PPD Computing“Business Continuity”

Windows and MacKevin DunfordMay 17th 2012

Central IT systems at RAL

There are UPS’s with backup generators in R26 and R89 for business critical systems including, central networking, email infrastructure and the CLRC primary domain controller.

Windows servers minimising impact of electrical brownouts or power

failure

• All PPD rack mounted servers are on UPS (Uninterrupted Power Supplies)

• Run on battery for 10 minutes (brownouts)• Automatic shutdown of managed servers after

the 10 minutes of running on battery • Will have to manually reboot servers after a

shutdown (prevents down, up, down up on servers while battery isn’t fully charged and hardware faults)

1

Working off site – laptops & offline files

• Don’t remove your laptop from the PPD domain – you will loss all offline files

• Take extra care when typing PointSec username & password!! (No recovery server.)

• H:\ drive – please update synchronise regularly • You can make any section of the T:\ drive available offline (or

manually copy), but I would use caution on group shared areas! – If a group of users make the same location offline and all update,

when synchronising back to server your copies will overwrite one another.

– If you do this communicate amongst your group, so you know who has what files offline and more importantly who is editing each individual offline file.

– We can’t fix document faults generated this way. Best effort restore from old backup.

2

Working off site – Window updates

• PPD’s desktops and laptops point to a PPD server to get their update’s, which has been configured via Group Policy that updates laptop\desktop registry.

• If we are down for just 2 or 3 days then it’s not critical

• A week or more then this will need intervention– you will need to execute a VBS script file to

remove PPD’s Windows update settings.– You can run Windows update manually

yourselves• Once back at RAL laptop will revert to PPD

Windows updating server.3

Working off site – Sophos

• Configured Windows and Mac laptops to have a secondary update location directly from Sophos.

• I have added all PPD staff members to the ‘SophosPowerUser’ group. This allows you to resolve viruses on laptops yourselves.

• Sophos for home computer users s:\Sophos – Home\SophosHome.exe v9.7 (This is the latest version available for home installation, as v10 hasn’t been centrally configured yet

4

Working off site – User documentation

• Have placed a folder on your H:\ drives called ‘PPDComputerGroupSupportDocuments’ – Emailsetup.pdf (Outlook, WebMail and Mac config)– Offsiteaccess.pdf (VPN)– delWUSkey.vbs (Double click on this file to update

directly from Microsoft, but will require a reboot to take effect. When PPD’s domain is back online laptops will automatically revert back to old settings.)

– This document

5

Working off site – VPN

• All of RAL’s 3 VPN servers have UPS batteries with generator backup. They each have 90 access ports and typically there are around 30 active users on each server at any time. Networking can increase this number of access ports if required. – Access to SSC and STFC internal websites (Swindon)

• These 3 VPN servers are configured as a round robin vpn.rl.stfc.ac.uk

• You can all so configure VPN access at Daresbury vpn.dl.stfc.ac.uk

6

Working off site – Email

Outlook Web Access• Primary webmail https://webmail.stfc.ac.uk

– Recommend reconfiguring Outlook on laptops to run over https (see pdf)

• Backup webmail based in Daresbury (DL) https://webmail.stfc.ac.uk/owa

• Auto failover to DL takes about 1 hour (DNS)• Full failover to DL takes longer and requires

exchange staff intervention and would only be initiated if there was a major incident at RAL.

7

How does STFC email work?• iCritical – external to STFC• Clustered (Internet Security and

Acceleration) ISA servers (external facing) Webmail, POP & IMAP

• Hub transport server – moves emails around (send\receive)

• Client Access Servers (CAS) (internal facing) – outlook.stfc.ac.uk

• MBX server – Mailbox server– Failover Cluster with just a bunch of

disks (JBOD) storage.– Database Availability Group (DAG)– Replication Network – transaction

logs, shipping and database reseeding operations.

• (MAPI) Network Messaging Application Programming Interface – Private network for all of the exchange servers to communicate with one another

8

Working off site – STFC websites• All STFC websites are all based on servers at

Swindon • http://www.stfc.ac.uk/ external• http://staff.stfc.ac.uk/Pages/default.aspx internal • If you can’t get access to the internal website (no

VPN), site status can be found http://www.stfc.ac.uk/11620.aspx

9

Working off site – PPD Computer Group communication

• External email ppdcomputergroup@gmail.com that will only be monitored \ used if– The site status is closed http://www.stfc.ac.uk/11620.aspx– We can’t communicate to the exchange servers directly or

via OWA.

• We will announce additional contact details soon

10

Working off site – MAC• No direct equivalent of Windows offline files. • If you want bidirectional intelligent syncing best

option is ChronoSync at $40. Graphical user interface. http://www.econtechnologies.com/pages/cs/chrono_overview.html

• Unidirectional syncing is admirably handled by Carbon Copy Cloner http://www.bombich.com/, suggestion of £9.60 as an Academic Patron. Graphical user interface.

• Rsync command lineo rsyncopts=‘-xrlptgoEv’ (Dave Sankey configuration)o rsyncopts=‘-av’ (fine Windows to Mac) o rsyncopts=‘-xaEv’ (an excellent halfway)

11

Any questions?