IT Briefing

August 2006

2

IT Briefing Agenda 8/17/06

• Organization tweaks

• EOL Demo

• Symantec Reporting demo

• VPN Update

• Email & IdM

• NetCom Q&A

• Karen Jenkins

• John Maxwell

• Daniel Palmer

• Jay Flanagan

• John Ellis

• Paul Petersen

3

Organization Tweaks

• Windows, Unix teams moved from OIS to CTS

• ERP systems moved from ADS to CTS– Improve efficiencies and planning– OIS focus on major data center

initiatives– Steve Siegelman Interim IT Technical

Lead for the Systems group (Windows, Unix, and ERP

4

Organizational Tweaks (cont.)

• Jay Flanagan responsible for the Security, Email, and IdM teams

• Linda Erhard, IT Governance Liaison, moved from CTS to directly reporting to Rich Mendola

• OIS special projects position expanded to also support CTS

• AAIT will continue to adjust as/if needed to address strategic initatives

John Maxwell

6

Key changes to Emory Online

Standalone software installers no longer included on Emory Online

Includes Emory Unplugged configuration tools and documentation

Better integration with Residential Network Registration

Internet shortcuts provide tie-ins for spreading the word about campus IT services.

7

Emory Online Fall 2006 Process

1. Welcome2. Security Scan3. Configure Wireless4. Get Connected!

8

Process Breakdown – Windows

2. Security Scan • InstallScript application that secures,

scans, and patches a user’s Windows installation

3. Configure Wireless• AutoIt script configures user’s wireless

connection for Emory Unplugged• Emory Unplugged PDF for Windows XP

4. Get Connected!• Sets IE homepage to IT orientation site and

places a internet shortcut (.url) on their desktop

• AutoIt script that tests for a 10.140 connection and launches CAT executable

9

Process Breakdown – MacOS X

2. Security Scan • Advises user to use Software Update “early and

often” and to download NAV for Mac from Software Express

3. Configure Wireless • AppleScript application configures local AirPort

connection for Emory Unplugged• Emory Unplugged PDF for OS X

4. Get Connected!• Sets Safari homepage to IT orientation site and

places an internet shortcut (.url) on their desktop• Opens Safari to http://netreg.service.emory.edu/

for network registration

10

Security Scan

1. Enables Windows XP firewall2. Enables Automatic Updates3. Installs and runs CCleaner4. Runs McAfee Stinger5. Installs Symantec AntiVirus6. Installs and runs SpybotSD7. Installs Service Pack (if Emory-owned)8. Installs Critical Updates (if Emory-owned)9. Instructs user to set passwords on all

Windows accounts.

11

Emory Online Fall 2006

•Demonstrate new features

12

?QuestionsEmory OnLine

13

Special Thanks to:

• All the testers…• Lee Clontz• Donna Price

14

Feedback & Questions to:

john.maxwell@emory.edu

Symantec AV Reporting @ Emory

Daniel Palmer

16

Symantec AV Reporting

Glimpse of current AV @ Emory1 Managed “Campus” server (Wolf)

Several Departmental Servers (AAIT, Emory College, Law School, etc)

1 Reporting Server (sesa)

AV client count varies based on the deptWolf - ~9900 clients AAIT - ~250 clients

17

Symantec AV Reporting

Good Info but got anything useful?

How about…..On Wolf in the past 24 hours …..

6001 of 9904 clients have checked in2947 clients with 10.1.0.401263 clients with 10.0.2.2001 are infected*23 clients checked in with Auto Protect

disabled

How about…..PC named “pickle” (mub is the user) hasn’t checked in since

07/20/2006 17:54:47Def Date 7/19/06 Rev 24AV Version - 10.0.2.2001

18

Symantec AV Reporting

Symantect AV Reporting Server

1 Reporting Server running IIS and MSSQL ServerPros

Web InterfaceVery Simple Dashboard Lots of canned reports

ConsSome functions need Internet ExplorerDoes NOT authenticate to LDAP

19

Demo

Symantec AV Reporting

20

Symantec AV Reporting

Wanna Join?

Requirements-Must have some delimiting criteria

i.e. Managed ServerSingle naming convention (PSFT*)Single IP subnet (170.140.187.x)

Let us know if you are interested in using theSymantec AV Reporting Server

Send an email to ci-desktop@listserv.cc.emory.edu

21

?QuestionsSymantec AV Reporting

F5 VPN Update

Jay D. FlanaganAndy Efting

23

Background

• Replacement for SecuRemote• Usage: http://vpn.emory.edu• Documentation available online at:

it.emory.edu/showdoc.cfm?docid=6389

24

Future

• Proposed replacement for vpn.service.emory.edu

• Targeting January 1, 2007 for decommissioning

• GINA

25

GINA

• Requires simple client install

• Creates VPN tunnel during logon

• Passes authentication credentials as if sitting on the network

26

27

28

29

30

Upgrade

• Firepass 5.5 to version 6.0

• Friday morning (Aug. 18), 6:30 AM

• Provide GINA functionality for production

31

Summary

• Successful transition to F5 for Admin Core users

• Planned transition to F5 to replace vpn.service.emory.edu

• Planned upgrade to provide GINA support

32

?QuestionsVPN / GINA

Email and IdM Updates

John Ellis

Emory Backbone Upgrade Status and Timeline

Paul Petersen

35

Agenda

• New Core Status

• New Firewall Status

• Working Timeline

36

New Core

• New Core Status– All Routers installed– Router code issues resolved– Cautiously moving LANs

• 8/14 - Anatomy Basement• 8/15 - The Depot• 8/16 - Facilities Management• 8/17 - Schwartz Performing Arts Center• 8/18 - Cox Hall

Crawford

NDB

Clairmont

EUHNorth

Cox Hall

37

New Firewall

• New Firewall Status– The New Firewalls are installed– The Management System is installed– Each Virtual Firewall Context has been built– Migration will start after border network is

formed

Cox2

Crawford1

Crawford2

North2

EUH2

EUH1

Clairmont2

NDB2

Cox1 North1

Clairmont1

FWCOX1

NDB1

FWNDB1

38

Working Timeline

Date Task

09/15

Continue to migrate targeted LANs to the new core

09/18

Post new comprehensive upgrade schedule on the web

09/29

Border Network Consolidated

09/29

Internet2 Uplink upgraded to 10 Gigabit

09/29

Academic Border Firewall migration to new firewalls

39

Working Timeline

Date Task

10/10

ResNet Firewall and LANs migrated to new hardware

10/20

Secure Admin and DMZ firewalls migrated to new core

11/03

Healthcare firewalls migrated to new core

01/16

Academic, Secure Academic, and DMZ migrated to new core

01/31

Healthcare LANs migrated to new core

40

?QuestionsNetCom