic was not addressed this month.

Updates from James Moore

James Moore was unavailable but is expected to be here for an update next month. In his absence Kevin Hill asked Dan Cromer [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] when he might expect to get their circuit upgrade finally installed--as well as upgrades for various CEOs. Dan admitted to not having the details in-hand, but he was convinced that Immokalee was "imminent"; however, in ISP terms that may mean something like 45 days. The contract has been turned in to the purchasing office; they are the ones who actually must sign the contract. A slight distraction came in when FPL started suggesting that they might have an alternative offering; it seemed wise to investigate that as well prior to signing a two-year contract.

Homestead and Ft. Pierce are done and Vero Beach is the next in line according to Dan. Belle Glade and Immokalee are due after that. Steve asked if these circuits were all 10Mbps burstable to 100Mbps. Dan said that varied by site, but was generally the case.

Kevin mentioned that they had also been looking at VoIP to replace their current phone system, but that was a secondary concern to the connection issue. Steve recalled that CNS lately has seemed to prefer a campus-based VoIP solution in somewhat of a turnaround from their earlier position with Ft. Lauderdale when that REC had first investigated moving to VoIP.

Mike Ryabin had pointed out to Steve separately that he believed the CNS solution would only provide Gainesville local numbers, however, and that would not be a feasible choice for RECs. The issue apparently has to do with inter-LATA issues; CNS couldn't supply local phone numbers to the remote sites without become the "service provider". CNS has also been reluctant to provide a data-switchover path so phone calls from RECs to Gainesville could be toll-free. These are issues which IFAS should continue to get CNS to consider and address; perhaps James can comment on this at the next meeting.


Alternate IFAS domains in e-mail

Steve wants to keep this on our agenda for future discussion. He believes there is no advantage to having multiple aliases and that we should move towards removing those if possible.

Changes in the ICC representative to ITPAC

Steve is/was heavily involved in several IT committees, but now wishes to concentrate on the ICC during his years in DROP. He hopes, among other things, to get a good transition in place for when he leaves and feels that one good start would be to get other ICCers involved with the ITPAC as soon as possible. Consequently, Steve asked Dennis Brown if he would be willing to take over as the ICC representative to ITPAC. Dennis kindly agreed and was welcomed by the ITPAC chairman, Al Wysocki. Steve hopes to introduce Dennis at the next ITPAC meeting, whenever that may be. The ICC will still have the same representative voice, but Dennis will take on the responsibility of carrying that to the policy committee as needed.

Identity Management (IdM) Interface Training

Steve wants to remind everyone of the "UF_PA_IDM_NETMGR" role which will allow you to set NMB for your users. Your Department Security Administrator can do that for you.

ITAC-NI meetings are on hold (previous discussion)

Steve has resigned as secretary after almost three years service and the decision has been made to suspend further meetings until the new UF IT committee structure is formulated.

Sakai e-Learning System now in production (previous discussion)

As reported in the recent IT Connections, the new and the old systems are both in production for the next year as courses are transitioned over.

Steve mentioned that one of his faculty members had given a presentation on Sakai at a departmental faculty meeting yesterday. Steve was quite impressed with the system and thought he would do a quick demo of what little he had learned.

Basically, anyone with a Gatorlink can log onto Sakai eLearning and be instantly provided a workspace. Instructors for UF courses have to provide additional validation in order to receive an official course site (which has additional capabilities such as quizing and grading), but anyone can create as many "Worksites" as they want. Sites may be populated with many useful collaboration features such as a Calendar, Announcements, Resource (file) sharing, a Wiki, RSS, Chat, and so on.

What Steve thought was particularly useful was the fact that anyone could create a Worksite and then control access--including to folks outside our system without Gatorlink accounts. This would seem to be a promising solution for many of our extension programs. Steve demonstrated how the credentials for access are sent via email by showing what happened when he provided himself access via his gmail account.

Steve didn't want to transcribe all his rambling ad hoc discussion in these notes, but if you missed this and want to listen in you can find the discussion at the 7:50 point in the stream continuing on until about 21:00.

myuf Market (previous discussion)

Steve wants to keep this on our agendas in case discussion seems warranted.

UF Exchange Project updates (previous discussion)

Luis Molina is now on-board

Luis Molina has arrived as Dwight Jesseman's replacement.

Barracuda load issues

Scott Owens reported that the UF Exchange team is considering shutting down the Barracuda because the current equipment is unable to handle the load and long delivery delays (one hour at peak load currently) are being seen for messages coming in from outside Exchange. They had reported that another Barracuda appliance has been ordered, but they need to somehow deal with delivery issues in the meantime.

Naturally, removing the Barracuda would cause a large increase in spam arriving into inboxes. One possibility to cope with that in the meantime might be to implement Outlook's own rules or possibly re-implement the MS server-side solution. Neither of those is likely to be as effective as the Barracuda has been up until recently, however.

Centralized FAX service via Exchange (previous discussion)

Steve wants to keep this potential service in everyone's minds as it seems a logical direction for all to take.

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.

IT survey is coming

Dan Cromer [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] wanted to provide us a "heads-up" that a survey is being developed which unit IT folks at various levels will need to be involved with. The survey has been published at http://admin.ufl.edu/itsurvey and is available, but Dan has asked that a batch upload facility be developed due to the great data entry effort which would be required to enter all the requested data via a web form.

Apparently the survey was developed due to the inability of the CIO to answer questions from the Board of Trustees regarding our IT staff and equipment inventory. The plan is to have an annual survey to ascertain these details and keep them reasonably up-to-date.

Dan said that what is posted currently is still in a draft (though near complete) stage and that we need to provide feedback about how this might best be handled to be both efficient of our time while remaining reasonably accurate. There is still time for input on addition or subtraction of items if we act now. Dan invited everyone to begin a discussion via the ICC-L on this matter.

Ben Beach asked for a deadline on this and Dan could only speculate that perhaps that might be around the end of November; the survey itself might be finalized by mid-October.

Dan said that the IT Leadership Team generally meets on the second Wednesday of the month. There is another larger IT Managers group that is being formed as well with perhaps 30 members. Elias Eldayrie approached each of the VPs and Deans and asked who they wanted as IT Manager for their units and Dr. Payne designated Dan to represent IFAS. That group will meet next Friday to discuss this matter as well. Dan reported that this survey will evolve and be handed down for IT people to do.

John Wells asked if this survey was to include UF property only. The District Support folks have the added complication of dealing with County-owned equipment or a mixture as well. Discerning which is which will be quite difficult in many cases.

Decision coming next week on campus-wide Distance Education software solution

Dan Cromer reported [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] that Elluminate and Adobe Connect are among those in the running. Whichever is picked, IFAS will need to follow suit as quickly and efficiently as possible.

Negotiations underway for the Microsoft Campus Agreement

Dan Cromer reported [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] that our contract is up for renewal at the end of November and negotiations have begun. Dan is beginning to worry about continuing central support for the eCALs and noted that IFAS might have to consider funding that separately if it isn't picked up.

ICC and ITPAC structures expected to remain

Dan Cromer [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] reported that he meets with Elias biweekly and in a recent meeting Dan had explained our ICC and ITPAC structure. Dan was pleased to hear that Elias was impressed and intends to retain such things which are currently working well. In fact, Dan expects both the ICC and ITPAC to have representatives in the future to coinciding UF-level committees. Should that prove true, Steve will be looking for an ICCer other than himself to fill that role; he feels we need to broaden member involvement in these processes.

Microsoft Application Group advisory committee

Dan Cromer mentioned [Dan arrived late but his comments have been incorporated into the normal agenda order for continuity] this is another task that has come down to him. He was handed it from Mike Conlon and had been looking for someone else to take that over. Elias believes Dan is doing a good job with that, however, and has asked him to continue. The role of that group was initially to advise UF Exchange, but as that group extended their offerings it is now expected that the advisory role will expand to cover those as well rather than creating additional committees for OCS, SharePoint, etc. Now that Mark Rieger has been promoted to interim Dean, Al Wysocki has taken his place on this particular committee as the IFAS representative.


IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

Windows 7 deployment

As available...

Exit processes, NMB and permission removal (prior discussion)

Nothing further was available on this topic at this time.

Re-enabling the Windows firewall (prior discussion)

Update as available...

Services Documentation: Is a Wiki the way? (prior discussion)

Steve skipped over this topic but will keep it on our agendas.


Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Replacement campus print server is now in production (previous discussion)

Santos Soler had been keeping in touch at least weekly on progress and asking folks to test things. Finally, last Tuesday night the old server was retired. Santos announced this to the ICC-L, providing a useful debugging tip:

Message to the ICC-L from Santos:
"Re: [ICC-L] New Print server - Update" Tue 9/7/2010 8:16 PM

Good evening!

Print spooler was stopped on the old print server. If users have issues printing please have them log off and logon. If users are still having trouble please follow usual steps to troubleshoot printer issues. A good starting point is using “cscript \\ad.ufl.edu\netlogon\ifas\printers.vbs if-srvv-print /debug” this should list the printers the user have access to.

Please email us if you have any issues

Most people reported having only minor glitches in moving to the new print server. Steve had one printer that needed host-based drivers and did not work with the universal drivers. Naturally, this was the only printer Steve had failed to get a test print on prior, but Santos resolved the issue quite quickly. Winnie had a single issue as well and Wendy reported that one of her printers was working better than ever. Some of the default settings needed to be tweaked, as Santos has warned earlier, but overall things went well.

Santos later told Steve that some units had more difficulties. Animal Science was using its own login scripts and no one was apparently aware--consequently, thing broke when the old server was shutdown and it took a while to figure out why. Environmental Horticulture also had numerous issues, but they seemed to be mostly due to lack of testing and support at the local level in spite of Santos's frequent and detailed notifications over the past many weeks.

Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only

Steve had been using this agenda entry for many months to remind folks that the ". IFAS-ICC" email distribution group does not include the broader audience which the ICC-L will reach. Plan your e-mails accordingly. This month Dan Cromer said that he didn't see the need for this and felt that we should be using the ICC-L list because that was archived.

Steve pointed out that the distribution list is archived as well--to a public folder--so archiving wasn't really an issue. Wayne needed a way to reach only ICC members rather than the larger audience subscribed to the ICC-L, however; he often needs to target his e-mails more closely. Steve had always wished for that as well as has been please with how this separation has worked out.

IFAS efforts toward Green IT (previous discussion)

Dan reported that the Green IT plan is now being documented on the UF IT Wiki. You can find that by going there and searching on "Green IT". The plan is described there by a list of eleven bullet items.

Dan said that in discussions with the IT Leadership Team, the next step is to discuss the "who, where and how" of implementing each of these items. Dan believes that some of these items will be set by policy from above and others will be offered as guidance/encouragement. Dan said that he would appreciate feedback either through him or via the ICC so that our views on the matter might be heard and taken into consideration.

Steve asked which of these items might have the largest impact on units and Dan responded that the "Turn equipment off or use power management when not in use" item would require the most local effort in coordinating. We will need to implement local Wake-On-LAN controllers within each subnet because broadcasts of those have been disallowed for security reasons.

Dennis asked how this Wake-On-LAN worked for those wanting to RDP into their work machines from home. Steve recalled that Santos had implemented an opt-out for such cases as it did not otherwise fit into the scheme; Santos had described the overall scheme at a previous ICC meeting.

Dan also mentioned that Elias is working with Dell to try to come up with four packages that would include energy conserving configurations. Dan believes the plan would be to require justification should one wish to buy something different. Dan pointed out that one problem with that is the packages would need to be updated frequently (every 2 weeks to 1 month perhaps) to keep up with progress in hardware innovation.

Wayne Hyde mentioned that Windows 7 will wake up to install updates and other scheduled tasks. A "powercfg -requests" may be performed to see what caused a Windows 7 machine to wake up.

Creating guest GatorLink accounts: singly or in bulk (prior discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (prior discussion)

Steve wants to keep this topic on our radar.

Moving away from the IFAS VPN service (previous discussion)

Steve assumes that moving our VPN to private IP is waiting on Wayne Hyde finding the time to implement.

VDI desktops as admin workstations (previous discussion)

This is another cool service that Wayne has in progress and which is awaiting sufficient time to pursue further.

Wayne's Power Tools (prior discussion)

There was nothing new to report this month.

OU Technical Contact email groups now in use

You should now be getting automatic FSR reports concerning file server space usage (duplicate/large files/etc.).

Computer compliance tool in production (previous discussion)

Update as available...

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

New MPS/DC deployment

Andrew Carey was out last week and has been trying to catch up, but he did report that Francis Ferguson had deployed six servers last week. Ben still has a few left to put out in district two, but he was tied up with other issues and Fergie has been anxious to replace a number of his boxes (as has Bill Black). Andrew referred here to physical deployments only, however. The greater portion of the work is still yet to do, in configuring the machines and pulling over the data, etc. Fergie has a few more to put out before they start on Bill's district.

There were a few issues with the physical servers, mostly related to ventilation. These units draw considerably more power than the old models and therefore produce more heat as well. Some closets needed to be modified in order to keep the new units sufficiently cool.

Milton and Fisheries are the two sites that are completely live on the new server platform using the MPS for print and file services. Early next week Andrew intends to continue to migrate more folks to the new hardware that has been deployed so far.

Core Services status (previous discussion)

Data Protection Manager planning

Andrew reported that Wayne has been very busy setting up the new DPM servers which arrived last week. These are going to be utilized for remote backup of the MPS servers that are now being deployed. Fisheries is backing up currently and Wayne has been tweaking exactly what will be backed up and how often that will happen.

Andrew believes that most all of the remote MPS servers will be able to be backed up to Gainesville via this plan. DPM allows for controlling the rate and timing of such backups to fit around other bandwidth needs. The system is capable of backing up at the block level as well so that when a file is changed only the changes must travel over the wire rather than the entire file; that makes the process considerably more efficient. Utilizing DPM in this manner promises to make IFAS considerably more "hurricane proof".

ePO updates

Wayne Hyde reported via email to the ICC that McAfee had released an emergency DAT to address the "VBMania" mass-mailing worm. Wayne has checked that into ePO and set it to be pushed out to the clients.

Dennis Brown said that he has been getting a lot of complaints from various users that their computers are very slow Monday mornings. Dennis assumed that this was due to the scheduled scans but Steve had thought those Friday night fulls had not been set to "run if missed". Wayne investigated and found that they are indeed being run after a 1 hour delay, so Dennis's assumption was indeed correct. Wayne has provided some methods via tagging within the ePO console to console the timing of scans somewhat, but it is a fact that on-demand scans is going to butt heads with Green initiatives in that machine must be left on in order to scan during off-hours.

Wayne reported that McAfee uses its own internal task scheduler and probably can’t do this, but MSE uses the built-in task scheduler for the end-user scans which can wake up a Windows 7 machine. He guesses it is time to setup FEP 2010 and see what it can do. Here’s how MSE can be configured to wake up from sleep:

Wake the computer to run this task

Status of SharePoint services (prior discussion)

IFAS migrating to centralized MOSS

Steve asked Ben Beach if he could provide an update on this topic. Ben responded that IFAS still plans to move over but they have not yet had those discussions with the UF team. Ben said that the majority of those wishing to migrate have already done so as most are small with less than 200 users. IFAS has more than an order of magnitude more users than that, however (~3500). Ben also mentioned that what we have in place currently doesn't necessarily fit well into their design model.

Steve asked about the funding model. Ben understands that each unit involved is expected to provide $6K per year towards funding the central SharePoint infrastructure. Since the size of units varies greatly, however, Ben isn't completely sure how that is all going to pan out for IFAS.

Ben believes that the best way to handle a migration for IFAS is for us to first upgrade our system to the latest version and then migrate over afterwards. Doing that would require that we get an MSSQL upgrade, however, and that means $$$. Ben mentioned also that he believed UF's design includes a public facing aspect while IFAS currently has intranet access only; Ben isn't clear on how that matter will be addressed but for now plans on our presence remaining intranet only.

Public folder file deletion policies and procedures status

Nothing further was available on this topic at this time.

Patching updates...


The September Microsoft patches will include nine bulletins (four Critical and five Important) addressing thirteen vulnerabilities in Windows, Office and IIS.

McAfee provides podcasts on the highlights of each month's offerings.

Additionally, there has been quite a bit of discussion on the "DLL-preloading remote attack vector". Quite a number of common applications are vulnerable. Actual patching will depend on updates from the many vendors involved, but Microsoft has a mitigation plan that includes installing a tool that enables a new registry key setting to control how applications load DLLs. We could deploy the tool in preparation w/o effect, but will have to very carefully consider things before playing with the registry settings that enable the mitigation. Some applications will be broken apparently, and how serious that might prove vs. the risks of these vulnerabilities is yet to be determined.


There is a new critical vulnerability in Adobe Reader and Acrobat; no patch is yet available.

MS Office News update

As needed...

Job Matrix Update status

This is here as a standing topic--no discussion this month.

Remedy system status (previous discussion)

Steve wants to keep this item on the agendas in order to address potential future concerns.

Other Topics

Multi-function devices

Steve noted that Micah Bolen had posted a question regarding the folder at \\ad.ufl.edu\ifas\scanners. Steve had been unaware of that folder and its purpose, so he asked Andrew to provide an explanation. Andrew explained that this DFS share is used for departments with multifunction devices (copy machines generally) that needed to scan to the network. The printers themselves generally do not understand DFS, as they are often based on a Linux kernel. To get around that they had created a share on the print server with a folder for each department; the scanners could then drop files there directly. The drive mapping for users to pick up their scans was then done via DFS so future changes wouldn't affect the login script mappings--rather only the copiers themselves would need to be updated with a new path.

Steve asked if these departmental scanning folders included subfolder structures or if everyone's scans were generally dumped in the one pot. Andrew said that most used a single folder but added that Daniel Solano (no longer with IFAS) had developed a more detailed structure so that various individuals would have a private location for their scans to reside.

Andrew added that space is limited and those areas need to be kept clean; that has been stressed to the users. Steve asked Winnie Lante if she had ever gotten her copier to scan to the network and she responded that she had tried without success. The copier in question is a Minolta out at Fisheries. Andrew said that scanning to the Fisheries MPS might be a better solution--apart from the issue of not being able to connect at all that is.

Steve noted that the manuals are awful on how to do this and Winnie added that the technician from the copier vendor was clueless in her case. Andrew responded that part of the issue is that every department in IFAS buys a different brand of copier and in many cases doesn't even consult with local IT staff when doing so. In Andrew's experience Ricoh's were about the best; he would recommend considering that make for any future purchases if possible.

Kevin Hill offered to Winnie that he has a Minolta in Immokalee that he has successfully connected. He utilized FTP via a web server, however, so the model he used is a bit different from others within IFAS. The connection is fairly secure, however, because it is locked by IP. Andrew said that they had been creating a service account for copiers on campus and entering those credentials into the copier for access. That account would only have access to that one folder on the print server.

Dennis Brown said that they had their copier configured to send scans via e-mail. The technician for his vendor (CopyFax) has actually been quite helpful in getting and keeping that running. Dennis mentioned that their copier is a Ricoh. Andrew asked if this guy was from CopyFax and Dennis responded he was. Andrew said that this guy was indeed among the best techs that he has dealt with--most are mainly salespeople with minimal technical knowledge.

Phishing e-mails continue

John Wells said he had received a couple of reports from county users regarding phishing attempts; he asked if there was a lot of that going around. Steve responded that this pop up on a regular basis and some are more finely crafted than others. Steve notes that he himself got one later that day from "rcsltd@cogeco.ca; on behalf of; helpdesk@ufl.edu" with a subject line of "PLEASE UPGRADE YOUR ACCOUNT" and a body containing "All GatorMail Account needs to be Revalidated by Clicking this link". This is basically a matter of end-user education. They must continually be reminded that such messages will never be legitimate.

PDF-Xchange (prior discussion)

Updates as available...

Interest in Wordpress blog systems, and photo gallery systems that require PHP and MySQL

Updates as available...

The meeting was adjourned early at about 11:30 AM