Skip to content

Archives: Service News

News content type for use by UW-IT Services on IT Connect

IE Browser Support

Browser support changes will be coming on 1/12/2016. Microsoft will drop support for older versions of Internet Explorer, leaving IE11 as the only supported version of Internet Explorer.  Go to the OS and Browser Support page for information.

Undesired H: Drive Purge

H: drive deletions coming for those without departmental eligibility groups

Current staff members who are not in your department’s eligibility group will have their home directory (H:drive) deleted on 1/15/2015. Please verify that all of your staff members have been added to the correct eligibility group before that date.

More info:

Last summer we revealed that there were a significant number of Nebula home directories which we believed were undesired, primarily associated with individuals who had long since stopped having an association with the university. That was primarily because the Managed Workstation service didn’t have an active mechanism to capture when individuals should lose their eligibility for our service. We implemented the user eligibility mechanism which puts you as a customer in the driver seat of provisioning and deprovisioning home directories and some other user related access. As detailed above we didn’t complete connecting those eligibility groups with the home directory provisioning and deprovisioning until the end of February.

In December we notified those users with an “undesired” home directory who were still accessing that home directory to let them know that unless a customer marked them as eligible and paid for that home directory, that the home directory would be deleted.

In late January we removed access to undesired home directories.

In mid February, we deleted undesired home directories. This constituted almost 5200 home directories using 6 TB of space. Under current practices, there is still a copy of that deleted data for a year.

Nebula to disable SSLv3

Nebula will disable SSLv3 on Nebula workstations and servers which still have it enabled.

 

What and When:

On Tuesday, January 5th, 2016, Nebula will configure managed desktops and its servers to no longer permit SSLv3.

 

SSLv3 is broadly used to encrypt sessions, but it is also very old and now considered insecure. Disabling SSLv3 should have little to no impact because there is broad support for TLS and no obvious impact on the user experience to using TLS instead of SSLv3. While the most secure option should be chosen when a client connects to a server, there are situations where that doesn’t happen, so this change will ensure that Nebula does not permit a less secure scenario.

 

What You Need to Do:

Nothing, unless you are responsible for a web server or other service that uses this protocol, in which case you should update to a stronger encryption protocol as soon as possible.

 

This is primarily an advisory to let you know that we’re making a design change to make Nebula more secure.

 

More Info:

There is a vulnerability in the cryptographic protocol Secure Sockets Layer version 3, or SSLv3 (see https://technet.microsoft.com/en-us/library/security/3009008.aspx). In order to prevent malicious actors intercepting your data, Nebula is disabling the weakened protocol SSLv3 for all Nebula managed desktops and all Nebula servers.

 

This change could affect anyone still using a service protected with SSLv3, and anyone using a version of Internet Explorer prior to 11. Since this protocol is being dropped across the industry, it is unlikely that you will be affected unless you use a site or service still only using SSLv3. If you anticipate or experience any difficulties that you believe are related to this change, please email help@uw.edu with the subject line “Nebula SSLv3 Change”.

 

 

Changes in accessing Nebula file services

Changes in accessing Nebula file services

Access is now based on eligibility groups managed by each customer. As users are added and removed from eligibility groups, access to Nebula services will be added or removed. If you are unsure or do not know what your eligibiity group is, send and email to help@uw.edu

If you do not have an UW eligibility group and need to create one, instructions are on our webpage  How do I set up an eligibility group for my department?

 

Network Incident -> Groups Incident -> UWWI incident

Some UWWI groups are not currently in complete sync with the Groups Service

 

What and When:

This past weekend there was a significant network incident. That led to a Groups Service incident. The impact of the Groups Service incident was that change notifications for groups changed during that part of the weekend were never sent to UWWI.

 

UWWI also had an incident because of the network incident and had to restart our group agent, but that only delayed the processing of group change notifications. However, most of the group change notifications were missing in action because the Groups Service was had its own incident.

 

9172 groups were changed during that period, but due to our efforts, there are now less than 7100 UWWI groups which are out of sync from the Groups Service. Affected course groups have already been fixed.

 

What You Need to Do:

Be aware that there may be some slight group inconsistencies in UWWI for a little while longer.

 

More Info:

We have a standard way of resyncing groups which are out of sync, and once a month every group is subjected to this examination to ensure that no group falls out of synchronicity. This process is more resource intensive (it examines the state, figures out what is missing, and then fixes it, instead of just applying the changes). We’re selectively applying this to the group changes that went missing during the Groups Service incident, but it’ll take a bit for that to reach completion.

 

There are ~91,000 total groups in UWWI so this affected about 1/10 of all UWWI groups.

 

Brian Arkills

UW Windows Infrastructure Service Manager

 

Nebula News (September 2015)

Welcome to the semi-annual Nebula service newsletter, which brings you valuable updates and information to help you make the most of our services.

New Capabilities and Improvements

  • Nebula file services ala carte: Nebula file services are available separate from Nebula Managed Desktop. Prior to FY16, customers which only wanted shared file services from Nebula needed to follow an awkward path and were charged in an awkward method. There were also some customers paying more than their fair share of file service costs. Nebula now charges for Nebula file services consistently regardless of whether you also use the Nebula Managed Desktop option. All customers pay $0.25/GB/month (unless you use the Windows file service option).
  • Access to Nebula services: Access is now based on eligibility groups managed by each customer.  Prior to FY16, Nebula access was based on a combination of factors and was rarely fully removed, as we were not always aware of when people came and went.  Now, as users are added and removed from eligibility groups, access to Nebula services will be added or removed and customers can directly manage the memberships of the UW Groups that control access to their services.
  • Rate reduction: The Nebula desktop rate was reduced for FY16. The rate fell from $36.50 to $34.50. We separated the Nebula file service cost from this rate, so that accounts for some, but not all of the reduction. Here’s the rate for an 8 year period for historical context:
  • Billing simplification: We added a new mechanism to benefit the majority of Nebula customers. Many of you wish to use the same budget for a given type of Nebula service charge. The default user budget field will associate the budget you provide with any Nebula home directory that doesn’t have one explicitly assigned. The default computer budget field will associate the budget you provide with any Nebula managed desktop that doesn’t have one explicitly assigned. If you use the same budget for all of your desktops or all of your home directories, this means you don’t have assign a budget to each individual desktop or home directory.

Spotlights

  • Customer meeting: A Nebula customer meeting is scheduled for Wednesday, September 16, from noon until 1pm in the UW Tower auditorium. The agenda is to review the material in this newsletter in more detail and take any questions. We look forward to seeing you there.
  • Nebula Account simplification: Nebula now uses department eligibility groups to determine which department a given user belongs to. Customers manage the membership of their eligibility group. This helps to reduce the chance that a user remains associated with a department long after they have moved to another department or left the UW. Nebula removes access if a user is no longer in an eligibility group. In the future, Nebula will create the necessary user accounts for Nebula services based on eligibility group membership. This means that instead of asking us to create an account, you can simply add the user to your eligibility group. This process will not cover an Exchange mailbox, but the MSCA service has future plans to automatically provision a mailbox in a variety of scenarios. In the meantime, if you need a Nebula user account or Exchange mailbox, continue to contact us.
  • NETID user account conversion: Converting from Nebula2 user accounts to NETID user accounts reduces how often you have to log in, reduces our service costs, simplifies the infrastructure needed, and will enable Nebula to leverage investments made in the service providing the NETID user accounts.

Six months ago, we asked customers to self-elect to change to NETID user accounts by this time. We said that at the end of that time frame, we’d be phasing out Nebula2 user accounts. In the coming months, you can expect communication from us about this. We have many future planned steps:

  1. In September, we’ll start by automatically disabling any Nebula2 user account which isn’t being logged into regularly. We’ll provide a mechanism to temporarily re-enable your Nebula2 user account if it is still needed (Mac VPN is a known reason).
  2. For departments which let us know that they are done, we’ll disable all of their Nebula2 user accounts. Several departments have already prioritized their user migration, and this completes their journey by closing the door behind them.
  3. We’ll contact departments which still have active Nebula2 user accounts, and give them a target date on which we plan to disable their Nebula2 user accounts. This will include an offer to provide migration assistance before that date.
  4. When we have contacted every department, we’ll initiate moving the managed computers for each department into the NETID domain. We will accomplish this move via an automatic mechanism which will require a reboot. We’ll move each department based on a schedule we’ll coordinate with you. Temporary exceptions to the migration may be granted, given a compelling business need. This is likely 6 months away, and more details about this will develop in that time period, but if lengthy migration exceptions are needed, Nebula will need to recover the costs of managing the Nebula2 domain and computer management infrastructure (that is no longer core to the service), so there may be an additional charge.

If you’d like to get an early jump on your department (or just a single user) for conversion, please send us an email with “Nebula2 to Netid user conversion” in the subject line. There are self-service or assisted options (and we won’t charge extra for basic assistance). The self-service directions are at https://www.washington.edu/itconnect/wares/nebula/changing-to-netid-logins-in-nebula/

  • Windows 10: If you are eager to move to Windows 10, you can do that now, but you will lose some Nebula capabilities. In a month, we hope to provide the full set of Nebula capabilities to Windows 10. In a couple months, we hope to provide an automated upgrade mechanism that’ll allow you to initiate an upgrade to Windows 10. More details about our Windows 10 plans are here:  http://www.washington.edu/itconnect/wares/nebula/news/nebula-windows-10-readiness/ . Windows 7 will continue to enjoy the full set of Nebula support capabilities. More details about Nebula’s OS and browser support are available at https://www.washington.edu/itconnect/wares/nebula/operating-system-and-browser-support/
  • Customer routing improvements. We’ve heard from several customers that when you have an urgent issue which interrupts your ability to do UW work, it can be hard to get help in a timely way. We are planning on making some changes to improve this issue. More details will be forthcoming.

Trends

Below are metrics across the Nebula service. The takeaway statement following each graph compares metrics in the last 6 months to the prior 6 month period. For information specific to you or your department, the MyIT portal has more data: https://support.nebula.washington.edu/myIT/Default.aspx.

  • Overall usage

Takeaways: +0 computers (~3400 total today), +200 users (~5100 total today), +50 groups (~3050 total today)

  • IE Versions

Takeaways: +50 IE11 (~2800 total today), +0 IE10 (~300 total today), +0 IE9 (~200 total today), +0 IE8 (~50 total today).

NOTE: These 550 customers with down-level versions of IE will be upgraded in January 2016. Please see http://www.washington.edu/itconnect/wares/nebula/operating-system-and-browser-support/#browserLifecycle.

  • Operating System Versions

Takeaways: +50 Windows 10 (~50 total today), +150 Windows 8.1 (~500 total today), -150 Windows 7 (~2750 total today), +0 MacOS (~22 total today)

  • VPN Use

Takeaways: +15 sessions on average (~35 sessions average with a peak of 54)

  • Support Requests

Takeaways: Support requests have grown by 72.5%; 4203 Nebula support tickets resolved since 2/20/2015 vs. 2451 in prior 6 month period.

NOTE: We believe this increase is due to a couple factors:

      • We don’t take direct phone calls any longer, so prior to this many requests had no corresponding request record to track it.
      • We retired a parallel ticketing system (RT) which was only used for consulting requests. Some number of requests in that system were only represented in that system so weren’t included in our prior 6 month total.
      • There was an unusually high amount of service design change over the last 6 months, which resulted in a higher number of questions and interaction. This included completely revamping our customer relationship data, several billing changes, multiple organizations changing their departments to reflect past re-organizations or budgets, and other requests which would not have otherwise occurred.
  • Incidents

Takeaways: Incidents have fallen by 69%; 18 Nebula incidents resolved since 2/20/2015 vs. 58 in prior 6 month period.

What’s Next

Our objectives for the next six months include:

  • Customer routing improvements, as noted above.
  • Activities related to the Nebula2 user transitions, as noted above.
  • Make design changes related to the Mac VPN so it isn’t a blocker for letting go of the Nebula2 user account.
  • Begin planning for computer migrations to NETID domain, as noted above.
  • Replace the servers behind our aging software deployment infrastructure (System Center Configuration Manager or SCCM). We also will explore moving Nebula’s software deployment capabilities to the UW Windows Infrastructure service so a broader set of the UW can leverage this capability and contribute packages Nebula customers might use.
  • Activities related to Windows 10 support, as noted above.
  • Adding an OS deployment capability, including a self-service automated upgrade in place option
  • Provide a package for Office 2016, after it is released
  • Via a pilot with some higher risk departments, explore a solution that provides data encryption capabilities regardless of where the data is stored, has broad cross-platform support and advanced tracking capabilities (Azure RMS). We suspect this is a strategically important technology for risk mitigation, but we need to verify.

Your Feedback

Supporting your needs for Managed Workstation capabilities offered via the Nebula service is our priority, so we welcome feedback on how we can make the Nebula service more valuable to you. The nebula-announce and nebula-discuss mailing lists are good sources of information. We recommend that each customer have at least one individual join the nebula-announce mailing list. See https://www.washington.edu/itconnect/wares/nebula/contact-us/ for more on how to join.

You can voice your support for future objectives to help us rank priorities, ask for things that aren’t yet on our radar, or simply contact us via help@uw.edu.

Brian Arkills

UW-IT, Nebula Service Manager

Nebula IE version support changing in January 2016

Nebula will no longer support older versions of Internet Explorer.

 

What and When:

On January 12, 2016 Microsoft will drop support for older versions of Internet Explorer, leaving IE11 as the only supported version of Internet Explorer.

 

Following UW security guidelines, Nebula will also remove its support, because web browsers without vendor support no longer get patches for security vulnerabilities.

 

To implement Nebula’s change in support, Nebula will retire the mechanism it has provided to defer automatic IE version upgrades. The mechanism to defer allowed individual computers to avoid the automatic upgrade of IE version, but was available only upon request. Nebula will continue to provide the automatic update mechanism.

 

What you need to do:

Nebula computer has a version of IE older that version 11, then your computer will be affected, otherwise you are unaffected.

 

If you are affected, we encourage you to explore your alternatives. Options to pursue may include:

-try to use the latest IE version. If you’d like to remove your IE version upgrade exception before 1/11/2016, please let us know.

-try another browser. Most applications do support browsers other than IE.

-talk with the application vendor about their browser support plan given that Microsoft will no longer support older IE versions

 

If there’s anything else Nebula can do to assist, please feel free to contact us at help@uw.edu. We’d be happy to provide assistance on a consulting basis.

 

More info:

Microsoft’s announcement of this change came via the IEBlog over a year ago.

 

Nebula’s browser support is documented at http://www.washington.edu/itconnect/wares/nebula/operating-system-and-browser-support/.