www.xkcd.com/773 Hat tip to Nick Silkey for bringing this one to my attention. What is the “Windows Roundtable” ?. An informal gathering of people who “do Windows” at Yale to facilitate communication of common goals, problems and solutions across the Yale IT community.
Hat tip to Nick Silkey for bringing this one to my attention.
An informal gathering of people who “do Windows” at Yale to facilitate communication of common goals, problems and solutions across the Yale IT community.
Usually there will be a “headline topic” as a launching point for discussion and then general (moderated) discussion on whatever topics the group wants to cover.
Manager, ITS Windows Systems Group (WINSYS)
July 8, 2011
DISCLAIMER: Some of this talk is about initiatives that are still in the pre-release stages. It is intended to give you outlines that you can use as you make plans for Windows-based services in your area of responsibility.
Except where noted, dates listed are target dates only and may change due to collisions with reality.
WINSYS manages Windows servers in Yale’s data centers.
By the numbers…
Domain Controllers process 8.4 Million Kerberos AuthN’son a typical weekday (and generate 26GB of logs!)
Exchange introduced in Summer 2007
Processing ~500K messages per day
~11,000 mailboxes (and growing)
~6TB of email store
Quota increased from 1GB to 2GB in 2009
Active Directory taking over from MIT Kerberos
now backing CAS, for example
Sharepoint & Project server in operation
Shared SQL Servers
Secure/managed file storage for users and departments
~40TB of capacity added since September 1, 2010
LOWER RATE for FY12: $1/GB/month
Available to anyone with a PTAEO we can charge
New “flattened” CFS security model
Role-based access for departmental shares
Support for single-user “home” shares (finally!)
No mucking about with file/subfolder permission
Existing shares will have their structure and permissions revamped to use new operating model during 2H CY2011
Monthly patches for servers released in four cycles
Cycle “A” – 2nd Tuesday (Rapid Response pool)
Cycle “B” – 3rd Tuesday (Development and “below”)
Cycle “C” – 4th Tuesday (Test/Pre-prod and “below”)
Cycle “D” – 1st Tuesday (Production)
Keep this cycle in mind if WINSYS runs a server for your department. Remember to test!
Applies only to WINSYS-managed machines but a good approach in any multi-environment Windows-based application.
Secure, encrypted IM with AD backing
Yes, with audio and video
Good for business purposes within Yale
Free* for faculty and staff to use
Works on non-routable Yale subnets
Works from outside too without VPN**
Integrates with Exchange, Office 2007+ and Sharepoint
Native client included with Office 2011 for Mac
* Covered by new Microsoft Enterprise agreement
** But some ISP’s block SIP so sometimes VPN is needed anyway.
New Secure AD LDAP alias ad.its.yale.edu
Secure LDAP (ldaps://) with a Verisign certificate
Highly available through use of F5 load balancers
For applications that want to bind to the AD for any purpose
NAS devices and other appliances
LDAP-based AD browser tools
Any code that uses LDAP to talk to the AD
Web applications using AD authentication
PLEASE update your applications and NAS boxes to use this alias (test first!)
Samba clients binding to the AD should still use “yu.yale.edu”
Make sure you’re not using the defunct “windows-auth” names!
Centrally-hosted SQL2008 R2
Proposed cost $1k/yr per 5 DB’s / 5GB of data
APPROVED for use with 3-lock data
Servers managed by ITS DBA team and WINSYS
ODBC access, secure/encrypted connections required
On-disk encryption of databases available
You “own” your own data with SQL Management Studio
Cost-sensitive customers who need a SQL server
Most small to medium-size databases under normal use
Not good for:
Very large databases
Databases with heavy transactional activity
Refresh hardware and upgrade to 2008R2
All DC’s will become eight-core 32GB x64 servers
Known issues with Samba versions before v3.3 which are domain-joined
Fix/workaround information available
Better yet, upgrade Samba
Uses DFS for replication
Transparent but needs testing
Forest functional level upgrade to 2008R2 level
Robust multi-browser web interface
Mac users, rejoice!
And people running Linux on their toaster ovens…
5GB 8GB default mailbox quota
More space than 99.98% of Yale Exchange users use now
…and more than Gmail
Currently in pilot deployment with early adopters
Target: Everyone upgraded by Sep 1