ISG News has posted a new item, '2014 in review'
This post is meant to give you a short overview of what has been accomplished in
D-PHYS IT by ISG this year. We’ve been hard at work to further improve and
extend our services for you, our customers. Some highlights of 2014:
eXile: in order to be able to keep Windows XP machines that cannot be upgraded
connected to the network, we have created the exile system of dedicated virtual
firewalls. Currently there are 57 computers safely hidden in this network.
Security flaws: 2014 saw the disclosure of three rather severe and widespread
security problems in quick succession: Heartbleed, Shellshock and Poodle. We
patched all affected systems within hours of the announcements and also scanned
the network for hosts that had been overlooked. If you're managing any networked
machines (not just servers!) yourself, please make sure those are not
vulnerable.
Outages: we had a major incident on August 27 due to a failure of the server
room cooling system. Fortunately we were able to repair the damage within hours.
Other than that, our systems have been very stable in 2014 and we only had minor
issues.
Storage: in 2014 the disk space occupied by data and backup grew from 535 TiB
to 685 TiB, further increasing the yearly growth rate. Another 120 TiB are
already in the pipeline.
Printing: in cooperation with Informatikdienste we prepared and introduced the
new ETH printing system in D-PHYS. Several groups have migrated already, the
rest of D-PHYS will follow in 2015.
IPv6: during the last 12 months we prepared the D-PHYS network for dual stack
(IPv4 + IPv6) operation. The biggest step towards a working IPv6 infrastructure
was the deployment of an IPv6-ready DHCP server. Beginning next January we will
incrementally hand out IPv6 addresses in the D-PHYS network. Later on, we'll
make our services IPv6-ready.
Brain drain: two ISG group members decided to take on new challenges this year.
In November, Thomas Berchtold left us after 3 successful years to become the new
Head of IT of D-BAUG, and Elmar Heeb, the founding father of ISG D-PHYS, will
start his new job in Informatikdienste in February. We thank both Thomas and
Elmar for their dedicated work and contribution to the team and hope to stay in
regular contact with them in the future. Christian Ringger will replace Thomas
in January, while Elmar's succession is still work in progress.
Happy Holidays and see you in 2015!
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/12/18/2014-in-review/
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Christian Herzog
daduke(a)phys.ethz.ch
ISG News has posted a new item, 'Join us for the new printing system'
Together with our colleagues at Informatikdienste we have adopted the new ETH
printing system in our department. Read about the many advantages of the project
in our documentation. On October 15 we have migrated the first Institute (ITP)
where people now can benefit from various features like pull printing and
automatic toner supply.
So who's next to join us? We have printers in stock, so if your group is
interested, we can accommodate you on very short notice. Just get in contact.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/10/16/join-us-for-the-new-printing-syste…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Christian Herzog
daduke(a)phys.ethz.ch
ISG News has posted a new item, 'Severe server failure'
complete loss of cooling in the server room. We have yet to assess the damage.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/08/27/severe-server-failure/
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Christian Herzog
daduke(a)phys.ethz.ch
ISG News has posted a new item, 'Major server room remodeling'
All of D-PHYS's important servers (and services: mail, homes, SAN, web) reside
in two water-cooled racks in HIT D 13. On Wednesday, August 20 those racks will
have to be retrofitted by our colleagues of Informatikdienste since certain
spare parts are no longer available. We have an elaborate plan how to externally
power the servers while the racks are offline that schedules a 5-minute downtime
that most of you won't even notice. However, there is a small chance that this
external power supply does not work as expected which would lead to a longer
interruption. Unfortunately we have no influence on the date, time and procedure
of this modification and can only try our best to minimize potential
consequences. So if something should go wrong next Wednesday, please don't
panic, we'll be hard at work to fix it ASAP.
Thank you for your cooperation.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/08/13/major-server-room-remodeling/
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Christian Herzog
daduke(a)phys.ethz.ch
ISG News has posted a new item, 'Server Maintenances this Week: E-Mail and
BackupPC'
We have scheduled a software maintenance of the D-PHYS mail server for tomorrow,
Wednesday, the 18th of June 2014, starting in the late afternoon around 5pm. A
downtime of all D-PHYS mail services during the evening will be part of the
maintenance. The downtime is expected to take approximately 15 to 30 minutes.
During the downtime sending and receiving e-mails will not be possible and the
web mail service will be not available. Incoming mails during the downtime will
be delayed.
Additionally there will be a downtime of our "BackupPC" backup service for
laptops and lab PCs due to server relocation on Thursday (19th of June 2014)
starting around 9am.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/06/17/server-maintenances-this-week-mail…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Axel Beckert
beckert(a)phys.ethz.ch
ISG News has posted a new item, 'Keep in Mind: Windows XP reached its
End-of-Life one Month ago'
Microsoft provided a final bunch of patches for Windows XP in April 2014. Since
then no more security and stability fixes are going to be released. This means
that still running Windows XP machines conflict with the ETH Bot (Acceptable Use
Policy for Telematics) which requires that every computer connected to the ETH
network must be fully updated and secured.
The central IT security group of ETHZ continuously inspects the network streams
for signatures of XP computers. In the D-PHYS public networks they still detect
around 15 Windows XP based computers. If you have a running XP machine connected
to the public network, please migrate the operating system to a newer version
i.e Windows 7.
In case you are forced to keep Windows XP up and running, you can migrate the
machine to our eXile network. Simply send the required information to
isg(a)phys.ethz.ch after you've read and understood the eXile Terms-of-Use, so we
can prepare the machine for the eXile network.
If you have any questions or need help please do not hesitate to contact the ISG
D-PHYS Helpdesk
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/05/22/keep-in-mind-windows-xp-reached-it…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Thomas Berchtold
thomber(a)phys.ethz.ch
ISG News has posted a new item, 'Scheduled power outage in HPT on Mon, May 5 -
Limited helpdesk'
On Monday, May 5, there will be a scheduled power outage in the HPT building,
between 13:00 and 22:00. This will also affect ISG's offices, but none of the
servers. Our services will run as usual, but we'll have to move the helpdesk to
a temporary location during the outage. So please be patient when calling and
wait for your call to be redirected to our pager or write an email instead. We
hope to be back to normal by Tuesday morning.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/04/30/scheduled-power-outage-in-hpt-on-m…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Christian Herzog
daduke(a)phys.ethz.ch
ISG News has posted a new item, 'Heartbleed OpenSSL Bug and D-PHYS Services'
On Monday the public was made aware of a severe bug in OpenSSL, a cryptography
library which is used as the core of many cryptographically secured IT services.
Since the bug was in the Heartbeat extension it has been named "Heartbleed".
This bug allowed attackers to stealthily access parts of the memory used for
cryptographic actions, i.e. it may include digital keys in use on servers or
passwords transferred over encrypted connections.
If you used any password-protected D-PHYS web services or the D-PHYS mail server
between 12th of December 2013 (or used the BackupPC web-interface since end of
2012) and Tuesday, the 8th of April 2014, there is a very small chance that your
D-PHYS password and possibly other transmitted data may have been leaked to an
attacker. We currently have no indication that this has actually happened on our
servers.
To be safe, you might want to change the password of your D-PHYS account and any
other account where the same password is used. See this Heise article for a
discussion (in German) about whether you should change your password or not.
Services and systems not directly affected by the heartbleed bug are SSH, Mosh,
PGP, GPG and NTP. So your SSH and PGP/GPG private keys do not need to be changed
unless you used the D-PHYS password as passphrase or they weren't protected by a
passphrase at all. SSH host keys should not be affected either. (If you do not
know what these terms mean, don't bother: you are very likely not affected
anyways.)
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/04/11/heartbleed-openssl-bug-and-d-phys-…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Axel Beckert
beckert(a)phys.ethz.ch
ISG News has posted a new item, 'HPT D and E Floor Network Service Interruption
on 10th of April 2014'
The central network group informed us about a planed network interruption
between 6:30 and 7:30 a.m. on the 10th of April 2014 due to maintenance work.
The following rooms are affected by this interruption:
HPT D1 - HPT D20 and HPT E1 - HPT E17.
Due to this interruption it may not be possible to access the D-PHYS services
and internet.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/04/07/hpt-d-and-e-floor-network-service-…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Thomas Berchtold
thomber(a)phys.ethz.ch
ISG News has posted a new item, 'How to keep your Windows XP Installations
living on after End-of-Life'
As announced in an earlier post last year, Microsoft is going to end the support
for Windows XP in April 2014.
After this date the central network security group of the ETH will frequently
scan our public networks to identify any existing Windows XP machines. Every
Windows XP detected by such a scan will be disabled on the network level since
it is strictly prohibited to keep this operating system up and running on the
public network of ETH.
Since we are aware that there may be Windows XP machines living on after the
end-of-life date, we worked out a solution to support these situations and to
help you not to get in conflict with the network usage regulations.
We founded a project called eXile which provides very locked down network
environments that are monitored by advanced security techniques and provide
excessive firewall setups. Furthermore eXile provides easy interfaces for you to
manage your computers and overview the security state and network access to your
machines in eXile.
You can send your machines to the eXile when they match one of the following
scenarios:
Lab computers (controlling, collecting measure data, or monitoring other
systems)
Industrial computers
Embedded systems
The following applications are not suitable for eXile and need to be migrated to
a supported operating system:
Office Computers
Computers on which internet access needs to be available
Computers on which emails are received and sent
Computers that provide any services to public computers in the internet
Please note that eXile should not be seen as an excuse not to migrate your
Windows XP to a supported operating system as soon as possible. The purpose of
eXile is really only to address those few machines that are somehow locked to
their operating system.
Nevertheless we invented eXile to address the Windows XP end-of-live problem, it
is capable to take up any other computer for which you want to have an extra
level of security or on which you run any other outdated or insecure operating
system.
If you think your remaining Windows XP computers are candidates to send to
eXile, we would be happy if you could send a message to isg(a)phys.ethz.ch and
inform us about the number of computers and what application you are using these
computers for. Later this month a web interface will be made available on
https://exile.phys.ethz.ch/ where you can directly register every machine you
want to send to eXile.
After eXile is fully online, another post will be submitted here.
You may view the latest post at
https://nic.phys.ethz.ch/news/2014/02/07/how-to-keep-your-windows-xp-instal…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Thomas Berchtold
thomber(a)phys.ethz.ch