Migration to new calendar solution

It's time to say good bye to eGroupware and welcome to SOGo.
As we outlined in our previous posting, we will be switching to a new calendar solution.
We coordinated with those of you using group calendars and have migrated those already. Now it's time to move the individual personal calendars. This cannot be automated and will have to be performed by each user, but of course we're here to assist if needed.
To make the change as easy as possible for you, we have written a readme.
We ask you to complete the migration by the end of August, so that eGroupware can be decommisioned afterwards.
Thanks a lot.

group-data server maintenance

Scheduled maintenance will be taking place on our group-data.phys.ethz.ch server on Wednesday, June 7, starting at 16:00. The service will be down for approximately 4 hours. We will be replacing some hardware and upgrade the base system.

All group shares will be affected except IPA, IGP and Galaxy.

For emergency cases, you'll have read-only access to the backups as described here.

Sophos Antivirus nears end of life

This applies to all self-managed computers (servers, workstations and laptops) on which the product "Sophos Anti-Virus" from the IT store is installed.

"Sophos Anti-Virus" will become End of Life by the end of June 2023 and will be no longer supported by the vendor or ETH Zurich. After this date, there will be no updates and your machine will not be sufficiently protected any longer.

ETH Zurich recommends using the built-in antivirus solution of the respective operating system.

Detailed instructions for uninstalling Sophos Antivirus and activating the antivirus solutions of your operating system can be found in the following link in the IT Knowledgebase: Anti-Virus: Replacement of Sophos for Self-Managed Devices.

Users of managed Windows Computers by ISG can ignore this information because we will manage the transition from Sophos to MS Defender automatically.

2022 in review

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Since it took us almost exactly one year to fill our vacant Linux System Engineer position (once again: welcome Sascha!), we didn't have as much capacity for innovation as in previous years and had to focus more on system maintenance.

Some highlights of 2022:

  • Mail server: the D-PHYS mail server got an OS upgrade in spring and was migrated to our general hypervisor setup, which adds redundancy and facilitates maintenance. In addition, work is in progress to support DKIM and further tighten our SPF and DMARC settings.
  • Web server setup: the main D-PHYS web server got an OS upgrade in spring, test and staging environments and optional ssh access for power users.
  • Infrastructure work: our Ansible deployment setup was further extended and refined and the first Windows servers have been added.
    Work has started to replace the Sophos virus scanner on managed Windows workstations.
    We migrated our floating licenses from three servers to a single high availability server.
    Within the next year, we'll migrate all eGroupware users to the new SOGo calendar.
  • Storage: in 2022 the disk space occupied by data and backup grew from 3.7 PiB to 4.8 PiB, marking a significant annual growth in storage volume. A major storage migration is due in early 2023.
  • Matrix/Element: This year we counted 737 active users, who sent 1'019'205 messages in 5'259 rooms that were created on our server. Our users also participated in 423 other rooms where 1'190'446 messages were sent. Two additional research groups migrated from Slack to Matrix.
  • ISG lecture series: our Basics of Computing Environments for Scientists lecture series was held twice in 2022 with surprisingly low attendance.
  • Outages: apart from some short-term network interruptions, our systems were pretty stable in 2022, with the notable exception of a localized "3 dead disks in a RAID6" disaster in September.
  • OS upgrades: most managed Linux workstations were upgraded to Ubuntu 22.04 and the majority of servers are now running Debian bullseye. The Windows team prepared a new LTSC release and a Windows 11 setup. The managed Macs were all upgraded to macOS Monterey.
  • Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.
  • IT security: with the world being what it is, IT security plays an ever increasing role in our work and permeates all our plans and projects. We also take part in the current rewrite of ETH's IT security regulations.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2023!

new ISG staff member

It is my pleasure to welcome Sascha Giger into our group. He joins us to complete the Linux team.

Welcome Sascha!

Web server upgrade

This Thursday 2022-02-10 starting at 07:00 we will upgrade the server hosting most of our websites.

Affected websites

The following websites are unavailable during the downtime:

Important changes for website owners

All website owners: If you are a website owner/admin, please join our new Matrix room #web:phys.ethz.ch, to get support and news. After the upgrade, please check your websites for problems.

Python WSGI app owners: All WSGI apps have been switched to use a virtual environment to pin the currently used Python package versions. We encourage you to review and upgrade your dependency versions (via requirements.txt) after the server upgrade. Please read our new WSGI documentation for details.

Versions

  • OS: Debian 10 -> 11
  • Python: 3.7 -> 3.9
  • PHP: 7.3 -> 7.4

2021 in review

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We’ve been hard at work to further improve and extend our services for you, our customers. Some highlights of 2021:

  • Network migration: as first announced in 2018 and later detailed in July of this year, we had to completely restructure the D-PHYS network this fall. This reorganization was prompted by a segmentation of the router infrastructure at Hönggerberg and will render the network more redundant and resilient. Visible changes include a NAT network, new DHCP/DynDNS technology and the foundation for IPv6 in all network zones.
  • Hypervisor setup: we run a lot of virtual machines at ISG and this spring we remodeled our hypervisor infrastructure to make it more flexible and capable. Hourly snapshots now give us the possibility to roll back if something goes wrong in a VM. It also allowed us to move our InfluxDB server to an SSD backed hypervisor, increasing performance and stability.
  • Office 365 migration: the Microsoft Office suite was upgraded to M365 on all managed Windows workstations this year.
  • Proprietary software woes: two major software companies caused us (and you!) a lot of headaches this year: on July 5, Microsoft broke Windows printing while trying to fix a security problem and it took them until the end of November to really repair it for everyone. Good job. Meanwhile, Adobe managed to break Acrobat logins for months on end and there's no general solution yet.
  • Windows configuration synchronization: the technology used to sync your desktop settings between managed Windows workstations was migrated from 'roaming profiles' to UE-V this year for greater speed and better reliability.
  • New lab PC backup solution: after we've had a good experience with our 2020 laptop backup system based on restic, we set up a similar system for lab PCs in 2021. We're currently migrating the last machines from the old BackupPC server.
  • 2021 Hardware Crisis: you might have noticed that a lot of hardware components are only available at outrageous prices, lead times measured in months or just not at all. The situation is especially bad for graphics cards and storage components.
  • ISG lecture series: reacting to a growing demand for IT-related knowledge in the department, we established the Basics of Computing Environments for Scientists lecture series that we'll repeat each semester.
  • Matrix/Element: in 2021 we continued to extend the feature set of our popular chat & collaboration system. We contributed bug fixes and lots of time in bringing usable maths support into Element (our supported Matrix client) as this was our number one most wanted feature. The second most wanted was better support for managing groups, which was added this year with spaces. Behind the scenes we have been scaling out our homeserver to keep up with the demand and continue to be stable and responsive. This year we counted 702 active users, who sent 927'123 messages in 4'571 rooms that were created on our server. Our users also participated in 396 rooms that were not created on our server where 731'451 messages were sent.
  • Storage: in 2021 the disk space occupied by data and backup grew from 3.2 PiB to 3.7 PiB, continuing the obvious trend of ever-growing data. In spring (just in time before the 2021 Hardware Crisis) we replaced the older disk backends in our SAN with fewer, bigger disks.
  • Outages: apart from some short-term network interruptions, the only noteworthy service interruptions this year were two update-induced storage hiccups on June 10 and December 7.
  • OS upgrades: most managed Linux workstations were upgraded to Ubuntu 20.04 and a first batch of servers are now running Debian bullseye.
  • Software upgrades: mostly incremental upgrades in our Windows and Linux software list this year.

I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2022!

Partial Network Downtime on Mon 6th Dec after 19h00

The central Informatikdienste will have a scheduled downtime of all networking (cable and wireless) in the buildings HPK, HEZ, HPM, HPL and HPW on Monday 6th Dec 2021 in the evening between 19h00 and 23h00.

This is the second of three downtimes for the ongoing project to split the current networks into smaller chunks. This major undertaking will also induce a short downtime for some computers in the dynamic DHCP pool in other buildings (as some of our IP ranges are being moved to the listed buildings).

Users don’t need to do anything and their computers should come back online automatically. Otherwise try to reboot or get in touch with us.

In order to prepare for the migration, Informatikdienste will forbid all changes to their DHCP servers between Friday 3th Dec 13:00 and Tuesday morning. As a consequence we will not be able to register new devices or hostnames during this period.

Emails erroneously flagged as spam

Between yesterday Tue 23rd Nov 07:27 and tonight Wed 24th Nov 01:48 several hundred emails have erroneously been flagged as spam by our mail server. Please check your SpamBox folder for potential false positives during that period.

While we are constantly updating our filtering rules to catch the nasty spam, we are always doing our best to avoid flagging real emails as spam. We apologize for this and are still investigating the details of the root cause. Because the bulk of the messages were being correctly delivered, it took us several hours before we noticed the problem and could fix it.

Partial Network Downtime on Mon 8th Nov after 19h00

The central Informatikdienste will have a scheduled downtime of all networking (cable and wireless) in the buildings HPH, HPP, HPR, HPS, HPV and HPZ on Monday 8th Nov 2021 in the evening between 19h00 and 23h00.

This is the first of three downtimes for the ongoing project to split the current networks into smaller chunks. This major undertaking will also induce a short downtime for some computers in the dynamic DHCP pool in other buildings (as some of our IP ranges are being moved to the listed buildings).

Users don't need to do anything and their computers should come back online automatically. Otherwise try to reboot or get in touch with us.

In order to prepare for the migration, Informatikdienste will forbid all changes to their DHCP servers between Friday 5th Nov 13:00 and Tuesday morning. As a consequence we will not be able to register new devices or hostnames during this period.