Present: William Dougherty-NI&S, chair and scribe; Jean Plymale-CTSSR; Ted Leinhardt-CCS; Wanda Baber-SS SMT; Brain Long-SETI QA; Jeff Kidd-CNS PR; Joyce Landreth-UCS; Mike Moyer-DCM; Kevin Davis-UCS; Brain Jones-CNS; Philip Kobezak-ITSO; Karen Herrington-IMS.

 

 

NI&S QA: I have added our three Network Operations Center diagnosticians to the SAMS calendar editors, and am working with Michael Hodge on a Google form the operators can use to post notifications about unplanned maintenance events.  Michael and I will work with Kevin Davis and Jason Hubbard to integrate the form output with system status on computing.vt.edu and ServiceNow.  We'd like to have a prototype to show you before August.  I respectfully suggest that Michael Hodge be included in the monthly SAMS meetings.

 

SETI QA: From SIES: Changes were made to our SSL/TLS cipher suite configuration for the VTCA certificate request and enrollment website.  Mozilla has made changes in the Firefox 39 release that include the following to address the logjam vulnerability. Secure Connection Failed - SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) 
https://support.mozilla.org/en-US/questions/1065417  Disallow connections when the server uses a DHE key that is too weak  https://bugzilla.mozilla.org/show_bug.cgi?id=587407 

Firefox 31 ESR is going away next month.

 

CCS: Cumulative update #9 will be done starting this weekend on one front-end server. A new SSL cert and some SSL hardening will also be performed.

VT Exchange SSL Hardening

 

On Saturday, July 11th at 5am-7am the VT Exchange front-end servers will deploy new “weboutlook.vt.edu” SSL certificates and make certain SSL hardening changes to bring VT Exchange into current IIS best practices.  The load-balanced front-end servers will be stagger deployed with no expected user impact. Next weekend July 18th, second front-end server will be done.

Also July 20th some user accounts will be moved to a new server as servers are patched. One server per weekend will be done. Intention is to finish before school starts.  

 

Today, we will be demoting (and disjoining from the domain) Threedog as a root DC of the Hokies Active Directory.  Previously (July 4), the IP addresses of threedog and sawbones (the new Hokies AD DC) where swapped so firewall/ipsec rules should not need to be modified.

 

No down time is anticipated and no follow-up announcement will be made.  When completed, all Hokies AD root DCs will be Windows 2008 R2.

 

As always though, machines that have cached Threedog as their domain controller or are programmed to use Threedog as primary DNS server may experience delays during logins and queries.

 

 

 

NI&S SS SMT: Maintenance outage due to the fiber connection loss between AISB and Cassell. Systems will start going down around 11pm. This is to preserve data integrity. List follows:

wl-prod-1.db.vt.edu Banner prod web
or-crash-1.db.vt.edu DBAA crash and burn test
db-rest-1.db.vt.edu DBAA restore test systems
or-dvlp-2.db.vt.edu OR-develop standby
or-prod-2.db.vt.edu OR-prod standby
wl-prod-3.db.vt.edu Banner prod web
wl-pprd-1.db.vt.edu Banner preprod web
wl-dvlp-1.db.vt.edu Banner develop web
banner2.db.vt.edu Banner standby
whprod2.db.vt.edu Warehouse standby
pg-crash-2.db.vt.edu DBAA Postgress crash and burn
cas-3.middleware.vt.edu CAS prod (1 of 3)
brinefly.cns.vt.edu - NI&S Wiki (standby)
chigger.cns.vt.edu - Pre-prod NI&S Wiki
elmidae.cns.vt.edu - VTAlerts DB (standby)
harlequinbug.cns.vt.edu - NI&S Wiki replacement (standby; not in production)
leafcutter.cns.vt.edu - Mongo-DB
lunamoth.cns.vt.edu - NI&S Load-Balanced Applications (not in production)
phoridae.cns.vt.edu - Ghiza DB (standby)
stonefly.cns.vt.edu - Pre-Prod PostgreSQL Databases (standby)

Canoe.cc.vt.edu (TSM backup service)

 

 

 

On Sunday, July 12, 2015 maintenance work will be performed to try to mitigate the SAN outage issues that have recently occurred. Firmware microcode upgrades will also be performed on one of the network switches on the two IBM Blade chassis that were in scope for the failures. Work will begin around 8am.

 

Google Groups: beginning next week, list owners are being asked to not make changes to existing lists so migration can begin. July 13th. Feature migration will begin so settings will be similar when the groups begin life. Some user intervention will also be needed. Forwarding on the list will be set for a time with a message telling sender that a new address is in action.

 

Class lists are different. A Web page existed to allow professors to create class listserv lists using Banner data. Banner Student team will change the interface, but Google Groups will be pre-created before each semester. Once a year there will be a cleanup effort to ensure the lists do not linger. What can Canvas do? TLOS chose not to take offer class listservs, so Google Groups will exist until or unless TLOS decides that Canvas can do this internally.

Mass email solution pending.

 

CNS: Fiber cut fix coming tonight after midnight. Moss Arts Center cabling will be affected working on Pearson.

IPv4 addresses are very scarce and will no longer be handed out willy-nilly.

DCM: August 16th plan is to do a generator load transfer test on all generators