220 likes | 289 Views
www.xkcd.com/773 Hat tip to Nick Silkey for bringing this one to my attention. What is the “Windows Roundtable” ?. An informal gathering of people who “do Windows” at Yale to facilitate communication of common goals, problems and solutions across the Yale IT community.
E N D
www.xkcd.com/773 Hat tip to Nick Silkey for bringing this one to my attention.
What is the “Windows Roundtable” ? An informal gathering of people who “do Windows” at Yale to facilitate communication of common goals, problems and solutions across the Yale IT community. Usually there will be a “headline topic” as a launching point for discussion and then general (moderated) discussion on whatever topics the group wants to cover. Ground Rules: • The Roundtable is a Yale-internal discussion • The Roundtable is a “no-powerpoint zone” • Participation in discussions is encouraged to both bring your questions and share your solutions.
Yale Windows UniverseUpdate 2011 Ken Hoover Manager, ITS Windows Systems Group (WINSYS) ken.hoover@yale.edu July 8, 2011 DISCLAIMER: Some of this talk is about initiatives that are still in the pre-release stages. It is intended to give you outlines that you can use as you make plans for Windows-based services in your area of responsibility. Except where noted, dates listed are target dates only and may change due to collisions with reality.
ITS Windows Systems Group (WINSYS) WINSYS manages Windows servers in Yale’s data centers.
Agenda • A few quick highlights and interesting statistics • Things that have changed in the last couple of years • Services that are being revamped and upgraded • Question Time
Quick Yale AD Highlights By the numbers… 100K users 31K computers 13K groups 3500 OU’s 1300 GPO’s Domain Controllers process 8.4 Million Kerberos AuthN’son a typical weekday (and generate 26GB of logs!) 6
Changes in the last few years… Exchange introduced in Summer 2007 Processing ~500K messages per day ~11,000 mailboxes (and growing) ~6TB of email store Quota increased from 1GB to 2GB in 2009 Active Directory taking over from MIT Kerberos now backing CAS, for example Sharepoint & Project server in operation Shared SQL Servers 7
NEW: Enterprise License Agreement • Microsoft enterprise license agreement for all faculty and staff • Includes: • Windows Desktop OS • Windows Server OS (all versions) • Office for Windows and Mac • Free upgrades for those clinging to Office 2003, etc. • Enterprise Client licenses for Exchange, Sharepoint, and others • Foundational for exciting activity in the Microsoft space…
BEING REBOOTED: Central File Service Secure/managed file storage for users and departments ~40TB of capacity added since September 1, 2010 LOWER RATE for FY12: $1/GB/month Available to anyone with a PTAEO we can charge 3-lock approved New “flattened” CFS security model Role-based access for departmental shares Support for single-user “home” shares (finally!) No mucking about with file/subfolder permission Existing shares will have their structure and permissions revamped to use new operating model during 2H CY2011 10
CHANGED: WINSYS Patch Release Cycle Monthly patches for servers released in four cycles Cycle “A” – 2nd Tuesday (Rapid Response pool) Cycle “B” – 3rd Tuesday (Development and “below”) Cycle “C” – 4th Tuesday (Test/Pre-prod and “below”) Cycle “D” – 1st Tuesday (Production) Keep this cycle in mind if WINSYS runs a server for your department. Remember to test! Applies only to WINSYS-managed machines but a good approach in any multi-environment Windows-based application. 11
NEW SERVICE: “Lync” Internal Comms Secure, encrypted IM with AD backing Online meetings/presentations Yes, with audio and video Good for business purposes within Yale Free* for faculty and staff to use Works on non-routable Yale subnets Works from outside too without VPN** Integrates with Exchange, Office 2007+ and Sharepoint Native client included with Office 2011 for Mac Pilot rollout * Covered by new Microsoft Enterprise agreement ** But some ISP’s block SIP so sometimes VPN is needed anyway. 12
NEW SERVICE: Secure LDAP against AD New Secure AD LDAP alias ad.its.yale.edu Secure LDAP (ldaps://) with a Verisign certificate Highly available through use of F5 load balancers For applications that want to bind to the AD for any purpose NAS devices and other appliances LDAP-based AD browser tools Any code that uses LDAP to talk to the AD Web applications using AD authentication etc. PLEASE update your applications and NAS boxes to use this alias (test first!) Samba clients binding to the AD should still use “yu.yale.edu” Make sure you’re not using the defunct “windows-auth” names! Use This Now! 13
NEW SERVICE: Managed SQL Server Centrally-hosted SQL2008 R2 Proposed cost $1k/yr per 5 DB’s / 5GB of data APPROVED for use with 3-lock data Servers managed by ITS DBA team and WINSYS ODBC access, secure/encrypted connections required On-disk encryption of databases available You “own” your own data with SQL Management Studio Good for: Cost-sensitive customers who need a SQL server Most small to medium-size databases under normal use Not good for: Very large databases Databases with heavy transactional activity Summer2011? 14
PLANNED UPGRADE: Domain Controllers Refresh hardware and upgrade to 2008R2 All DC’s will become eight-core 32GB x64 servers Known issues with Samba versions before v3.3 which are domain-joined Fix/workaround information available Better yet, upgrade Samba SYSVOL conversion Uses DFS for replication Transparent but needs testing 2H CY2011 Forest functional level upgrade to 2008R2 level Winter 2011/201 15
EXCHANGE 2010 Robust multi-browser web interface Mac users, rejoice! And people running Linux on their toaster ovens… 5GB 8GB default mailbox quota More space than 99.98% of Yale Exchange users use now …and more than Gmail Currently in pilot deployment with early adopters Target: Everyone upgraded by Sep 1 17
Exchange 2010 details… • Adjusted Mailbox Quotas • 8GB Quota • 7.75GB – warnings • 8.00GB – prohibit send • 8.25GB – prohibit receive (mail bounces) • De-supported clients • Outlook 2000, XP • … and you shouldn’t use Outlook 2003 either • Entourage 2004 • Entourage 2008 pre-EWS • Upgrade these first… or dump them entirely.
Exchange 2010 OWA Supported Browsers “Full” Interface • Windows XP and higher • IE 7+ • Firefox 3.0.1+ • Chrome 3.0.195.127+ • MacOS • Safari 3.1+ • Firefox 3.0.1+ • Linux • Firefox 3.0.1+ “Light” interface • Broadest compatibility • Accommodates visually impaired • Good for slow connections • Better than Horde • Examples: • IE6 • Chrome on Linux • Safari on Windows & iPad • Android web browsers • Opera
Summary • New Microsoft Enterprise Agreement • Lots of stuff is now “free” which used to cost extra. • Upgrade Office! • Central File Service revamped • New operating model with better security and auditability • Lower cost to users - $1/GB (includes backup) • New SQL2008 database service being launched • $1000/yr per 5 DB’s or 5GB/data, 3-lock OK • Platform operated by ITS DBA team and you manage your data • Lync being piloted • Secure Yale-owned IM • Includes online meetings/presentations • Exchange 2010 • Any-web-browser-friendly • 8GB quota
Questions / Discussion • What do you think of this format? • Should this become a repeating conversation once again? How often? 22