Chris Grossi (Client Engineering) gave the following announcements:
Brown’s contract with Sophos ends in October and will probably not be renewed. We are thinking of moving to Microsoft Security Essentials. The ITSC group is working on a Casper uninstaller for the Macs that have Sophos already installed.
Brown is upping its concurrent Sibellius licenses to 50. However, the server can only run one version of Sibellius so we will need to upgrade to v. 8.
CIS cluster computers will be updated to Windows 8 and we will probably mount home folders for students so that they can save their work.
Windows 10 update: VPN is still problematic as the F5 folks have not released a Win 10 compatible client. Some users who did an upgrade in place are experiencing network issues. Those who have wiped their HD’s and done a clean install seem to be okay.
Folder redirection is on hold and under review.
Client Engineering hopes to present at the October DCC meeting.
Wendy McRae-Owoeye (Director of Diversity and Inclusion, Office of Institutional Diversity) and Amanda Walsh (Title IX Program Officer) spoke to the group about the upcoming on-line training: Preventing Discrimination and Sexual Violence: Title IX, VAWA and Clery Act for Faculty and Staff. They will share the link to the training so that we can try it out to anticipate any technical difficulties our users might encounter.
David Sherry, CISO, talked about privacy and security issues at Brown and what his group is involved in (often behind the scenes). His slides can be viewed on the DCC Presentations Page
Chris Grossi – Announcements
- Margaret Doll’s final meeting – retirement!
- DCC BBQ in July
- Adobe Software for Brown Owned machines, close for home use and students. Email Chris if interested in testing on personally owned computers.
- Access based enumeration coming 2 weeks from today. Feeling good, but want to wait until after commencement.
- New image for 7450 laptop. Updated Dell Premier page coming soon.
Catherine Zabriskie – Academic Technology / Ron Dunleavy – Media Services
- Goal is consistency for classrooms (and event spaces) across campus.
- Sayles Hall and Pembroke were recent large projects
- Sayles Hall typically had audio issues
- Issues have since been solved with upgraded audio system.
- Pembroke 305 also had audio issues.
- Display and audio have been upgraded and are now working flawlessly.
- Pembroke can be booked by all, but do charge for cleanup.
- Want rooms consistent for faculty to be comfortable setting up and running.
- Consistent A/V also allows for better maintenance and troubleshooting of problems.
- A/V renewal is on a 4 year upgrade schedule.
- Ron will work with departments for spec’ing A/V hardware for department spaces.
- “Flipping” is a new style of teaching where students ingest content prior to class meeting allowing for more discussion during class. Multiple displays throughout the room allows different projection needs.
- Wireless projection is appearing in multiple classrooms.
- To maintain consistency, VHS has finally been removed from media spaces.
- Catherine can help assist in getting VHS media transferred to a more modern format.
- Catherine is going to poll the community at large about technology in teaching spaces to help get all A/V equipment across campus on a 4 year update schedule.
- Add wireless speedtest.net results in the classroom as well for networking sake.
Doug Wilkinson – Networking
- Upcoming summer projects
- Just hired Pat O’Leary, the new “Don Wright”.
- Equipment refresh on distribution nodes. Fully redundant which avoids downtime.
- Edge switch updates cause downtime for about 8 minutes. Usually run between 6AM and 8AM.
- Networking should be alerted about special, research hi-bandwidth needs for improved performance.
- Networking will work on published schedule for updates.
- Please alert networking of “unavailable” upgrade dates.
- Most upgrades will take place during the summer.
- DNS hardware upgrades coming this summer, but have redundancy.
- Load balancing this summer.
- VPN’s will be upgraded this summer, also redundancy.
- Network Security Zones coming to wireless and VPN.
- Wireless will come sooner than VPN.
- Grouper graduate student group will be moving to the campus security zone.
- VPN is going to switch from LDAP to AD groups via Shib for authentication.
- “Next Generation Wireless Conversion” still moving forward for dorms.
- Philo is the new system for TV at Brown over wireless.
- Management platform that watches every ethernet port which shows which ports haven’t been used in over 1 year.
- 50-60% of ports haven’t been used in over 1 year.
- Hoping to be able to minimize ethernet ports in the future, causing less edge switch update needs.
- You can submit need requests to be considered for priority edge switch replacement needs.
Chris Grossi – Announcements
• Workday will be updated this weekend – Workday will be down for 3 days. Mobile App will also be updated.
• Confidential announcement from Chris – good news coming soon from Ravi! Enterprise Agreement with Adobe
• We have a new Dell Rep – Mark Soloman – Replacing Joe Flynn. Please send any Dell feedback to Mark.
Chris Grossi – Next Generation Desktop Computing at Brown
• Ravi would like Client Engineering to ramp up desktop management as a campus wide service. Includes SCCM and folder redirection to Isilon.
• SCCM on Windows and Casper on MAC for desktop management.
• No good Linux option yet.
• SCCM gets installed automatically when a machine gets put in AD – This is not mandatory – you will need to opt in for this service.
• CIS will be up and running in March, and the rest of campus will be available in April.
• To opt in for desktop management, users will be asked to baseline their machine, which basically means reformat and put on the Brown standard image. SCCM will then get installed and download/install the standard software – can have department specific configurations.
• Encryption will be an option.
• Working group has been set up for every other Friday afternoon to work through issues creating install packages for SCCM. Talk to Chris to be part of this group.
• Casper – pre add to AD and pre-add to casper for out of box machines. Once enrolled in casper – task sequences will automatically install software that has been pre-configured ahead of time
• Chris gives live demonstration of folder redirection and SCCM functionality on laptop he has not used.
• Interaction with the computer only takes about 7 minutes, but software installation can take a couple hours depending on what needs to be installed
• This approach provides consistency across workstations – fewer updates and less interaction needed for new machines or rebuilds.
• Offline files will be turned on by default on machines that have batteries (laptops) – Microsoft sync will keep files cached on the device.
• Desktop, Documents, Music, Pictures, etc are redirected
• Only available for Windows 7 at the moment, but Windows 8 will be available soon, but not for a while for Windows 10.
Audio Notes and Stephanie Obodda’s slides on Kayako (The Remedy Replacement) can be found here.
Chris Grossi- Announcements –
Macintosh OS X 10.10.2 is Ok to now download. Wifi issue seems to be resolved.
FileMaker Pro 13 is now available to download to all.
Acrobat 10.10.3 ready to download.
Software.brown.edu page has new log in options. Check it out!
John Spadaro , Deputy CIO came by to discuss 2 factor Identification- only 130 people are actually using this now and he would like to see a lot more as this is a great protection against hacking!
Listen to the audio for more details on 2 factor identification and how it applies to groups, types of phones etc.
Also John mentioned about the changing of passwords and how most have changed but there is still a list of folks needing to do so. Stephanie Obodda has the list and will send out.
Jeff Clark and Stephanie Obodda talked about Kayako!
This will be the new replacement for Remedy. It is leaner, cleaner and easier to use. The system has greater flexibility and also will have an integrated database with solutions to common questions. It also has the ability to manage multiple tickets at once as well as a chat feature, reporting and a mobile app. For more info take a peek at the slides in the link above.
See you in March for a meeting devoted to Desktop Management with the Client Engineering Group in Room G01 Smith Buonanno.
notes by pm
- Replacing Remedy Incident Tickets possibly with Kayako
- Folder Redirection and Offline Files – By March
- Contact her if you’re looking for assistance with password resets.
- IPTV for Students and Staff – tv.brown.edu
David Sherry – Covering 3 Items
Item #1: Identity Finder – Department Managers already saw tho presentation.
What is the most sought after info?
- What we can do:
- Do not store unnecessary SSN.
- Have all necessary SSN approved by the DPCRM Committee.
- Install and run Identity Finder.
- Address and PII.
- Continue to run periodically.
When running Identity Finder, it almost always finds PII. There are a number of options for controlling PII once found.
- Focused awareness message on IDF throughout the spring.
- The goal is to have IDF on all faculty and staff machines.
- Support will be available from the Service Center and brown bag sessions by the ISG.
- One page checklist is available.
Item #2: Notification and action on compromised accounts!
Majority of compromised accounts were first year undergrads.
How does the ISG find out?
- End user is locked out of their account.
- Google locks account.
- User alerts ISG or Service Center
- Brown receives phishing emails from a Brown account.
- Google notifies of suspicious activity.
What does IGS do?
- Notifies the CAP to lock the account with a passkey.
- The CAP contacts the end user offline, or the end user calls the IT Service Center.
- The account is re-opened, passwords changed, and support is provided.
- Fast response to phishing attacks.
- Reduced phishing messages in our domains.
- Reduced amount of compromised accounts.
- Small battles with scammers.
- Some password change “collisions” with pro-active end users.
How can you help?
- If one of your end users contacts you about a compromise, let ISG know.
- IGS is pleased to see the quick and accurate response from the university technical community, but the collisions do occur.
- The end user is under enough duress, and the ISG doesn’t want to create more!
Item #3: Faculty access when departing!
What does this mean?
- The departing faculty member retains all access for six months after they depart.
- HR request for removal of certain services
- OGC request for removal of certain services
- Department Chair request for removal of certain services
- A ticket can be opened to the CAP, for routing to the CISO for review and approval.
ISG will once again celebrate Data Privacy Month!
January 28-Februrary 26: 3 movie screenings and 2 Brown Bag talks!
Microsoft Rep – Kofi Bawuah
Q&A about live tiles.
Windows Platform Convergence Journey
- One universal app platform
- One security model
- One management system
- One deployment approach
- One familiar experience
Touch will become more prevalent for every experience making live tiles a more pleasing experience.
Windows 10 will have a Start Menu (similar to Win 7) that features Live Tiles. If booting without keyboard and mouse, it can boot to regular Live Tile screen.
Ability to use modern apps in full screen or as standard windows.
Ability to use multiple desktops.
- Wipe-and-Load (Clean install)
- In-Place (Update)
- Apply a provisioning package to off the shelf hardware to setup with apps and settings.
3 Paths for updates: Consumer (standard updates), Business (delayed updates), Mission Critical (Long term updates).
For an audio presentation of the meeting please click here.
Here is the latest from Artist/Deputy CIO John Spadaro
No Announcements at today’s meeting. Joint DCC/Sys Admin meeting.
John Spadaro came to speak about IDM
OIM = Oracle Identity Manager
Oct 17th- Oct 20th – BRU goes down as well as Myaccount. Myaccount will resurface with a new look on the 20th. Much easier to use and much more useful!
Kerberos and Google systems will remain in place and be OK. No need to panic.
Listen to the recording for more detailed information. You may need to put the volume up a bit to hear properly.
See you next month!
Please feel free to download an audio recording of the meeting.
I. Stephanie Obodda is now reporting to Ravi. Christine Brown is now handling customer service concerns.
a. Stephanie is interested in hearing about common questions. Could CIS be providing more documentation or communication? Please forward these issues to Stephanie.
b. CIS is trying to be more proactive rather than re-active with regards to communicating and staffing.
c. IT documentation – New knowledgebase has been set up to be a documentation store. Links from service catalogue are being updated to point to this new site. Users can log in to leave feedback on articles or add favorites. http://brown.edu/go/kb
d. October 20th Identity management system will be replaced. Most people will experience this change as a facelift to My account and directory.brown.edu.
e. Stricter password policy for new accounts. Eventually everyone will have to update their passwords in the new system.
II. Doug Wilkinson talks about Wireless
a. Hardware upgrades happening behind the scenes.
b. “Headless” devices such as apple TVs, wireless printers and wireless projectors will be able to connect.
III. Nancy Magers talks about the EMC Isilon Scalable NAS solution to replace the windows files servers.
a. Brown has purchased 5 nodes that are replicated to 5 nodes at a disaster recovery in New York.
b. We currently have half a petabyte of storage on the system.
c. CIS would like to see profile data backed up to the new storage system, rather than an external hard drive attached to a user’s computer.
d. CIS is not charging for this service, and they will now accept academic, administrative, and research data.
e. Profile folder redirection will be available soon.
f. Access Based Enumeration will ensure that you only see folders that you have access to.
g. This file system is recoverable at any time, and the failover is tested quarterly.
h. No backups are run. Only Data Replication and VSS snapshots that run every hour for 48 hours, every day for 6 weeks, and every month for 6 months. Right click and recover through previous version tab.
i. 100GB will be the standard quota for users using profile redirection.
j. Shared and User shares will have their own separate quota. This can expand up to multiple TB to accommodate needs. Automatic warning notifications when the quota is getting close to being reached.
k. Folder mapping for Windows machines can now be done automatically through group policy security groups rather than Kix and BAT files.
l. Files.brown.edu will still work as expected.
m. Departments can pick the date of the migration and coordinate with CIS/Nancy Magers.
n. The process for the migration includes taking down the existing windows file share at midnight the night before the migration, running final robocopy and file comparisons, dialing in to a phone bridge at 6am to verify the migration is good to go, turning on the new shares then testing access, permissions, and mapping. An email is then sent out to all affected users indicating that the migration is complete.