Network upgrade at D-PHYS

In collaboration with our colleagues in Informatikdienste we will use the upcoming months to upgrade the D-PHYS network in order to make it ready for the future. In particular, we will enable the IEEE 802.1x protocol in our network that will allow us to virtually patch any VLAN to each individual client. This will also pave the way for the upcoming VoIP telephony deployment in D-PHYS. The migration will be a step-by-step process and we will visit each building and floor individually to address potential questions during the migration. The typical desktop or laptop computer will not notice the change except for a short interruption of < 1 min. Certain macOS clients will need a bit of persuasion however, the required steps are described here.
Things will look a bit different for new clients that connect to the D-PHYS network for the first time only after the migration: they will not display the well-known ISG D-PHYS landing page, but an OS popup or a generic ETH page. This works the same way as the ETH wifi. You either supply your n.ethz credentials in the popup or you log in via the landing page. Your machine will then be patched into the ETH docking network. If you have a specific reason to have your machine in the D-PHYS network (HPx::745 for the technically inclined), please let us know and we will register your MAC address in our database – just like you did in the past. All existing machines at D-PHYS have been preregistered for HPx::745 in order to avoid any confusion.
So please be ready when Alex shows up in your group and announces the migration date.

Network downtime 15th of September 05:30 – 07:30

The Informatikdienste are upgrading the routers in our HIT/D/13 server room causing a downtime of the network of about 1 hour on Thursday morning, 15th September, between 05:30 and 07:30. Please note that various services will not be available during that time.

Maintenance window on Monday, September 5, 17:00

In order to perform some core service upgrades, we schedule a server maintenance window on

Monday, September 5, starting at 17:00 and lasting for approximately 3 hours.

Most D-PHYS IT services will be affected by that downtime, including logins, file servers and e-mail services.
E-mails coming in during the downtime will be held on the sender’s side and will arrive at D-PHYS with a delay. Sending e-mails won’t be possible during the window.

We’ll update this posting as soon as things are back to normal.

Update Monday 18:30 We managed to complete the migration ahead of time, everything should be back to normal. If you still encounter any problems, please let us know.

Groupware upgrade

On Thursday, July 21, starting at 0700 we will upgrade our groupware solution. The update is expected to take approximately one hour. As this upgrade will be a major one (version 14.3 to 16.1), you might notice a few changes. In particular:

  • if you didn’t log out before we start the upgrade, your browser might be in an inconsistent state and the new version might refuse to work. Just log out manually in this case.
  • if you’re using the ActiveSync/eSync/Exchange protocol for calendar synchronization, you will have to recreate your sync account on your (mobile) device. Just delete your existing account on the device (your groupware data will still be on our server) and add it again (see documentation). We’re sorry for the inconvenience, but the synchronization code was rewritten to be faster and more stable and is not compatible to existing accounts. We have tried to identify all current ActiveSync users and will inform them via email.
  • the web interface will get a new look (see screenshot)

We have thoroughly tested the new version internally. If you find any problems after the upgrade, please get in touch. Thanks.

Update Thursday 08:00: Upgrade complete. Please let us know if you find any issues in the new version.

Scheduled Maintenance Downtime Starting on Thursday, 14th of April, 5pm

Due to required changes to our network infrastructure and some hardware maintenance, we’re scheduling a maintenance downtime for most D-PHYS servers starting on Thursday, 14th of April 2016, at 5pm. The downtime will last several hours and single services may be down for longer than others or will be down multiple times in a row.

We’ll update this posting as soon as things are back to normal.

Most D-PHYS services will be affected by that downtime, especially file servers and e-mail services, but also some virtual machines and most websites hosted by ISG D-PHYS are affected. ( and other AEM-hosted websites are not affected.)

E-mails coming in during the downtime will be held on the sender’s side and will arrive at D-PHYS with a delay. Sending e-mails won’t be possible during the downtime either.

After the migration we will benefit from a faster and more reliable network connection to our servers.

Update at 19:30: Most services are back to normal. Expect further downtimes for home directories and mail later this evening.

Update at 23:00: All services are available again.

Update Fri 09:00: After Thursday’s network migration a defective patch cable caused network problems on Friday morning.

2015 in review

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2015:

  • new team members: both Christian Ringger and Christian Schneider joined ISG this year and have already made significant contributions to our setup.
  • new D-PHYS website: the department website moved from the self-hosted Zope system into the ETH-wide AEM/CQ5 content management system. While the hard work of migrating all the content was done by Andreas Trabesinger, we had to sort out a lot of technical details to ensure a smooth transition and to keep D-PHYS’s various web services operational.
  • Printing: the majority of the department’s printers have been migrated to the new pia printing system. We are now waiting for Informatikdienste to support student printing in order to complete the project.
  • Storage: in 2015 the disk space occupied by data and backup grew from 685 TiB to 929 TiB, further increasing the yearly growth rate. We are also preparing to keep an off-site disaster recovery copy of D-PHYS data on tape.
  • Outages: apart from a hardware failure of our mail server on December 2nd and a short interruption on July 2nd our system have been very stable this year.
  • System upgrades: 2015 brought OS upgrades for almost every system: Debian Jessie on many servers, OS X 10.11 for the Macs, Ubuntu 14.04 on the Linux workstations and the first pilot installations of our new Windows 10 setup.
  • Core services: a lot of infrastructure work has happened in the background to ensure smooth operation and seamless growth of our services in the future. Examples are: more IPv6 work, 802.1x / NAC in our network, a new network zone in the server rooms, an upgrade of our iPXE boot screen and enhanced monitoring.
  • IT security: we participate in and support the ETH-wide IT security initiative.

Happy Holidays and see you in 2016!

Results of IT services survey

Thank you to all of you who participated in our IT services survey in late October. More than one third of you completed the questionnaire and the feedback has been extremely positive. The Department Head and ISG have evaluated the results and would like to say thanks to everybody involved.
We have received many helpful comments that deserve an answer. Since the survey was anonymous, we have no way of getting back to each responder individually, so we compiled the questions, answers and comments on a nifty website that we invite you to visit:

You can browse the results, read the comments and click on the little speech bubbles to read our answers. There are a couple of topics that are sufficiently common and generic that we would like to address them here:

  • WiFi: yes we know it’s not great, but we cannot immediately fix it as it is a service of Informatikdienste. We are working together with our colleagues of ID to resolve the problems and improve WiFi service on the campus.
  • many of the wishes and problems raised in your comments actually have already been solved by us. Also,
  • there seems to be a positive correlation between how often people contact us and their satisfaction with our services.


Please talk to us! We can only help you if you tell us about your problem, and we hate unsolved problems. So we’re going to try hard to fix them.

Thanks for you attention and we’re looking forward to serving you in the future.

Emergency Downtime of Mail Server

We had to shut down the D-PHYS mail server on short notice for replacing faulty hardware. Mail service should be back in the evening.

Mails sent to D-PHYS during the downtime will be on hold on the sending side.

Update, 19:30: The dust is settling. We’re soon back to normal.

New SSH Host Keys on Managed Linux Machines

After several years it was time to update the SSH host keys of our managed Linux machines. Therefore, if you reconnect with SSH, you might get a warning similar to this one:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:1
RSA host key for has changed and you have requested strict checking.
Host key verification failed.

This is because your computer has memorized the previous host key and is bailing because the current one is different. This mechanism is designed to prevent users from man-in-the-middle attacks. In our case it can be treated as a mere notification that the SSH key has changed.

In order to get rid of this warning, you simply need to delete the old key from your ~/.ssh/known_hosts file. This can be done either by deleting the entry manually or with the following command

ssh-keygen -R

for the machine you try to ssh into.

On the next SSH connection you will be prompted to accept the new key. Power users may also download the full list of SSH keys of all our managed Linux computers.

Hardware Maintenance Downtime of Mail Server Today 5pm

In order to perform system-level maintenance work, we schedule a maintenance downtime of the D-PHYS mail server today (Thursday, 2nd of July 2015) starting at 17:00. We expect the downtime to take about one hour.

During the downtime all mail services (sending mail, receiving mail, accessing mailboxes, webmail, etc.) will be unavailable. Mails sent to D-PHYS users during the downtime will be held back on the sending side and will be delivered after the downtime.

We will post an update as soon as mail services are back.

Update 19:30: Took a little bit longer than expected, but everything is back to normal now.