Changes in printing

Update 27.11.: We now have the migration dates and final printer list here

As you might have read elsewhere, ETH will consolidate its printer fleet for cost cutting reasons. Even though at D-PHYS we already have a very efficient printing landscape, ID will enforce a uniform 30% cut across the board. We have tried to limit the impact as much as possible and still ensure a fair and even printer distribution throughout D-PHYS, but the implications will be felt by everyone.

  • 30% of all existing printers in D-PHYS will be dismantled.
  • All remaining printers will be replaced with HP hardware.
  • All those will get new generic queue names (like p-hil-hp002) that bear no indication as to the printer's location in the building.
  • Everybody will have to reinstall all printers they'd like to use in the future.
    • on managed workstations we will prepare this as much as possible.
    • on self-managed machines you'll have to follow our instructions.
  • This might be the perfect opportunity to switch over to the universal card-ethz queue that will let you forget about queue names (you can do that already now).
  • We understand that for some of you this change will significantly affect your daily work. We urge you to PLEASE not try to solve the problem by buying your own printer. Instead, please get in touch with me (Christian Herzog) so that I can collect your complaints and forward them to the person responsible for this change.

The whole process is supposed to happen in December and will be rolled out building by building. We're posting this already now as individual printers in D-PHYS have already been replaced.

We will update this post with updates as they become available.

Apple built-in VPN will stop working at ETH

The central IT services will gradually disable the older IPSec protocol for ETH VPN:

  • 16th Nov 2023 for students ( realm)
  • 13th Dec 2023 for employees ( realm)

Those of you who are already using the Cisco Secure Client for their VPN connections will not be affected by this change. Also the Linux openconnect client will continue to work.

However, any client relying on the IPSec protocol will become non-functional. In particular, the built-in VPN of Apple operating systems (macOS, iOS, iPadOS) will stop working. All affected users must migrate to the Cisco Secure Client in the upcoming weeks, to avoid any disruption of the VPN service.

For the actual installation, please refer to the VPN documentation of Informatikdienste, or our own readme for macOS.

Also note that, in the upcoming months, ETH will enable Multi-Factor-Authentication (MFA) for the VPN service. So all users will have to enter a one-time-password (OTP) when connecting the VPN. This is similar to the other services, mainly the cloud services of Microsoft, Adobe and Zoom, where MFA has already been enforced for ETH accounts. Further details regarding the VPN MFA migration will be announced as soon as the precise dates have been fixed.

Matrix (chat) server maintenance

All Matrix services will be offline for maintenance starting on Thursday 31th Aug 2023 in the morning around 06h00. Minimal downtime is 1h, but some bots/bridges may take longer.

The host system will be upgraded from Debian 10 to 12, followed by an upgrade of the database (PostgreSQL 11 to 15) and ~20 application servers.

Upgrade schedule: homeserver (people accounts)

First priority is the homeserver hosting our accounts and rooms. Estimated (best case) downtime ~1h.

Your Matrix clients (Element) will show connectivity errors during the downtime:

Matrix homeserver offline homeserver (bots, bridges)

Second priority is the homeserver, all bots, bridges present in the room and anything else. I expect most to be back after another few hours but Thursday evening at the latest.

The deprecated webhook bridge will be put out of service.

Not affected

The ETH homeservers and are not affected by this downtime.

Alternative: video conferencing with integrated chat.

home server maintenance

Scheduled maintenance will be taking place on our file server on Wednesday, July 12, starting at 16:00. The service will be down for approximately 4 hours. We will be replacing the hardware with all-flash storage and upgrade the base system.

Update 18:15: the new home server is open for business. Most SMB + NFS clients will not have survived the 2h downtime and will have to be rebooted. We'll go through the most obvious ones, but if yours won't work, try restarting.

All home directories (Linux, Windows and Mac, SMB and NFS) will be unavailable during this time.

For emergency cases, you'll have read-only access to the backups as described here.

This migration will mark the end of the huge storage migration project of 2023. Thanks for your patience.

Migration to new calendar solution

It's time to say good bye to eGroupware and welcome to SOGo.
As we outlined in our previous posting, we will be switching to a new calendar solution.
We coordinated with those of you using group calendars and have migrated those already. Now it's time to move the individual personal calendars. This cannot be automated and will have to be performed by each user, but of course we're here to assist if needed.
To make the change as easy as possible for you, we have written a readme.
We ask you to complete the migration by the end of August, so that eGroupware can be decommisioned afterwards.
Thanks a lot.

group-data server maintenance

Scheduled maintenance will be taking place on our server on Wednesday, June 7, starting at 16:00. The service will be down for approximately 4 hours. We will be replacing some hardware and upgrade the base system.

All group shares will be affected except IPA, IGP and Galaxy.

For emergency cases, you'll have read-only access to the backups as described here.

Sophos Antivirus nears end of life

This applies to all self-managed computers (servers, workstations and laptops) on which the product "Sophos Anti-Virus" from the IT store is installed.

"Sophos Anti-Virus" will become End of Life by the end of June 2023 and will be no longer supported by the vendor or ETH Zurich. After this date, there will be no updates and your machine will not be sufficiently protected any longer.

ETH Zurich recommends using the built-in antivirus solution of the respective operating system.

Detailed instructions for uninstalling Sophos Antivirus and activating the antivirus solutions of your operating system can be found in the following link in the IT Knowledgebase: Anti-Virus: Replacement of Sophos for Self-Managed Devices.

Users of managed Windows Computers by ISG can ignore this information because we will manage the transition from Sophos to MS Defender automatically.

2022 in review

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Since it took us almost exactly one year to fill our vacant Linux System Engineer position (once again: welcome Sascha!), we didn't have as much capacity for innovation as in previous years and had to focus more on system maintenance.

Some highlights of 2022:

  • Mail server: the D-PHYS mail server got an OS upgrade in spring and was migrated to our general hypervisor setup, which adds redundancy and facilitates maintenance. In addition, work is in progress to support DKIM and further tighten our SPF and DMARC settings.
  • Web server setup: the main D-PHYS web server got an OS upgrade in spring, test and staging environments and optional ssh access for power users.
  • Infrastructure work: our Ansible deployment setup was further extended and refined and the first Windows servers have been added.
    Work has started to replace the Sophos virus scanner on managed Windows workstations.
    We migrated our floating licenses from three servers to a single high availability server.
    Within the next year, we'll migrate all eGroupware users to the new SOGo calendar.
  • Storage: in 2022 the disk space occupied by data and backup grew from 3.7 PiB to 4.8 PiB, marking a significant annual growth in storage volume. A major storage migration is due in early 2023.
  • Matrix/Element: This year we counted 737 active users, who sent 1'019'205 messages in 5'259 rooms that were created on our server. Our users also participated in 423 other rooms where 1'190'446 messages were sent. Two additional research groups migrated from Slack to Matrix.
  • ISG lecture series: our Basics of Computing Environments for Scientists lecture series was held twice in 2022 with surprisingly low attendance.
  • Outages: apart from some short-term network interruptions, our systems were pretty stable in 2022, with the notable exception of a localized "3 dead disks in a RAID6" disaster in September.
  • OS upgrades: most managed Linux workstations were upgraded to Ubuntu 22.04 and the majority of servers are now running Debian bullseye. The Windows team prepared a new LTSC release and a Windows 11 setup. The managed Macs were all upgraded to macOS Monterey.
  • Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.
  • IT security: with the world being what it is, IT security plays an ever increasing role in our work and permeates all our plans and projects. We also take part in the current rewrite of ETH's IT security regulations.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2023!

new ISG staff member

It is my pleasure to welcome Sascha Giger into our group. He joins us to complete the Linux team.

Welcome Sascha!

Web server upgrade

This Thursday 2022-02-10 starting at 07:00 we will upgrade the server hosting most of our websites.

Affected websites

The following websites are unavailable during the downtime:

Important changes for website owners

All website owners: If you are a website owner/admin, please join our new Matrix room, to get support and news. After the upgrade, please check your websites for problems.

Python WSGI app owners: All WSGI apps have been switched to use a virtual environment to pin the currently used Python package versions. We encourage you to review and upgrade your dependency versions (via requirements.txt) after the server upgrade. Please read our new WSGI documentation for details.


  • OS: Debian 10 -> 11
  • Python: 3.7 -> 3.9
  • PHP: 7.3 -> 7.4