Windows 10
SCCM upgrade has not occurred due to issues encountered after moving file locations. IST has some cleanup work remaining before the upgrade (which will make moving Arts workstations to Windows 10 in production feasible) can be scheduled.
Scott and Jameson have Windows 10 workstations installed and maintained via SCCM servers. Cannot apply major patches as that functionality depends on the SCCM upgrade.
Folder redirection will be unified across Arts staff, faculty (including Psychology) with production Windows 10 deployment.
Arts students have a filter applied for folder redirection on Windows 10 PCs. We don’t expect many students will be logging in to both Arts labs (Windows 7) and Windows 10 labs (AHS, 2 Engineering labs, Environment).
Office 2016
Public and language labs are at 100% compliance for Office 2016. Offices have 24 completed upgrades recorded in SCCM outside Psychology and another 17 in Psychology.
Not upgrading Finance lab due to dependencies in software used in teaching (largely Excel addins). We will deploy Office 2016 to Mulham’s PC as its own vanguard group for the lab.
Bill has reported Office 2016 updates hanging on two machines he uses. No evidence or reports of this occurring elsewhere in Arts.
MPS will be upgrading to MS Project 2013, which is expected to require a reinstall if done before Office 2016 upgrade. Keith to schedule with MPS staff.
Joel Blitz has not had Office 2016 issues recently. Problems seem to be related to other software that had been installed on his Macbook Air. Goetz will be getting a new Mac in September. We hope his problems will be solved on the new hardware with fresh software installation.
We have no known reports of new problems. Some issues have been fixed with Office 2016 software updates from Microsoft.
Cygnus2 migration
Migration is complete.
Home drive creation script is running on Cygnus, creating home directory structure on the correct server. We need to move the script to Cygnus2.
Now performing nightly Robocopy to Artsstore1. Sync typically takes 3-4 hours overnight. Will eventually replicate data to Cygnus as well. Bacula is too slow for effective backups: full backup takes roughly 8 days.
Need System Center Operations Manager to monitor DFS status if we want to re-enabling DFS (e.g. secondary copy on Cygnus). We can ask IST to monitor DFS status.
A hard drive on Cygnus had been slow. It has not been timing out since a recent reboot. Two drives on Artsstore1 are predicted to fail. We will purchase replacement drives. Two RAID batteries in Artsstore1 have failed. This failure will affect saving cached data in the event of a power failure beyond the UPS expected uptime. Due to the age of the equipment and the server’s use for nightly backups, we expect replacing the batteries is not worth pursuing.
Snapshots are currently set to use 10% of space
Doris Jakobsh has had quota increased to 250 GB. A few other users were given double our default (new) quota of 100 GB. There is widespread use of N: drive space for storing photos (music and other personal files to a lesser extent). If we can identify high photo space use, we can encourage people to move UW-related content to Waterloo Photos and store personal content somewhere other than a network drive.
Other non-audit issues
Planning to set up a local server for Engineering-written Learn Lock tool to better deal with speed issues seen in initial production test using Engineering server. Will test in a small lab before moving ahead to production use in labs used for exams. Erick and Ray in Engineering Computing are available to assist with getting the local server set up in Arts.
ECH new space is assigned VLAN 5 and the corresponding subnet. IST Network Services does not appear to be interested in amalgamating address space to existing Fine Arts VLAN 161 and corresponding subnet due to a routing/cabling infrastructure issue.
Audit-related issues
First progress report is due to the auditors September 16 for October internal audit meeting.
Psychology servers
Server moves are complete. Michael is aware that any replacement or other new hardware installed in the machine room must be rack mountable.
We can assist Psychology IT staff in specifying and purchasing a Dell server. Virtualization would allow them to replace their existing four servers with a single rackable server.
Change management
Fields for the ACO-CM queue are largely usable as they currently exist. Changes to be requested from IST:
- Category order should be based on severity/priority. Current order is neither alphabetical nor severity based.
- IT assets affected to be replaced with a pair of pick lists for Systems affected and Users affected./
Discussion and proposal of standards for field use followed.
Subject should be sufficiently descriptive to not need to look in the body of a ticket to know whether technical staff need to read the ticket in more detail.
Change implementer should be the person doing the work.
Start and end dates for the change window are the date/time for the period during which the change is put into production.
Documentation should have examples to identify change category. Does IST have examples?
- Software updates would normally be a standard change
- Firewall updates could be standard or major change depending on whether it affects client workstations or servers
- GPO changes should all be logged with an appropriate category
Change description should be a brief business justification (e.g. "move home directories to new server"). A more detailed description of the work will appear in the body of the ticket.
We need to create and follow standards to ensure the information we’re putting into tickets for documentation can be readily located and used as needed when looking for information on past/current/planned changes.
“Plan” fields are small. Depending on the nature of the change, "not applicable", "standard" [to be defined in our procedure], or "do not commit" may be a valid value for minor and standard changes.
Change completed date should be filled in even when it is the same as the planned end date for the change window.
When resolving an ACO-CM ticket, include a description of what changed where in the body of the ticket resolution.
This process may be a good candidate for SIPOC process mapping with Lisa and Murielle.
Data protection policy
Policy 46 creates new class Information Service Providers to better define the role of IT staff in information management.
Dawn and Bob will draft an initial policy after Bob’s return from his research trip in September.
Software development policies, practices
We briefly discussed use of UW's Github service as a generally agreed on location for storing and versioning software ranging from large projects to collections of scripts and reporting tools.
Jameson will be using Git to store the rewrite of Vanguard reporting and management scripts.
User access reporting and review
Share and mailbox access is currently managed through Nexus security groups.
There are a few automated tools for reporting on security groups with some overlap in information. None of our existing tools indicate who made changes.
- Cerbconf provides information on additions only in near real time.
- A Powershell script runs hourly to report on changes, additions, and removals.
- IST's email-based reporting tool provides updates in near real time. Nevil has been added to the recipient list.
Stephen Markan would like to see Sharepoint access move to use Nexus security groups. The current system of Sharepoint-based group and individual permissions is difficult to use for both privilege assignment and troubleshooting access issues.
Logging and reporting
CleanC gathers event and security logs nightly in Arts, including LAPS usage. We do not report on who used LAPS.
The Arts version of CleanC is currently deployed to Arts labs and non-Psychology offices. Deployment to Psychology will be done soon.
We are not currently storing/logging information from Apple workstations or laptops in Arts.
Service contingency planning
There has been little progress over the past month due to vacations and other scheduled work. Some additional information has been added to documentation on the servers in the machine room and services they provide.
Issue tracking policy and practice (RT)
Guidance on recommended use of RT is on the ACO Sharepoint site. For consistency with expectations of our co-op staff and to make it easier to identify recent or ongoing work with clients, technical staff are encouraged to follow the published guidelines.
Use of RT is to help us track our work and identify persistent or recurring issues. There is no plan in ACO to use it as a management tool for all work done by technical staff.
Machine room environmental monitoring and access logs
Environmental monitoring may be a project for the fall term coops if Ethan and/or Jackson are interested. Other potential projects include creation and improvement of scripts we use to manage and report on information related to managed systems.
Dawn has the creation and implementation of log review policy on her to do list. These and the following are lower priority items with respect to the audit so completion in the first quarter of 2017 is reasonable.
Backup practices and documentation
We need to create documentation to meet audit requirements.
Termination tracking
Dawn and Sherry will be looking into this with the Dean's Office now summer vacation season is over. Recent terminations and related work are being tracked in RT to help in developing procedure and checklists.