This is Adele's Brain on ITS

November 4, 2005

1. Accounts Management

Open and Blocked tickets in the ITS Accounts Group

ITS Accounts Brain Cells

1.1. Accounts Deletions

Terminations clearances, EPANs, and bulk account culling are three major components of accounts deletions at ITS. The public pages describing our processes and policies are at:

I handle EPAN account culling monthly as user requests come in.

Termclear and EPAN tickets currently blocked: I've unassigned myself from the tickets which are currently blocked. Some of them will unblock when they are ready to be goneshed, others are already goneshed and will unblock when they're ready to be morgued.

Termclear and EPAN tickets currently open: I'm going through them during the week of October 24th, and if they need action which I no longer have privs to do, I'm unassigning myself. If the action needed does not require additional privs other than my T-Reqs status, I'm doing what is needed and then blocking and unassigning myself from the ticket.

All of my files I've used over the years aside from the tools in /ccovol/admin/bin and /ccovol/admin/scripts and tools that Roger has made for me live in /home/adele/accounts/ .

1.1.1. Terminations Clearances

1.1.2. EPAN Notices

1.1.3. Bulk accounts culling

RSI account culling in progress (when this culling is finished, the RSI group in NIS and ldap-auth should be retired)

Tickets currently blocked: I've unassigned myself from the tickets which are currently blocked. These will unblock on November 2nd, when they are ready to be goneshed.

Tickets currently open: There are a couple RSI students who have accounts in the recruit group who also have accounts in the ug group... they need to be transitioned to only have one account, and the username they should keep needs to be the username they have in the ATC/Oracle side. Patrick Lam in ATC may be able to assist if username changes are needed on the ATC/Oracle side. Note that the second account username needs to be made into an attached alias, since both addresses may be in various campus databases as ways to contact the student.

Summer account culling - do the summer accounts culling at the end of September every year.

Tickets currently blocked: I've unassigned myself from the tickets which are currently blocked. These will unblock on November 2nd, when they are ready to be goneshed.

Tickets currently open: I'm going through them during the week of October 24th, and if they need action which I no longer have privs to do, I'm unassigning myself. If the action needed does not require additional privs other than my T-Reqs status, I'm doing what is needed and then blocking and unassigning myself from the ticket.

ug and grads account culling - do this in October every year.

guest, club, class account culling - do this in November/December every year.

For guest accounts, https://www.its.caltech.edu/its/operations/guestaccts.html is out of date (it was written pre-ldap-auth) but the philosophy hadn't changed as of October 2005.

citstaff, visitor, postdoc account culling - do this in January/February/March every year.

faculty culling - do this in April/May every year.

I mentioned that accounts deletions were challenging, right?

1.1.4. manage the Unix-side morgue

1.2. Accounts Creations

The public pages describing our processes and policies are at:

Note that there is special information All About Computer Access for Volunteers, Guests, Library Users and Conference Attendees.

Also, I was on the approved list to sign key request forms for the south entrance of Steele Building. Bob would know who can now sign those forms, since Dan and I used to be the primaries on that and we're now both gone.

1.2.1. Single account creation

I was a secondary walk-in and fax-in individual account creator (Dan was primary, and Mike, Jack, Kimo, Jason and Alex could all fill in as well).

I was on the distribution list for the new account created logging, and that's now been set to go to the acctmgmt account, into a procmail filtered folder. Kimo took care of setting that up, and can answer further questions. I had wanted to add an alert for when new accounts were created in bulk similar to this single-wise account creations log, but we didn't get to it.

1.2.2. Bulk account creation

I created accounts in bulk for the inbound undergraduate and graduate students each fall. This includes collecting username preferences from the inbound students, as well as making sure that the Admissions Office, Dean's Office, Graduate Office, Registrar's Office, International Students Office and the Minority Students Office had correct information about ITS to provide to their students.

Note that the information sent to fall-inbound students needs to be to the Dean's Office and the Graduate Office by late February or early March to be in time for their mailings.

I created accounts in bulk for the inbound summer students (SFP, FSI, Physics summer students, etc) This included collecting username preference information from from those summer students who are also inbound Caltech students, and also making sure that the SFP Office, the Minority Students Office, and the program coordinators of any Caltech summer program had correct information about ITS to provide to their students.

The incoming@its account has an autoresponder, and that's how username preferences came in. I had hoped to set up a webpage with an automated script to handle these, but never had the time.

I had wanted to add an alert for when new accounts were created in bulk similar to the single-wise account creations log described above in 2.1., but we didn't get to it.

There's a Brain page about bulk creates but it is slightly out of date, and another which together, should allow any UCO sysadmin to figure out this process. Roger is an invaluable resource if you run into trouble. Go to https://www.its.caltech.edu/its/operations/newunixaccounts.html and see the section titled "To create lots of accounts at once, in bulk, a UCO admin needs to do the following: (updated June 2004)" Also read Adding New ITS Unix Cluster Accounts in Bulk carefully, and see all of the files living in /home/mangler/.

1.3. Accounts Data Synchronization with Other Campus Groups and Databases

  1. Use the command-line tools and utils.its.caltech.edu to keep ITS account records up to date as needed ("account maintainer" privs needed on Utils to do this)
  2. Exchange 2003 transitions (I've trained Kimo on this now)
  3. Username synchronization with ATC, including sorting out the new process which should be used for the new account creations
  4. ATC-related account creations from the daily parking report (developing this process turned up some huge messy issues which I did not have time to resolve - I'm handing what I have off to uco-staff and Glenn)
  5. Figure out a distribution method for the ~950 Oracle/ATC/Techmart account sheets and P-53s (they are currently in a large red accordion file on my desk in Steele)
  6. Get the list of the Oracle users who already have ITS accounts from Patrick Lam, and sort through their free-floating aliases
  7. Solve the account deletions issues stemming from the ATC userspace synchronization (ITS recycles usernames, ATC does not, for one, so what happens when we morgue a user over here if they're still in ATC's systems for whatever reason?)
  8. Accounts deletion integration across Mark's new Exchange 2003 service and the new for-pay file storage service, ldap-auth, AD and the Unix Cluster (handed off in a ticket to unix-admins #652754 and emails to Mark of our meeting notes)
  9. legacy mail server retirement issues (there are still a large number of users on legacy-smtp-server.its.caltech.edu (the only reasons they should need to be there are that they use really old non-IMAP-compatible unix mail clients or very, very complicated procmail filtering schemes like Phillipe Brieu does) out of sheer iniertia, and there is an additional issue... users set to keep a copy and forward mail on to other addresses who also have the legacy server bit set to yes have spam piling up infinitely on chamber). We need to comprehensively go through the accounts still set to have any mail go to the legacy server and transition them so that chamber can eventually be retired. Erich and I had a vague plan for this but then he left and by the time the UCO group recovered from that void in our personnel, we had too many machine room move issues to deal with to get to this project.
  10. Helping retire non-ITS mail servers for dependent groups on campus, and configuring our mail systems to answer as them for specific users.
    1. send informational email to all of the citnp# email forwards with dates for shutoff (see open tickets about this)
  11. making sure created ITS account email addresses for students are in all the appropriate databases on campus (Elena and Cynthia in Directory Services; Patrick Lam in ATC Security for ATC/Oracle; Debi Tuttle/Rosana Gatti/Gloria Brewster for the Registrar's Office/REGIS; Natalie Gilmore in the Graduate Office, and someone in the Housing Office.) I provide the data in Excel format to each office each late-summer/early-fall.

1.4. Welcome Orientations and Tabling

Passing out new undergrad accounts

We get a table every year at the Undergrad Housing Checkin. Contact the Dean's Office and/or the Registrar's Office during June/July to reserve table space. We also pass out new accounts in the Steele Lab (after that closes, having the accordion file of new accounts at the Helpdesk is probably the best idea.

Passing out new grad student accounts

We get a table every year at the Graduate Student Registration. Contact the Graduate Office during July to reserve table space. We also pass out new accounts in the Steele Lab (after that closes, having the accordion file of new accounts at the Helpdesk is probably the best idea. Many of the graduate students arrive before the Registration and want to walk in and get their accounts.

SFP Orientation

Things I talked about include:

FSI Orientation

FSI is the Freshman Summer Institute (used to be called the Bridge Program). Inbound undergrads arrive about a month early, and the Minority Student Programs Office usually asks for a special orientation for them.

International Student Orientation

The International Students arrive for a special orientation a week or two before the rest of the inbound students, and many of them do not have their own computers, so I gave the same general overview stuff as the Undergrad Orientation, but also how to use the Steele Lab computers and printers. We walked these students through logging into Utils and Webmail to be sure they could access their accounts.

It's helpful to have a representative from the Registrar's Office there to help with walking them through their REGIS logins!!

Undergrad Orientation

Things I talked about this past year include:

It's helpful to have a representative from the Registrar's Office there to help with walking them through their REGIS logins!!

2. Aliases Management

3. T-Reqs Issues

4. Web services

4.1. The ITS public website

 

4.2. The ITS Brain website

4.3 Web Advocacy

I help users figure out which webservers on campus meet their needs. Usually this is phone calls, drop ins, and tickets to itsweb or to help@its which are handed off to itsweb.

See also http://www.its.caltech.edu/its/services/internetapps/web/servers.shtml and Marionne Epalle knows more. Bradley Cain knows about the hosted server service thing that ITSS offers, but hasn't sent me information for the webpages; that's partially why the ITS Web Services website section isn't completely revamped... I had it partially done but was waiting for more information.

4.4 Answering user questions about serving webpages on www.its.caltech.edu and managing virtual hosts

5. Unix Cluster Operations

Other pages which might be useful as references: