Windows Networking User Group |
WNUG Menu |
Nate started out explaining the functions of the WMAC team within IT and the University.
Plan was to do a swing upgrade as opposed to an in place upgrade – i.e. install a new server, move mailboxes from an existing server the new server, decommission the old server, rebuild it, etc. This was chosen because of the problems with doing an in place upgrade.
Original timeline – Preparation of servers over the winter break; Begin mailbox moves after Jan. 1st. The project team really started tackling all of the project tasks at the end of last summer.
What has taken place – Data from Exchange 5.5 needed to be moved to the Active Directory. First the Active Directory Connector was installed, and then the ADC agreements. The mailbox moves could then begin. Mailbox moves, overall, went smoothly for first server to be moved. Four Exchange servers had to be moved. Name change from MAINEXx to EXx. Outlook web access has changed – Exchange.asu.edu is the new address for web-based application.
Public folder replication was the next task addressed. Public folders still exist on MAINEX1, but a replica was made to the new server that is handling this (EX5). If anyone is having problems with public folders that they own, please let the WMAC team know. Permissions seems to be the main cause for most of the problems with public folders.
What’s left – get rid of old MAINEX1. This server has all of the suspended mailboxes which need to be removed; all of the bridgehead services need to be rehomed (site connectors); upgrade MAINEXSTU1 server and the West campus Exchange environment upgrade. The directory sync software needs to be rewritten to update the AD attributes. Move the internet mail service to Exchange 2000.
Current state – 5 Exchange 2000 servers, two Exchange 5.5 servers. Due to the problems that started to occur with MAINEX1, several steps are being taken to move up the tasks involving MAINEX1. There were still performance issues – bottleneck with the client. Suggestions – Traces of the old server names in the registry; these need to be changed to the new server names. These are found in the registry profile. It is suggested that you delete the current profile and then recreate the profile for Outlook. If you’re recreating the profile for a home machine, you need to put the fully qualified DNS name for the Exchange server (not just EX1) – ex1.asu.edu. Calendar shortcuts – looking at other people’s calendar – if you’re using a shortcut for this, recreate it because the shortcut may be pointing to the old Exchange server address. Public folder permissions lists can contain membership for mailboxes that no longer exist. Distribution list replication – one-way connection agreement (5.5 to 2000 only) was originally implemented. It is now a two-way replication. Changes made will be maintained now (one-way, manually changes were being lost).
Steps still underway to improve performance – remove MAINEX1; memory adjustment on the servers (done last night); free/busy data master is now on EX5 (done last night); ASURITE GC servers will have a memory upgrade. MBA Exchange server will be upgraded 2/20th. Site replication service can be stopped after that.
Questions and discussion:
ECA Upgrades/Stabilization - John Babb
Goal is to address how to make computing in ECA/ECB easier to debug, understand, etc. Weekly meetings to discuss how to improve computing have been setup with Data Comm and IRIS representatives. Semester startup will be taken into consideration especially due to the problems that occurred at the beginning of this past semester. The group is focusing on addressing flexibility and responsiveness to problems in ECA \ECB. Upgrades are long overdue. Spring semester problems raised the level of concern to the point that funds were allocated from the Provost and President’s office.
First portion of the upgrade – border firewall upgrade Next part of the upgrade – upgrade two 5500 Cisco routers in ECA to 6500 Cisco routers; other routers Upgrade of the firewall software
What happened first day of classes – BAC breaker went out. Two load balancing boxes that are before the DMZ firewall, failed. Were able to upgrade the DMZ firewall to Nokia checkpoint. Currently, the firewall is doing its own load balancing without using the DMZ.
Want to have the ability to isolate the applications by platform in ECA – such as isolating Microsoft networks, BlackBoard, etc.
VPN/Firewall Update - Dave McKee and Jack Hsu
Border router upgrade – or as Dave put it “What We did on our Winter Vacation”
7513 routers – one for Aspin; one to internet service providers;
Received funding for upgrading the complex
Replaced DMZ gateway with a 6500 router (Aspin gateway); converted the ASU gateway (talks to ISP) – combined into one box. Two boxes on the inside – replaced the box that talks to all of the external ASU customers; replaced another box that handles ASU. Replaced four boxes into the two.
Another router has been placed between outside router and firewall – new DMZ.
Firewall is currently on a fail-over service; in the future, implement a DMZ.
Split traffic between ResLife Firewall is designed to protect inside of ASU. Firewall is not setup to handle a hacker from the inside trying to go through it to get out. Compromises the firewall. Jack stressed the importance of making sure all workstations and servers we are responsible for have all the latest service packs and patches applied. Keeping machines patched is the biggest defense.
Discussion:
Update on COX - Robin Manke-Cassidy
They haven’t done anything yet. Once they do, you need to get on the VPN. New version of CheckPoint software will be made available after it has been tested and the server side changes have been made.
Put a personal firewall on personal machines before using the VPN. The software CD that will be distributed that will have the VPN software, firewall, and antivirus. Information on setting up a VPN and securing a home workstation can be found at http://www.asu.edu/comm ,and http://www.asu.edu/security |
Updated February 8th, 2005 |