Meeting Date

• TEAMS: 2024-05-29

Invited

Anthony (group leader), Lori, Clayton, Guoxiang, Nathan, Nick, Todd, Ed, Devon, Gwen

Attendees

• Anthony
• Ed
• Clayton
• Nick
• Guoxiang
• Fraser
• Devon

Review and accept previous meeting minutes.

CsLWGMeeting20240515

Review last meeting's Action Items

linux.cscf.uwaterloo.ca

• Still blocked on comprehensive review of authentication/authorization configuration, work stalled

New DFSc Hardware

• Has been racked
• Network cards found and installed, cabling complete
• Should be able to get them running this week -a2brenna

DFSc Performance

• Snapshots blocked on cleanup of old homedirs
  • Work proceeding on cleanup here, Anthony will work with Guoxiang
  • Need direction on retention policy from school - after expiry or sponsorship? Should be added to documentation once it has been decided upon * No policy appears to exist for students, going with 175 days after end of last sponsored term * need to configure warning emails to students before account expires
• Need to send message to users (login message (only applies to login shell), other?) when snapshots are re-enabled, links to appropriate end user documentation - Anthony
  • Will leverage MOTD to point to other more comprehensive documentation
  • Engage management on documentation location (Anthony)
    • Nick Lee maintains a useful page on www.cs.uwaterloo.ca about the general use TEACHING environment, collocating documentation there is an option.

Endpoint Protection

• IST wants to deploy SentinelOne end point security agents on all devices
• Planning test deployment to linux.student.cs (on a single node) in passive (watch and complain) mode for spring term,
  • IST controls the mode of the software and to provide CSCF with new token
    • Token acquired
    • Waiting on homedir backups to complete so we can get a clear picture of DFSc traffic caused by S1
• What if anything is sent to third-party/off site servers? For privacy reasons, we need an answer before we do a roll out
  • Try to get this in writing for future reference
    • IST FAQ instructive: https://uwaterloo.atlassian.net/wiki/spaces/ISTSERV/pages/42588012601/Endpoint+Detection+and+Response
• Any docs on what the program does and how it does it?
  • Not really, possible answers in the Knowledge Base, may need to create an account with vendor to get access
    • IST FAQ instructive:
• Need clarification from upper management about pushing Sentinel One to previously deployed devices (Devon)
  • So far approach seems to be to get it on all "new" devices going out
  • CSCF staff to install themselves - instructions can be found here: ???? and should be communicated to staff
  • Mac workstations to be deployed remotely - see announcement in TOP channel * Possibly looking into having a Self Service option for already deployed laptops to install SentinelOne (more of an opt-in option)
  • Windows workstations may need to be done "physically" by CSCF staff (optional)
  • Teaching labs are already done (Mac and Linux)

NFS Ganesha server issues (nfs-files.student.cs)

• CCO event currently running in MC 3003 this week - https://cemc.uwaterloo.ca/contests/ccc-cco.html
• NFS Ganesha server keeps crashing during lab sessions for the event (due to specific operation or load issues)
• Anthony is collecting crash dumps (at least 3-4 bugs noticed so far)
• Server is recovering automatically, but can take up to 5 minutes for lab machines to recover (leaving them frozen until then)
• Analysis of crashes is blocked due to lack of staff time
• Looking into alternatives is also blocked due to lack of staff time
  • File locking is a concern with other options
• New NFS Ganesha v5.9 released last week, need to check changelog and see if we can/should update (currently running v5.7?)
  • We still need to build a third server anyways, we might want to look into using the third server to test the latest release.

Future of RT

• CSCF and MFCF to discuss - May 16
  • Did not happen
  • INF proceeding with work to take on RT (and only moving CSCF + MFCF data)
  • 0.2-0.25 FTE time commitment
  • Concerns with details
    • Does that mean CSCF is taking over the rt.uwaterloo.ca domain? (root uwaterloo.ca might imply IST management)
    • What about RTs with currently active email chains?
    • Is this going to cause any confusion for clients, especially those with currently open requests?
    • What about emails to/from RT?
• Upgrade of RT 4 --> RT 5
  • Customization done via plugin architecture, safe to upgrade

Comments