As part of a project that will be on-going through the summer, CBC Computer Support will move all user and computer accounts from the Chemistry Active Directory to the ASC AD.  This is a large project, and will cause some inconvenience for our customers.  We have the following motivations for performing this move:

• The move is the best way to satisfy OSU computer security requirements for identity management.
• The move will allow CBC to take full advantage of resources provided by the ASC Technology Services Group.  First and foremost is a much better backup system with more depth and security than anything we can afford as a department.
• The move will allow users in CBC to have single sign-on, based on their OSU name.n identities.
• The move will allow us to clean up some lingering problems we have with our current Chemistry Active Directory domain services.*  For example, after the move we will no longer use roaming profiles on Windows systems.

There will be several phases to this project.  Our goal is for most of the work to be transparent to the end user, with only one interruption per research or staff support group.  We will perform the actual user and computer account moves during the last three weeks of July, to give us enough time to work out any post-move problems well before fall semester starts.

*Detail:  The Chemistry domain has existed for almost twenty years.  Due to the domain’s age, and to numerous and sometimes inconsistent policy changes by different administrators over the years, there are systemic problems with group policy, profile management, and other underlying domain mechanisms.  One solution for these problems, (albeit not the only one), is to move to a new domain.

We will have a brief network and partial systems outage at about 5:00 p.m. on Tuesday, March 17th.  During this outage,

• The connection between the CBC network and the rest of campus will be down.
• The internal CBC network will remain up.  However, we will take the opportunity to apply critical security patches and restart the Windows file server winfs.  Therefore, it’s a good idea to close all files open on Windows network shares and log off before 5:00 p.m.
• Access to email will be interrupted, if the system you are using is connected by LAN cable to the network.
• OSU Wireless will not be affected in any way during this outage.

I apologize for the service interruption on a weekday evening, because I know that this will inconvenience users.  However, I wanted to make sure that we had complete access to support from OCIO during the down time.  It seems like a reasonable compromise to do this on a weekday evening over break week.

The CBC VPN service will be unavailable on Monday, 2-Mar-15, from 10:00 a.m. until 3:00 p.m.  We need to reconfigure and test the VPN appliance to work with the new firewall that we will start using in mid-March.  We chose a mid-weekday time to do the work with the hope that we would disrupt the minimum number of users of the service during that time.

Starting on 2-Feb-15, an OpenVPN connection will be required before making an SSH connection from a remote system, (not on the CBC LAN), to a system on the CBC LAN.  This includes access to CBC computers from OSU Wireless.  This change means that remote SSH users will need to perform the same prelude action that Remote Desktop users have had to perform for the last year.  OpenVPN clients are available for Windows, Mac OS X, and Linux users.  See this wiki entry for brief instructions on how to download the client and access the VPN server.  Computer Support staff are available to assist anyone who has a problem using this service.  Once connected, one can simply use SSH the same way it was used before.

VPN doesn’t provide more cryptographic security than SSH.  The advantage with the new arrangement is that we are directing all of the network attacks to a single hardened host.  Another advantage is that once an OpenVPN connection is established, a remote user of linux can connect directly to a system running an SSH server, without having to use linuxfs as a intermediate connection point.

The Windows file server winfs became unresponsive this morning at about 10:30 a.m. We were forced to restart the system to restore service. We apologize for the inconvenience.

-JD Wear

We need to perform off-line maintenance on a number of computing services in CBC before the semester begins. We will start work at 5:00 p.m. on 15-Aug-14. We will end all work by 12:00 midnight that evening, if not before. I will send out an email to all faculty, staff, and graduate students if our work is complete sooner than midnight.

We apologize for any inconvenience this will cause.

Yours, JD

We need to service the power conditioner in our backup server room. We will need an electrician on-site, so an after-hours downtime is difficult to schedule. We do not believe that the power outage in the backup server room will affect most users. However, please be aware of the slight possibility that some services will be interrupted on the afternoon of 20-Jun-2014, after 3:00 p.m.

Exchange email services, as well as the College of Arts & Sciences website, have been unavailable since about 2:45 p.m. this afternoon.  I just received information that there is a problem with the perimeter firewall maintained by the ASCTech, the college IT group.  Staff from that group are currently working on the problem, but I have not gotten at ETA yet.  If I learn more before service is restored, I will update this post.

– JD Wear, 21-Feb-14, 9:00 p.m.

We must perform maintenance in both CBC computer server rooms starting at 6:00 p.m. this coming Friday, 17-Jan, and ending by midnight that evening.  Because we will load-test the UPS units in both NW2109 and SL2097, customers should expect total loss of connectivity to all file, print, and web services during this time.  We strongly suggest that you close all open files, checkpoint batch and long interactive compute jobs, and log off before 6:00 p.m. on Friday.

List of tasks to be performed during this maintenance period:

• Security updates on all servers
• Load testing of all UPS units in NW2109 and SL2097 to find failing batteries
• Addition of several new storage elements to serve VSphere and Linux

All computer services in CBC, including networking, file, and print services, will be unavailable on Friday, 5/31/13 from 6:00 p.m. until midnight. During this time we will apply patches and firmware updates to almost all servers and switches. We will also do physical maintenance including UPS battery testing and replacement.