This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2014:

• eXile: in order to be able to keep Windows XP machines that cannot be upgraded connected to the network, we have created the exile system of dedicated virtual firewalls. Currently there are 57 computers safely hidden in this network.
• Security flaws: 2014 saw the disclosure of three rather severe and widespread security problems in quick succession: Heartbleed, Shellshock and Poodle. We patched all affected systems within hours of the announcements and also scanned the network for hosts that had been overlooked. If you're managing any networked machines (not just servers!) yourself, please make sure those are not vulnerable.
• Outages: we had a major incident on August 27 due to a failure of the server room cooling system. Fortunately we were able to repair the damage within hours. Other than that, our systems have been very stable in 2014 and we only had minor issues.
• Storage: in 2014 the disk space occupied by data and backup grew from 535 TiB to 685 TiB, further increasing the yearly growth rate. Another 120 TiB are already in the pipeline.
• Printing: in cooperation with Informatikdienste we prepared and introduced the new ETH printing system in D-PHYS. Several groups have migrated already, the rest of D-PHYS will follow in 2015.
• IPv6: during the last 12 months we prepared the D-PHYS network for dual stack (IPv4 + IPv6) operation. The biggest step towards a working IPv6 infrastructure was the deployment of an IPv6-ready DHCP server. Beginning next January we will incrementally hand out IPv6 addresses in the D-PHYS network. Later on, we'll make our services IPv6-ready.
• Brain drain: two ISG group members decided to take on new challenges this year. In November, Thomas Berchtold left us after 3 successful years to become the new Head of IT of D-BAUG, and Elmar Heeb, the founding father of ISG D-PHYS, will start his new job in Informatikdienste in February. We thank both Thomas and Elmar for their dedicated work and contribution to the team and hope to stay in regular contact with them in the future. Christian Ringger will replace Thomas in January, while Elmar's succession is still work in progress.

Happy Holidays and see you in 2015!

Together with our colleagues at Informatikdienste we have adopted the new ETH printing system in our department. Read about the many advantages of the project in our documentation. On October 15 we have migrated the first Institute (ITP) where people now can benefit from various features like pull printing and automatic toner supply.

So who's next to join us? We have printers in stock, so if your group is interested, we can accommodate you on very short notice. Just get in contact.

Update Thursday 07:15 - all systems back to normal. whew.

Update Wednesday 11:00 - first rack back to normal. The picture shows how it looked during the remodeling.

Update Wednesday 07:00 - the most difficult part is over and the first rack is being retrofitted as we speak

All of D-PHYS's important servers (and services: mail, homes, SAN, web) reside in two water-cooled racks in HIT D 13. On Wednesday, August 20 those racks will have to be retrofitted by our colleagues of Informatikdienste since certain spare parts are no longer available. We have an elaborate plan how to externally power the servers while the racks are offline that schedules a 5-minute downtime that most of you won't even notice. However, there is a small chance that this external power supply does not work as expected which would lead to a longer interruption. Unfortunately we have no influence on the date, time and procedure of this modification and can only try our best to minimize potential consequences. So if something should go wrong next Wednesday, please don't panic, we'll be hard at work to fix it ASAP.
Thank you for your cooperation.

We have scheduled a software maintenance of the D-PHYS mail server for tomorrow, Wednesday, the 18th of June 2014, starting in the late afternoon around 5pm. A downtime of all D-PHYS mail services during the evening will be part of the maintenance. The downtime is expected to take approximately 15 to 30 minutes.

During the downtime sending and receiving e-mails will not be possible and the web mail service will be not available. Incoming mails during the downtime will be delayed.

Additionally there will be a downtime of our "BackupPC" backup service for laptops and lab PCs due to server relocation on Thursday (19th of June 2014) starting around 9am.

On Monday, May 5, there will be a scheduled power outage in the HPT building, between 13:00 and 22:00. This will also affect ISG's offices, but none of the servers. Our services will run as usual, but we'll have to move the helpdesk to a temporary location during the outage. So please be patient when calling and wait for your call to be redirected to our pager or write an email instead. We hope to be back to normal by Tuesday morning.

On Monday the public was made aware of a severe bug in OpenSSL, a cryptography library which is used as the core of many cryptographically secured IT services. Since the bug was in the Heartbeat extension it has been named "Heartbleed".

This bug allowed attackers to stealthily access parts of the memory used for cryptographic actions, i.e. it may include digital keys in use on servers or passwords transferred over encrypted connections.

If you used any password-protected D-PHYS web services or the D-PHYS mail server between 12th of December 2013 (or used the BackupPC web-interface since end of 2012) and Tuesday, the 8th of April 2014, there is a very small chance that your D-PHYS password and possibly other transmitted data may have been leaked to an attacker. We currently have no indication that this has actually happened on our servers.

To be safe, you might want to change the password of your D-PHYS account and any other account where the same password is used. See this Heise article for a discussion (in German) about whether you should change your password or not.

(more…)

The central network group informed us about a planed network interruption between 6:30 and 7:30 a.m. on the 10th of April 2014 due to maintenance work.

The following rooms are affected by this interruption:

HPT D1 - HPT D20 and HPT E1 - HPT E17.

Due to this interruption it may not be possible to access the D-PHYS services and internet from this rooms.

On Thursday, the 9th of January 2014, starting in the late afternoon, we will run multiple software updates on the D-PHYS mail server. We do expect multiple downtimes throughout the evening, partially of single mail services, partially of the whole mail server.

This will likely also delay the delivery of incoming mails up to several hours.

Update, 22:30: Everything back to normal.

The ETH Zurich will be officially closed between Tuesday, 24th of December 2013 and Friday, 3rd of January 2014. During this time, we can only provide limited support. Please follow these rules to save us from superfluous work:

• Switch off printers
• Switch off your personal workstation and notebook except for the following:
• Do not switch off our managed Linux workstations.

We will try to follow our e-mail, but you may also have luck and meet some of us in our IRC channel.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We've been hard at work to further improve and extend our services for you, our customers. Some highlights of 2013:

• New apprentice: As of August 14, Anastassios has started his apprenticeship with us and is already deeply involved in a complex PHP/Ajax/PostgreSQL project. Keep it up!
• Mailserver: This year saw a massive increase in spam and especially phishing attacks. They're getting more and more sophisticated and now include valid logos and even personal names. We were forced to tighten email policies and further fortify our mail server in order to battle those waves.
• Backup: For the data on our file servers we provide one month of nightly backups. Now our powerful backup system based on COW BTRFS snapshots allows us to extend this period to up to one year in exponential intervals for most file systems. Note that anything beyond 30 days is best-effort only and we might have to cut back again in single cases. A new web frontend shows the status of all backup runs.
• Windows server: Several Windows server installations have been moved to a new powerful virtualization server and the Active Directory setup has been improved.
• Printer portal: All information regarding our printers can now be found on one website. You might want to check there if you have issues with a particular printer or just to get an idea about printing volume.
• Portal for managed workstations: Our new Chic! frontend shows the software status of our managed Windows and Mac workstations and allows you to request additional software packages. This service will be officially announced in January 2014.
• GitLab: We run a GitLab instance to facilitate collaborative programming projects and sharing of code. Get in touch if you'd like to use it.
• System upgrades: 2013 brought another round of OS upgrades, also for our servers. We updated most servers silently and combined all critical systems into one migration on September 11 in order to minimize downtime for our users.
• Windows XP exile: As reported previously, Windows XP will be end-of-life in April 2014. Since there's still a substantial number of XP machines out there (most of which cannot be upgraded due to soft- or hardware constraints), we'll provide a locked-down exile network that will allow a limited and well-controlled survival of those machines under certain conditions. We'll post an announcement when the system is ready.
• IPv6: This year we laid the groundwork for the slow migration towards IPv6 connectivity in our networks. In particular, we got our monitoring system IPv6-ready and prepared a NFSv4 rollout. We'll keep you posted about our IPv6 progress.

Apart from these highlights, of course there have been numerous small projects and improvements to our setup, making both your and our life easier.
I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2014!