In August of 2010, we introduced our groupware solution for D-PHYS. In the last 11 years the system has served the Department well, but we believe now would be a good time to think about the future of groupware at D-PHYS. Here's an incomplete list of things we noticed over the years:

• the groupware system seems to get used almost exclusively as a calendar
• for distributed calendars, the world and people's expectations have changed
• file and sync formats have come and gone
• 17 people will have 634 completely orthogonal and incompatible use cases for calendars
• the product that won our evaluation round in 2010 is not necessarily the best system for 2021

We have sampled the market and test-installed several candidates, but since our humble ISG-internal calendar only covers one very specific use case, we strongly encourage you to give us your feedback so that the next D-PHYS calendar solution will suit you well. In particular, we're interested in learning

• are you using any other egroupware module(s) aside from the calendar? If you don't tell us about it now, a potential replacement may not have this functionality!
• what's your current calendar use case? Just a personal calendar? A group calendar? In which configuration?
• what's your desired calendar use case? This might be the most interesting thing to learn...
• which sync protocols/devices are you using?
• what other software/products/services have you been/are you using?

If you would like to help make sure the next evolution in distributed D-PHYS calendars is a success, please join our Matrix room and participate! Thanks a lot.

Several network migrations will take place over the next months that will have an impact on the design and inner workings of the ethernet network at D-PHYS. Even though all hosts will be affected at a technical level, we believe that most changes will not require any involvement from your side. By the end of the year this should further increase the fault-tolerance of the cabled network infrastructure and enhance the security of the bulk of the computers at D-PHYS.

Network segmentation

The central Informatikdienste are splitting several networks into smaller chunks to increase the overall stability and fault-tolerance. Unfortunately the details are flagged as confidential, prohibiting us from exposing the precise structure of this segmentation. The main repercussion is that our D-PHYS networks will no longer be able to span across all current buildings at once. So depending on the building, we will have to introduce new subnets and assign new IP addresses to the computers inside.

NAT network

Motivated by the above-mentioned segmentation as well as security considerations, we are planning to migrate a large number of hosts to a NAT network. This means that the computer will only get an ETH-internal IP address and will no longer be directly reachable from outside of ETH. From inside ETH or VPN, all communication with that computer remains unaffected. However, while the host can still communicate with all of the internet, it will no longer be exposed to direct attacks from the outside. We believe that this is a very sensible default for most computers and laptops. Of course it will still be possible to assign a public IP to selected hosts in order to provide a specific service to the outside. The new NAT network also provides DynDNS with sentname.dhcp-int.phys.ethz.ch hostnames and full IPv6 connectivity. So if you rely on DNS entries for dynamic IP addresses, make sure to use the domain dhcp.phys.ethz.ch for public subnets and dhcp-int.phys.ethz.ch for internal subnets.

DHCP migration

Right now, some of our networks are serviced by our own D-PHYS DHCP servers, while others use the DHCP servers of central IT services. We are now consolidating all networks and migrating the remaining ones step-by-step to the DHCP servers of Informatikdienste. This change is mostly technical and should remain unnoticed by most users.

For further details and up-to-date information please refer to our readme page.

Update 07:00 All web services are back online.

Tomorrow Wednesday 2021-01-20 starting at 06:00 we will upgrade the server hardware hosting most of our web services. We expect them to be back by 08:00 at the latest.

Affected web services

The following services are unavailable during the downtime:

• Most ISG websites (news, readme, wiki)
• All customer webshares (dedicated websites and webapps)
• All groupshare and personal homepages (public_html)
• Web databases (on sqlweb.phys.ethz.ch)
• D-PHYS shop and Experimente
• D-PHYS GitLab
• Chat (Matrix, Element, Jitsi)

Our Debian, Ubuntu and Raspbian mirror as well as Grafana, InfluxDB and Webmail will not be affected.

We will not be able to send any status updates via our news blog or via our Matrix news and status rooms.

 Update 00:30:

All shares coming back online now. My sincerest apologies for the delay. And good night to all.

Update 22:40: We have run into hardware problems with one of the backends. The shares remain offline as we continue to diagnose it. A further update will be posted as soon as possible.

On Wednesday, 02 XII 2020, between 18:00 and 20:00, access to
igp-data shares will be interrupted for scheduled maintenance.
The shares need to be taken entirely offline for a network upgrade.
At the same time we will be adding more space to the underlying SAN.
This affects all shares on the igp-data storage gateway (ggl, pf and gsg).

Thank you for your patience, and kindest regards.

Since our launch of Matrix at the D-PHYS in March a few things have changed.

Important changes

• The subdomain of the D-PHYS hosted Riot Element Web App changed and is now at element.phys.ethz.ch. If you still use the old subdomain riot.phys.ethz.ch, please move over to the new domain and verify your new session. We will start redirecting the domain in 2021. If you have no other way of getting access to your encryption keys, you could lose access to your encrypted messages
• New documentation is available at readme.phys.ethz.ch/chat

Other changes

• Federation with other Matrix instances at ETH and the rest of the Matrix network, giving us access to bridged networks like IRC, Slack, etc. as well
• We now auto-invite new users to two more ISG moderated rooms (News/Status). Opt-out by leaving if you do not wish to receive updates from us (discouraged!). All existing members of the D-PHYS Lobby have been joined last night
• End to end encryption support (enabled by default). Element Web does not provide a search function in encrypted rooms as that would be a security issue, use the Desktop App instead
• Secure key backup method has been set to show one option only ('Security Passphrase') to new users, which will still provide the secondary recovery method using a 'Security Key'
• We opened up public rooms and room aliases for everyone. Publish your room in the public room directory to be discoverable by others on the Matrix network
• We enabled quota of 2 GiB (initial) quota per user for media (uploads) to protect from accidental or abusive over-usage
• Bots for gitlab, reminders, RSS feeds and more
• Bridges for webhooks and Slack
• Integrations (widgets)
• Import of the Slack workspace history of 3 groups at the D-PHYS
• An Element Web instance with experimental (Labs) features like tags
• A tag manager to organize many rooms in large accounts
• Jitsi video conferencing and screen sharing solution (still experimental but used by ISG on a daily basis)
• URL redirecting service to invite people via websites or email

Lookout

• We will focus on improving performance and less on features
• Stabilizing 1:1 calls and video (TURN server) and Jitsi (group calls)

For help and discussion about Matrix and Element join #matrix:phys.ethz.ch

It is my pleasure to welcome Stephan Müller into our group. He joins us to replace Christian Schneider in the Linux team.

Welcome Stephan!

Update 23:50: we ran into severe problems and the migration took longer than expected. Everything is back online now. Sorry we're late.

Planned maintenance will be taking place on all shared-storage front-end servers on Thursday, August 6th, starting at 17:00. The service will be down for approximately 2-3 hours. This post will be updated as soon as work is completed, were we to finish earlier than expected. We will be upgrading the network switch and replacing hardware in several machines.

All group shares will be affected, i.e. group-data, IPA, IGP and Galaxy. Only the home and backup servers will be accessible during this time.

For emergency cases, there will be read-only access to last night’s backup as described here.

TL;DR we have a new backup solution mainly for laptops that frequently leave campus and are looking for testers.

Among the many things we had to learn during the Corona-induced home office stint, one particularly interesting one was: which of our services do work from outside the ETH network, and which do not. I'd like to believe we fared rather well in general, but one glaring counter-example is our BackupPC service for lab and laptop computers. It relies on the client machine having a .dhcp.phys.ethz.ch host name, which only works on wired campus connections. We understand this meant missing backups for those of you who had to take machines off-campus.

In order to be prepared for a second wave, we've partnered up with our colleagues of isginf to provide a lab/laptop backup system that works with whatever network connection you have available. It's based on the tried and tested Open Source restic backup solution that runs on Windows, Linux and macOS clients.

At the current stage we're looking for early beta testers. Since lab computers are typically still in the lab and continue to work fine with BackupPC, laptop users are currently most interesting for us. So if you'd like to test out our road-warrior compatible backup solution, please get in touch. Be aware that this service still has some rough edges, but we'll walk you through all necessary steps and the backup runs themselves have been working fine for weeks now.

Update 18:15 group-data is back!

Planned maintenance will be taking place on our group-data.phys.ethz.ch server on Friday, June 19, starting at 17:00. The service will be down for approximately 2 hours. We will be replacing the network interface card to improve service stability.

All group shares will be affected except IPA, IGP and Galaxy.

For emergency cases, there will be read-only access to last night’s backup as described here.

Now that we're all forced to work from home, one of the biggest challenges is effective communication. Some of you might have heard about Slack, a popular proprietary collaboration/chat solution for group communication. At ISG, we have worked on a D-PHYS-hosted alternative for quite some time, and have now redoubled all efforts to get it out to you as soon as possible. Today we're launching our Matrix homeserver and Element chat client to all D-PHYS employees and students. In contrast to Slack, which is a proprietary communication silo that holds your chat history hostage, Matrix is an open source project that publishes the Matrix open standard for secure, decentralized, real-time communication (chat, VoIP, AR/VR, IoT). All parts of your communication (chats, uploaded documents etc) will be hosted at D-PHYS allowing data self-sovereignty (making it compatible with ETH regulations).

If you're interested to use this service to communicate and collaborate in your group or with us, please see this readme page.

Please note that we're starting with a basic set of functionality (group and direct chats, image upload). Internally we've already tested features like video calling and custom bots which will be rolled out incrementally in the coming weeks.

Informatikdienste will soon announce the availability of Microsoft Teams, which tries to achieve the same goal but which we neither recommend nor support in D-PHYS.