Some months ago, we were informed by Informatikdienste that we would have to migrate our two water cooled racks in the HIT server room due to upcoming remodeling. This move will take place on
Wednesday, August 23, starting at 16:00
and last for several hours. During this time, all our IT services will be unavailable, including login, e-mail, storage and ISG-hosted websites. Incoming e-mail will be kept back and delivered afterwards. We will give our best to have login and e-mail back up within the first two hours, but group drives will take a bit longer due to the sheer amount of hardware we have to move.
We apologize for any inconvenience. Unfortunately, this migration cannot be performed on a weekend as we might have to interact with our colleagues at Informatikdienste, but it will ensure secure and enduring operation of our servers in the future.
As announced previously, about a year ago ISG was tasked by the department board to devise a workflow to expire D-PHYS accounts which so far had a life expectancy of ∞. In summer we started blocking accounts that were virtually unused, which almost by definition went very smoothly. Now we will start addressing accounts of users who are still using our services but do no longer have an affiliation with D-PHYS. They will receive an email informing them of a 1 month grace period before the account gets blocked. This posting is meant to serve as a reminder to everybody that this process is underway and questions may arise.
The project is explained in more detail in our readme.
On Thursday, January 19, starting at 08:00, we will OS upgrade the main D-PHYS web server. All websites hosted on zwoelfi*.ethz.ch will be down for several hours and will gradually come back as we progress. This does not affect the department website, the institutes and many of the group websites. However our groupware, the wikis and many special interest sites will be inaccessible. Note that if you’re using the ActiveSync connector via groupware to sync email to your cell phone or Outlook, this won’t work either. Temporarily use webmail while we bring back groupware as one of the first services.
Update 17:30 – due to an inordinate amount of user files on the web server the upgrade took a bit longer than anticipated. Now almost all websites should be back online, please let us know if you encounter any problems.
In the last few weeks we discovered some attempted attacks on the Windows Remote Desktop feature from sources outside of ETH.
In order to protect both your machines and our network, we decided to block RDP access from ETH-external networks. If you still need access from outside the ETH network (e.g. from home) you have to first open a VPN connection to ETH and then start the Remote Desktop client.
More information about installing the VPN client is available here.
This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2016:
- New team member: Sven Mäder joined ISG this year to replace Axel in our Linux server team.
- Account expiry: you might have heard that D-PHYS decided to phase out old accounts in the future. We spent the last year laying the technical groundwork for a smooth and painless implementation of this policy change. One first visible result is our new account portal.
- Printing: in summer we integrated student printing into the pia printing system which means that we now have a comprehensive printing solution for the whole department. The D-PHYS print server will be shut down in early 2017.
- Storage: in 2016 the disk space occupied by data and backup grew from 929 TiB to 1.3 PiB, again increasing the yearly growth rate. We are now using 60-disk toploader chassis to maximize storage space-per-volume.
- Outages: we scheduled two maintenance windows, on April 14 and September 5, in order to perform hardware and system upgrades. Together with a network upgrade by Informatikdienste on September 15, these were the only noteworthy downtimes in 2016.
- Docking network: in fall 2016 we migrated most of the department’s network sockets to the 802.1x-enabled docking network. While there is little immediate benefit for most of us, this is a prerequisite for future network projects like the upcoming Unified Collaboration & Communication (UCC) project.
- Wifi: in early 2016 we developed and installed a portable wifi probe that eventually led to the discovery of one of the underlying problems causing ETH’s wifi woes. Since then, wifi has been much more stable.
- OS upgrades: 2016 brought new OS versions for almost every system: the Windows 10 rollout picked up steam, Sierra arrived on the Macs and Ubuntu 16.04 on the Linux workstations.
- Cluster: we built and deployed a new high-availability cluster setup for our virtual servers this year.
- Core services: a lot of infrastructure work has happened in the background to ensure smooth operation and seamless growth of our services in the future. Examples are: new ActiveDirectory servers for our Windows users, migrating our webserver certificates to Let’s Encrypt, a facelift for most of our websites to match the AEM design and an upgrade of our iPXE boot screen.
- IT security: we participate in and support the ETH-wide IT security initiative and also worked hard to make the mandated n.ethz password change as humane as possible.
I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.
Happy Holidays and see you in 2017!
We schedule a short (~30 min) maintenance downtime of astrogate on Monday, Dec 12, starting at 07:00 in order to replace a network card. During this time no access to the astro SAN data will be possible.
It is my pleasure to welcome Sven Mäder into our group. He joins us to replace Axel Beckert in the Linux team.
In collaboration with our colleagues in Informatikdienste we will use the upcoming months to upgrade the D-PHYS network in order to make it ready for the future. In particular, we will enable the IEEE 802.1x protocol in our network that will allow us to virtually patch any VLAN to each individual client. This will also pave the way for the upcoming VoIP telephony deployment in D-PHYS. The migration will be a step-by-step process and we will visit each building and floor individually to address potential questions during the migration. The typical desktop or laptop computer will not notice the change except for a short interruption of < 1 min. Certain macOS clients will need a bit of persuasion however, the required steps are described here.
Things will look a bit different for new clients that connect to the D-PHYS network for the first time only after the migration: they will not display the well-known ISG D-PHYS landing page, but an OS popup or a generic ETH page. This works the same way as the ETH wifi. You either supply your n.ethz credentials in the popup or you log in via the landing page. Your machine will then be patched into the ETH docking network. If you have a specific reason to have your machine in the D-PHYS network (HPx::745 for the technically inclined), please let us know and we will register your MAC address in our database – just like you did in the past. All existing machines at D-PHYS have been preregistered for HPx::745 in order to avoid any confusion.
So please be ready when Alex shows up in your group and announces the migration date.
The Informatikdienste are upgrading the routers in our HIT/D/13 server room causing a downtime of the network of about 1 hour on Thursday morning, 15th September, between 05:30 and 07:30. Please note that various services will not be available during that time.
In order to perform some core service upgrades, we schedule a server maintenance window on
Monday, September 5, starting at 17:00 and lasting for approximately 3 hours.
Most D-PHYS IT services will be affected by that downtime, including logins, file servers and e-mail services.
E-mails coming in during the downtime will be held on the sender’s side and will arrive at D-PHYS with a delay. Sending e-mails won’t be possible during the window.
We’ll update this posting as soon as things are back to normal.
Update Monday 18:30 We managed to complete the migration ahead of time, everything should be back to normal. If you still encounter any problems, please let us know.