IMG_20151128_145512.jpgIMG_20151201_165220.jpg
In attendance: William Dougherty, NI&S-scribe and chair; Kimberley Homer-NI&S QA; Richard Quintin-DBAA; Allen Campbell-Enteprise Systems; Jeff Kidd-CNS PR; Mike Moyer-DCM; Tim Rhodes-NI&S UAS; Susan Brooker-Gross-IT Policy and Communications; Steve Cox-CCS; Joyce Landreth-UCS; Wanda Baber-NI&S SMT; Laurie Zirkle-NI&S App Admin.; Daniel Fisher-SETI; Brad Tilley-ITSO (via telephone); Brian Jones-CNS; Bill deWindt-TLOS
SAMS as A CAB: Comment received from member–>
Since CAB discussions will require people with broad and deep understanding of impacted systems, we may not have exactly the right people in the room by default; the agenda for SAMS should be widely broadcast in advance to ensure (a) the right people can attend or (2) the right people can be consulted in time for the meeting, or (c) we can figure out who the right people are.
I mention this because the agenda, to date, has been submitted inward but not widely broadcast outward before the meeting.
SETI QA:
ED-LDAP TLS Configuration Changes. Daniel Fisher will be joining us to discuss. ED LDAPs support a lot of SSL and TLS cyphers. Trying to eliminate versions that may have bugs. Dev and PreProd have been configured this way for over 6 months so the change, scheduled for February 2016, will emulate that environment. Following a NIST 800 doc from ITSO. There may be issues with vendors not supporting newer cyphers. Browser failures (refusal to connect) will occur if weak cyphers are in place. Should we have a central document for this? Brad just emailed the NIST doc to the group.
TLOS:
TLOS has no agenda items for this month's meeting. The last code update to Scholar was performed on the fly several weeks ago and we don't have anything on the radar until January. The changes in January will not impact users in any way, they are merely additions to the tools to make the transition to canvas smoother.
New entry:
As is par for the course in IT, the landscape has changed since I replied to the group last week. TLOS now has 2 things on the radar that crept up last week.
First, on December 17, in the early hours of the morning we will be migrating, in coordination with DBAA, the LTPROD database from the Oracle cluster onto the TLOS Oracle servers. This was planned for this date due to the fact that it will impact NLI and SPOT for a brief period of 10 to 15 minutes. As always, an automated outage message will appear to any users trying to access these applications during the brief window.
Second, on January 9, 2016 Echo360 will be offline for approximately 4 hours while the TLOS SNO team applies a critical patch that came up. It will be a rolling upgrade across our servers and we hope to not interrupt service for users since that application is clustered, but as always something unexpected can occur. This is being done mainly to support a new application use for VetMed but also to prepare us for the forced migration onto Echo's cloud services this summer. We must be at SP8 for that to function properly and the winter period is the only timeframe that works. No impact on Wintermester.
Lastly, and somewhat off topic, a minor heads-up. Bill may not reply to emails quite as quickly for a few weeks. He is being relocated from Torgersen Hall to AISB so I'm basically using only my laptop at the moment with all my office machines now shutdown as we work out details of my move.
Both Scholar and Canvas will be implementing DUO early in January.
NI&S App Admin:
The NI&S Applications Management group is asking OEM for permission for a 5am-7am window on Tuesday, December 22 to patch and reboot the 9 VTAlerts servers under our care. I will update the group on the decision. (The AM group is allowed 5am-7am Tue/Thu maintenance windows on VTAlerts with at least a week's notice and permission from OEM.)
This is what was sent to the vtalerts-maint email address and describes which VTAlerts applications will and won't be impacted.
The following VT Alerts channels will be unavailable for 90-minutes on Tuesday, December 22, 2015 starting at 5:30am:
Policy Group Alerts
VT Email
Desktop Alerts
Classroom Notification Signs (both test and production)
The following channels will be available for use throughout the maintenance window:
Telephone
SMS
Non-VT Email
Additional maintenance from the NI&S Applications Group:
Scheduled maintenance on database and application servers will be performed on Friday, December 11, from 6:30-7:30am. The following applications will be unavailable during the service window: Network Management Application, cerberus, eco client, kestrel, icic, tws (passwod reset over phone), uc design, cdr, pmportfolio
Dates still TBD: DNS servers need to be replaced physically between now and start of Spring Semester. Should not be impactful and down time will be minimal, but needs to be done.
DBAA:
DBAA will migrate the PROD database HA IP address (prod-ha.db.vt.edu) behind the F5 load balancers on Dec 13. See the SAMS calendar for additional details.
New IPv4 addresses on Virginia Tech networks
Network Infrastructure and Services (NI&S) recently publicized receipt of new IPv4 addresses. Following are details of the initial implementation.
Beginning January 7, 2016, NI&S will allocate the new IP blocks as ‘outside’ addresses in our border Network Address Translation (NAT) service pool as follows:
• Residence Hall NAT (wired and wireless)
o hil-nat-a1 45.3.96.0/19
• Academic NAT (wireless and privately address wired)
o isb-nat-a1 45.3.64.0/19
Action recommended for system administrators between now and January 6, 2016:
• assess your system and host security posture to determine if adjustments need to be made. This may include updates to your system firewall rules
References and announcements posted to computing.vt.edu (search for IPv4) will be refreshed continuously as this process unfolds. Please check for updates from time to time.
CCS: MS critical DNS patch was released yesterday. Hokies DNS likely to be patched Saturday, Dec 12, beginning at 5am.
CNS: Continuing to update/patch, through normal maintenance windows all switches.
DCM: (Brought show and tell; capacitors from the UPS). "B" feed UPS failed and was in bypass for over four days due to capacitor (cap) failures/shortages. All caps in the unit have now been replaced. Recommendation is to replace very 5 years or so, which means there will be periods upcoming of bypass required.