This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers.

Some highlights of 2025:

• Lab networks: in order to assist the research groups with their increasingly complex networking requirements, we introduced a new isolated networking scheme.
• Managed workstations: the migrations to Windows 11 and Debian Bookworm have been completed.
• Storage and backup: we modernized the backup infrastructure and implemented significant behind-the-scenes improvements. The disk space occupied by data and backup grew only slightly from 5.3 PiB to 5.4 PiB.
• Infrastructure work: our Debian and Ubuntu mirror has been migrated to new hardware.
• Windows software deployment: we're currently beta-testing the Baramundi service to replace our long-established Windows software deployment.
• Security (Linux): we had to develop tooling to detect and protect from DDOS/AI scraping. Our firewall now limits connections from 90+ cloud hosting providers on servers and is more restricted on workstations.
• Matrix/Element: usage almost doubled to 1461 active users.
• Knowledge management: together with 3 research groups we're currently evaluating an AI system to interactively explore the knowledge hidden in lab journals and publications.
• Outages: apart from some short-term network interruptions, our systems were very stable in 2025.
• Apprentice: our apprentice Vanessa successfully completed her training in August. Her successor Alessio will start in February.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2026!

Upcoming downtime: XFSv5 on groupdata network shares

There will be a larger maitainance downtime for all D-PHYS grouphares. Other shares like Web, IPA, ... are not affected. The downtime is scheduled for:

• Saturday, January 3rd 2026 20:00 -- Sunday, January 4th 2026 10:00

You will not be able to access any shares on groupdata during this time. Afterwards everything will just work as before. If this will disrupt any essential operation, let us know asap! There will be another reminder closer to the downtime.

Technical background: We need to upgrade the XFS filesystem metadata. This cannot be done in place, so we have to backup, reformat and restore all shares. We need to sync roughly 180TB so it will just take some time.

The time has come to upgrade your Windows 10 computer to Windows 11 or a Windows 10 LTSC version - the extended support for Windows 10 ends on October 14, 2025 (Windows lifecycle)

Why can I no longer use Windows 10 on the ETH network after the end of 2025?

Only operating systems with vendor-provided security support are allowed to connect to the ETH network.

• ETH Zurich Acceptable Use Policy for IT Resources (BOT) and Appendix

What should I do now?

If you are using a computer with preinstalled Windows 10 for your daily work, please upgrade it to Windows 11 by the end of this year at the latest.
The easiest way is to use the "Microsoft Media Creation Tool" available here.
This process is called an "in-place upgrade". All applications and configuration settings should be preserved.

If your computer is installed with the Windows 10 Education license from the ETH IT Shop, order Windows 11 Education from the IT Shop and use it for the upgrade.

If your computer is located in a lab and needs to be highly available for collecting measurement data, you may use a Windows 11 LTSC version instead of the Education version.
Please contact the IT administrator within your group. They should be able to assist you or contact us if further help is needed.

If you believe you cannot upgrade your computer or need help choosing the right upgrade path, please refer to our README for possible solutions or contact us.

⚠️ Please note: At some point, the network security group of Informatikdienste will begin scanning for remaining Windows 10 computers. These devices will then be disconnected from the network.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers.

Some highlights of 2024:

• Infrastructure work: the Vaultwarden password manager was introduced as a new service.
• Email: As part of our continous email server improvements, we updated the Mailman mailing list software to a new major release and drastically increased IMAP search performance.
• Linux workstations: we overhauled the managed Linux workstations setup and migrated almost all Ubuntu workstations to Debian Bookworm.
• Storage: we streamlined the storage infrastructure and implemented significant behind-the-scenes improvements. The disk space occupied by data and backup grew from 5.1 PiB to 5.3 PiB.
• ISG lecture series: we teamed up with our SIS colleagues and managed to increase attendance of the Basics of Computing Environments for Scientists lecture series.
• Matrix/Element: We started collaborating with EPFL who joined the federation. We also received the first spam and implemented countermeasures and additional logging. This year we counted 819 active users on 2978 devices (1014 Windows, 472 Mac, 370 Linux, 534 Android, 276 iPhone, 105 iPad), who sent 1'158'897 messages in 6'740 rooms created on our server. Our users also participated in 1'746 other (and 1'563 spam) rooms with 1'790'894 messages.
• Outages: apart from some short-term network interruptions, our systems were very stable in 2024.
• OS upgrades: almost all managed Windows workstations have been upgraded to Windows 11 and the first Macs to Sequoia.
• Apprentice: we take part in the new Wayup apprenticeship pilot project and could welcome first Eric and now Vanessa into our team.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2025!

This announcement will probably not affect too many users, but it might have some impact and we can't narrow down the recipient space.

For some time now, our group shares on groupdata.phys.ethz.ch, when mounted via SMB, allowed so-called wide links - they point from one group share to a place outside of this share (usually to another share). For $complicated_reasons we have to disable those wide links. This will break redirection to the target share. We believe this is mainly a convenience issue, but we might not be aware of legitimate use cases. So if you find something broken after

Tuesday, October 8, 2024

please get in touch so that we can find a solution. Links within a particular share will still work, but link targets have to be relative (../../papers/thesis.tex) instead of absolute (/home/sharename/documents/papers/thesis.tex).

Thanks.

This one goes out to all HPT inhabitants. As you might have noticed, the HPT network infrastructure is currently being remodelled. In order to be able to take full advantage of the new uplink cables and access switches, ideally all grey patch cables (from the wall sockets to the devices) should be replaced as well (the blue ones are OK). We do realize that this is not realistic in many (lab) settings, but please swap them out for new cat6 cables whenever you can (they're available in the D-PHYS Shop). Don't hesitate to contact us if you have questions.

Starting in mid-August, we will migrate the OS of all managed Linux workstations from Ubuntu to Debian during summer/fall of 2024.

The exact migration dates for specific workstations will be coordinated individually in close collaboration with the respective user(s). Please note that due to the complexity of the migration it is not possible to delay this indefinitely. The migration is mandatory for all Ubuntu workstations (incl. older 20.04 Focal).

Hardware owners and users are asked to check the required steps before the migration [1] now, which includes possibly needed hardware upgrades.

All users should be aware of the (breaking) changes [2] introduced with the new setup.

Please also refer to our readme page on why [3] we do the switch to Debian.

Beta test

Please get in touch with us if you have a spare workstation to participate in beta testing, starting now. Note that any such workstation will be reinstalled again in August 2024 after completion of beta testing.

Our D-PHYS mailing lists will be offline for maintenance on Thursday 6th June from early morning to approximately 10h00. No emails to @lists.phys.ethz.ch addresses will be accepted during that downtime.

Under the hood, the mailing list software will be migrated from mailman2 to mailman3. After the migration, the web page lists.phys.ethz.ch will have a new look with a modern web interface. You will be able to see and manage all your mailing lists right from the landing page. But note that all other URLs will have a new structure, so any browser bookmarks to individual mailing list configurations or archives will need to be updated.

For users that only receive messages from these mailing lists, nothing should change.

When sending messages to our mailing lists, pay attention, already now, to always use the <somelist>@lists.phys.ethz.ch domain. The obsolete <somelist>@phys.ethz.ch alias exceptions will no longer be accepted after the migration.

Mailing list owners and moderators will be contacted in a separate email with additional information, right after the migration. In particular, the new system will have personal accounts for all users, so that passwords must no longer be shared among list administrators. Also note that any held messages pending for moderation will not be migrated. So please accept or discard moderation requests the day before the migration.

Further documentation is available in our readme.

TL;DR: we now offer a password manager service that also allows sharing passwords within groups.

Full story:
For a long time, we've been trying to promote IT security in general and secure password handling in particular. In both our introductory course and our documentation we recommend using a password manager to securely handle the plethora of passwords that modern-day life usually entails (hopefully a different one for each service!). What we did not have however was an easy-to-use solution to sync your password vault across your different devices. Yes, there's KeePassXC that can work with Polybox to ensure coherent password databases on all devices, but that's not exactly straightforward to set up.
In order to make setting up and handling the password manager easier for you, we're now announcing a new service: an Open Source password vault hosted at ISG D-PHYS:
Vaultwarden is an alternative implementation of the the Bitwarden backend and we've been evaluating it for a while. It now seems ready for prime time so after testing within ISG, we're releasing it to the Department. Aside from easier daily usage, it offers another feature that many (research) groups might find interesting: passwords and confidential information in general can be shared with others, e.g. the group's credit card with all PhD students.
If you'd like to give it a try, please read our service description to get started.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Unfortunately, two of our colleagues had to take extended sick leaves this year, so we didn't have as much capacity for innovation and had to focus on system maintenance.

Some highlights of 2023:

• Storage: in the first half of 2023, we performed a major overhaul on our storage and backup infrastructure in both hardware and software. The disk space occupied by data and backup grew from 4.8 PiB to 5.1 PiB.
• Infrastructure work: our Ansible deployment setup was further extended and refined. All Windows servers have been added as well as the macOS clients.
  All eGroupware users were migrated to the new SOGo calendar. We also enabled DKIM signing on our D-PHYS mailserver. The Windows HyperV cluster has been upgraded for better performance.
• Matrix/Element: We upgraded both the OS and the Matrix server software. This year we counted 748 active users on 2579 devices (1019 Windows, 517 Linux, 424 Mac, 619 Mobile), who sent 1'086'537 messages in 5'510 rooms created on our server. Our users also participated in 763 other rooms with 1'157'466 messages.
• ISG lecture series: our Basics of Computing Environments for Scientists lecture series was held twice in 2023 with shockingly low attendance.
• Outages: apart from some short-term network interruptions, our systems were pretty stable in 2023.
• OS upgrades: work is well underway to migrate the managed Linux workstations from Ubuntu to Debian and the majority of servers are now running Debian bookworm. The Windows team started the Windows 11 rollout. Most of the managed Macs were upgraded to macOS Ventura.
• Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.
• IT security: with the world being what it is, IT security plays an ever increasing role in our work and permeates all our plans and projects. We also take part in the current rewrite of ETH's IT security regulations. On the Windows virus scanner front, Sophos was EOL'd and replaced by Windows Defender.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2024!