This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers.

Some highlights of 2024:

• Infrastructure work: the Vaultwarden password manager was introduced as a new service.
• Email: As part of our continous email server improvements, we updated the Mailman mailing list software to a new major release and drastically increased IMAP search performance.
• Linux workstations: we overhauled the managed Linux workstations setup and migrated almost all Ubuntu workstations to Debian Bookworm.
• Storage: we streamlined the storage infrastructure and implemented significant behind-the-scenes improvements. The disk space occupied by data and backup grew from 5.1 PiB to 5.3 PiB.
• ISG lecture series: we teamed up with our SIS colleagues and managed to increase attendance of the Basics of Computing Environments for Scientists lecture series.
• Matrix/Element: We started collaborating with EPFL who joined the federation. We also received the first spam and implemented countermeasures and additional logging. This year we counted 819 active users on 2978 devices (1014 Windows, 472 Mac, 370 Linux, 534 Android, 276 iPhone, 105 iPad), who sent 1'158'897 messages in 6'740 rooms created on our server. Our users also participated in 1'746 other (and 1'563 spam) rooms with 1'790'894 messages.
• Outages: apart from some short-term network interruptions, our systems were very stable in 2024.
• OS upgrades: almost all managed Windows workstations have been upgraded to Windows 11 and the first Macs to Sequoia.
• Apprentice: we take part in the new Wayup apprenticeship pilot project and could welcome first Eric and now Vanessa into our team.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2025!

This announcement will probably not affect too many users, but it might have some impact and we can't narrow down the recipient space.

For some time now, our group shares on groupdata.phys.ethz.ch, when mounted via SMB, allowed so-called wide links - they point from one group share to a place outside of this share (usually to another share). For $complicated_reasons we have to disable those wide links. This will break redirection to the target share. We believe this is mainly a convenience issue, but we might not be aware of legitimate use cases. So if you find something broken after

Tuesday, October 8, 2024

please get in touch so that we can find a solution. Links within a particular share will still work, but link targets have to be relative (../../papers/thesis.tex) instead of absolute (/home/sharename/documents/papers/thesis.tex).

Thanks.

This one goes out to all HPT inhabitants. As you might have noticed, the HPT network infrastructure is currently being remodelled. In order to be able to take full advantage of the new uplink cables and access switches, ideally all grey patch cables (from the wall sockets to the devices) should be replaced as well (the blue ones are OK). We do realize that this is not realistic in many (lab) settings, but please swap them out for new cat6 cables whenever you can (they're available in the D-PHYS Shop). Don't hesitate to contact us if you have questions.

TL;DR: we now offer a password manager service that also allows sharing passwords within groups.

Full story:
For a long time, we've been trying to promote IT security in general and secure password handling in particular. In both our introductory course and our documentation we recommend using a password manager to securely handle the plethora of passwords that modern-day life usually entails (hopefully a different one for each service!). What we did not have however was an easy-to-use solution to sync your password vault across your different devices. Yes, there's KeePassXC that can work with Polybox to ensure coherent password databases on all devices, but that's not exactly straightforward to set up.
In order to make setting up and handling the password manager easier for you, we're now announcing a new service: an Open Source password vault hosted at ISG D-PHYS:
Vaultwarden is an alternative implementation of the the Bitwarden backend and we've been evaluating it for a while. It now seems ready for prime time so after testing within ISG, we're releasing it to the Department. Aside from easier daily usage, it offers another feature that many (research) groups might find interesting: passwords and confidential information in general can be shared with others, e.g. the group's credit card with all PhD students.
If you'd like to give it a try, please read our service description to get started.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Unfortunately, two of our colleagues had to take extended sick leaves this year, so we didn't have as much capacity for innovation and had to focus on system maintenance.

Some highlights of 2023:

• Storage: in the first half of 2023, we performed a major overhaul on our storage and backup infrastructure in both hardware and software. The disk space occupied by data and backup grew from 4.8 PiB to 5.1 PiB.
• Infrastructure work: our Ansible deployment setup was further extended and refined. All Windows servers have been added as well as the macOS clients.
  All eGroupware users were migrated to the new SOGo calendar. We also enabled DKIM signing on our D-PHYS mailserver. The Windows HyperV cluster has been upgraded for better performance.
• Matrix/Element: We upgraded both the OS and the Matrix server software. This year we counted 748 active users on 2579 devices (1019 Windows, 517 Linux, 424 Mac, 619 Mobile), who sent 1'086'537 messages in 5'510 rooms created on our server. Our users also participated in 763 other rooms with 1'157'466 messages.
• ISG lecture series: our Basics of Computing Environments for Scientists lecture series was held twice in 2023 with shockingly low attendance.
• Outages: apart from some short-term network interruptions, our systems were pretty stable in 2023.
• OS upgrades: work is well underway to migrate the managed Linux workstations from Ubuntu to Debian and the majority of servers are now running Debian bookworm. The Windows team started the Windows 11 rollout. Most of the managed Macs were upgraded to macOS Ventura.
• Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.
• IT security: with the world being what it is, IT security plays an ever increasing role in our work and permeates all our plans and projects. We also take part in the current rewrite of ETH's IT security regulations. On the Windows virus scanner front, Sophos was EOL'd and replaced by Windows Defender.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2024!

Update 27.11.: We now have the migration dates and final printer list here

As you might have read elsewhere, ETH will consolidate its printer fleet for cost cutting reasons. Even though at D-PHYS we already have a very efficient printing landscape, ID will enforce a uniform 30% cut across the board. We have tried to limit the impact as much as possible and still ensure a fair and even printer distribution throughout D-PHYS, but the implications will be felt by everyone.

• 30% of all existing printers in D-PHYS will be dismantled.
• All remaining printers will be replaced with HP hardware.
• All those will get new generic queue names (like p-hil-hp002) that bear no indication as to the printer's location in the building.
• Everybody will have to reinstall all printers they'd like to use in the future.
  • on managed workstations we will prepare this as much as possible.
  • on self-managed machines you'll have to follow our instructions.
• This might be the perfect opportunity to switch over to the universal card-ethz queue that will let you forget about queue names (you can do that already now).
• We understand that for some of you this change will significantly affect your daily work. We urge you to PLEASE not try to solve the problem by buying your own printer. Instead, please get in touch with me (Christian Herzog) so that I can collect your complaints and forward them to the person responsible for this change.

The whole process is supposed to happen in December and will be rolled out building by building. We're posting this already now as individual printers in D-PHYS have already been replaced.

We will update this post with updates as they become available.

Scheduled maintenance will be taking place on our home.phys.ethz.ch file server on Wednesday, July 12, starting at 16:00. The service will be down for approximately 4 hours. We will be replacing the hardware with all-flash storage and upgrade the base system.

Update 18:15: the new home server is open for business. Most SMB + NFS clients will not have survived the 2h downtime and will have to be rebooted. We'll go through the most obvious ones, but if yours won't work, try restarting.

All home directories (Linux, Windows and Mac, SMB and NFS) will be unavailable during this time.

For emergency cases, you'll have read-only access to the backups as described here.

This migration will mark the end of the huge storage migration project of 2023. Thanks for your patience.

Scheduled maintenance will be taking place on our group-data.phys.ethz.ch server on Wednesday, June 7, starting at 16:00. The service will be down for approximately 4 hours. We will be replacing some hardware and upgrade the base system.

All group shares will be affected except IPA, IGP and Galaxy.

For emergency cases, you'll have read-only access to the backups as described here.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Since it took us almost exactly one year to fill our vacant Linux System Engineer position (once again: welcome Sascha!), we didn't have as much capacity for innovation as in previous years and had to focus more on system maintenance.

Some highlights of 2022:

• Mail server: the D-PHYS mail server got an OS upgrade in spring and was migrated to our general hypervisor setup, which adds redundancy and facilitates maintenance. In addition, work is in progress to support DKIM and further tighten our SPF and DMARC settings.
• Web server setup: the main D-PHYS web server got an OS upgrade in spring, test and staging environments and optional ssh access for power users.
• Infrastructure work: our Ansible deployment setup was further extended and refined and the first Windows servers have been added.
  Work has started to replace the Sophos virus scanner on managed Windows workstations.
  We migrated our floating licenses from three servers to a single high availability server.
  Within the next year, we'll migrate all eGroupware users to the new SOGo calendar.
• Storage: in 2022 the disk space occupied by data and backup grew from 3.7 PiB to 4.8 PiB, marking a significant annual growth in storage volume. A major storage migration is due in early 2023.
• Matrix/Element: This year we counted 737 active users, who sent 1'019'205 messages in 5'259 rooms that were created on our server. Our users also participated in 423 other rooms where 1'190'446 messages were sent. Two additional research groups migrated from Slack to Matrix.
• ISG lecture series: our Basics of Computing Environments for Scientists lecture series was held twice in 2022 with surprisingly low attendance.
• Outages: apart from some short-term network interruptions, our systems were pretty stable in 2022, with the notable exception of a localized "3 dead disks in a RAID6" disaster in September.
• OS upgrades: most managed Linux workstations were upgraded to Ubuntu 22.04 and the majority of servers are now running Debian bullseye. The Windows team prepared a new LTSC release and a Windows 11 setup. The managed Macs were all upgraded to macOS Monterey.
• Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.
• IT security: with the world being what it is, IT security plays an ever increasing role in our work and permeates all our plans and projects. We also take part in the current rewrite of ETH's IT security regulations.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2023!

It is my pleasure to welcome Sascha Giger into our group. He joins us to complete the Linux team.

Welcome Sascha!