Informatics Forum Power Down – 14th April 2018

(This is just a copy of the mail I sent to staff and students earlier in the week but with an additional item about the need to turn off self managed and admin office machines).

As previously advised, work being carried out in connection with the new student centre means that there will be no mains power in the Forum on Saturday 14th April. This will result in the majority of Informatics IT services being unavailable. Affected IT services will be shut down late on the afternoon of Friday 13th April. If the current UCU Action Short Of a Strike is still in place, services will be restored on the morning of Monday 16th April. If the dispute has been resolved most services should be restored on the Sunday.

During the period of the power down, the following services will be unavailable:

The following services will remain available throughout the power down period:

  • www.inf.ed.ac.uk
  • web.inf.ed.ac.uk
  • Home directories
  • Mail, both incoming and outgoing.
  • student.compute.inf.ed.ac.uk
  • nx.inf.ed.ac.uk
  • student.ssh.inf.ed.ac.uk
  • Printing in Appleton Tower (cloud queues only)
  • Computing.help.inf.ed.ac.uk (where any changes in status over the period of downtime will be notified)

DICE managed office machines will be shut down automatically shortly after midnight but all other self-managed office machines should be shut down by their users in advance of the power going off. Managed Windows desktops in admin offices should also be shut down before going home on Friday.

If you have any questions about any of this, please contact computing support using the support form linked from the front page of Computing.help.inf.ed.ac.uk.

Posted in Uncategorized | Leave a comment

More Clouds on the Horizon

Over the next couple of weeks, inhabitants of the Forum will note the appearance of new Xerox MFD’s in the South West printing areas of the forum. These are mono devices which also function as photocopiers and (colour) scanners. The Forum dweller may also spot that the existing Xerox MFDs in the North East print areas are beginning to sport small grey boxes and may suspect that these changes are to do with the long heralded arrival of cloud printing in the Forum. They would be right in that suspicion.

Since we have agreed to postpone the deletion of the existing direct print queues until the end of the second semester, the conversion to cloud enabled devices need have no immediate effect on how Forum users collect their printouts. Jobs sent to the old queues will print out without any further action on the user’s part. What will change though is the procedure for photocopying and scanning. Once a device has been cloud enabled, users must tap their University ID card on the device reader (the small grey box mentioned earlier) before they can photocopy or scan. One benefit of this is that when scanning, the user’s email address will be automatically set up as the default destination for the scan, though the address can be changed if required.

When a user taps their card against a reader for the first time, they may be asked to indicate which account they wish to associate this card with by typing in their user name and Active Directory password. This should only be necessary once. If you don’t know what your AD password is, please contact support.

If you have not needed to pay for printing within the School in the past, please take the time next time you are passing a cloud enabled device to tap your ID card on the reader, enter your account details if necessary, and check how much free print quota you have credited to your account. If it’s not in the region of £500, please contact support in the usual way.

Posted in Uncategorized | Leave a comment

Change Freeze during strike action from 23rd February 2018 to 21st March 2018

In order to minimize the risk to computing facilities during the strike action there will be a ‘change freeze’ for those computing systems managed by the School’s computing staff. This will be effective from Friday 23rd February to Wednesday 21st March (or the end of the industrial action).

Obviously there may be some business critical changes required – these will be referred to CEG (Computing Executive Group) for approval. Should all CEG members be on strike (or otherwise unavailable), Martin Wright will be consulted to determine the business criticality of any proposed change. He may chose to confer with others.

I hope that you understand and support my reasoning behind introducing this freeze.

Alastair Scobie (Head of Computing)

Posted in Uncategorized | Leave a comment

Cloud Printing in Informatics – an Update.

Last year I wrote an article extolling the virtues of cloud based printing and announcing the intention to extend the use of cloud printing to those parts of Informatics where it was not already available. With one or two exceptions, this proposal was greeted with some enthusiasm and so over the next few weeks, the Xerox Multi Function Devices in the North East corners of the Forum and the Wilkie Building kitchen area will become cloud enabled. One part of the proposal that caused some dismay was the prospect of only having one printer on each floor of the Forum and so it’s been decided to locate A4 mono cloud devices in the South West corners of each Forum floor and in the ground floor reception area. These devices can also act as mono photocopiers and colour scanners.

For the moment the existing print queue names will continue to work but the intention is to disable these queues on the 1st of March and only have cloud queues within Informatics.

The one exception to this is for printers in admin offices. Though the introduction of cloud printing removes the need for these devices, the intention is for them to remain, at least until they irretrievably break down! These printers will continue to use their existing queue names since they can’t be cloud enabled.

Since the cloud print queues need to associate print jobs with your University UUN, the printing setup on non-DICE machines may need some adjustment. Full instructions on how to do this will be provided on computing.help before the switch over. Arrangements to provide Informatics staff and research students with a suitable amount of free print quota will also be in place by then.

If you have any questions, please leave a comment.

UPDATE: We’ve agreed to delay turning off the existing print queues until after the end of the current semester. This will afford you all an opportunity to compare both printing methods side by side, though you may of course find yourself waiting for your cloud print job while a job sent straight to the printer prints out!

Posted in Uncategorized | 13 Comments

Forum network switch upgrade

We will soon be replacing all existing 100 Mb/s network switches in all of the Informatics Forum IT closets with new 1Gb/s switches.

There are 17 IT closets in the Forum, each of which provides networking connectivity to its nearby offices. Typically, each closet contains three or four 100 Mb/s switches – so there is a lot of work to be done, and the entire programme will take some time.

We will be doing this upgrade one closet at a time, and we will make announcements via email to let you know when any particular closet is being worked on.

The switch replacement means that network connectivity will be temporarily lost for machines which are served by 100 Mb/s switches in the closet being upgraded. Typically, this means that network connectivity will be temporarily lost for machines attached to either the blue or red network cables which appear on desks in the Forum. Network connectivity should never be lost for machines attached to the grey cables on desks: those are already connected to 1Gb/s switches.

The end result of this work will be that all wired network connections in the Forum will run at 1Gb/s – the only remaining 100 Mb/s connections will be those used for the VoIP telephones.

The new switches also give other advantages: amongst other things, they allow us to implement better network security, and they allow us to implement IPv6 on all Forum subnets.

We apologise in advance for any disruption this work will cause, and thank you for your patience.

Posted in Service Update | Leave a comment

Forum UPS work on Saturday 3rd

The Forum server rooms are covered by a pair of Uninterruptible Power Supplies (UPSes), one of which has developed a fault in its interface to the outside world.  As a result we can neither query its status, nor expect it to signal machines to shut down when the power goes off.

UPS Repair Man came on schedule on Saturday 3rd. He turned the faulty unit off, took it apart, and put some new cards in it. Unfortunately he then struggled for the rest of the day trying to get one of those new cards to recognise the specific model of UPS we have. As a result, he couldn’t start the unit up with those new cards, so he eventually stripped them all back out again, replaced the old ones, and brought the faulty unit back up in the same (faulty) state as before. He’s off to consult his base now.

On the minus side, we’ll have to go through some of this again once they get an idea of what to do next. On the plus side, turning the faulty unit off didn’t appear to cause any problem for the working one (other than to have it flash a fault light, which is apparently a firmware bug!), so we may be able to do the process on a normal day next time assuming we can find enough load to shed.

Posted in Uncategorized | Leave a comment

Virtual DICE updated

There’s a new version of Virtual DICE, our lightweight DICE-like virtual machine. Here’s how to install it on your own computer.

We release a new version of Virtual DICE twice a year. This version has the hostname sensa. It runs Scientific Linux 7.4, as DICE machines do. This version works better with Windows 10.

To move from an earlier version of Virtual DICE, please export whatever files you want to keep (for example, copy them to your AFS home directory) then delete it and install the new sensa version instead.

To find out more read the Virtual DICE help pages.

Posted in Uncategorized | Tagged | Leave a comment

Suspension of inactive DICE accounts

As a measure to increase the overall security of our systems, we will shortly be introducing a policy where DICE accounts are suspended if they are inactive for 180 days. Please see here for details:

http://computing.help.inf.ed.ac.uk/account-inactivity-suspension

If you have any questions concerning this, please contact support in the usual way.

Posted in Uncategorized | Leave a comment

Keep Safe

Recently we’ve been patching the DICE and Windows managed desktop computers to mitigate the Meltdown and Spectre attacks. We’ll continue to apply patches and fixes as they become available.

If you use any other sort of computer in Informatics, it’s up to you to keep it updated with the latest fixes. See meltdownattack.com for a comprehensive list of links to security advisories from affected companies.

It’s usually a good idea to configure the operating system to automatically install the latest recommended fixes. This Microsoft page explains how to configure automatic updates for Windows 10 and for Windows 7, and this Apple page explains how to do it for Macs. Linux distros have their own arrangements, but for example this Ubuntu page explains how to configure automatic updates. Phones should also be kept up to date.

Posted in Uncategorized | Leave a comment

groups.inf web server upgrade

The web server that hosts the groups.inf.ed.ac.uk web site (and various others) is one of the last to be upgraded to SL7. I had hoped to squeeze it in before the end of the year, but it will now happen on Friday January 12th 2018.

The groups.inf web server actually hosts multiple sites, the main ones being (groups|conferences|workshops).inf.ed.ac.uk, but see the complete list at the end of this post.

The upgrade will change the version of Apache from 2.2 to 2.4 and, as with the homepages upgrade, this may require some changes to .htaccess files if you use them. As these files will be accessed (at least for a short time) by both the SL6 Apache 2.2 and then SL7 Apache 2.4 servers, then you need make the changes conditional on which server is
parsing the file or you will get errors.

I’ve already searched for .htaccess files that could be affected, and edited them to use the new directives, eg if you had an .htaccess file that had:

Order allow,deny
Deny from all

Then it will now look like:

<IfVersion < 2.4>
Order allow,deny
Deny from all
</IfVersion>

<IfVersion >= 2.4>
require all denied
</IfVersion>

# neilbSL7

The # neilbSL7 is just a marker I used to record that I’d updated the file. For a list of changes when upgrading from Apache 2.2 to 2.4, see https://httpd.apache.org/docs/2.4/upgrading.html.

Other Changes

SSI expressions have also changed, but the old behaviour can be enabled with SSILegacyExprParser on in a suitable .htaccess file. I’ve actually made this the default for groups.inf to aid transition, but would like to turn it off at some point in the future.

The PHP version will also change from 5.3.3 to 5.4.16. Again, at some point in the future, I’d like to update that further to 5.6.

For anyone using Cosign access control, then simply turning on Cosign with “CosignProtected on” is not enough to force authentication with Apache 2.4. You need the full:

  CosignProtected On
  AuthType Cosign
  Require user AAA BBB CCC

Also “CosignAllowPublicAccess on”, does not work as it did before. If you have it set on and then try to do a “require valid-user” (or similar) you will get a server error because of the conflicting instructions. So sections that were “Allow public access on”, you’ll just have to not enable authentication at all, or be happy to turn off public access, and force authentication.

Testing

Where I can, I’ve created temporary “sl7” URLs to the various .inf.ed.ac.uk sites (listed below) so you can test your site on the new server ahead of the upgrade. There is just an extra “.sl7” in front of the existing “.inf.ed.ac.uk” part of the URL eg http://groups.inf.ed.ac.uk/ becomes http://groups.sl7.inf.ed.ac.uk/

For sites who’s DNS is not within inf.ed.ac.uk, there are no test URLs. If the owners want to contact me ahead of the switch, I can probably arrange a temporary URL to try things on. Best to do that via the support form.

Previous upgrades of web servers from SL6 to SL7 have been fairly uneventful, so hopefully this upgrade will be equally smooth.

Neil

List of all web sites hosted on the groups.inf server

aicat.inf.ed.ac.uk
carma.inf.ed.ac.uk
www.cav2005.inf.ed.ac.uk
compucast.inf.ed.ac.uk
conferences.inf.ed.ac.uk
cybersecpriv.inf.ed.ac.uk
data.cstr.inf.ed.ac.uk data.cstr.ed.ac.uk
dbibd-05.inf.ed.ac.uk
devproj.inf.ed.ac.uk
www.etaps05.inf.ed.ac.uk
events.inf.ed.ac.uk
groups.inf.ed.ac.uk ease.groups.inf.ed.ac.uk
hoppers.inf.ed.ac.uk
www.icdt2005.inf.ed.ac.uk
www.ilsi.inf.ed.ac.uk
infcricket.inf.ed.ac.uk
isoc.inf.ed.ac.uk
media.inf.ed.ac.uk
mipc.inf.ed.ac.uk
newbuildpics.inf.ed.ac.uk
progclub.inf.ed.ac.uk
proofgeneral.inf.ed.ac.uk
rad.inf.ed.ac.uk
ref2014.inf.ed.ac.uk
ref2020.inf.ed.ac.uk
robotperception.inf.ed.ac.uk
secpriv.inf.ed.ac.uk
select.inf.ed.ac.uk
touchscreens.inf.ed.ac.uk
uitp05.inf.ed.ac.uk
valkyrie.inf.ed.ac.uk
waim-05.inf.ed.ac.uk
workshops.inf.ed.ac.uk
# There are .sl7.inf.ed.ac.uk test URLs for all the sites above here
# but not for the following
inspace.ed.ac.uk
history.dcs.ed.ac.uk
www.enhance-project.org
www.gaussianprocess.org
www.hscma2011.org
pact2013.pactconf.org
www.mgb-challenge.org
www.neurogems.org

Posted in Service Update | 1 Comment