SL7 to Ubuntu Upgrade

Over the next few months all those with an existing SL7 DICE desktop will be contacted by the Computing Support Team to arrange for it to be upgraded to Ubuntu 20.04 (focal fossa) . We are aiming to upgrade all staff/PhD desktops by Easter 2021, but if you would like your machine upgraded sooner you should contact the Computing Support Team. If you receive an email, please respond, even if it’s to arrange a different time.

We are also taking this opportunity to ask you whether you still need a physical DICE desktop on your desk or whether our Remote Desktop Service (xrdp) meets your computing needs.

To contact the Computing Support team please full in the form at: https://www.inf.ed.ac.uk/systems/support/form/

For more about our xrdp service visit: http://computing.help.inf.ed.ac.uk/remote-desktop

Posted in Uncategorized | Leave a comment

Switch to EdPrint

As announced on sys-announce we will shortly be migrating all the existing Informatics cloud printers to the EdPrint system. The blurb from Information Services:

What’s happening and when?

Information Services is launching EdPrint over the next few months, a major update to the print, copy and scan service used in the University.

The cloud print devices in Informatics are scheduled to be updated on – Wednesday 11th November 2020

Devices will be unavailable during this update period, but it should be no longer than 15 minutes per device.

All updated devices will display the EdPrint log-on screen: https://www.ed.ac.uk/information-services/computing/desktop-personal/edprint/printing-copying-scanning

What do I need to do?

  1. Familiarise yourself with the new system: www.ed.ac.uk/is/edprint
  2. Install the print queue on your own non-managed device:
    www.ed.ac.uk/is/mobilityprint

The print queue is already installed on University-managed desktops.

What about print credit?

Your existing ‘free quota’ print credit has already been applied to EdPrint.

Regards
Personal Print, Copy and Scan Team
Information Services

Link to original PDF Version https://blog.inf.ed.ac.uk/systems/files/2020/11/Edprint-comms-Informatics.pdf

Posted in Information, News, Service Update | Leave a comment

New DICE Ubuntu Environment

We are very pleased to announce that the Informatics managed Linux desktop environment (DICE) has been ported to Ubuntu 20.04 (Focal Fossa).

After 5 years of service our Scientific Linux 7 (SL7) based desktop environment is showing its age. In particular, this has begun to make it difficult to provide the latest versions of software for teaching and research. SL7 is based on Redhat Enterprise Linux 7 which has now moved into a maintenance phase. This means that Redhat will now only be providing important security updates.

With the release of Redhat Enterprise Linux 8 the developers of Scientific Linux decided not to continue with their project. That change led us to investigate what alternative Linux distributions we might use for DICE. Although we have decades of experience with various Redhat-based distributions we concluded that the Debian-based Ubuntu distribution would be better suited to the needs of the school. In particular, Ubuntu provides a much larger collection of software packages. The 2-year long-term-support release cycle for Ubuntu also means that the software they provide is typically more up-to-date than that available for Redhat. Ubuntu is also a more desktop-oriented platform when compared with Redhat which should mean you have a better desktop user experience.

As those of you who are involved in teaching will already be aware, before the start of Semester 1 in September 2020 all the teaching lab machines were upgraded to Ubuntu 20.04. We have also already upgraded various user-facing services including the XRDP remote desktop cluster, the general access SSH service and the general purpose compute servers.

All newly deployed DICE desktop machines will now come with Ubuntu installed. Over the next few months all those with an existing SL7 DICE desktop will be contacted by the Computing Support Team to arrange for it to be upgraded. We are aiming to upgrade all staff/PhD desktops by Easter 2021, if you would like your machine upgraded sooner you should contact the Computing Support Team.

At this stage we are primarily targeting Ubuntu to our desktop environment, plans to upgrade servers are still being formulated and we will continue to provide support for SL7.

Further information regarding the new DICE environment is available on our computing help site. If you have any questions about the new Ubuntu environment please contact us via our Support Form.

Posted in Uncategorized | 1 Comment

MacOS 11 Big Sur and AuriStor AFS Client

Apple are expected to announce the availability of MacOS 11, Big Sur, shortly. Unfortunately this sees a change to kernel module loading that will stop the existing AuriStor AFS kernel modules loading and so AuriStor client version 0.198 (and earlier)  will no longer work.

If you require AFS your your Mac, we don’t recommend upgrading to MacOS 11 until AuriStor announce a compatible version of their AFS Client.

Update: In January 2021 Auristor published a blog article on how to install their updated client on to Big Sur (11.0). It is somewhat complicated by the increased security measures in Big Sur, particularly on Macs based on Apple ARM-based processors.

Neil

Posted in Information, News | Leave a comment

Staffmail moves

All Professional Services staff and a few other staff within Informatics have already successfully moved from staffmail to Office 365. With the retiral of the staffmail service, IS are now in a position to complete the move of all remaining staffmail accounts to office365.

They will commence the process at the end of this month, continuing into December. The plan is to move non teaching staff first. Academic staff will not be migrated during Semester, unless they so wish. The moves will take place overnight and will be scheduled twice a week (Tuesday and Thursday). This will mean a short period of time without email (from 5pm until around 11 am the following morning) but with ample prior notification, previous users have not found this a major issue. Support will also be available before and after the move to answer questions and help with any issues.

It is expected that Academic accounts will be moved between Semester 1 and Semester 2 but if anyone would prefer to move sooner, then please let me know.

We will schedule account moves over the 12 possible slots and you will receive an email from IS about 2 weeks prior to your date giving a little more information. You will also receive further confirmation from them a few days before the move.

All those who have already expressed an interest in moving as soon as possible will be included in the first batch on 27th October and will receive an email from IS shortly.

There is local documentation on our computing.help pages which will be updated regularly.

There is comprehensive documentation on office365 mail on the IS website.

If you have any questions regarding the move, please feel free to contact me.

Posted in Uncategorized | Leave a comment

Security of shared web services

As the likes of homepages.inf.ed.ac.uk and groups.inf.ed.ac.uk are shared user services, anyone using some sort of authentication/authorisation to restrict access, has to trust the other users of those web services.

A lot of the web’s security model relies on the “same origin policy”.

* https://en.wikipedia.org/wiki/Same-origin_policy

which limits the access scripts have to data (particularly authentication data) served to/from different sites. So if a potential victim is using homepages.inf, but is duped into executing a script from badguy.org, that script would not have access to browser data relating to homepages.inf.

However if the “badguy” script is served by a homepages URL, then it would have access to any other browser data associated with homepages.inf, eg authentication data, as it would be within the “same origin”.

All users of the computing systems are bound by the University’s Computing Regulations

* https://www.ed.ac.uk/information-services/about/policies-and-regulations/computing-regulations

and intercepting and impersonating someone else on a computing system is an offense

* https://www.legislation.gov.uk/ukpga/1990/18/contents

so none of that should be going on our servers, but users of a shared web service, like homepages.inf and groups.inf should be aware of this if they are relying on authentication to limit access to sensitive or important data.

In the future we will probably look at providing equivalent homepages.inf and groups.inf services, where the hostname is unique between users and groups, so each user/group have their own “origin”, but that’s unlikely to happen in the near future.

In the meantime if you are making use of authentication/authorisation on a shared web service and wish to discuss your options, please use the support form

* https://www.inf.ed.ac.uk/systems/support/form/

to contact us.

Neil

Posted in Information | Tagged , | Leave a comment

*.remote.inf.ed.ac.uk change

We’re changing the *.remote.inf.ed.ac.uk Remote Desktop service to remove some of the machines. However, everybody will still be able to use the service as before.

Back in the spring, we made ten machines available for remote desktop sessions under the name UUN.remote.inf.ed.ac.uk where UUN is your University username. (For instance, my username is cc so I can run a remote desktop session on cc.remote.inf.ed.ac.uk.)

The service is still being used, but we can now run it with fewer machines. We’ll go from ten machines to five.

If you use one of the machines we’re keeping (they’re called james17.inf.ed.ac.uk, james18.inf.ed.ac.uk, james19.inf.ed.ac.uk, james20.inf.ed.ac.uk and james21.inf.ed.ac.uk) then nothing will change for you.

If you use one of the machines we’re removing (these machines are james12.inf.ed.ac.uk, james13.inf.ed.ac.uk, james14.inf.ed.ac.uk, james15.inf.ed.ac.uk and james16.inf.ed.ac.uk) then your remote.inf.ed.ac.uk address will now point to one of the remaining machines. We’ll make that change at about 5pm today (Wednesday 15 July). After that you’ll be able to start a new session just as you did before, to the same address – it’ll just be on a different machine from before.

If you’ve left a remote session running on any of james12 to james16, it should still be there, and you can still connect to it up until noon on Friday, when these machines will be taken down for reconfiguration. However, you will have to connect to the machine by its real name, instead of by its remote.inf.ed.ac.uk name. See the remote desktop help pages to learn how to configure your remote desktop client to do this.

If you don’t know the name of the machine which you’ve been using, you can find it out in several ways:

  • For this week only, you can look it up here. Note that that page is only visible from Informatics hosts or those using OpenVPN (and there’s help with OpenVPN if you need it).
  • Just try the machines in turn (james12.inf.ed.ac.uk to james16.inf.ed.ac.uk) until you find the right one.
  • If you’re already logged in to the machine, then at a command prompt (to get one of these, start a terminal window) type hostname then press Return. That should return something like
    james13.inf.ed.ac.uk
    
  • From the command prompt on any other DICE machine, use the host command, and look at the first line of its output. For instance:

    % host cc.remote.inf.ed.ac.uk
    cc.remote.inf.ed.ac.uk is an alias for james17.inf.ed.ac.uk.
    

If you have any problems, please contact User Support using the form.

Posted in Uncategorized | Leave a comment

Update your MacOS AFS client!

Users of AFS on MacOS may be mildly perturbed to find out that the MacOS AFS client has until recently contained a couple of critical bugs which could result in permanent loss of data if triggered. For this reason, we are advising all MacOS AFS users to update to the latest version of the AFS client (currently 0.195) from the Auristor site as soon as possible. Further details on the bugs can also be found there. It’s our experience that the new client can be installed on top of the old one without any issue (but be sure to save your work first just in case).

Craig Strachan.

Posted in Uncategorized | Leave a comment

XRDP service

Prior to lockdown we only had a single “staff” server and a single “student” server but with the need to provide adequate facilities to allow working from home, we had to expand our provision. Based on the work of FreeRDP and rdesktop, xrdp uses the remote desktop protocol to present a GUI to the user. In front of that is a proxy which uses HAProxy to load balance across a cluster of machines. HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Staff can connect using the host ‘uun.remote.inf.ed.ac.uk‘. Which machine you connect to is defined using a CNAME farm which is generated by some scripts and should not change unless, for example, something happens to the remote server. Each server is shared with other people so, as usual, please do not run processes which need a lot of memory or CPU. (For these processes you can use a remote lab computer or a compute server. Students can also access lab machines in AT via a similar mechanism using ‘uun.lab.inf.ed.ac.uk‘.

Further instructions on use can be found at:

http://computing.help.inf.ed.ac.uk/remote-desktop

Posted in Uncategorized | Leave a comment

Development GPUs in lab machines

Just before the shutdown we replaced some lab machines with desktops with lower spec GPUs These are elitedesk 800 g4s with gtx 1060 cards which can be used for development work and for short or small scale processing. Please do not run long jobs on them or your jobs will be killed. Physically the machines are located in 5.05, 6.06 and 9.02 of the Appleton Tower. When we eventually get back to normal you can identify these machines by the login screen. They are currently available for remote access and the full list is at the bottom of this post.

More information about these and other GPU machines can be found on https://computing.help.inf.ed.ac.uk/cluster-computing

currently the following machines are available.

ariane:AT-5.05
epoch:AT-5.05
glenn:AT-9.02
kubrick:AT-9.02
link:AT-5.05
mario:AT-6.06
soyuz:AT-5.05
stronsay:AT-9.02
tarantino:AT-9.02
turpie:AT-5.05
waititi:AT-9.02
wumpus:AT-9.02
yoshi:AT-6.06

Posted in Uncategorized | Leave a comment