Yale ITS PowerPoint Template

1
www.xkcd.com/773 Hat tip to Nick Silkey for
bringing this one to my attention.
2
What is the Windows Roundtable ?

• An informal gathering of people who do Windows
  at Yale to facilitate communication of common
  goals, problems and solutions across the Yale IT
  community.
• Usually there will be a headline topic as a
  launching point for discussion and then general
  (moderated) discussion on whatever topics the
  group wants to cover.
• Ground Rules
• The Roundtable is a Yale-internal discussion
• The Roundtable is a no-powerpoint zone
• Participation in discussions is encouraged to
  both bring your questions and share your
  solutions.

3
Yale Windows UniverseUpdate 2011

• Ken Hoover
• Manager, ITS Windows Systems Group (WINSYS)
• ken.hoover_at_yale.edu
• July 8, 2011

DISCLAIMER Some of this talk is about
initiatives that are still in the pre-release
stages. It is intended to give you outlines that
you can use as you make plans for Windows-based
services in your area of responsibility. Except
where noted, dates listed are target dates only
and may change due to collisions with reality.
4
ITS Windows Systems Group (WINSYS)

• WINSYS manages Windows servers in Yales data
  centers.

5
Agenda

• A few quick highlights and interesting
  statistics
• Things that have changed in the last couple of
  years
• Services that are being revamped and upgraded
• Question Time

6
Quick Yale AD Highlights

• By the numbers
• 100K users
• 31K computers
• 13K groups
• 3500 OUs
• 1300 GPOs
• Domain Controllers process 8.4 Million Kerberos
  AuthNs on a typical weekday (and generate 26GB
  of logs!)

6
7
Changes in the last few years

• Exchange introduced in Summer 2007
• Processing 500K messages per day
• 11,000 mailboxes (and growing)
• 6TB of email store
• Quota increased from 1GB to 2GB in 2009
• Active Directory taking over from MIT Kerberos
• now backing CAS, for example
• Sharepoint Project server in operation
• Shared SQL Servers

7
8
Revamped services and a look ahead
8
9
NEW Enterprise License Agreement

• Microsoft enterprise license agreement for all
  faculty and staff
• Includes
• Windows Desktop OS
• Windows Server OS (all versions)
• Office for Windows and Mac
• Free upgrades for those clinging to Office 2003,
  etc.
• Enterprise Client licenses for Exchange,
  Sharepoint, and others
• Foundational for exciting activity in the
  Microsoft space

10
BEING REBOOTED Central File Service

• Secure/managed file storage for users and
  departments
• 40TB of capacity added since September 1, 2010
• LOWER RATE for FY12 1/GB/month
• Available to anyone with a PTAEO we can charge
• 3-lock approved
• New flattened CFS security model
• Role-based access for departmental shares
• Support for single-user home shares (finally!)
• No mucking about with file/subfolder permission
• Existing shares will have their structure and
  permissions revamped to use new operating model
  during 2H CY2011

10
11
CHANGED WINSYS Patch Release Cycle

• Monthly patches for servers released in four
  cycles
• Cycle A 2nd Tuesday (Rapid Response pool)
• Cycle B 3rd Tuesday (Development and below)
• Cycle C 4th Tuesday (Test/Pre-prod and
  below)
• Cycle D 1st Tuesday (Production)
• Keep this cycle in mind if WINSYS runs a server
  for your department. Remember to test!
• Applies only to WINSYS-managed machines but a
  good approach in any multi-environment
  Windows-based application.

11
12
NEW SERVICE Lync Internal Comms

• Secure, encrypted IM with AD backing
• Online meetings/presentations
• Yes, with audio and video
• Good for business purposes within Yale
• Free for faculty and staff to use
• Works on non-routable Yale subnets
• Works from outside too without VPN
• Integrates with Exchange, Office 2007 and
  Sharepoint
• Native client included with Office 2011 for Mac

Pilot rollout
Covered by new Microsoft Enterprise
agreement But some ISPs block SIP so
sometimes VPN is needed anyway.
12
13
NEW SERVICE Secure LDAP against AD

• New Secure AD LDAP alias ad.its.yale.edu
• Secure LDAP (ldaps//) with a Verisign
  certificate
• Highly available through use of F5 load balancers
• For applications that want to bind to the AD for
  any purpose
• NAS devices and other appliances
• LDAP-based AD browser tools
• Any code that uses LDAP to talk to the AD
• Web applications using AD authentication
• etc.
• PLEASE update your applications and NAS boxes to
  use this alias (test first!)
• Samba clients binding to the AD should still use
  yu.yale.edu
• Make sure youre not using the defunct
  windows-auth names!

Use This Now!
13
14
NEW SERVICE Managed SQL Server

• Centrally-hosted SQL2008 R2
• Proposed cost 1k/yr per 5 DBs / 5GB of data
• APPROVED for use with 3-lock data
• Servers managed by ITS DBA team and WINSYS
• ODBC access, secure/encrypted connections
  required
• On-disk encryption of databases available
• You own your own data with SQL Management
  Studio
• Good for
• Cost-sensitive customers who need a SQL server
• Most small to medium-size databases under normal
  use
• Not good for
• Very large databases
• Databases with heavy transactional activity

Summer2011?
14
15
PLANNED UPGRADE Domain Controllers

• Refresh hardware and upgrade to 2008R2
• All DCs will become eight-core 32GB x64 servers
• Known issues with Samba versions before v3.3
  which are domain-joined
• Fix/workaround information available
• Better yet, upgrade Samba
• SYSVOL conversion
• Uses DFS for replication
• Transparent but needs testing
• 2H CY2011
• Forest functional level upgrade to 2008R2 level
• Winter 2011/201

15
16
Oh, one more thing
17
EXCHANGE 2010

• Robust multi-browser web interface
• Mac users, rejoice!
• And people running Linux on their toaster ovens
• 5GB 8GB default mailbox quota
• More space than 99.98 of Yale Exchange users use
  now
• and more than Gmail ?
• Currently in pilot deployment with early adopters
• Target Everyone upgraded by Sep 1

17
18
Exchange 2010 details

• Adjusted Mailbox Quotas
• 8GB Quota
• 7.75GB warnings
• 8.00GB prohibit send
• 8.25GB prohibit receive (mail bounces)
• De-supported clients
• Outlook 2000, XP
• and you shouldnt use Outlook 2003 either
• Entourage 2004
• Entourage 2008 pre-EWS
• Upgrade these first or dump them entirely.

19
Exchange 2010 OWA Supported Browsers

• Full Interface
• Windows XP and higher
• IE 7
• Firefox 3.0.1
• Chrome 3.0.195.127
• MacOS
• Safari 3.1
• Firefox 3.0.1
• Linux
• Firefox 3.0.1

• Light interface
• Broadest compatibility
• Accommodates visually impaired
• Good for slow connections
• Better than Horde ?
• Examples
• IE6
• Chrome on Linux
• Safari on Windows iPad
• Android web browsers
• Opera

20
Exchange 2010 OWA Demo?
21
Summary

• New Microsoft Enterprise Agreement
• Lots of stuff is now free which used to cost
  extra.
• Upgrade Office!
• Central File Service revamped
• New operating model with better security and
  auditability
• Lower cost to users - 1/GB (includes backup)
• New SQL2008 database service being launched
• 1000/yr per 5 DBs or 5GB/data, 3-lock OK
• Platform operated by ITS DBA team and you manage
  your data
• Lync being piloted
• Secure Yale-owned IM
• Includes online meetings/presentations
• Exchange 2010
• Any-web-browser-friendly
• 8GB quota

22
Questions / Discussion

• What do you think of this format?
• Should this become a repeating conversation once
  again? How often?

22