Present: Tari Keller, Dave Block, Kelly Vickery, Gerry Williams, Todd King, Elsie Pritchard, Gary Flanagan, Jim Miesse, Nelda Sims, Mark Paul, Paul Fuller, Miko Pattie, Keith Stevenson, Stacey Nickell, Aleeah McGinnis, Rose Davis, Susan Brown, John Detwieler,
Handouts:
Todd King: Advice for Fiscal Period Close, have a good printer; there is a lot to print out.
I. Hub Server Security Issues
Tari attended the "Can You Hack it" session at VUGM, and learned that the system is too easy to hack into. Some of the advice from the session is as follows
Unix provides a means to force password changes periodically, but Tari suggested a voluntary change of passwords every 90 days. Keith and Dave feel a forced password change is easy to do, but not a desirable systems administrative approach. Nelda thought that forced changes of passwords every 90 days was not that great an imposition and it would help remind users and increase security. There was discussion and a consensus reached that periodic 90 day forced password changes were not a great imposition, and the motion was passed without opposition.
SSH software options were discussed. Secure shell terminal software can provide terminal sessions that are encrypted (128 bit and better) between the terminal and the server, and prevent hackers from capturing IDs and passwords from the internet. Keith would turn off FTP and Telnet from the test server (testlib.kyvl.org) and let people try using SSH client products exclusively on it for a while. Messages will be sent out on the list serve advising users to use only SSH clients on Westlib and Eastlib. We will discuss permanently turning off Telnet and FTP from Westlib and Eastlib during the next consortium meeting. SSH is currently available on Eastlib, Westlib, Testlib, and WebZ.
Different SSH clients were discussed. Susan Brown recommended LEECH as a FTP SHH client—the only drawback was that messages were in German . . . Achtung! Keith and Dave both recommend using PuTTY as the Telnet SSH client at http://www.chiak.greenend.org.uk/sgratham/putty/ .
Keith gave an excellent, impromptu demonstration of PuTTY. You can run PuTTY as a Windows session enter the Host name or IP address, set the port to 22. He suggested placing the settings to use protocol version 2, and one must set the SSH radio button to get SSH security. PuTTY has a BSD license and is free to all. (You can cut and paste inside a PuTTY session by high-lighting text and pressing <shift><insert>; high-lighting text also places it in the Windows clipboard. People will look for SSH FTP clients and give our impressions on the listserv.
(Todd King asked if Web Administration would be turned on. Keith said that he would put it on testlib this weekend, and should have it operational by the end of June on Westlib. Dave will investigate it and get it on as soon as possible. The gold patch might turn it on without any configuration needed, but this remains to be seen.)
Some functions require logging on with Voyager. Tari has called Endeavor about some of the problems and has been told that a Voyager log on is necessary to perform the task. Jim Miesse thought that had been taken care of. There is an in house database at Endeavor containing customer information which is consulted at the customer service desk when customers call in, but it doesn’t work well and will be scrapped. In one instance Endeavor attempted to reproduce our AIX problem on a Solaris machine and they seem to be unaware of which system we have when we call in. Too much information is kept in Endeavor by word of mouth. Jim Miesse says structure has changed on the look and feel of software: they used to have client module managers, and now that is all unified under a Voyager manager.
Test server has been invaluable and a tremendous help in the upgrade process. Despite software and hardware problems it has worked well.
Paul Fuller thought this was a very good time of year to upgrade the system, due to very slow class time for some or no class time for other institutions. This time of year is also a slow time for the systems people and the library systems. Kelly Vickery thought May and June was a very bad time to do the upgrade due to preparation for the end of the fiscal year and fiscal year roll over. Acquisitions and financial personnel of the library are under considerable pressure during this time of year have a very definitive deadline with which the upgrade interferes. Miko suggested that we might look at doing an upgrade early in July instead of May or June of next year. Tari indicated that she would still prefer it earlier in the year to allow for time to properly implement WebVoyage. No consensus was reached.
All voiced complaints about the way Endeavor implemented this upgrade. We generally felt that before the upgrade began on May 14 we had been told a Gold upgrade would be implemented, and then toward the end of the Eastlib upgrade we were informed that it would be early release. Keith indicated that he had been told, for the Westlib upgrade on May 21, that it would be the "early release", but that the Gold patch would be ready and installed on that Friday (May 25). That never happened, and in fact the gold release did not become available until a weeks later. From Eastlibs point of view we were told around May 7 that we would have the Gold version of 2000.1.3 on May 14, but it didn’t become available until June 1. Jim Miesse felt that upgrades and development were a shared responsibility—apparently, we get to pay for the privilege of developing the software. Kelly thought the consortium should get a maintenance discount equivalent to that of a beta-test. Jim said that with 50 sites on "Early Release" that would not be possible.
The consortium agreed that the misinformation from Endeavor was harmful to our operations. That we should be told which version would be available for installation, and that we should have the option of deciding which available version we want if any. That decision is not Endeavors, but the consortiums. We agreed that the modus operandi of promising the gold clients every two days was inappropriate. Jim Miesse indicated that there would be a number of people who would disagree with that assessment (presumably, people at Endeavor). Kelly explained that when one is given a succession of unfulfilled promises from Endeavor over a period of three weeks that Endeavor begins to lack any credibility. Planning to install clients on 100 machines is delayed when you repeatedly are told that new clients will be released in two days—why install 100 clients now and do it again in 2 days. Better plans could be made with "I don’t know when the clients will be ready" than with "you’ll have them in 2 days" and then not deliver.
The work group decided to do, at the most, 1 upgrade a year.
IV. Training
We will attempt to persuade Alan Manifold to provide 3 classes sometime in the late Fall: 2 on the BLOB and 1 general Access class.
Miko asked that when we schedule training with Endeavor that we request invoices in 2 separate ways:
At the moment it looks like there is about $20K in the account, but there are several outstanding invoices.
As a general Policy, institutions need to schedule their Fiscal Period Close with the hub Administrator: Dave Block on Eastlib, and Keith Stevenson on Westlib. Send the request to the listserve to prevent simultaneous scheduling on a single hub.
Midway College is scheduled to be placed on Eastlib, and Campbellsville has agreed to join and go on Westlib.
V. Other
[ The gold patch process will be as follows:
Eastlib— 6/9/01, 10 PM system shut down for complete backup and application of the patch.
Westlib— 6/9/01, 10 PM system shut down for complete backup and application of the patch.
Shared binary files and FQL scripts have increase in great number and take a very long time to run—lengthening the process. Jim Miesse thinks we only need to run VoyagerPrograms.exe and VoyagerSystem.exe for this upgrade—this will protect tagtables and templates. People need to save the reporter.mdb file in Reporter Director if they have already linked it; also do not check the Access checkbox when running VoyagerPrograms.exe.
Hardware upgrades:
Westlib will double the server memory from 8 to 16 gigbytes RAM and double I/O capacity, and add a large bank of additional discs. Hardware upgrade should increase performance of the system. Eastlib and Westlib will have similar hardware upgrades. Jim Miesse: shared pool size will need adjusting to increase performance under the new configuration.]
Next meeting is on 9/6/01 at CPE.
Respectfully submitted by Kelly Vickery on June 8, 2001.
last updated: 7/3/01
© Kentucky Virtual Library, 1024 Capital Center Dr.
Suite 320, Frankfort, KY 40601
Find
Kentucky Libraries | KDLA |
CPE |
KYVAE | EPSB
| KDE
Toll free help: 1-877-588-5288 | How
to Do Research | Quick
Tour | Search the KYVL
Website | Comments/Suggestions
| KYVL Users' Group
Phone: 502-573-1555, Fax: 502-573-0222, TT: 877-545-6177