Archive for the ‘Announcements’ Category
Some of you make use of our DynDNS infrastructure that automatically assigns hostnames to computers with a dynamic IP address. This feature enables you to connect to your computer using its sent hostname, followed by the dhcp.phys.ethz.ch domain (eg example.dhcp.phys.ethz.ch) instead of the ever-changing dynamic IP address.
Jan 30 2020 between 9:00 and 11:00
we will be migrating our DynDNS service to the servers of central Informatikdienste. As a consequence the resolution of example.dhcp.phys.ethz.ch to its dynamic IP address may not always work during that time. The global phys.ethz.ch and ethz.ch domains are not affected. Therefore the bulk of our users will not even notice the migration.
Update: Informatikdienste have postponed the migration from 23rd to 30th January.
In light of the recent surge of malware waves, we have decided to quarantine all incoming emails containing Microsoft Office documents with macros enabled – actually, we have been doing so for a week already. Unfortunately way too many of you still open those documents and risk (or succeed in) infecting your computer. Emails containing such dangerous documents will be quarantined and are never shown to the user. Emails with static office documents (no macros) will be delivered unaffected. We’re aware of the fact that this policy might create the occasional false positive, but the benefits for all of D-PHYS far outweigh the downside and real use cases for macro documents via email are in fact very rare. In the 8 days of operation so far, we’ve detected ~850 infected office documents and only 1 false positive. Quarantined emails will be deleted after 30 days, so you have ample time to contact us in case a valid document gets flagged by accident.
Please get in contact if you have any questions.
Update 08:00: Migration completed. Please note that a legacy CalDAV URL has changed – if you’re using a CalDAV client (for example Thunderbird or Apple Calendar), make sure you have the correct URL according to the documentation
For our calendar solution groupware.phys we schedule a migration on Friday, September 27, starting at 07:30. The service will be down for approximately 1 hour. We will move the service to a new virtual machine and upgrade to a new version.
We will upgrade our FileMaker server next Tuesday 3rd September 2019 between 20:00 and 22:00 o’clock. This will lead to a downtime of the services that depend on a FileMaker database, for instance experimente.phys.ethz.ch and lager.phys.ethz.ch.
The new FileMaker server will only work with FileMaker clients version 16 or newer. If you need to access a FileMaker database from your computer, we recommend you install the latest FileMaker 18 from the IT Shop. If you have a ISG-managed computer, we will take care of upgrading the FileMaker client.
With the migration of the ‘personal’ web sites completed we’re now addressing regular web shares. The easy ones have already been moved to the new web server and we’re now asking share owners to prepare for migration. We will perform the migration for you, but your web site has to be ready for the environment on the new server (PHP 7 or Python 3 in particular). We’re currently planning to power off the old web server at the end of 2019, so if you haven’t migrated by then, your site will be offline. Please work with us to keep this deadline.
Update 10:15 – migration done, please let us know if you experience any problems.
After 11(!) years of loyal service, the current D-PHYS web server hardware will be retired in 2019 and all web sites hosted by ISG will migrate to new hardware. We will take the opportunity to reorganize the way we host web sites and improve the general setup of the web server.
In a first step, we will migrate the ‘personal’ web sites (those residing in public_html/ in a home directory or group share) on Wednesday, 17.7.2019. We have extensively tested the new setup, and unless you’re using dynamic content in your public_html folder (like PHP or other CGI scripts), you should not notice anything. With CGIs, there’s a slight chance we might have overlooked something, so please test your dynamic content after that date and get in touch if you see a problem.
The regular web sites hosted by us will be successively moved to the new hardware at a later time and we will get in touch with their owners should it be necessary.
Note that this will not affect the department website in any way as that one is hosted on the CMS of Informatikdienste.
Update 20:10 Migration finished! Everything should work as normal.
In order to guarantee sustained performance and availability of our storage system, we schedule a maintenance downtime of our home directory server on
Tuesday, July 09, starting at 17:00
This only affects the home shares (technically: smb:\\home.phys.ethz.ch & /home/USERNAME). Email and group shares will have no interruption.
Since the server also needs a file system check, the downtime will take several hours.
For emergency cases, there will be read-only access to last night’s backup as described here .
We will update this posting once the home server is back online.
The time has come to upgrade your Windows 7 computer to Windows 10
since extended support for Windows 7 ends on January 14, 2020 (Windows lifecycle).
Why can I no longer use Windows 7 on the ETH network after the end of 2019?
Only operating systems with security support by the vendor are allowed to connect to the ETH network.
Unsupported operating systems that no longer receive security updates render the computer vulnerable to threats like viruses, malware or hacker attacks and also pose a threat to other computers on the network.
What should I do now?
- If you are using an OEM computer with preinstalled Windows 7 for your daily work, please update it to Windows 10 by the end of this year, at the latest. The easiest way is to use the “Microsoft Media Creation Tool” available here.
This process is called “inplace upgrade”. All applications and configuration settings should be kept.
- If your computer is installed with the Windows 7 Enterprise license from ETH IDES, order Windows 10 Enterprise from the IT-Shop and use it for the upgrade.
- If your computer is located in a lab and needs to be highly available to collect measurement data, there is the possibility to use a Windows 10 LTSC version instead of the Enterprise version. Please contact your IT administrator within your group. He should be able to help you or can get in touch with us if he needs additional help. More details about the LTSC version are described on our readme page.
- If you think that you cannot upgrade your computer, please refer to our readme for possible solutions or contact us.
Note that at some point the network security group of Informatikdienste will start scanning for remaining Windows 7 computers at which point we will be forced to disconnect them from the network.
Update 21:00 – IGP shares are back. Welcome to igp-data!
Update 19:30 – the D-PHYS shares are back. IGP will take a little more time.
In order to guarantee sustained performance and availability of our storage system, we need to schedule a few storage maintenance windows. The first one will take place on Wednesday, 12.12.2018 at 16:00 and affect all D-PHYS and IGP group shares, but not IPA or galaxy (technically: windata/macdata, but not astrogate or ipa-data). The relevant shares will be offline for at least 3 hours.
For emergency cases, there will be read-only access to last night’s backup as described here.
Please note that these migrations will bring some overall changes to the D-PHYS storage setup:
- the SMBv1 protocol will be disabled on all file servers. It has a long history of security issues and we’ve migrated all clients to newer versions, so this should not affect anyone. However, there’s a small chance that we didn’t catch all connections, so please contact us if you experience any issues after the migration.
- all SMB protocol versions will be restricted to ETH-internal access. This step has been long overdue and since most ISPs block the necessary ports anyway, it shouldn’t affect too many users. What it means however: in the future, file server access from outside ETH requires VPN.
- IGP/D-BAUG will get their own front-end server igp-data. If you’re with IGP and have already switched your file server mounts from windata to igp-data, you’re good and don’t have to do anything. If you haven’t, you should do so before Dec 12 in order to get a seamless migration experience.
We’ll update this post as the migration progresses and as soon as the systems are back.