Author Archive

Corona and ISG

Thursday, March 12th, 2020

ISG is working from home. We will not be able to pick up the phone. If you have any helpdesk request, please use isg@phys.ethz.ch

As ETH and D-PHYS are working hard on every level to prepare for all conceivable situations related to Covid-19, also here at ISG we are trying to deal with the situation as it evolves. Some information from our side:

  • we’re currently dealing with a great number of requests. Please bear with us if reaction time is somewhat longer than usual
  • please always send requests to isg@phys.ethz.ch and not to individual people (fun fact: this also applies in non-Corona times!)
  • we have created a readme page that helps you prepare for home office
  • there is a D-PHYS internal wiki for easy sharing of information
  • please don’t take your managed Windows or Linux workstation home. It won’t work.
  • if you feel that you need some IT assistance or major changes to your setup, please get in touch with us at an early stage
  • we have taken precautions to be able to maintain D-PHYS IT Services and ISG Helpdesk even if we were being requested to stay home

new ISG staff member

Friday, February 7th, 2020

It is my pleasure to welcome Maciej Bonin into our group. He joins us to replace Patrick Schmid in the Linux team.

Welcome Maciej!

2019 in review

Friday, December 13th, 2019

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2019:

  • Ansible deployment: while we had already started to deploy servers using ansible as early as 2015, it was in 2019 that we consolidated and migrated almost all server configuration to this system and now have a common base for the D-PHYS server infrastructure.
  • Storage server separation: in the past years a constant growth in both volume and bandwidth of our SAN storage system caused occasional performance issues for some users. To alleviate this, we split our single SAN frontend file server into 4 individual machines (D-PHYS general, IPA, IGP and galaxy) in order to distribute the load.
  • New web server: at the end of 2018 we purchased a new D-PHYS web server to replace the previous 10-year-old system. In 2019 we devised a completely new and upgraded web server setup on this new machine and migrated all D-PHYS hosted web shares to the new system. If you are the owner of one of our web shares, please make sure to read the updated documentation for things that have changed.
  • Network migration: the extensive Hönggerberg network reorganization we reported last year is even more complex than we initially thought, so there’s no end-user-tangible progress this year – which doesn’t mean there hasn’t been a lot of behind-the-scenes work.
  • Storage: in 2019 the disk space occupied by data and backup grew from 2.1 PiB to 2.7 PiB, continuing the obvious trend of ever-growing data. The end of 2019 also saw a substantial expansion of the available disk capacity.
  • Clusters: we inherited two HPC clusters from CSCS that we’re now running locally.
  • InfluxDB / Grafana: we included this popular time-series database / visualization combination into our service catalog.
  • Outages: apart from a pre-announced migration window and some short-term network interruptions, our systems have been very stable in 2019.
  • OS upgrades: The Windows team was active in getting rid of the remaining Windows 7 machines and upgrading Windows 10 to the 1809 build, while on the Linux side workstations were upgraded to Ubuntu 18.04 and a first batch of servers to Debian buster.
  • Software upgrades: the FileMaker server has been upgraded.
  • UCC: the UCC project of Informatikdienste was stopped due to nonfulfillment of the technical requirements and all deployed services and devices have been rolled back. The whole project will be reevaluated from scratch.
  • IT security: we participate in and support the ETH-wide IT security initiative.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2020!

Phishing and malware emails

Sunday, September 29th, 2019

In light of the recent surge of malware waves, we have decided to quarantine all incoming emails containing Microsoft Office documents with macros enabled – actually, we have been doing so for a week already. Unfortunately way too many of you still open those documents and risk (or succeed in) infecting your computer. Emails containing such dangerous documents will be quarantined and are never shown to the user. Emails with static office documents (no macros) will be delivered unaffected. We’re aware of the fact that this policy might create the occasional false positive, but the benefits for all of D-PHYS far outweigh the downside and real use cases for macro documents via email are in fact very rare. In the 8 days of operation so far, we’ve detected ~850 infected office documents and only 1 false positive. Quarantined emails will be deleted after 30 days, so you have ample time to contact us in case a valid document gets flagged by accident.

Please get in contact if you have any questions.

Groupware upgrade

Wednesday, September 25th, 2019

Update 08:00: Migration completed. Please note that a legacy CalDAV URL has changed – if you’re using a CalDAV client (for example Thunderbird or Apple Calendar), make sure you have the correct URL according to the documentation

For our calendar solution groupware.phys we schedule a migration on Friday, September 27, starting at 07:30. The service will be down for approximately 1 hour. We will move the service to a new virtual machine and upgrade to a new version.

Web server upgrade – step 2

Wednesday, August 28th, 2019

With the migration of the ‘personal’ web sites completed we’re now addressing regular web shares. The easy ones have already been moved to the new web server and we’re now asking share owners to prepare for migration. We will perform the migration for you, but your web site has to be ready for the environment on the new server (PHP 7 or Python 3 in particular). We’re currently planning to power off the old web server at the end of 2019, so if you haven’t migrated by then, your site will be offline. Please work with us to keep this deadline.

Web server upgrade – step 1

Tuesday, July 9th, 2019

Update 10:15 – migration done, please let us know if you experience any problems.

After 11(!) years of loyal service, the current D-PHYS web server hardware will be retired in 2019 and all web sites hosted by ISG will migrate to new hardware. We will take the opportunity to reorganize the way we host web sites and improve the general setup of the web server.

In a first step, we will migrate the ‘personal’ web sites (those residing in public_html/ in a home directory or group share) on Wednesday, 17.7.2019. We have extensively tested the new setup, and unless you’re using dynamic content in your public_html folder (like PHP or other CGI scripts), you should not notice anything. With CGIs, there’s a slight chance we might have overlooked something, so please test your dynamic content after that date and get in touch if you see a problem.

The regular web sites hosted by us will be successively moved to the new hardware at a later time and we will get in touch with their owners should it be necessary.

Note that this will not affect the department website in any way as that one is hosted on the CMS of Informatikdienste.

2018 in review

Tuesday, December 18th, 2018

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2018:

  • New mail server: between January and March, the virtual machines that make up the D-PHYS mail server were migrated to new hardware. We’re now running on a state-of-the-art server with SSD storage that will serve the department’s needs for many years to come.
  • New LDAP servers: in late 2017 we started a big migration to a cluster of new LDAP servers. This move was completed in the spring of 2018 and the old server turned off.
  • group membership edit: one of the benefits of the LDAP migration is that group memberships can now be managed directly by dedicated owners of a group. If you feel responsible for one such group and would like to be able to perform member management yourself without having to go through us each time, please get in touch.
  • New web server: we purchased new D-PHYS web server hardware to replace the old 10-year-old system. Since we’re also planning to change the setup of your web hosting, migrating the existing web sites to the new hardware will be a long process that will extend well into 2019.
  • Network migration: while we were in an advanced planning stage of a segmentation of the D-PHYS network and had already started to implement the first changes, Informatikdienste announced that the underlying network layout of the whole Hönggerberg campus would be redesigned in 2018/19 which deeply influences and impacts our work as well. We’re now on hold until we know details of ID’s technical implementation.
  • Storage: in 2018 the disk space occupied by data and backup grew from 1.6 PiB to 2.1 PiB, which means that growth in storage has picked up steam again after two slow years.
  • Outages: apart from the above-mentioned pre-announced migration windows and some short-term network interruptions, our systems have been very stable in 2018.
  • OS upgrades: the Windows 10 rollout has been largely completed and most Linux workstations have been upgraded to Ubuntu 18.04.
  • WiFi change: we accompanied and supported ETH’s wifi change project in November.
  • UCC: the UCC rollout which will replace the existing ETH telephony system with an all-IP based solution has been put on hold by Informatikdienste since the service quality was severely lacking. We’ll know more in 2019.Q2.
  • IT security: we participate in and support the ETH-wide IT security initiative.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2019!

Storage migration

Monday, December 3rd, 2018

Update 21:00 – IGP shares are back. Welcome to igp-data!
Update 19:30 – the D-PHYS shares are back. IGP will take a little more time.

In order to guarantee sustained performance and availability of our storage system, we need to schedule a few storage maintenance windows. The first one will take place on Wednesday, 12.12.2018 at 16:00 and affect all D-PHYS and IGP group shares, but not IPA or galaxy (technically: windata/macdata, but not astrogate or ipa-data). The relevant shares will be offline for at least 3 hours.

For emergency cases, there will be read-only access to last night’s backup as described here.

Please note that these migrations will bring some overall changes to the D-PHYS storage setup:

  • the SMBv1 protocol will be disabled on all file servers. It has a long history of security issues and we’ve migrated all clients to newer versions, so this should not affect anyone. However, there’s a small chance that we didn’t catch all connections, so please contact us if you experience any issues after the migration.
  • all SMB protocol versions will be restricted to ETH-internal access. This step has been long overdue and since most ISPs block the necessary ports anyway, it shouldn’t affect too many users. What it means however: in the future, file server access from outside ETH requires VPN.
  • IGP/D-BAUG will get their own front-end server igp-data. If you’re with IGP and have already switched your file server mounts from windata to igp-data, you’re good and don’t have to do anything. If you haven’t, you should do so before Dec 12 in order to get a seamless migration experience.

We’ll update this post as the migration progresses and as soon as the systems are back.

Groupware migration

Thursday, September 27th, 2018

On Tuesday, October 2, starting at 07:00, we will migrate our groupware instance to another server. For about 1 hour you won’t have access to your calendar. If you’re one of the few people who also sync their email via groupware, mail will be offline too (you can always use webmail). After the migration your clients should just reconnect and resume syncing. If you notice any issues after we’re done, please get in touch.

Update Wed 07:45: migration completed, please let us know if you experience any problems.