Committee meeting - November 26, 2020 | Computing Technology and Services Committee

Carol Lu鈥赌�
Secretary to the Committee鈥赌�
November 26, 2020鈥赌�
鈥赌�
Present:鈥疭teven Bourque, Bill Baer, Erick Engelke, Paul Miskovsky, Andrew听McAlorum, Greg Smith, Trevor Bain, Lori听Paniak, Jason听Testart, Greg Parks, Robyn Landers, Pratik Patel, Lawrence Folland, Don Duff-McCracken听

骋耻别蝉迟蝉:鈥�Matt Verlis, Shah Chandon听
听
搁别驳谤别迟蝉:鈥�Andrea Chappell, Adam Savage, Daryl Dore听
听
础驳别苍诲补鈥赌�听

Presentation: New ONA live demo (Matt Verlis) [20 min.]听
Chair鈥檚 remarks (Steven Bourque) [5鈥痬in.]听
Approval of the minutes of the meetings of Thursday November 12, 2020鈥痆5鈥痬in.]听
Registering permanent devices on the network with static IP addresses (Erick Engelke) [10 min.]听
2FA transition + VPN tool (Robyn Landers) [5 min.]听
WVD/Azure Billing Model (Steven Bourque) [ 5 min.]听
Other business and roundtable discussion 鈥� all [30鈥痬in.]听
Next CTSC Meeting [Will be held Thursday December 10 at 1:30 p.m.]听

Presentation: New ONA live demo (Matt Verlis)听

Matt Verlis gave a demo of the new ONA听

Comments and discussion鈥�听

Do you have to have a Connect email account in order to subscribe for email alerts?鈥�
No, email alerts will also work for Office 365 email accounts听
Can update the blue banner in the new ONA to include this听
Can the synchronization of a switch be interrupted if you accidentally close the browser tab?鈥�
No, the sync will still occur however the front-end听program听will not recognize that the sync happened. This will result in other users not being able to make changes as the synchronization lock will not be released听
GUI is based on听.net听framework听
There is a direct database with read-only access that will be distributed to the CTSC mailing list听
Database is on SQL server听
Is there an option to stop the processing of听syslogs?听
May be possible to implement听
How can users input a planned offline maintenance?鈥�
Users can email IST's Network Services to add a planned offline maintenance window in the new ONA听
HP switches will not be added to the new ONA; they will stay on the old ONA on a newer server听
There are only a few switches that span across more than one building (e.g.,听EV1, EV2, EV3)听
Segmentation听is implemented on a building level鈥�
The new ONA is relatively mobile-friendly,听with听the听exception of听some pages听
Is there documentation or best practices for using the new ONA?鈥�
The comments field can be used for anything听
Note: data jack and room are separate fields and听auto populated听in the description鈥�
Do not use the description field since the information will be听auto populated听
Initial workflow may be slightly different if you听have to听input the data jack and room information听
Once data jack and room information is added, workflow should be relatively听similar to听the old ONA听
Please email Matt with additional feedback and comments听
When 1.0 is ready, Matt will send an email to the CTSC mailing list to collect the names of users who need access to the new ONA听

Chair's remarks (Steven Bourque)听

No remarks.听

Approval of the minutes of the previous meeting听

The previous meeting鈥檚 minutes were accepted as distributed.鈥赌�

Registering permanent devices on the network with static IP addresses (Erick Engelke)听

鈥疪unning into issues when registering permanent devices on the network with static IP addresses and IPv4 subnets听
IPv4 address space is available but there are not enough subnets听
This will continue to be an issue as Engineering 8 is being built听

Comments and discussion听

IST recommends using dynamic IP addresses wherever possible听
Dynamic addresses are more effective;听dynamic听IP addresses cannot听resolve to听Active Directory听names at this time听
IST will investigate creating a dynamic DNS to match the domain name听sometime听next year听
This would be beneficial in helping IPv6 be more transparent听
Might be helpful to put printers on private subnets听
NAT IP addresses should only be used as a last resort if you run out of addresses听
Registrations need to be managed better听
Should come up with a way to identify addresses that are stalling鈥�
Science has some VLANs that are full and some that are empty听
Unused blocks could be used more efficiently if blocks could be moved听or spanned across multiple buildings听
Dynamic IP addresses are not NAT addresses by default听
Wi-Fi and Residences are听NAT,听but most addresses are not听
Contact IST Network Services if you are interested in doing a听clean-up听of IP addresses听
IPv6 inbound is blocked by default but you can听request exceptions听for server rooms听
IPv6 uses the default firewall settings听
Pings are allowed inbound听

2FA transition + VPN tool (Robyn Landers)听

Some users had difficulty locating the 2FA instructions to troubleshoot VPN鈥�
Most documentation available only covered the Duo app but did not cover the other 2FA options鈥�
The email sent to generic accounts regarding mandatory 2FA did not include the name鈥痮f the generic account in the email鈥�
Users who have access to multiple generic accounts or mailbox forwarding rules鈥痺ere confused by which generic accounts were being referred to听
This confusion may have led to the low response rate; would be helpful to include the specific user ids in future听
Math has created a tool for users to check their UW VPN connection:鈥�
Includes 2FA second password information and links to IST Knowledge Base articles for additional troubleshooting听

Comments and discussion听

Users need to accept the DUO push on their devices within 10 seconds, otherwise multiple prompts will appear听
Timeout cannot be increased from 10 seconds; 10 second timeout is required听for听2FA to work with Cisco VPN听
Using a passcode from the DUO app,听YubiKey, or Duo token prevents multiple prompts on your device听
One-time codes听seem听to be more reliable than other 2FA methods鈥�
Voice calls would have to be disabled in order to eliminate multiple prompts听
In Safari, 'Prevent cross-tracking' and 'Block all cookies' need to be disabled in Privacy settings in order to enable the 'Remember me for 30 days' feature听
Typing 'phone' as the push method will result in multiple calls听
Cisco AnyConnect Client does not allow for the pop-up message to be shown before the user authenticates鈥�
The VPN articles in the IST Knowledge Base should be鈥痚asier to find for users听
The 2FA website has a lot of useful information but it could be more user-friendly听
Duo admin page shows a higher login failure rate after work hours, which suggests students could be having more 2FA log in issues than staff鈥�

WVD/Azure Billing Model (Steven Bourque)听

IST would like to keep the Windows Virtual Desktop/Azure billing model听in line听with the 蓝莓视频 Budget Model听and鈥齛void听doing chargebacks听
With the 蓝莓视频 Budget Model, the cost would be proportional to the usage听
/waterloo-budget-model/details/academic-support-units-cost听[IST has requested and updated version]听
This model would be for labs and other client-facing uses, not听Data Centres or听high-performance computing听

Comments and discussion听

Does this mean an extension of the Microsoft agreement is not being pursued?鈥�
Multiple options are being looked at concurrently听
If Microsoft agrees to an extension, it will still be temporary听
On-prem VDI is licensed for staff but not for students听
It is recommended to start migrating to Windows Virtual Desktop now if possible听
In Engineering,听many听software听cannot be听licensed听in the cloud听
A last resort option may be to buy licenses for students听
Should consider听whether听students want to use computer labs at all in the future听
In Arts the labs are not used heavily; these spaces may be modified in the future to just have ports, Wi-Fi, etc.听

Other Business/Roundtable听

Client Services, IST (Andrew)听

TIS and ISS have come up with a process to prevent retirees O365 and Connect accounts from being deprovisioned听
Process is a temporary solution until a more long-term fix is implemented听
Note: retirees who take the lump sum pension option are not included听
Members have been selected for the Jira Service Management governance committees听
Kate Wood and Daniel Allen are joining the operations committee听
Lawrence Folland and鈥疍on Duff-McCracken are joining the steering committee听
A communication will be sent out this week about the鈥�IST Service Desk moving common request forms from RT to Jira Service Management听

Math (Robyn)听

Regarding the communication from IST about the removal听of鈥痠nfo.uwaterloo.ca听and strobe.uwaterloo.ca - confirmation that all important content has been moved from these systems?鈥�
There is听an听IST project on the听decommissioning听of these systems, this would have been checked during the project听

蓝莓视频