www.xkcd.com/773
Hat tip to Nick Silkey for bringing this one to my attention.
1
What is the “Windows Roundtable” ?
An informal gathering of people who “do Windows” at Yale to
facilitate communication of common goals, problems and solutions
across the Yale IT community.
Usually there will be a “headline topic” as a launching point for
discussion and then general (moderated) discussion on whatever
topics the group wants to cover.
Ground Rules:
– The Roundtable is a Yale-internal discussion
– The Roundtable is a “no-powerpoint zone”
– Participation in discussions is encouraged to both bring your
questions and share your solutions.
2
Yale Windows Universe
Update 2011
Ken Hoover
Manager, ITS Windows Systems Group (WINSYS)
ken.hoover@yale.edu
July 8, 2011
DISCLAIMER: Some of this talk is about initiatives
that are still in the pre-release stages. It is intended
to give you outlines that you can use as you make
plans for Windows-based services in your area of
responsibility.
Except where noted, dates listed are target dates
only and may change due to collisions with reality.
3
ITS Windows Systems Group (WINSYS)
WINSYS manages Windows servers in Yale’s data centers.
900
800
700
Total Servers
Virtual Servers
Physical Servers
600
500
400
300
200
100
0
4
Agenda
• A few quick highlights and interesting statistics
• Things that have changed in the last couple of years
• Services that are being revamped and upgraded
• Question Time
5
Quick Yale AD Highlights
• By the numbers…
–
–
–
–
–
100K users
31K computers
13K groups
3500 OU’s
1300 GPO’s
– Domain Controllers process 8.4 Million
Kerberos AuthN’s on a typical weekday (and
generate 26GB of logs!)
6
Changes in the last few years…
• Exchange introduced in Summer 2007
–
–
–
–
Processing ~500K messages per day
~11,000 mailboxes (and growing)
~6TB of email store
Quota increased from 1GB to 2GB in 2009
• Active Directory taking over from MIT Kerberos
– now backing CAS, for example
• Sharepoint & Project server in operation
• Shared SQL Servers
7
Revamped services and a look ahead
8
NEW: Enterprise License Agreement
• Microsoft enterprise license agreement for all faculty
and staff
• Includes:
– Windows Desktop OS
– Windows Server OS (all versions)
– Office for Windows and Mac
• Free upgrades for those clinging to Office 2003, etc.
– Enterprise Client licenses for Exchange, Sharepoint, and
others
• Foundational for exciting activity in the Microsoft space…
9
BEING REBOOTED: Central File Service
• Secure/managed file storage for users and departments
• ~40TB of capacity added since September 1, 2010
• LOWER RATE for FY12: $1/GB/month
• Available to anyone with a PTAEO we can charge
• 3-lock approved
• New “flattened” CFS security model
–
–
–
–
Role-based access for departmental shares
Support for single-user “home” shares (finally!)
No mucking about with file/subfolder permission
Existing shares will have their structure and permissions
revamped to use new operating model during 2H CY2011
10
CHANGED: WINSYS Patch Release Cycle
• Monthly patches for servers released in four cycles
–
–
–
–
Cycle
Cycle
Cycle
Cycle
“A” – 2nd Tuesday (Rapid Response pool)
“B” – 3rd Tuesday (Development and “below”)
“C” – 4th Tuesday (Test/Pre-prod and “below”)
“D” – 1st Tuesday (Production)
• Keep this cycle in mind if WINSYS runs a server for your
department. Remember to test!
• Applies only to WINSYS-managed machines but a
good approach in any multi-environment Windowsbased application.
11
NEW SERVICE: “Lync” Internal Comms
• Secure, encrypted IM with AD backing
• Online meetings/presentations
– Yes, with audio and video
•
•
•
•
•
Good for business purposes within Yale
Free* for faculty and staff to use
Works on non-routable Yale subnets
Works from outside too without VPN**
Integrates with Exchange, Office 2007+
and Sharepoint
• Native client included with Office 2011
for Mac
Pilot
rollout
* Covered by new Microsoft Enterprise agreement
** But some ISP’s block SIP so sometimes VPN is needed
anyway.
12
NEW SERVICE: Secure LDAP against AD
• New Secure AD LDAP alias ad.its.yale.edu
– Secure LDAP (ldaps://) with a Verisign certificate
– Highly available through use of F5 load balancers
– For applications that want to bind to the AD for any purpose
• NAS devices and other appliances
• LDAP-based AD browser tools
Use This
• Any code that uses LDAP to talk to the AD
Now!
• Web applications using AD authentication
• etc.
– PLEASE update your applications and NAS boxes to use this
alias (test first!)
– Samba clients binding to the AD should still use “yu.yale.edu”
• Make sure you’re not using the defunct “windows-auth” names!
13
NEW SERVICE: Managed SQL Server
• Centrally-hosted SQL2008 R2
–
–
–
–
–
–
–
Proposed cost $1k/yr per 5 DB’s / 5GB of data
APPROVED for use with 3-lock data
Servers managed by ITS DBA team and WINSYS
ODBC access, secure/encrypted connections required
On-disk encryption of databases available
You “own” your own data with SQL Management Studio
Good for:
• Cost-sensitive customers who need a SQL server
• Most small to medium-size databases under normal use
– Not good for:
• Very large databases
Summer
• Databases with heavy transactional activity
2011?
14
PLANNED UPGRADE: Domain Controllers
• Refresh hardware and upgrade to 2008R2
– All DC’s will become eight-core 32GB x64 servers
– Known issues with Samba versions before v3.3 which
are domain-joined
• Fix/workaround information available
• Better yet, upgrade Samba
• SYSVOL conversion
– Uses DFS for replication
– Transparent but needs testing
– 2H CY2011
• Forest functional level upgrade to 2008R2 level
– Winter 2011/201
15
Oh, one more thing…
16
EXCHANGE 2010
• Robust multi-browser web interface
– Mac users, rejoice!
– And people running Linux on their toaster ovens…
• 5GB 8GB default mailbox quota
– More space than 99.98% of Yale Exchange users use now
– …and more than Gmail 
• Currently in pilot deployment with early adopters
• Target: Everyone upgraded by Sep 1
17
Exchange 2010 details…
• Adjusted Mailbox Quotas
– 8GB Quota
• 7.75GB – warnings
• 8.00GB – prohibit send
• 8.25GB – prohibit receive (mail bounces)
• De-supported clients
– Outlook 2000, XP
• … and you shouldn’t use Outlook 2003 either
– Entourage 2004
– Entourage 2008 pre-EWS
– Upgrade these first… or dump them entirely.
18
Exchange 2010 OWA Supported Browsers
“Full” Interface
• Windows XP and higher
– IE 7+
– Firefox 3.0.1+
– Chrome 3.0.195.127+
• MacOS
– Safari 3.1+
– Firefox 3.0.1+
• Linux
– Firefox 3.0.1+
“Light” interface
• Broadest compatibility
• Accommodates visually
impaired
• Good for slow connections
• Better than Horde 
• Examples:
–
–
–
–
–
IE6
Chrome on Linux
Safari on Windows & iPad
Android web browsers
Opera
19
Exchange 2010 OWA Demo?
20
Summary
• New Microsoft Enterprise Agreement
– Lots of stuff is now “free” which used to cost extra.
– Upgrade Office!
• Central File Service revamped
– New operating model with better security and auditability
– Lower cost to users - $1/GB (includes backup)
• New SQL2008 database service being launched
– $1000/yr per 5 DB’s or 5GB/data, 3-lock OK
– Platform operated by ITS DBA team and you manage your data
• Lync being piloted
– Secure Yale-owned IM
– Includes online meetings/presentations
• Exchange 2010
– Any-web-browser-friendly
– 8GB quota
21
Questions / Discussion
• What do you think of this format?
• Should this become a repeating conversation once again? How
often?
22