Frequently Asked Questions - BMC-IT

  1. How do I find the last updated file or the file with the longest file name? [jump in page] 2018-08-15
  2. We need more storage! Do you have a file server we can use? [jump in page] 2018-08-13
  3. What is the BMC-IT computer platform and how does it work? [jump in page] 2018-08-13
  4. How do I connect to the VPN using Ubuntu? [jump in page] 2018-08-13
  5. Who manages IT-support for whom at BMC? [jump in page] 2018-08-13
  6. My Internet does not work! How can I find the problem? [jump in page] 2018-06-19
  7. What do I do with old computers or phones? [jump in page] 2018-06-15
  8. How do I convert video between different formats with free software? [jump in page] 2018-06-15
  9. How do I order a standard computer? [jump in page] 2018-06-14
  10. How do I play movies on my webpage? [jump in page] 2018-06-13
  11. What are the bitrates for different digital video quality? [jump in page] 2018-06-13
  12. How do I sign my documents with an electronic signature? [jump in page] 2018-06-12
  13. I would like MATLAB on my computer please! [jump in page] 2018-06-12
  14. How do I install Adobe CC Complete (Photoshop, Illustrator...) in Windows? [jump in page] 2018-06-11
  15. Why did my Adobe licenses stop working? [jump in page] 2018-06-11
  16. How much do Adobe Photoshop and Illustrator cost? [jump in page] 2018-06-11
  17. Do you have some examples of fanless computers we can buy? [jump in page] 2018-06-05
  18. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM) [jump in page] 2018-06-04
  19. What about the quality of a created PDF document? [jump in page] 2018-06-04
  20. How do I add a CNAME in BlueCat? [jump in page] 2018-06-04
  21. How do I sort incoming mail based on receiver address into different folders? [jump in page] 2018-06-04
  22. What fun things can I do with Systemd in Linux? [jump in page] 2018-06-04
  23. How do I launch parallel jobs using MPI? [jump in page] 2018-06-04
  24. How do I send mail from a shell script in Linux and macOS? [jump in page] 2018-06-04
  25. How does Thunderbird autoconfig work? [jump in page] 2018-06-04
  26. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync? [jump in page] 2018-06-04
  27. How do I change the Mac computer name, host name and NetBIOS-name? [jump in page] 2018-06-04
  28. How do I create binary packages with MacPorts? [jump in page] 2018-06-04
  29. How do I install the OCS Inventory agent for Linux? [jump in page] 2018-06-04
  30. How do I set firewall rules in Linux to block SSH? [jump in page] 2018-06-04
  31. How do I lookup LDAP or Active Directory via command line on Mac and Linux? [jump in page] 2018-06-04
  32. How do I copy many files in Windows using Robocopy? [jump in page] 2018-06-04
  33. How do I configure my resolver on a Linux machine? [jump in page] 2018-06-04
  34. How do I really delete a directory and files in Windows? [jump in page] 2018-06-04
  35. How to transfer web hosting for a domain [jump in page] 2018-06-04
  36. How do I set up eduPrint for a Linux server? [jump in page] 2018-06-04
  37. How do I compare the content of two directories? [jump in page] 2018-06-04
  38. Troubleshooting mail - what can I do and whom do I ask? [jump in page] 2018-06-04
  39. How do I use port forwarding and SOCKS-proxy in SSH? [jump in page] 2018-06-04
  40. How do I access my work-computer from home? [jump in page] 2018-06-04
  41. What do the different symbols in BlueCat mean? [jump in page] 2018-06-04
  42. How do I access my scans for eduPrint in Linux? [jump in page] 2018-06-04
  43. How do I convert an image from RGB to CMYK? [jump in page] 2018-06-04
  44. How do I convert EPS to PDF in Windows and macOS? [jump in page] 2018-06-04
  45. What should I think about when adding my own network printer? [jump in page] 2018-05-31
  46. What are the different PC form factors? [jump in page] 2018-05-31
  47. Installation of eduPrint in Mac OSX [jump in page] 2018-05-30
  48. I would like SPSS on my computer. [jump in page] 2018-05-30
  49. What is the cost for EndNote? What is Zotero? And Pages? [jump in page] 2018-05-30
  50. Who is resposible for what on the BMC network? Who can help me? [jump in page] 2018-05-30
  51. How do I change default settings for a printer in macOS? [jump in page] 2018-05-23
  52. How do I add a macOS printer at IMBIM? [jump in page] 2018-05-22
  53. Backing up via Rsync to Btrfs snapshots [jump in page] 2018-05-22
  54. How do I use the UUPEL repository? [jump in page] 2018-05-22
  55. How do I change default settings for a printer in Windows? [jump in page] 2018-05-18
  56. Should I upgrade to macOS Yosemite? [jump in page] 2018-05-18
  57. How do I add the Korint IPP printer in macOS? [jump in page] 2018-05-18
  58. Which VLANs are at the campus BMC-router? [jump in page] 2018-04-25
  59. We have a server, where should we put it? [jump in page] 2018-04-20
  60. How do I mount SMB share in Linux? [jump in page] 2018-04-09
  61. How do I change my primary e-mail address? [jump in page] 2018-04-05
  62. How do I install PyMOL? [jump in page] 2018-03-29
  63. How do I connect a private computer to the department network? [jump in page] 2018-03-23
  64. What is ransomware and CryptoLocker? [jump in page] 2018-03-23
  65. How do I connect to a file server via SMB on macOS? [jump in page] 2018-03-23
  66. How do I buy a new computer? [jump in page] 2018-03-23
  67. How do I use an Apple AirPort Time Capsule? [jump in page] 2018-03-23
  68. What is the postal address for BMC-IT? [jump in page] 2018-03-23
  69. How do I use AddPrinterGUI to add printers in Windows 7/8/10 x64? [jump in page] 2018-03-23
  70. How do I take backup of the data on my computer? [jump in page] 2018-03-23
  71. Do you have a virtual machine (server) I can use? [jump in page] 2018-03-23
  72. What about the GDPR? [jump in page] 2018-03-23
  73. What Internet bandwidth does the university have? [jump in page] 2018-03-23
  74. How do I configure IPMI for remote management? [jump in page] 2018-03-20
  75. How does the reinstallation of Windows computers work at BMC-IT? [jump in page] 2018-03-16
  76. What is the name standard for network equipment on BMC. [jump in page] 2018-03-09
  77. Please help with installing the software Origin! [jump in page] 2018-03-07
  78. What software applications do the university have that I can install? [jump in page] 2018-03-07
  79. Spam filter settings in the SUNET Mailfilter [jump in page] 2018-02-23
  80. How do I access PCFS over SMB using smbclient? [jump in page] 2018-02-22
  81. Should I upgrade to the latest version of macOS? [jump in page] 2018-01-31
  82. What is my computer name in Windows? [jump in page] 2018-01-29
  83. I need a new subnet and a new VLAN! [jump in page] 2018-01-19
  84. What are your plans for a common client network configuration? [jump in page] 2018-01-19
  85. Who is responsible for the network in the BMC server room? [jump in page] 2018-01-19
  86. How to change language in Windows 7 Enterprise [jump in page] 2018-01-18
  87. How do I map a network drive via SMB on Windows? [jump in page] 2018-01-18
  88. How do you secure delete data from the computers and servers? [jump in page] 2018-01-11
  89. I work for another part of the university too. How can they pay for my software licenses? [jump in page] 2018-01-11
  90. Help me I get so much spam! What can I do? [jump in page] 2018-01-11
  91. After my employment at the university has finished, may I bring home my old computer? [jump in page] 2018-01-11
  92. How do I downgrade to Java 6 for Mac? [jump in page] 2018-01-10
  93. How do I merge documents with Preview in macOS? [jump in page] 2018-01-10
  94. How do I set default language in Word 2011 Mac? [jump in page] 2017-12-28
  95. How do I unlock a protected document in Word? [jump in page] 2017-12-28
  96. What is my IP-address and MAC-address? [jump in page] 2017-12-21
  97. There is no wired network here - what to do? [jump in page] 2017-12-19
  98. What is ZENworks? How to I install applications via ZENworks application window? [jump in page] 2017-12-14
  99. How do I install Ubuntu? [jump in page] 2017-12-14
  100. How do I uninstall the Zenworks agent? [jump in page] 2017-12-14
  101. How do I start an elevated command prompt (as administrator) in Windows? [jump in page] 2017-12-14
  102. How I do send mail from multiple e-mail addresses in Thunderbird? [jump in page] 2017-12-14
  103. Some Cisco switch commands [jump in page] 2017-12-13
  104. How do I get deduplication to work in Linux? [jump in page] 2017-12-12
  105. My Android device is running out of storage. What is using it? [jump in page] 2017-12-12
  106. What is the point with the zone files.uu.se? [jump in page] 2017-12-07
  107. How do I mount my home directory or shared storage at HNAS? [jump in page] 2017-12-06
  108. How do I find the serial number on macOS? [jump in page] 2017-11-22
  109. How do I force activation of Windows 10 using KMS? [jump in page] 2017-11-10
  110. May I have SIMCA and MODDE for Windows please? [jump in page] 2017-11-08
  111. How are the network sockets identified? [jump in page] 2017-10-26
  112. Who is an employee and who is a student at the university? [jump in page] 2017-10-23
  113. GraphPad Prism, what does it cost? [jump in page] 2017-10-05
  114. How does the presenter view work in Powerpoint and where are my videos? [jump in page] 2017-09-27
  115. How do I install anti-virus software on macOS? [jump in page] 2017-09-26
  116. My computer has got a virus! What do I do? [jump in page] 2017-09-25
  117. My Windows 7 computer is stuck in a Windows Update loop! [jump in page] 2017-09-21
  118. How do I temporarily disable an update in Windows 10? [jump in page] 2017-09-21
  119. What service levels does BMC-IT have compared to others at the university? [jump in page] 2017-08-23
  120. How do I activate group membership in AKKA? [jump in page] 2017-08-21
  121. How do I merge PDF documents with PDF-Xchange in Windows? [jump in page] 2017-08-17
  122. Why use the university central storage (HNAS)? [jump in page] 2017-08-16
  123. Print using locked print on macOS [jump in page] 2017-08-16
  124. After my employment at the university has finished, may I keep my old e-mail address? [jump in page] 2017-08-16
  125. How much memory does my Mac have? Can I get more? How much do I need? [jump in page] 2017-08-16
  126. There is a problem with my screen [jump in page] 2017-08-16
  127. I cannot read my USB-drive. What do I do? [jump in page] 2017-07-19
  128. How do snapshots in the HNAS file server work? [jump in page] 2017-06-22
  129. I have installed R in another location. How do I use it in a script? [jump in page] 2017-06-22
  130. How to get started with SNIC Science Cloud? [jump in page] 2017-06-14
  131. My Outlook do not start! What can I do? [jump in page] 2017-06-12
  132. I have several employers at the university and I would like to change my primary email address! [jump in page] 2017-06-12
  133. What is the cost of a PC file server? [jump in page] 2017-06-02
  134. My mailbox is full! What do I do? [jump in page] 2017-05-31
  135. How to connect with VPN using AnyConnect in Windows [jump in page] 2017-05-30
  136. How do I change Windows offline files disk usage? [jump in page] 2017-05-22
  137. How do I use offline files? [jump in page] 2017-05-22
  138. How do I use Eduroam, the wireless network, in Windows? [jump in page] 2017-05-17
  139. Connect to eduroam using iPhone with iOS 10 [jump in page] 2017-05-16
  140. How do I send Bcc from Apple Mail and import recipients from Excel? [jump in page] 2017-04-27
  141. How to use WinSCP to access files over SCP on Windows [jump in page] 2017-03-31
  142. How do I look in the event log in Windows? [jump in page] 2017-01-24
  143. How do I process orders using shopping carts in produktwebben? [jump in page] 2016-12-09
  144. How do I order computer accessories and peripherals? [jump in page] 2016-12-09
  145. How do I activate my Office using KMS? [jump in page] 2016-12-08
  146. My Windows computer is running out of storage. What is using it? [jump in page] 2016-12-06
  147. How to downgrade to Java 7 for Windows [jump in page] 2016-11-24
  148. My computer was stolen! What should I do? [jump in page] 2016-11-16
  149. How do I access my home directory? [jump in page] 2016-10-10
  150. My Save as dialog doesn't show the desktop! [jump in page] 2016-10-10
  151. How do I overwrite deleted data in Windows? [jump in page] 2016-09-20
  152. How do the different types of storage compare to each other? [jump in page] 2016-06-23
  153. Open the server room for me please [jump in page] 2016-04-29
  154. Do you have a VMware virtual server I can use? [jump in page] 2016-03-10
  155. How do I install EndNote? [jump in page] 2016-03-07
  156. How do I access my work-computer from home? [jump in page] 2016-01-22
  157. How do I start Primula? (or install a new version) [jump in page] 2016-01-12
  158. How do I log in to Raindance-portalen? [jump in page] 2015-11-30
  159. I do not work in Uppsala, how can I activate my university account? [jump in page] 2015-06-16
  160. Add a printer in Ubuntu 14.04 [jump in page] 2015-06-04
  161. Print using locked print on Windows [jump in page] 2015-06-04
  162. Print using UserCode for Ubuntu [jump in page] 2015-06-04
  163. Manage your Xibo display [jump in page] 2015-06-03
  164. Install Xibo client on local computer for testing [jump in page] 2015-06-03
  165. My harddrive broke! Do you have any spare parts? [jump in page] 2015-06-03
  166. How to create a local Windows user [jump in page] 2015-05-26

1. How do I find the last updated file or the file with the longest file name?

These tools work on Linux (Ubuntu/CentOS/etc) and probably on macOS too.

Finding the last updated file

Here is a way of displaying the last updated file.

bash$ find directory -type f -print0 | xargs -0 -P 1 stat --format '%Y :%y %n' | sort -nr | cut -d: -f2- | head

In this example the script is run in the files in this FAQ. This FAQ entry is the last one updated!
$ find .  -type f -print0 | xargs -0 -P 1 stat --format '%Y :%y %n' | sort -nr | cut -d: -f2- | head
2018-04-27 08:55:47.517999369 +0200 ./last.updated.file.txt
2018-04-27 08:54:07.277999790 +0200 ./last.updated.file.txt~
2018-04-27 08:51:50.658000281 +0200 ./compare.directories.txt
2018-04-26 15:40:44.030253321 +0200 ./compare.directories.txt~
2018-04-25 13:39:28.802347956 +0200 ./vlan.txt
2018-04-23 08:19:00.582125333 +0200 ./platform.txt
2018-04-20 16:01:09.194378641 +0200 ./serverroom.use.txt
2018-04-17 14:20:59.742186698 +0200 ./storage.txt
2018-04-13 13:28:04.770412453 +0200 ./spss.txt
2018-04-09 12:51:46.146083485 +0200 ./support.txt
$ _

Finding the file with the longest file name

This little script display the number of files in the current directory, the character length of the longest file name and the name of that file.
$ find directory1 | awk 'BEGIN{N=0} {N=N+1; if ( length > L ) { L=length ;s=$0 } }END{ print N" "L" "s }'
$ _>

Here is an example running on the files in this FAQ. There are in total 219 files and the longest filename has 49 characters in the path which is ./how.to.map.network.drive.via.SMB.on.Windows.txt.

$ find . | awk 'BEGIN{N=0} {N=N+1; if ( length > L ) { L=length ;s=$0 } }END{ print N" "L" "s }'
219 49 ./how.to.map.network.drive.via.SMB.on.Windows.txt
$ _

Finding the largest directories

$  du -a . | sort -n -r | head -n 10

Finding the largest files

$ find . -printf '%s %p\n'| sort -nr | head -10

1. We need more storage! Do you have a file server we can use?

UUIT HDS NAS file server (HNAS)

The university has a common file server service run by IT-division running Hitachi NAS called file area (filarea)

In general order by contacting IT-division or contact helpdesk@bmc.uu.se if your department is already using the service.

BMC-IT PC file server (PCFS)

The PC file server storage service is a cost-efficient storage solution for mostly high volume archive data. It is built of commodity PC hardware (which means the hardware can be replaced with equipment from other vendors) and open source software (no hidden costs or support agreements). This gives us freedom and a low price but it also means that we are on our own.

The concept is from around 2010 where it was used for two departments. The service was originally built in 2016 for users at BMC who do not have to own their storage but since it is self-sustained it may be used by everyone at the university.

The setup is fully documented in SOP - Install PC file server, SOP - Common service PC file server and SOP - Rsync backup to Btrfs snapshots. This means you can set up a very similar setup using the same concept on your own if you want to.

Order by contacting BMC-IT at helpdesk@bmc.uu.se.

RBL-IT EMC Isilon file server (Argos)

(The KRT-value 231 requires Gold-level.)

Everyone at the university may use the Rudbeck-IT file servers running EMC Isilon. Technical Specifications Guide - Dell EMC Isilon OneFS and IsilonSD Edge.

For ordering please contact RBL-IT helpdesk@rudbeck.uu.se with this information:

Connect use Windows: \\argos.rudbeck.uu.se\MyGroups$

Connect use Mac OSX: smb://argos.rudbeck.uu.se/MyGroups$

Research Storage

As far as we know the research storage is an expansion of the existing storage at EPI/UADM but now available for all research users at the university.

Read the invite for testing the system in the in the document Inbjudan att testa lösningen för central lagring för forskningens ändamål UFV 2017/1843.

UPPMAX

Uppmax has storage which is free if you have applied for and been granted resources. Please go to www.uppmax.uu.se to figure out what UPPMAX can do for you.


2. What is the BMC-IT computer platform and how does it work?

The platform is the stack of software and infrastructure that BMC-IT use.

Goals for the BMC-IT work with the platform:

  1. Provide a well working platform environment for the end users.
  2. Listen to what the users need. Implement changes in the platform when possible.
  3. Work together with the university and use central systems whenever possible.
  4. Provide options for the users with different needs regarding management, storage and operating system.

These are the major components of the platform

UpUnet and internal campus network

  • backbone and router financed via IT-division
  • campus switches financed via BMC
  • maintained by IT-division
  • cross connect patched by BMC-IT

The network and maintenance is payed for by the rent. There are no extra cost involved. However new networks sockets have to be payed for by the tenant.

BlueCat

  • pushed for and initiated by BMC-IT via IPAM-talk on IT-forum
  • maintained by and financed via IT-division

BlueCat is a tool for IPAM, an interface to manage DHCP and DNS. BMC-IT are using whitelists in BlueCat to control what clients will get an IP on which networks. BMC-IT also using central TFTP (PXE) server maintained by IT-division.

BMC server room

  • owned via IT-division and BMC
  • maintained by Akademiska Hus
  • operated by IT-division with assistance by BMC-IT
  • financed by the users from the whole university

The server room is for use by the whole university. Servers BMC-IT maintain for the departments we give support too are paid for by the users of BMC-IT.

Microsoft deployment toolkit (MDT)

  • included in present licenses
  • maintained by BMC-IT

MDT is used for installation of Windows and an engine for software distribution (Zenworks) on client computers.

Munki

  • open source software
  • maintained by BMC-IT

Munki is used for software distribution on Mac. Munki does one thing, program and configuration distribution, and does that very well.

Microsoft Active Directory

  • maintained by IT-division

The client computers are joined to the Active Directory providing authentication and directory services.

OCS Inventory

  • maintained by BMC-IT

Light weight inventory of software and hardware. Currently run in Mediateket (student computer laboratories) and some Linux servers at BMC.

Zenworks

  • maintained by Uppsala University

Zenworks is used for software distribution on Windows. Packages that BMC-IT uses are mostly built by BMC-IT but some are shared over the university.

HNAS file server

  • owned and maintained by IT-division
  • financed by the users

Better storage. Cost 7000 SEK/TB/year (7 SEK/GB/year) in steps of 500 GB. Offline files may be used for access of Documents and Desktop, but not shared group folders.

Archive storage (Common Service PC File Server)

  • owned maintained by BMC-IT
  • financed by the users

In the price range of cloud storage. Simple storage with compression, snaoshots and backup to secondary server. Cost 1000 SEK/TB/year (1 SEK/GB/year) in steps of 16 TB.

OwnCloud sync storage (In development)

  • open source software
  • maintained by BMC-IT

Syncronized storage, similar to Dropbox in functionality. Currently used by a single department.

IBM Spectrum Protect tape backup

  • owned and maintained by IT-division
  • financed by the users

Shared parts of the platform and comparison with some of the other platforms at UU

SUNET highed BMC-IT EPI UADM UUIT RBL-IT POL-IT EBC UUB EKIT GT BLAS
info / contact JNvB JNvB BB various CR HH SÅ+BG EL AL
server room 3000 SEK/U/y BMC server room BMC server room
BMC server room
UUIT
BMC server room
Ångström
ITC + Ångström EBC
CAR
BMC server room
Ekonomikum
virtual machine platform Openstack KVM
UUIT VMWare VCenter ESXi
KVM
Microsoft Datacenter Hyper-V UUIT VMWare VCenter ESXi RUD-IT VMWare VCenter
Cloud­system OpenStack
POL-IT VMWare VCenter ESXi
EBC VMWare VCenter ESXi
UBIT VMWare VCenter ESXi
KVM
MS Hyper-V
network infra­structure Cisco Cisco
Fortinet
Cisco
Cisco
Fortinet
HP
Cisco
Cisco Cisco Cisco
IPAM solution BlueCat BlueCat BlueCat
Bluecat
ISC DHCP
?
BlueCat
ISC DHCP
BlueCat BlueCat
tape backup solution IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect Arcserve IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect
main client storage
UUIT Hitachi NAS (HNAS)
RBL-IT EMC Isilon
Microsoft Windows Storage Spaces UUIT Hitachi NAS (HNAS) RBL-IT EMC Isilon HP 3Par NetApp UBIT SAN EKIT SAN
sync storage SUNET box
Windows offline files
OwnCloud
UUB Microfocus Filr
Windows work folders -
dat­Anywhere
Micro­focus Filr (2018)
Micro­focus Filr Windows offline files UUB Microfocus Filr
Microfocus Filr
SUNET Box
software distribution and inventory
SCCM
Jamf Casper Suite
Munki
Microfocus Zenworks
Munki
OCS Inventory
SCCM
Jamf Casper Suite
- LanRev Microfocus Zenworks Microfocus Zenworks
Microfocus Zenworks
Mobile Manage­ment
Microfocus Zenworks
anti-virus software POL-IT SEP ? - RUD-IT SEP POL-IT SEP F-Secure F-Secure EKIT SEP
printing system eduPrint
eduPrint
direct print
? eduPrint eduPrint
eduPrint
direct print
eduPrint
eduPrint
direct print
Gespage
eduPrint
signage Xibo ? ? Samsung ? ? ? EKO-sign
number of computers in USER-AD active since 2016 updated 2017-10-06 1314
bmc- fbv- farmbio- icm- ifv- ikv- imb- neuro- inv- isp- kmb- mcb- sll- mms- !inv‑opht !inv-srv00
2873
epi- ep- uadm- ucr- ilk- farmaci- nai- far-
- 1256
surgsci- igp- rud- rudb- inv-d0 inv-l1 imv- inv‑opht-
1004
itc- mat- pol- fys- ang- kem- it- pol- polb-
354

ebc-
540
uub-
590
eki- kug- eh- fek- im- obs- kg- stat- nek-
Number of Workstations in Zenworks 1226 - - - 1967 395 545 228 611 668

3. How do I connect to the VPN using Ubuntu?

  1. First apply for the VPN-service. Go to VPN service at Medarbetarportalen and follow instructions in the section Application for VPN service.

  2. Then install the openconnect client:

    sudo apt-get install network-manager-openconnect-gnome

  3. From the menu choose Edit connections...

  4. Select Add

  5. Select the Cisco AnyConnect Compatible VPN (openconnect) connection type.

  6. Edit your connection by naming it (VPN.UU.SE in this example) and then enter the gateway vpn.uu.se:

  7. The new connection will now show up in the Network Manager menu. Open it.

  8. Enter your username and password A and if you dare select Save passwords.

  9. It worked!

  10. Check your new IP-address:

    ip addr list vpn0

  11. You can also go to websites like www.whatismyip.com to see where you are connecting from.

4. Who manages IT-support for whom at BMC?

BMC-IT at helpdesk@bmc.uu.se takes care of or helps with IT-support the following departments and groups marked with bold below.

For the others, contact them or their IT-support directly.

BMC-IT may do shorter consulting assignments, planned in advance, and charge 800 SEK/h. This has been dediced by Leif Kirsebom, director at Uppsala Biomedical Centre (BMC) in 2015.

If you are interested in getting IT-support from BMC-IT please contact helpdesk@bmc.uu.se or Gunnar Herlitz, IT-manager at BMC directly.

Faculty of Pharmacy
FBV - Department of Pharmaceutical Biosciences (Institutionen för farmaceutisk biovetenskap)
FAR - Department of Pharmacy (Institutionen för farmaci)
ILK - Department of Medicinal Chemistry (Institutionen för läkemedelskemi)
Division of Pharmacognosy (Avdelningen för farmakognosi)
Faculty of Medicine
IMB - Department of Medical Biochemistry and Microbiology (Institutionen för medicinsk biokemi och mikrobiologi / IMBIM)
MCB - Department of Medical Cell Biology (Institutionen för medicinsk cellbiologi)
IMV - Department of Medical Sciences (Institutionen för medicinska vetenskaper)
INV - Department of Neuroscience (Institutionen för neurovetenskap)
IFV - Department of Public Health and Caring Sciences (Institutionen för folkhälso- och vårdvetenskap)
IGP - Department of Immunology, Genetics and Pathology (Institutionen för immunologi, genetik och patologi)
Department of Women's and Children's Health (Institutionen för kvinnors och barns hälsa )
Faculty of Social Sciences
IKV - Department of food Studies, nutrition and dietetics (Instituionen för kostvetenskap)
Faculty of Science and Technology
IBG - Biology Education Centre (Institutionen för biologisk grundutbildning)
ICM - Department of Cell and Molecular Biology (Institutionen för cell- och molekylärbiologi)
KMB - Department of Chemistry - BMC (Institutionen för kemi - BMC) Beginning in August 2018
University library
University library BMC
University administration
Faculty Offices / Office for Medicine and Pharmacy / Student service, pharmacy, medicine and care
MDT - MedfarmDoIT
ISP - International Science Programme (ISP)
Intendenturorganisationen
BMC - BMC-intendenturen
BMC - Mediateket

Also read

5. My Internet does not work! How can I find the problem?

What network are you using?

  1. First check - are you trying to connect via the Wireless Network or the Wired network?

The wireless network:

  1. Do not use UpUnet-S
    Make sure you are not using UpUnet-S. UpUnet-S has a captive portal and require login. Forget that network.
  2. Connect via Eduroam
    I will not go into details regarding how to configure Eduroam, but begin to read more about it here: https://mp.uu.se/web/info/stod/it-telefoni/network-on-campus/eduroam Internet access with eduroam
  3. Do you not have coverage?
    • In student areas - order new WiFi hotspots via Netsupport. In department areas, the department has to order and pay for them.
    • Use the Wired network instead.

The wired network:

  1. Do you not have a link?
    If no link, check network cable. Throw away and destroy faulty Ethernet cables, even if only the little retainer tab is broken.

  2. Has the network socket never been used before?
    Contact your Local IT and activate the network socket.
  3. Is the switch out of order?
    If the network socket suddenly stopped working with no link, maybe the switch is broken. Did the network suddenly go dark in some parts of the corridor and not on others? Then this may be the case. Contact helpdesk@bmc.uu.se.
  4. Is it really the network that is broken and not the computer?
    Try the network socket with another computer that is working with another network socket. This can help to identify whether the network socket is not working or if the problem is somewhere in the computer.
  5. Is the power out in the network cabinet?
    If Internet suddenly stopped working - it does happen that the power is out. It is not very common. The cross connect cabinets are usually located in the same part of the building that the lab or office housing the network socket. So go check if power is out. Are the lights on? If the power is out, just wait, Akademiska Hus is almost always already working on it.
  6. Do you have an IP-address?
    Check with ifconfig (Mac/Linux) or ipconfig (win). The IP-address should usually begin with 130.238 if you are at the university.
  7. Do you get intermittent link flaps?
    If the link sometimes goes down but not all the time this may be the case. Maybe the switch has put the switch port in link flap error disabled and then after a timeout period turn the switch port on again. Send message to helpdesk@bmc.uu.se or netsupports@its.uu.se.
  8. Are you on the correct VLAN? If you get a link but do not get an IP-address listen on the network to see what traffic there is. Then you can quite often figure out whether you are on the correct subnet or not. This can be done in Linux with sudo tcpdump -n -i eth0 or on Mac with sudo tcpdump -n -i en0. (The network interface names may differ - check the names with ifconfig) For Windows Wireshark is a bit overkill but should work as well.
    As an administrator you can search for the MAC-address in NetDB to see how the switch port is configured.
  9. Does the switch have that VLAN in the trunk?
    If the VLAN is correct, the link is up but everything is silent, check if the port is the first port with that VLAN on the switch. If so then maybe the trunk is missing that particular VLAN. Let Netsupport add the VLAN to the trunk.
  10. Is the DHCP-server out of free leases?
    If you have a link but do not get an address via DHCP then perhaps the DHCP-server are out of leases for your VLAN. You must contact your Local IT (which could be helpdesk@bmc.uu.se or someone else) to check what is going on. If it looks there are free leases but when it still do not work let the Local IT send a request to servicedesk@uu.se and ask for DHCP-server-logs for that particular MAC-address.
  11. Is the computer in the whitelist?
    If this is the first time you are connecting this particular computer, maybe your computers MAC-address has not been included in the DHCP whitelist. This is a list of computers that are allowed to connect to the network. Again you must contact your Local IT (which could be helpdesk@bmc.uu.se or someone else) to check what is going on.
  12. Is the default gateway address wrong?
    Do you have a gateway? route print (Windows), ipconfig (Windows) netstat -nr (Mac) or route (Linux). If you got an IP-address but cannot reach the gateway maybe there are old firewall rules that are blocking your IP. Check with your Local IT (which could be helpdesk@bmc.uu.se or someone else) and then let them check with Netsupport or Security Division.
  13. Can the gateway be reached?
    Ping the gateway! First check what the default gateway is and then ping it. Example: ping 130.238.39.193...

  14. Can you reach outside the gateway (router)?
    Test to ping Google resolver ping 8.8.8.8
    If this is not working this might also be a problem with router filters or firewall rules.
  15. Does DNS resolving work?
    1. Check the configured resolvers with nslookup www.uu.se
    2. Check if you can reach the UU resolver with nslookup www.uu.se 130.238.7.10
    3. Check if you can reach Google resolver with nslookup www.uu.se 8.8.8.8 or nslookup www.uu.se 8.8.4.4
  16. Are the network settings correct on the computer?
    Check Internet settings. Here is a guide at Microsoft for Windows.

    Check DNS-server settings. The Uppsala University resolvers (nameservers aka DNS-servers) are 130.238.7.10, 130.238.4.11, 130.238.164.6. (They should have the common name resolver.uu.se.) If you are using DHCP it should look like this:

  17. Does the computer work on another IP?

    if you are using a static IP you can try to use another free IP (check with your Local IT before using another IP). If that does work then:

    1. Maybe the IP you are trying to use is already in use. Please check arpwatch/NetDB.
    2. Maybe the IP is blocked in the university firewall. Please check with Security division.

Windows specific fixes when all else fails

  1. Reset TCP/IP-stack
    If most things look OK but the computer can not connect to Internet anyway, they maybe the TCP/IP-stack needs to be reset. In Windows 7/8/10the command for doing this (as an administrator) is netsh winsock reset. Follow up by a restart of the computer.

  2. Reset firewall rules
    To reset the firewall rules in Windows 10/8/7/Vista type netsh advfirewall reset as an administrator at the command line.

For administrators

It could be of help to find out this information about the computer for a more efficient troubleshooting:

  1. Look up the computer login logs for standard Windows clients. Search for the user and the computers. Here you can find the computer name and the username.
  2. Look up the computer name in Active Directory. In the description you can find the computer model and the MAC-address used for installation.
  3. Look up the MAC-address in NetDB. Here you can find the IP-address, swith name and switch port.
  4. Look up the MAC-address in IPAM (BlueCat). Here you can find if the computer is in a DHCP whitelist or any other DHCP-configuration related to the computer.
  5. Look up the IP-address in NetReg. Here you can find VLAN number and VLAN name and the ACL (router filter) for the VLAN.
  6. Look up the Switch and SwitchPort in the network documentation Excel-sheets at BMC. Here you can find the cross connect cabinet ID and network socket ID.
  7. Look up the MAC-address in Arptrack. Here you can find previous arpwatch log entries.

6. What do I do with old computers or phones?

Why can I not leave everything at the electronic recycle room?

The storage (usually a hard drive or flash memory with permanent storage) in may contains software with licenses belonging to Uppsala University (Windows, Office, Adobe etc).

Sometimes the storage contains passwords (stored in Firefox, Safari, Internet Explorer, Outlook, Thunderbird etc), password hashes (kerberos keys in Windows, macOS etc) or private keys (PyTTY, OpenSSH etc).

Sometimes the drives also contains sensitive personal data or data of other sensitive nature.

Option one - give it to BMC-IT

  1. Please fill in the form Data deletion approval.
  2. Give the equipment to BMC-IT. We will either scrap it or try to reuse the parts. If it is not for scrapping or possible reuse we cannot store it.
  3. Report the equipment as scrapped in the department inventory. pp

Option two - scrap it right away

  1. Remove the permanent storage (hard drive, solid-state drive, flash or other). This may not be possible in all devices.
  2. Please fill in the form Data deletion approval.
  3. Give the storage to BMC-IT (or your Local IT).
    1. If the storage contain really sensitive data it will be sent to the Security and safety division or the facility they recommend.
    2. If the data is not as sensitive and the drive is meaningsful to reuse, we will erase the drive on the block level (killdisk) and then reuse it.
  4. Bring the equipment to the electronic recycle room at The Goods reception at BMC.
  5. Report the equipment as scrapped in the department inventory.

7. How do I convert video between different formats with free software?

HandBrake is a GUI open source video transcoder.

HandBrake is available for Windows, Mac, Linux etc.

Mencoder

Mencoder is part of Mplayer, a video player. Mencoder is a command-line open source video transcoder.

Mencoder is available for Windows, Mac, Linux etc.

  1. Download Mplayer at www.mplayerhq.hu.
  2. Run the command line tool mencoder by starting the cmd. If you don't know what this is then don't follow this instruction. You have to have mencoder in your path.
  3. mencoder.exe input.avi -occ x264 -oac mp3lame -o output.mp4

  4. The new file named theoutput.mp4 should then contain the movie in the new x264 (mp4) format.

FFmpeg

FFmpeg can be used as a command line open source tool for transcoding video.

ffmpeg -i input.avi output.mp4

Bitrate and quality

FFmpeg can also be used to convert between different bitrates. Please read the FFmpeg H.264 Video Encoding Guide.

ffmpeg -i input.avi -acodec coy -vcodec libx264 -crf 40 slioutput.mp4

The videos displayed below has been converted to different quality levels with the folling comand.

gforce:Movies jerker$ for i in 1 30 40 ; do ffmpeg -i big_buck_bunny_240p_1mb.mp4 -preset veryslow -acodec copy -vcodec libx264 -crf $i big_buck_bunny_240p_FFMPEG_CRF_${i}.mp4 ; done

From left to right are the original, the best quality, slightly lower quality and quite bad quality.

gforce:Movies jerker$ ls -la big_buck_bunny_240p_* -rw-r--r-- 1 jerker staff 1053651 Jun 17 2016 big_buck_bunny_240p_1mb.mp4 -rw-r--r-- 1 jerker staff 2199681 Jun 13 13:07 big_buck_bunny_240p_FFMPEG_CRF_1.mp4 -rw-r--r-- 1 jerker staff 742577 Jun 13 13:07 big_buck_bunny_240p_FFMPEG_CRF_30.mp4 -rw-r--r-- 1 jerker staff 692186 Jun 13 13:07 big_buck_bunny_240p_FFMPEG_CRF_40.mp4 gforce:Movies jerker$

The annotation on the poster image was made like this, following the examples at ImageMagick v6 Examples - Compound Font Effects.

TEXT="My text" convert source_image.png -font "Arial" -pointsize 50 \ -draw "fill black text 27,77 '$TEXT' \ text 25,78 '$TEXT' \ text 23,77 '$TEXT' \ text 22,75 '$TEXT' \ text 23,73 '$TEXT' \ text 25,72 '$TEXT' \ text 27,73 '$TEXT' \ text 28,75 '$TEXT' \ fill white text 25,75 '$TEXT' " \ poster.png

Read more about the sample video at Wikipedia.

8. How do I order a standard computer?

Currently in 2018-02-22 we recommend at least Intel Core i5 with 16 GB RAM and 256 GB SSD storage or better.

Please note that all prices mentioned below are subject to change.

Computers

  1. Apple Macbook Pro (13.3", i5 3.1GHz with 2 cores, 256 GB SSD) - around 15700 SEK (not including adaptors / dock) (one year warranty)
    »Produktwebben (2018-02-22)
  2. Apple Macbook Pro (15.6", i7 2.8GHz with 4 cores, AMD Radeon Pro 555 2GB) (not including adaptors / dock and one year warranty)
    Standard model with 256 GB SSD - around 18500 SEK »Produktwebben (2018-03-01)
    With 512 GB SSD - around 20000 SEK. »Produktwebben (2018-03-01)
    With 1 TB GB SSD - around 22900 SEK. »Produktwebben (2018-03-01)
  3. Dell Latitude 7390 (13.3", i5-8250U (4 cores), 256B SSD, 16GB RAM) - around 9500 SEK (not including adaptors / dock) (service 3 year next business day ProSupport)
    »Produktwebben Dell Punchout (2018-02-01)
  4. Dell Optiplex 7060 SFF - around 6500 SEK with i5-8400, 16 GB RAM and 256 GB SSD (not including screen) (basic service 3 year next business day onsite)
    »Produktwebben Dell Punchout (2018-06-04

Accessories

  1. Dell WD15 - around 1400 SEK
    USB-C dock with battery charging, gigabit Ethernet, VGA, HDMI, mini DisplayPort, 5x USB-A ports, headset-jack, line-out. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (only one simultanious external display supported, up to 4K)
    »Produktwebben Dell Punchout (2018-03-12)
    »Dell WD15 Specification
  2. Dell DA200 - around 420 SEK
    USB-C adapter with USB-A, gigabit Ethernet, VGA and HDMI. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (VGA and HDMI cannot be used at the same time.)
    »Produktwebben Dell Punchout (2018-03-12)
  3. Dell DA300 - around 520 SEK
    USB-C adapter with USB-A, USB-C, gigabit Ethernet, DisplayPort, VGA, and HDMI.
    »Produktwebben Dell Punchout (2018-02-01)
  4. Dell Ultrasharp U2415 - around 1820 SEK
    Screen 24" with 1920x1200 resolution.
    »Produktwebben Dell Punchout (2018-06-14)
  5. Dell Ultrasharp U2715H - around 3380 SEK
    Screen 27" with 2560x1440 resolution.
    »Produktwebben Dell Punchout (2018-06-14)

External hard drive (examples)

  1. WD My Passport for Mac 2 TB - around 663 SEK
    External 2.5" drive with USB 3.0 USB-A USB-C formatted for Mac »Produktwebben (2018-02-01)
  2. Toshiba Canvio for Desktop 2 TB - around 535 SEK
    External 2.5" drive with USB 3.0 USB-A interface. »Produktwebben (2018-02-01)

Send a mail to helpdesk@bmc.uu.se with your request.

Apple Macbook Pro Dell Latitude 7390 Dell XPS
Dell Optiplex 7050 SFF Dell WD15 HP EliteDisplay E272q
Dell DA200 Dell DA300 Samsung SE650

9. How do I play movies on my webpage?

The easiest way may be to use the HTML5 video tag:

<video width="320" height="240" controls> <source src="video/big_buck_bunny_240p_1mb.mp4" type="video/mp4"> Your browser does not support the video tag. </video>

The result can look like this:

Read more about the sample video at Wikipedia.

10. What are the bitrates for different digital video quality?

Please check the webpage at Youtube regarding Live encoder settings, bitrates, and resolutions.



1080p @60fps 480p @60fps Other
video bitrate kbit/s kbit/s kbit/s
Storage for a day of video GB/day GB/day GB/day
Storage for a week of video GB/week GB/week GB/week

11. How do I sign my documents with an electronic signature?

  1. Introduction
  2. Read also
  3. Installation of Adobe Acrobat DC
    1. macOS
    2. Windows
  4. Create and sign with a self-signed electronic signature

1. Introduction

Please note that this guide allow you to create and sign with a self-signed certificate. Signing a document with this self-signed certificate will not prove that you are the one creating the signature since anyone can create a signature with your name. It is more or less the same safety as a normal signature.

2. Read also

3. Installation of Adobe Acrobat DC

If you read this and get IT-support from another organisation at UU then please mail your own helpdesk or local IT-support.

3.1 macOS

Acrobat Reader DC works fine and is free.

To get Adobe Acrobat Standard/Pro DC installed you can send a mail to helpdesk@bmc.uu.se.

When you have ordered either Adobe Acrobat Pro 2017 or Adobe Creative Cloud for Teams - All Apps the icons will pop up in Managed Software Center. Go ahead and install.

3.2 Windows

Acrobat Reader DC is free and works fine.

Acrobat Pro is included in Adobe All Apps and or can be installed by itself.

Please ask helpdesk@bmc.uu.se to get Acrobat for guidance.

4. Create and sign with a self-signed electronic signature

  1. Open your PDF-document
  2. Go to the top menu Tools

  3. Go to Certificates

  4. Choose Digitally sign

  5. Now accept to pick an area where to sign and choose OK

  6. This is the first time so we must create a new digital ID by Configure Digital ID

  7. We want to Create a new digital ID and Continue. Pick the Create your own self-signed Digital ID option and then choose Continue. This means this can be easily forged, but lets assume this is what we want to do.

  8. Choose Save to File and then Continue. You can then bring the certificate with you if you want to as a file.

  9. Fill in your details and Continue

  10. Pick a new unique password and Save

  11. Choose to sign with your new certificate and Continue

  12. Enter your password and Sign

  13. Pick a new name for your document and Save

  14. View your signed document

    Getting a personal certificate
    1. Please follow the instructions regarding Personal certificate at Medarbetarportalen to get your own personal certificate.
    2. Import it into (for example) Firefox.
    3. Export it from (for example) Firefox into an .p12 file. Set a password.
    4. When you sign with Acrobat, import the certificate from the file.
    5. That's it.

    12. I would like MATLAB on my computer please!

    Uppsala University has a site license for MATLAB payed for by the faculty of science and technology.

    Go to the Matlab Support Page to read more.

    13. How do I install Adobe CC Complete (Photoshop, Illustrator...) in Windows?

    For Windows computers that has a Zenworks agent it is quite easy.

    1. First restart computer if it has any pending upgrades. Otherwise the installation will fail.

    2. Open the Adobe Complete application in the Zenworks window.

    3. Answer OK once.

    4. Answer OK twice.

    5. Wait a very long time (all files are around 14.5 GB) for everything to install. The files are read from a file server so you have to be connected to the university network.

    6. It is possible to open a ZENworks progress window from the status bar. Step 7 of 8 will take a very long time.

    Normally in Zenworks everything may be loaded over the Internet, but in this case, since the package is so large, for technical reasons we choose to install it directly from a file server.

    When installing the bundle a request for registration of licenses will be automatically sent to helpdesk@bmc.uu.se who will confirm the registration at appropriate group or department.

    For Windows computers that do not run the Zenworks agent, the same package can be installed by a system administrator. Also contact helpdesk@bmc.uu.se for this.

    For macOS this installation is more or less manual. Contact helpdesk@bmc.uu.se.

    14. Why did my Adobe licenses stop working?

    When the licensing do not work on Adobe software the computer will print the message License denied on this computer.

    Two reasons why this may happen

    1. From time to time (every year) the license administration department (Inköpsavdelningen) Uppsala University remove all computers from the the license server for Adobe software that do not have an appropriate license in the license register (Progdist). This may affect you if:

      • No license have been registered (due to human error, misunderstanding etc)
      • The wrong computer name is in the register (again human error mostly)
      • The computer name contains strange characters (for example apostrophes or other uncommon characters in the names can cause problems when transferring computer names between systems)
      • You got a new computer with a new name but the old computer and name is still in the register.
      • The computer got multiple names and one is in the register and one is in the license server.
    2. If you have logged into Adobe Creative Cloud then the licenses you are using in the cloud are being used and not the Uppsala University licenses. The software will then be unlicensed.

      Check this by opening the Help menu. Look for the Sign Out (user@dept.uu.se) entry. If you are signed in you must Sign Out in order to use your licenses at the university. (And you must get help to relicense the software.)

    What to do?

    1. Send the computer name to helpdesk@bmc.uu.se and what software you are using that is causing the problem.
    2. We will check the license register to make sure the license register contain the correct computer name.
    3. We have to manually run a special program for relicensing the already installed software on the computer. This can be done via remote control, via bringing the computer to BMC-IT or maybe someone have to out to the computer.
    4. The software will then start to work again. Perhaps there will be a period of waiting until the license department has reactivated the computer.
    5. Do not log into Adobe Creative Cloud.

    15. How much do Adobe Photoshop and Illustrator cost?

    Short story: This is how much the Adobe applications cost

    Application Cost (updated 2017-09-18)
    Adobe Acrobat Pro 818 SEK (perpetual license - one-time fee)
    A single application (example: Photoshop or Illustrator) 444 - 996 SEK/year depending on app
    Adobe Complete (all applications) English 1620 SEK/year
    Adobe Acrobat Reader free

    Search Progdist at UU Reload



    Search Progdist at UU Reload

    • If buying more than one application the Adobe Complete with all applications are cheaper.
    • All applications using the Adobe Campus UU agreement with the ETLA license type has to be removed (uninstalled) from all computers.
    • All Adobe applications without valid license has to be removed.
    • Old perpetual licenses fully paid via one-time fee (Adobe CS3, CS4, CS5, CS6 etc) or within the ELA license type may still be used but not be upgraded. Those softwares are NOT recommended to use due to unpatched security holes! And old software might not work at all on a modern computer OS.

    Long story:

    You can rent the whole suite from Adobe called Creative Cloud for teams All Apps which contain the following applications:

    You can also rent a program as Single-App, but that cost is more than half of renting All Apps.

    This means that it will be less expensive to rent the entire suite if you are interested in more than one application.

    The applications below are possible to rent as Single-Apps (note that Acrobat Pro and Photoshop Lightroom are not possible to rent as Single-Apps):

    Notice that Acrobat Pro is not required to read PDF-files, fill PDF-forms or create PDF-files. This is possible by combining the freeware Acrobat Reader and Microsoft Office.

    Some of you may consider finishing your Adobe Campus UU licenses to reduce cost. The Adobe applications must then be removed from your computer. In some cases certain applications can be replaced with earlier versions if they have been bought (not rented). There is no guarantee for how long earlier Adobe versions continue to operated since they may become incompatible with newer versions of Windows and Mac OS.

    The applications probably contain report functions allowing Adobe to identify and count computers within UU using their applications and relate that to the number of paid licenses. It is therefore risky to keep Adobe applications without paying for the new license. Such cheating may lead to financial claims from Adobe.

    There are some free alternatives to the Adobe applications but no perfect replacements. Here are some suggestions:

    ApplicationAlternativePlatform
    Photoshop GIMP Mac OS, Windows, Linux
    Illustrator Inkscape Mac OS, Windows, Linux
    Draw.IO (simple block diagrams) Web
    InDesign Scribus Mac OS, Windows, Linux
    Acrobat Pro Acrobat Reader (to read PDF and fill forms) Mac OS, Windows, Linux
    PDFCreator (to create PDF by "printing" from other applications) Windows
    PDF-Xchange (create, edit, merge PDF) Windows
    Word 2013 (to open PDF, edit and convert to Word) Windows
    PDFsam (to combine, divide and rotate PDF-documents) Mac OS, Windows, Linux
    AbleWord (to open PDF, edit and convert to Word) Windows
    CutePDF (to create PDF by "printing" from other applications) Mac OS, Windows, Linux
    PDFtk Server (command line tool to manipulate PDF in many ways)Mac OS, Windows, Linux
    Dreamweaver We have found no direct replacement, but here is a list of 10 alternatives to Adobe Dreamweaver. Also read the Wikipedia page of Comparison of HTML editors - general information.

    16. Do you have some examples of fanless computers we can buy?

    Please check this detailed list of fanless laptops and ultrabooks available in 2018.

    Please note that even fanless computers with no moving parts may emit high-frequency sounds that some but not everyone can hear.

    2-in-1

    Dell Latitude 7285 2-in-1
    Price from 12077 SEK (2018-05-31) with 12.3" screen, Intel i5 1.2 GHz, 8 GB RAM and 256 GB SSD.
    Dell XPS 9365 2-in-1
    Price from 12244 SEK (2018-05-31) with Intel m5 1.2 GHz, 8 GB RAM and 256 GB SSD.
    Microsoft Surface Pro m3
    Price from 7677 SEK (2018-06-01) with Intel m3 1 GHz, 4 GB RAM and 128 GB SSD.
    Microsoft Surface Pro i5
    Price example 10854 SEK with Intel i5 7300U 2.6 GHz, 8 GB RAM and 256 GB SSD.

    Laptop

    Apple Macbook 12"
    Price from 10200 SEK (2018-05-31) with Intel i3 1.2 GHz, 8 GB RAM and 256 GB SSD.
    HP EliteBook Folio G1
    Price from 12414 SEK (2018-05-21) with 12.5" screen, Intel m7 1.2 GHz, 8 GB RAM and 512 GB SSD

    Desktop

    MSI Cubi N 067NE
    Price from 2034 SEK (2018-05-31) with Intel Celeron N3160, 4 GB RAM and 32 GB SSD.
    MSI Cubi 3 Silent S 026EU
    Price from 5931 SEK (2018-05-31) with Intel i5 7200U 2.5 GHz, 8 GB RAM and 256 GB SSD.

    Embedded

    Raspberry Pi 3 Model B
    Price 304 SEK (2018-05-31) with ARM 1.2 GHz quad core and 1 GB RAM.
    Also requires case, storage, charger etc. This is not a PC and cannot run normal Windows.
    Go to the Raspberry Pi homepage Download Section for software, including Raspbian, Windows 10 IOT Core or others.
    Dell Embedded Box PC 3000 (Order via Dell Punchout)
    Price from 9060 SEK (2018-05-31) with Intel Atom 1.33 GHz, 4 GB RAM, 500 GB HDD.
    Dell Embedded Box PC 5000 (Order via Dell Punchout)
    Price from 14995 SEK (2018-05-31) with Intel Celeron 2.8 GHz, 4 GB RAM, 500 HDD.
    Intel Compute Stick
    Price from 1100 SEK (2018-05-31) with Intel Atom Z8300 1.44 GHz, 2 GB RAM and 32 GB flash.

    17. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)



    IBM Spectrum Protect is the backup system run at the university at the IT-division. The software was previously known as TSM - Tivoli Storage Manager and is still referenced as both names.

    Financing and pricing

    The services is paid for by the users. This includes salaries for everyone involved in maintaining the system and all equipment. The costs includes a starting cost per node and (decreasing) cost per GB depending on how much data that is stored in the system. Read the pricelist.

    Documentation

    IBM has their own documentation of TSM 7.1.3 (the latest version at 2016-04-14)

    Schedule

    Usually on Windows-systems the backup-client is asking the server whether it should backup or not. Send a mail to backup-admin to let them know.

    On Mac and Linux (and other Unix-based systems) instead the client is called at a certain point in time doing the backup like this:

    dsmc incr

    To put this in crontab in a Linux system first run editor for the crontab as root using emacs as an editor.

    EDITOR=emacs crontab -e

    Or use the default vi editor:

    crontab -e

    Then enter the point in time to run the backups (with the full path to the client)

    1 1 * * * /usr/bin/dsmc incr

    Performance with TSM

    TSM store files in tapes and after a while the incremental backups will store files in several different tapes. One way of taking care of this is to instead from time to time do a selection backup or a image (block device) backup. The block device backup is harder to read back for certain files obviously.

    There are several options to decrease the amount of data being sent on the wire by doing more work on the client. Inside the university network this usually it not a problem since we usually have enough bandwidth betwen the campuses and to the backup servers.

    • Zip up many small files and exclude the originals from backup.
    • Use virtual mount points to divide up the files in smaller sets.
    • Use journal-based backup to track which files have been changed
    • Use memory efficient backup, if the client is running out of memory.

    Compression yes Memoryefficientbackup yes

    Examples: Query the backup...

    To list what partitions (or file systems) have been backed up:

    dsmc query files

    To list files that have a backup date during a certain date range: (However, running with options time limits (todate, fromdate) will change the behaviour for the client and read a lot of data into RAM. With several millions of files this will be slow. Read about Classic Restore versus No Query Restore (NQR) at IBM)

    The option -inactive will list both active and inactive files.

    dsmc q ba -inact -fromdate=01/01/2016 -todate=01/03/2016 -subdir=yes '/blue/*'

    To get summary of all files backed up and the size:

    dsmc query backup '/etc/*' -subdir=yes -querysummary

    To get more details, for example to see files with the wrong backupclass which still are taking up space in the backup, run this command:

    dsmc query backup '/etc/*' -subdir=yes -querysummary -detail

    Examples: Restoring backup...

    To interactively pick and restore the files, restoring to the directory /tmp:

    dsmc restore -pick '/blue/*' "/tmp/"

    To also interactively pick among the inactive files when restoring:

    dsmc restore -pick '/blue/*' "/tmp/" -inactive

    To also restore subdirectories while restoring:

    dsmc restore -pick '/blue/*' "/tmp/" -inactive -subdir=yes

    To restore the state of a directory at certain different points in time. This will run the restore command each for the specified dates and restore the directory as it were at that point in time.

    for i in 10 11 12 13 14 15 16 17 ; do mkdir /var/tmp/jerker.restore.2016-04-$i-12.00.00/ dsmc restore -pitd=04/$i/2016 -pitt=12:00:00 -subdir=yes '/home/jerker/*' /var/tmp/jerker.restore.2012-11-$i-12.00.00/ done

    To backup everything irrespective of whether files have changed since the last backup, use the selective command:

    dsmc sel '/green/home/USER/jny25782/*' -subdir=yes

    Examples: Deleting old backup data...

    To delete a backup (which may require extra permissions), use the delete command. This time the -pick makes it interactive.

    dsmc delete backup '/archive/jerker/*' -subdir=yes -pick

    To delete all inactive files:

    dsmc delete backup '/archive/jerker/*' -subdir=yes -deltype=inactive

    To delete all inactive files backed up during a certain date range:

    dsmc delete backup -fromdate=01/01/2010 -todate=01/01/2016 '/green/home/USER/jny25782/*' -subdir=yes -deltype=inactive

    With the number of files into multiple tens of millions, this may not work so well since it takes up too memory or perhaps timeout when waiting too long for the confirmation prompt unless the operator (you) are staring at the window. Use the -noprompt option and break it down inte smaller parts like this:

    for i in /home/* ; do dsmc delete backup -fromdate=01/01/2010 -todate=04/01/2016 $i/'*' -subdir=yes -deltype=inactive -noprompt ; done

    To delete all files from the backup, including inactive files, specify -deltype=all. Do not prompt for confirmation.

    dsmc delete backup '/unwanted.data/' -deltype=all -noprompt

    This however do not delete parent directories from the backup. To remove them to, run the expire command. The position of the wildcard is described at IBM but look a bit strange, so be careful!

    dsmc expire '/unwanted.data*' -noprompt

    Different management classes:

    To view the different management classes:

    dsmc q mgmtclass

    To list the details different backup management classes:

    dsmc q mgmtclass -detail

    To change class when taking backup, the new class can be specified in the file dsm.opt when including file systems:

    include /myfilesystem/* TWOYEARCLASS

    Please note that this may (or may not) only affect new objects created in the backup system. Manual clean up (using the method in the previous section) may have to be done.

    The way I know about how to view the current backup management class is to start the graphical client: dsmj and in the menu Utilities the entry View policy information

    This is a small script to list managment classes:

    #!/bin/bash echo 'Management Retain Only Retain Extra Version Version' echo 'Class Version Version Data Exists Data Deleted' echo '--------------- --------------- --------------- --------------- --------------' ( dsmc q mgmtclass -detail ; echo DONE ) | grep -e 'MgmtClass Name' -e 'Retain Only Version' -e 'Retain Extra Version' -e 'Versions Data Exists' -e 'Versions Data Deleted' -e 'DONE' | ( while read A B C D E F ; do if test "$A" = "MgmtClass" -o "$A" = "DONE" ; then if test "$EXTRA" != "" -a "$ONLY" != "" ; then echo -e $MGMT'\t'$ONLY'\t'$EXTRA'\t'$EXISTS'\t'$DELETED | expand --tabs=16,32,48,64 ONLY="" EXTRA="" MGMT="" DELETED="" EXISTS="" fi MGMT=$D fi if test "$B" = "Only" ; then ONLY=$D fi if test "$B" = "Extra" ; then EXTRA=$D fi if test "$C" = "Exists...:" ; then if test "$D $E" = "No Limit" ; then EXISTS="NoLim" else EXISTS="$D" fi fi if test "$C" = "Deleted..:" ; then if test "$D $E" = "No Limit" ; then DELETED="NoLim" else DELETED="$D" fi fi done ) | sort -n --key=2,5

    The output looks like this on the current (2016-05-16) classes on the domain that I are using. Note that there may be different domains with different management classes.

    # ./tsm.list.mgmtclasses.sh Management Retain Only Retain Extra Version Version Class Version Version Data Exists Data Deleted --------------- --------------- --------------- --------------- -------------- ITSDBCLASS 0 0 1 0 ORACLECLASS 0 200 3 0 ONEDAYCLASS 1 1 3 2 DAYCLASS 2 0 1 1 MONTHCLASS 9 9 8 7 TWOWEEKS 14 14 14 1 TDPDIFF 30 30 No Limit No Limit TDPDIFF-META 30 30 No Limit No Limit TDPFULL 30 30 No Limit No Limit TDPFULL-META 30 30 No Limit No Limit TDPLOGS 30 30 No Limit No Limit TDPLOGS-META 30 30 No Limit No Limit PUBCLASS 60 30 2 1 STANDARD 60 30 2 1 QUARTERCLASS 120 90 3 2 ITSCLASS 300 200 3 2 LOGCLASS 300 200 3 2 ITS_DISK 365 200 3 2 DEVCLASS 500 450 4 3 TWOYEARSCLASS 750 30 2 1 ADMCLASS 900 800 8 7 TENYEARSCLASS 4000 30 2 1 # date Fri Aug 26 13:51:51 CEST 2016 # _

    This is how to Assign management class to specified directories or default.

    18. What about the quality of a created PDF document?

    When creating a PDF document from a Word document, different PDF generators create different files. Some difference is due to the way different fonts are handled. You can for example read more on kerning here: https://en.wikipedia.org/wiki/Kerning.

    Also be aware that this is screenshots. Antialias and subpixel rendering may affect the images below.


    Here is an example of a Word-document generated into a PDF in different ways all displayed on the screen in Windows 10 using Adobe Reader DC with 300% zoom. The limited screen resolution makes it hard to see the finer details.

    1. Microsoft Word 2016. Created with Microsoft Print to PDF virtual printer. Good quality with no visible kerning problems in this example. However the generated text is a bit dark.

    2. Microsoft Word 2013. Created with save as.. and the as a file type PDF. Take notice of the kerning problems marked with yellow.

    3. Microsoft Word 2016. Created with PDF X-Change virtual printer. Take notice of the kerning problems marked with yellow.

    4. Microsoft Word 2016. Created Adobe Acrobat Pro XI virtual printer Adobe PDF.

    5. Microsoft Word 2016. Created with PDFCreator virtual printer.

    6. Microsoft Word 2016. Created with Save as.. and then as the file type PDF with the higher quality.

    19. How do I add a CNAME in BlueCat?

    1. Go to the zone / domain you wish to add a CNAME to.

    2. Add an Alias Record (CNAME)

    3. Type in the name you want.

    4. Type in where you want it to go! The A-record has to exist in BlueCat! Otherwise press the External Host button.

    20. How do I sort incoming mail based on receiver address into different folders?

    Sometimes you have two e-mail addresses to the same e-mail account.

    In this example I have the following two addresses:

    • jerker.nyberg@bmc.uu.se
    • jerkertestar@bmc.uu.se

    They both end up in the account jny25782@user.uu.se which in the catalogue has the full name Jerker Nyberg von Below.

    In our (the university) setup of Exchange/Outlook it is possible to base the rule on the account receiving the mail, but not on the original address receiving the mail (the envelope header). In order for all mail to be correctly sorted the envelope header must be used. But in our setup it is not possible to insert dynamic rules in that stage as a user.

    This makes is problematic to sort mail which has both addresses as receivers. (both jerker.nyberg@bmc.uu.se and jerkertestar@bmc.uu.se). Only one mail will end up in the account. Mailing lists are also problematic but may be working because they are handled by an external system (Sympa). So it depends. It usually works. And sometimes when it do not a few additional rules may help. But be sure to read both your incoming folders.

    1. Enter the Uppsala University webmail at https://mail.uu.se/.

    2. Right-click on the mail you wish to sort and pick Create rule...

    3. Build your rule.

      • Remove the old rules.
      • You may want to change the name for the rule.
      • Create a new condition named It includes these words in the message header...
      • Click on the right of the condition on the blue text and then write one of the e-email addresses you would like to move to a separate folder.
      • Then pick a folder you would like to move the message to. You may want to create a new folder.

      When you are ready the rule should look like this, but with your own conditions and folder name...

    4. Try your new rules by sending messages to your different addresses.

21. What fun things can I do with Systemd in Linux?

Figure out what is taking so long to start:

# systemd-analyze blame 1min 46.945s kdump.service 13.838s network.service 873ms postfix.service 602ms dev-md126.device 285ms systemd-udev-trigger.service 258ms tuned.service 186ms systemd-fsck-root.service 55ms httpd.service ... # _

Check how a service is doing:

# systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2017-04-14 05:22:28 CEST; 3 weeks 5 days ago Docs: man:httpd(8) man:apachectl(8) Process: 6484 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Process: 14190 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS) Main PID: 6489 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service 6489 /usr/sbin/httpd -DFOREGROUND 14198 /usr/sbin/httpd -DFOREGROUND 14199 /usr/sbin/httpd -DFOREGROUND 14201 /usr/sbin/httpd -DFOREGROUND 14202 /usr/sbin/httpd -DFOREGROUND 14203 /usr/sbin/httpd -DFOREGROUND Apr 14 05:22:28 bmc-pcfs2.bmc.uu.se systemd[1]: Starting The Apache HTTP Server... Apr 14 05:22:28 bmc-pcfs2.bmc.uu.se systemd[1]: Started The Apache HTTP Server. Apr 16 08:47:01 bmc-pcfs2.bmc.uu.se systemd[1]: Reloaded The Apache HTTP Server. Apr 24 05:52:36 bmc-pcfs2.bmc.uu.se systemd[1]: Reloaded The Apache HTTP Server. Apr 30 07:05:06 bmc-pcfs2.bmc.uu.se systemd[1]: Reloaded The Apache HTTP Server. May 07 08:18:32 bmc-pcfs2.bmc.uu.se systemd[1]: Reloaded The Apache HTTP Server. # _

Start, stop and restart units (services):

# systemctl stop httpd # systemctl start httpd # _

Change the default device timeout for slow file systems like btrfs with a lot of snapshots: (
ArchLinux Wiki about Fstab)

# grep timeout /etc/fstab LABEL=data7 /data7/ btrfs compress,noatime,x-systemd.device-timeout=0 1 2 # _

22. How do I launch parallel jobs using MPI?

  1. I followed this tutorial http://mpitutorial.com/tutorials/mpi-hello-world/
  2. First make sure you can login with out password between the nodes.

    $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/jny25782/.ssh/id_rsa): Created directory '/home/USER/jny25782/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/jny25782/.ssh/id_rsa. Your public key has been saved in /home/USER/jny25782/.ssh/id_rsa.pub. The key fingerprint is: 55:e3:ae:d5:90:49:00:ab:cd:5c:4c:cf:e1:80:b9:66 jny25782@fbv-n67 The key's randomart image is: +--[ RSA 2048]----+ | .++.= | | o+ O = | | ..+ O | | =Eo . o | | .oS o . | | o | | . | | | | | +-----------------+ $ cp .ssh/id_rsa.pub .ssh/authorized_keys $ _

  3. Create the host_file with the name of the computers you wish to run on.

    fbv-n65 fbv-n67

  4. Make sure you have the host keys in your ~/.ssh/known_hosts file !

    $ for i in fbv-n65 fbv-n67 ; do ssh -o StrictHostKeyChecking=no $i hostname ; done Warning: Permanently added 'fbv-n65,192.168.0.165' (ECDSA) to the list of known hosts. fbv-n65 Warning: Permanently added 'fbv-n67,192.168.0.167' (ECDSA) to the list of known hosts. fbv-n67 $ _

  5. Create the Makefile

    EXECS=mpi_hello_world MPICC?=mpicc all: ${EXECS} mpi_hello_world: mpi_hello_world.c ${MPICC} -o mpi_hello_world mpi_hello_world.c clean: rm ${EXECS}

  6. Create the mpi_hello_world.c

    // Author: Wes Kendall // Copyright 2011 www.mpitutorial.com // This code is provided freely with the tutorials on mpitutorial.com. Feel // free to modify it for your own use. Any distribution of the code must // either provide a link to www.mpitutorial.com or keep this header intact. // // An intro MPI hello world program that uses MPI_Init, MPI_Comm_size, // MPI_Comm_rank, MPI_Finalize, and MPI_Get_processor_name. // #include #include int main(int argc, char** argv) { // Initialize the MPI environment. The two arguments to MPI Init are not // currently used by MPI implementations, but are there in case future // implementations might need the arguments. MPI_Init(NULL, NULL); // Get the number of processes int world_size; MPI_Comm_size(MPI_COMM_WORLD, &world_size); // Get the rank of the process int world_rank; MPI_Comm_rank(MPI_COMM_WORLD, &world_rank); // Get the name of the processor char processor_name[MPI_MAX_PROCESSOR_NAME]; int name_len; MPI_Get_processor_name(processor_name, &name_len); // Print off a hello world message printf("Hello world from processor %s, rank %d out of %d processors\n", processor_name, world_rank, world_size); // Finalize the MPI environment. No more MPI calls can be made after this MPI_Finalize(); }

  7. Build with make

    $ make mpicc -o mpi_hello_world mpi_hello_world.c mpi_hello_world.c: In function main: mpi_hello_world.c:39:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ $ _

  8. Run your job:

    $ mpirun -n 2 -f host_file ./mpi_hello_world Hello world from processor fbv-n65, rank 0 out of 2 processors Hello world from processor fbv-n67, rank 1 out of 2 processors $ _

  9. Launch more on each node by adding rows to the host_file:

    fbv-n65:1 fbv-n65:2 fbv-n65:3 fbv-n67:1 fbv-n67:2 fbv-n67:3 fbv-n67:4 fbv-n67:5

  10. Launch:

    $ mpirun -n 8 -f host_file ./mpi_hello_world Hello world from processor fbv-n65, rank 2 out of 8 processors Hello world from processor fbv-n65, rank 3 out of 8 processors Hello world from processor fbv-n65, rank 4 out of 8 processors Hello world from processor fbv-n65, rank 5 out of 8 processors Hello world from processor fbv-n65, rank 0 out of 8 processors Hello world from processor fbv-n65, rank 1 out of 8 processors Hello world from processor fbv-n67, rank 6 out of 8 processors Hello world from processor fbv-n67, rank 7 out of 8 processors $ _

23. How do I send mail from a shell script in Linux and macOS?

Here is an example of sending mail on Linux and MacOS, one using sendmail and one using mailx.

The sendmail binary may be both in /usr/sbin/sendmail and the traditional /usr/lib/sendmail but using the /usr/bin/env as a wrapper should work with both location.

Please note that both the envelope header and the from-header must be set. This is done with sendmail both inside the mail and as a command line argument. There are other ways of doing this. But this is one of them.

FROM=helpdesk@bmc.uu.se TO=jerker.nyberg@bmc.uu.se SUBJECT="This is in subject" /usr/bin/env sendmail -f $FROM $TO <<EOF To: $TO From: $FROM Subject: $SUBJECT Hello darkness my old friend! EOF

FROM=helpdesk@bmc.uu.se TO=jerker.nyberg@bmc.uu.se SUBJECT="This is in subject" /usr/bin/mailx -s "$SUBJECT" -r $FROM $TO <<EOF Hello darkness my old friend! EOF

24. How does Thunderbird autoconfig work?

Thre is an autoconfiguration feature in Thunderbird in order to make it easier for the users to set up their mail accounts. Read more at Autoconfiguration in Thunderbird at the Mozilla web docs.

BMC-IT has a server at autoconfig.bmc.uu.se. To configure the feature for your domain at the university just add the following to your zone.

autoconfig IN CNAME autoconfig.bmc.uu.se.

The record may look like this in BlueCat:


25. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?

The PCFS storage provided by BMC-IT is normally accessed via SMB. However the Uppsala University perimeter firewall in front of UpUnet (Fortigate) is blocking incoming SMB. The Uppsala University HPC center UPPMAX (Uppsala Multidisciplinary Center for Advanced Computational Science) has its own Internet connection via SUNET so SMB access from SUNET is blocked in the firewall.

For those cases Rrsync (restricted Rsync) can be set up as well.

It could for example look like this on the server:

[root@bmc-pcfs4 ~]# tail -5 /etc/ssh/sshd_config Ciphers +arcfour AllowUsers root jny25782 Match User jny25782 ForceCommand /usr/local/bin/rrsync.data.sh Match all [root@bmc-pcfs4 ~]# cat /usr/local/bin/rrsync.data.sh #!/bin/bash exec /usr/local/bin/rrsync /data [root@bmc-pcfs4 ~]#

To access it use Rsync as normally. However, Rsync now is using the /data directory above as base directory. ALl the shares are mounted under the /data directory.

To access the data with Rsync may look like this. Here I tried to download the contents of a share I do not have access to, so just igore the error and use rsync as normal for transfer data.

gforce:~ jerker$ rsync -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. jny25782@imb-genomicsklt2.files.uu.se's password: receiving file list ... rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) 3 files to consider sent 20 bytes received 222 bytes 69.14 bytes/sec total size is 0 speedup is 0.00 rsync error: some files could not be transferred (code 23) at /BuildRoot/Library/Caches/com.apple.xbs/Sources/rsync/rsync-52/rsync/main.c(1404) [generator=2.6.9] gforce:~ jerker$ ls -la tmp/ total 0 drwxr-xr-x 4 jerker staff 128 Mar 30 2017 . drwxr-xr-x+ 225 jerker staff 7200 Dec 5 11:27 .. drwxr-xr-x 2 jerker staff 64 Dec 5 11:02 .snapshots drwxrwx--- 2 jerker staff 64 Mar 8 2017 GenomicsKLT2 gforce:~ jerker$ ls -la tmp/GenomicsKLT2/ total 0 drwxrwx--- 2 jerker staff 64 Mar 8 2017 . drwxr-xr-x 4 jerker staff 128 Mar 30 2017 .. gforce~ jerker$ _

If you want to use your public SSH-key instead of your password for authentication then send the SSH key to the administrator. Kerberos single-sign-on is currently not supppoerted.

From UPPMAX

  1. Connect to Uppmax with SSH, in this example I am connecting to rackham.uppmax.uu.se. Start a screen so that you can keep your processes running even when your SSH-client disconnect to UPPMAX when you for example shutdown your computer.

    [jerker@rackham3 ~]$ screen

  2. Then connect to that server with rsync. In the following example we are trying to reach the share that also can be reached as smb://IMB-GenomicsKLT2.files.uu.se/IMB-GenomicsKLT2/

    [jerker@rackham3 ~]$ rsync -avx --progress jny25782@imb-genomicsklt2.files.uu.se:IMB-GenomicsKLT2/. tmp/.

    In this example we are using another port because the normal port 22 was at that point still blocked in the firewall between UPPMAX and UpUnet. Also, compression is turned off, faster ciphers are being used and ssh escape characters are turned off.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -p 2222 -o Compression=no -c arcfour,aes128-ctr' -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. The authenticity of host '[imb-genomicsklt2.files.uu.se]:2222 ([130.238.54.70]:2222)' can't be established. ECDSA key fingerprint is SHA256:zUs82pMdiZzQoqaR86iGFp2A/6LzHAy6WBbKC+46sSo. ECDSA key fingerprint is MD5:12:c7:98:f6:65:3e:39:0d:df:59:dc:a7:f8:96:2a:f4. Are you sure you want to continue connecting (yes/no)? yes You have to type yes here Warning: Permanently added '[imb-genomicsklt2.files.uu.se]:2222,[130.238.54.70]:2222' (ECDSA) to the list of known hosts. jny25782@imb-genomicsklt2.files.uu.se's password: Enter your password here receiving incremental file list rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) .snapshots/ sent 16 bytes received 226 bytes 19.36 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1518) [generator=3.0.9] [jerker@rackham3 ~]$ _

    Here is an example when the contents of the directory /proj/mystuff/directory/to/upload/. on UPPMAX will be synced to the directory TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/. on PCFS.

    This destination can also be reached over SMB as as the smb://TLA-ShareName.files.uu.se/TLA-ShareName/ShareName/directory.to.upload/ or \\TLA-ShareName.files.uu.se\TLA-ShareName\ShareName\directory.to.upload\

    The flag --delete will erase all files from the destination that do not exist in the source.x

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -o Compression=no -c arcfour,aes128-ctr' --delete -avx --progress /proj/mystuff/directory/to/upload/. jny25782@TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/.

    By using the notation above (the /. in the end) the rsync can be run multiple times to update/sync modified files again.

  3. Have fun! Disconnect from the screen with Ctrl-A Ctrl-D. Attach to the screen again with the command screen -x.

26. How do I change the Mac computer name, host name and NetBIOS-name?

In macOS, change the computer names in the system settings, in the Share (Delning) dialog.

The university name standard begins with an identifier for each department and then a dash and a unique identifier. At BMC-IT and the departments we support we continue with the computer serial number like this:

  1. Begin with a TLA - the three letter acronym (Neuroscience - INV, Medical Biochemistry and Microbiology - IMB, Pharmaceutical biosciences - FBV, Medical Cell Biology - MCB, Uppsala Biomedical Centre - BMC, Public Health and Caring Sciences - IFV, etc)
  2. Then a dash -.
  3. Then the serial number max 11 characters (cut away the leading ones to keep the usually significant ones)
  4. The full computer name should be 15 characters or less (to not generate possible problems in old network sharing protocols like WINS... In a couple of years, when WINS is totally gone, then this rule most probably can be ignored)

The host name is however picked up from the DHCP-server. It is used as a prompt in the command line. With dynamic DHCP the IP and the host name may change from time to time. So to get a consistent hostname set it manually like this; in this example BMC-COVFEFE is used as hostname, but please use your own instead!

The terminal may look like this:

$ scutil --get HostName HostName: not set $ sudo scutil --set HostName BMC-COVFEFE Password: $ sudo scutil --set ComputerName BMC-COVFEFE $ sudo scutil --set LocalHostName BMC-COVFEFE $ scutil --get HostName BMC-COVFEFE $ scutil --get ComputerName BMC-COVFEFE $ scutil --get LocalHostName BMC-COVFEFE $ _

Also check and set the NetBIOS-name. It may or may not be the same as the computer name and host name. The default is the same as the hostname but if this has been changed before it may be something else. Change it like this:

The NetBIOS-name can be changed in the terminal as well like this:

$ sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName BMC-COVFEFE $ defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName BMC-COVFEFE $ _

27. How do I create binary packages with MacPorts?

Let us assume the package we want to build is ImageMagick and your username is myusername.

Make a source install of MacPorts into /opt/mports

Read more about Source install.

$ sudo mkdir -p /opt/mports $ cd /opt/mports $ sudo chown myusername . $ git clone https://github.com/macports/macports-base.git $ git checkout v2.4.2

Install a copy of MacPorts into /opt/ImageMagick

Read more about Install Multiple MacPorts Copies.

$ export PATH=/bin:/sbin:/usr/bin:/usr/sbin $ MP_PREFIX=/opt/ImageMagick $ cd /opt/mports/macports-base $ ./configure --prefix=$MP_PREFIX --with-applications-dir=$MP_PREFIX/Applications $ make $ sudo make install

Build ImageMagick binary port meta package

Read more about MacPorts Port Binaries.

$ sudo $MP_PREFIX/bin/port selfupdate ---> Updating MacPorts base sources using rsync MacPorts base version 2.4.2 installed, MacPorts base version 2.4.2 downloaded. ---> Updating the ports tree ---> MacPorts base is already the latest version The ports tree has been updated. To upgrade your installed ports, you should run port upgrade outdated $ sudo $MP_PREFIX/bin/port mdmg ImageMagick ---> Computing dependencies for ImageMagick The following dependencies will be installed: Xft2 autoconf autoconf-archive automake bison ... xpm xrender xz zlib Continue? [Y/n]: Y ---> Fetching distfiles for gperf ---> Attempting to fetch gperf-3.1.tar.gz from ftp://ftp.funet.fi/pub/gnu/prep/gperf ... ... $ ls -lah $(find $MP_PREFIX -name ImageMagick-6.9.9-26.dmg) -rw-r--r--@ 1 root admin 166M Mar 22 14:38 /opt/ImageMagick/var/macports/build/_opt_ImageMagick_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_graphics_ImageMagick/ImageMagick/work/ImageMagick-6.9.9-26.dmg $ _

The package is located as above. This package can be installed on other computers. All files will reside at /opt/ImageMagick.

How to install the package we just created

  1. In this case we created a DMG with a MPKG.
  2. Open the DMG. But on another computer...

    $ open /opt/ImageMagick/var/macports/build/_opt_ImageMagick_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_graphics_ImageMagick/ImageMagick/work/ImageMagick-6.9.9-26.dmg

  3. Open the MPKG.

  4. Install the package.

  5. Done!

Everything at once

This will build two self-contained meta packages for gimp and ImageMagick and place them in the home directory.

for APP in gimp ImageMagick ; do export PATH=/bin:/sbin:/usr/bin:/usr/sbin export MP_PREFIX=/opt/$APP export MP_INST=/opt/MacPorts-$APP export $PORT=$MP_PREFIX/bin/port sudo mkdir -p $MP_INST && pushd $MP_INST && sudo chown $(whoami) . && git clone https://github.com/macports/macports-base.git && pushd $MP_INST/macports-base && git checkout v2.4.2 && ./configure --prefix=$MP_PREFIX --with-applications-dir=$MP_PREFIX/Applications && make && sudo make install && sudo $PORT selfupdate && sudo $PORT -N mpkg $APP && popd && popd cp -av $(find $MP_PREFIX/var/macports/build/ | grep 'mpkg$') $HOME/. done

28. How do I install the OCS Inventory agent for Linux?

OCS Inventory is an open source inventory system for computer hardware and software.

The OCS Inventory server at BMC currently (2017-08-10) is running version 2.2 but the latest version is 2.3. So the client must be version 2.2 or lower.

Ubuntu 17.04

Ubuntu currently has the 2.0.5 version in their repositories which works fine but cannot check certificates.

  1. Install package

    apt-get install ocsinventory-agent

  2. Answer that the inventory should be generated over http.
  3. Enter the server name https://inv.bmc.uu.se/ocsinventory
  4. Fix configuration.

    cat <<EOF >>/etc/ocsinventory/ocsinventory-agent.cfg tag = BMC logger = Stderr logfile = /var/log/ocsinventory-client/ocsinventory-agent.log EOF

  5. Run the agent every hour instead of every day:

    mv /etc/cron.daily/ocsinventory-agent /etc/cron.hourly/.

  6. Test that everything is working.

    ocsinventory-agent cat /var/log/ocsinventory-client/ocsinventory-agent.log

  7. The computer should now show up at https://inv.bmc.uu.se/ocsreports/!

CentOS 6 (Scientific Linux 6 and RHEL 6)

CentOS has the 2.3 version in the EPEL repository which is to new. Install the older 2.1 version instead.

  1. Add the EPEL repo.

    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

  2. Install the monitir-edid package.

    yum -y install http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/monitor-edid-2.1-1.el6.rf.x86_64.rpm

  3. Go to https://pkgs.org/download/ocsinventory-agent and download and install the version 2.1.1 of ocsinventory-agent and perl-Ocsinventory-Agent. This will add a lot of dependant packages.

    yum -y install http://rpms.famillecollet.com/enterprise/6/remi/x86_64//perl-Ocsinventory-Agent-2.1.1-1.el6.remi.noarch.rpm http://rpms.famillecollet.com/enterprise/6/remi/x86_64//ocsinventory-agent-2.1.1-1.el6.remi.x86_64.rpm

  4. Add the server to the configuration files at /etc/ocsinventory/ocsinventory-agent.cfg

    sed -i 's/^local = /###local = /' /etc/ocsinventory/ocsinventory-agent.cfg cat <<EOF >>/etc/ocsinventory/ocsinventory-agent.cfg server = https://inv.bmc.uu.se/ocsinventory ssl = 1 ca = /etc/ocsinventory/inv.bmc.uu.se.public.pem tag = BMC logger = Stderr logfile = /var/log/ocsinventory-agent/ocsinventory-agent.log EOF

  5. Download and put the public certificates from the webserver into the /etc/ocsinventory/inv.bmc.uu.se.cacert.pem file. This way the client is sure just to contact the OCS server.

    openssl s_client -showcerts -connect inv.bmc.uu.se:443 </dev/null 2>/dev/null | openssl x509 -outform PEM >/etc/ocsinventory/inv.bmc.uu.se.public.pem

  6. Activate the cronjob

    sed -i 's/=none/=cron/' /etc/sysconfig/ocsinventory-agent

  7. Test that everything is working.

    ocsinventory-agent cat /var/log/ocsinventory-agent/ocsinventory-agent.log

  8. The computer should now show up at https://inv.bmc.uu.se/ocsreports/!

CentOS 7 (Scientific Linux 7 and RHEL 7)

CentOS has the 2.3 version in the EPEL repository which is to new. Install the older 2.1 version instead. Certificate check seem to be broken, maybe due to missing perl package.

  1. Add the EPEL repo.

    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  2. Go to https://pkgs.org/download/ocsinventory-agent and download and install the version 2.1.1 of ocsinventory-agent and perl-Ocsinventory-Agent. This will add a lot of dependant packages. Also add monitor-edid and libx86.

    yum -y install http://rpms.famillecollet.com/enterprise/7/remi/x86_64//perl-Ocsinventory-Agent-2.1.1-1.el7.remi.noarch.rpm http://rpms.famillecollet.com/enterprise/7/remi/x86_64//ocsinventory-agent-2.1.1-1.el7.remi.x86_64.rpm http://rpms.famillecollet.com/enterprise/7/remi/x86_64//monitor-edid-3.0-6.el7.remi.x86_64.rpm http://rpms.famillecollet.com/enterprise/6/remi/x86_64//libx86-1.1-9.el6.remi.x86_64.rpm perl-LWP-Protocol-https

  3. Add the server to the configuration files at /etc/ocsinventory/ocsinventory-agent.cfg. Something is not working with certificate validation.

    sed -i 's/^local = /###local = /' /etc/ocsinventory/ocsinventory-agent.cfg cat <<EOF >>/etc/ocsinventory/ocsinventory-agent.cfg server = https://inv.bmc.uu.se/ocsinventory ssl = 0 ### broken ca = /etc/ocsinventory/inv.bmc.uu.se.public.pem tag = BMC logger = Stderr logfile = /var/log/ocsinventory-agent/ocsinventory-agent.log EOF

  4. Download and put the public certificates from the webserver into the /etc/ocsinventory/inv.bmc.uu.se.cacert.pem file. This way the client is sure just to contact the OCS server.

    openssl s_client -showcerts -connect inv.bmc.uu.se:443 </dev/null 2>/dev/null | openssl x509 -outform PEM >/etc/ocsinventory/inv.bmc.uu.se.public.pem

  5. Activate the cronjob

    sed -i 's/=none/=cron/' /etc/sysconfig/ocsinventory-agent

  6. Test that everything is working.

    ocsinventory-agent cat /var/log/ocsinventory-agent/ocsinventory-agent.log

  7. The computer should now show up at https://inv.bmc.uu.se/ocsreports/!

29. How do I set firewall rules in Linux to block SSH?

This is an example on how to set firewall rules in Linux. The command iptables below first open incoming on port 22/tcp (SSH) for the university network and then drop all other.

The first command (iptables) adds a rule (-A) to the input-chain (INPUT) for protcol tcp (-p tcp) on the incoming (--destination-port) port 22 for SSH (22) which has a source (-s) from the university (130.238/16) that it should accept the packets (-j ACCEPT).

The second command just drops everything else.

# iptables -A INPUT -p tcp --destination-port 22 -s 130.238/16 -j ACCEPT # iptables -A INPUT -p tcp --destination-port 22 -j DROP

How to save the rules is different between different distributions. In CentOS 7 I use the command service iptables save. In Ubuntu/Debian, install the package iptables-persistent and then run the command iptables-save > /etc/iptables/rules.v4. Reboot computer to see that the firewall rules stick.

To see the current firewall rules run this command:

# iptables -L -n

Also, to limit which accounts can login via SSH you can use the AllowUsers keyword in /etc/ssh/sshd_config like this:

AllowUsers myaccount

To allow more users:

AllowUsers firstaccount secondaccount

Restart or reload sshd or restart computer to use the new configuration for sshd.

Read more about iptables at the Netfilter homepage.

30. How do I lookup LDAP or Active Directory via command line on Mac and Linux?

Connecting anonymously to LDAP

ldapsearch -l 10 -x -Hldap://ldap.katalog.uu.se -b 'cn=People,dc=uu,dc=se' '(&(objectClass=person)(uid=jny25782))'

Connecting with authentication to LDAP

ldapsearch -l 10 -x -Hldaps://ldap.katalog.uu.se -D 'uid=jny25782,dc=user,dc=uu,dc=se' -w 'passwordA' -b 'cn=People,dc=uu,dc=se' '(&(objectClass=person)(uid=jny25782))'

Connecting with authentication to Active Directory

ldapsearch -Hldap://dc.user.uu.se -x -D "jny25782@user.uu.se" -b "DC=user,DC=uu,DC=se" -w "passwordA" "(uid=jny25782)" uid mail

Those timestamps in the Active Directory look quite strange do they not?

Convert from Windows time (100 ns/tick resolution) to Unix time ( 1 s/tick) by dividing by 10000000 (changing 100 ns resolution into 1 s) and then subtract 11644473600 to get from 1601-01-01T00:00:00Z to 1970-01-01T00:00:00Z.

$ date -d @$(echo 131243293252095302/10000000-11644473600 | bc) Wed Nov 23 00:02:05 CET 2016 $ _

Examples

List all mail addresses in the group SI29:9 in the public LDAP catalogue and then count them:

$ ldapsearch -l 10 -x -Hldap://ldap.katalog.uu.se -b 'cn=People,dc=uu,dc=se' 'departmentNumber=SI29:9' mail | grep -i mail: | wc -l 38 $ _

This would list all mail addresses in the group SI29:9 that also has a room number in the BMC C6:3 corridor.

$ ldapsearch -l 10 -x -Hldap://ldap.katalog.uu.se -b 'cn=People,dc=uu,dc=se' '(&(roomNumber=BMC C6:3*)(departmentNumber=SI29:9))' mail | grep -i mail:

31. How do I copy many files in Windows using Robocopy?

Robocopy is a built in command line tool in Windows to copy files. when it cannot read a file because of any reason, like the file is locked or unavailable, it can retry.

Mirror a directory into another

This deletes destination files that are not in the original.

robocopy g:\myfiles h:\myarchive /MIR /R:2 /W:1

Copy a directory into another

This just copy the files.

robocopy g:\myfiles h:\myarchive /E /R:2 /W:1

32. How do I configure my resolver on a Linux machine?

The university has a couple of resolvers which are referred to by resolver.uu.se.

$ host resolver.uu.se resolver.uu.se has address 130.238.7.10 resolver.uu.se has address 130.238.164.6 resolver.uu.se has address 130.238.4.133 resolver.uu.se has IPv6 address 2001:6b0:b:215:130:238:4:133 resolver.uu.se has IPv6 address 2001:6b0:b:732:130:238:164:6 resolver.uu.se has IPv6 address 2001:6b0:b:242:130:238:7:10 $ _

Historically the host name lookups in Linux were done by the resolver. No resolver was running and no cache existing locally in the machine. The resolvers were put in /etc/resolv.conf, either statically (manually) or via DHCP.

The problem with this approach is that if the first in the list of external resolvers cannot be reached the timeout is defaulting to 5 seconds with 2 attempts. This means that if the first server is down there will be a timeout up to 2*5=10 seconds. When a resolver is failing most things using the network will get slow and not work very well. This can be decreased but not eliminated by adding a shorter timeout to /etc/resolv.conf:

options timeout:1 attempts:1 rotate

Using dnsmasq as a forwarding resolver

Another, better, solution is to run dnsmasq in Linux. Dnsmasq will get you:

  1. Faster failover.
  2. Local cache.
  3. A well behaved client using central resolvers. (No problems with split-DNS, firewalls or router filters)

This is how it looks like in CentOS 7 when not using NetworkManager (most common on servers) and using DHCP. It will replace the first nameserver with the local dnsmasq. This works for a server always located on the UpUnet network.

Here we also add the Google public resolvers. But please note, if you add the those you cannot reach local split-DNS, like the Windows-domains or other local networks (RFC1918). Also check that you have access (not blocked by router filter or firewall) to the Google public resolvers before you add them.

$ yum install dnsmasq $ echo 'resolv-file=/etc/resolv.dnsmasq' > /etc/dnsmasq.d/resolv.file $ echo 'DNS=127.0.0.1' >>/etc/sysconfig/network $ host resolver.uu.se | grep -v IPv6 | awk '{print "nameserver " $4}' >/etc/resolv.dnsmasq $ echo 'nameserver 8.8.8.8' >>/etc/resolv.dnsmasq $ echo 'nameserver 8.8.4.4' >>/etc/resolv.dnsmasq $ _

if you are running a totally static setup without NetworkManager you need to manually add the 127.0.0.1 resolver first in resolv.conf instead of adding it to the /etc/sysconfig/network configuration file.

$ sed -i '1i nameserver 127.0.0.1' /etc/resolv.conf $ _

Most clients use NetworkManager. For a client moving around between networks you need to get the recommended resolvers from DHCP but also insert the dnsmasq 127.0.0.1 resolver first. NetworkManager has built in support for dnsmasq. Simply adding dns=dnsmasq to the [main] section and then restart NetworkManager should solve it.

[main] dns=dnsmasq

Also check that dnsmasq do not have the option bogus-priv activated in /etc/dnsmasq.conf otherwise queries about the local networks (RFC1918) will be blocked with answer NXDOMAIN in dnsmasq. These are used in the university network so they should not be blocked between client and resolver. The default in CentOS 7 is to not have bogus-priv activated which is fine. Otherwise, uncomment with:

$ sed -i 's/\(^bogus-priv\)/#\1/1' /etc/dnsmasq.conf $ _


Using Bind as a local resolver

If you want to maximize reliability then nothing beats a local resolver. Just run BIND and set it up to only listen to the local machine (or local HPC cluster). On the university network, this usually requires openings in the router filters and perhaps firewalls in order to send UDP traffic in and out. Only do this if you do not want to pester the university resolvers with all your requests, like when you are running an HPC cluster connected to the USER-AD, doing statistics for a lot of webserver logs or something else similar.


33. How do I really delete a directory and files in Windows?

  1. Start a command prompt as a local administrator.
  2. Change directory to the one above the directory you want to delete.
  3. Fix permissions.
  4. Delete files (this should not be needed...)
  5. Delete directories

    cd "c:\my stuff" attrib /s /d -s -h -r "to delete" del /f /s /q "to delete" rmdir /s /q "to delete"

  6. If this do not work also try to take ownership of the directory and full control in the ACLs and then delete again:

    takeown /f "to delete" /r /d y icacls "to delete" /grant %username%:F /T

34. How to transfer web hosting for a domain

  1. Add the correct virtual host to the webserver
  2. Check to whom the mail to change in DNS should be sent
  3. Send a mail to domainmaster and request the change

Step 1. Add the correct virtual host to the webserver

In order to get the new webserver to respond the new name. Usually one must must add the virtual host to the web server configuration.

Check that the new service is working at the new host. Change the the hosts-file on a client computer. On Ubuntu (Linux) and macOS it is called /etc/hosts and Windows %SystemRoot%\system32\drivers\etc\hosts usually c:\windows\system32\drivers\etc\hosts.

If the webserver is called www.department.uu.se and will be moved to the new IP-address 130.238.39.248 then add the following line:

130.238.39.248 www.department.uu.se

Or if you wish to use both www.department.uu.se and department.uu.se you need to put them both in the hosts-file:

130.238.39.248 www.department.uu.se department.uu.se

Now restart the local webbrowser (Firefox, Internet Explorer etc) and open the website (http://www.department.uu.se/). Your webbrowser will now contact the new IP-address (picked from the hosts-file).

If the website has two names (www.department.uu.se and department.uu.se), you need to test them both.

If the the web browser shows an page like this you need to activate the web site on the new web server. If you run Apache you need to create the correct VirtualHost. Contact the responsible person for the webserver or the web site and let them fix the problem before you proceed.

When everything is OK proceed to the next step. Also, remember to remove your changes to your hosts-file.

Step 2. Check to whom the mail to change in DNS should be sent

Then check the SOA field of the domain. The SOA record contain information on what what the contact person is for the domain. When querying for SOA also authoritative nameserver may be shown.

Use the command Dig for this. Dig is included in macOS and Linux and may be downloaded for free for Windows.

The output may look like this:

$ dig soa bmc.uu.se ; <<>> DiG 9.4.3-P3 <<>> soa bmc.uu.se ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35450 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7 ;; QUESTION SECTION: ;bmc.uu.se. IN SOA ;; ANSWER SECTION: bmc.uu.se. 14400 IN SOA ddns.uu.se. domainmaster.uu.se. 2015021900 3600 600 2592000 1800 ;; AUTHORITY SECTION: bmc.uu.se. 1078 IN NS dns2.uu.se. bmc.uu.se. 1078 IN NS dns3.uu.se. bmc.uu.se. 1078 IN NS dns1.uu.se. bmc.uu.se. 1078 IN NS dns.uu.se. ;; ADDITIONAL SECTION: dns.uu.se. 13974 IN A 130.238.7.10 dns.uu.se. 13974 IN AAAA 2001:6b0:b:242:130:238:7:10 dns1.uu.se. 13974 IN A 130.238.4.133 dns1.uu.se. 13974 IN AAAA 2001:6b0:b:215:130:238:4:133 dns2.uu.se. 13974 IN A 130.238.164.6 dns2.uu.se. 13974 IN AAAA 2001:6b0:b:732:130:238:164:6 dns3.uu.se. 13974 IN A 193.11.12.166 ;; Query time: 4 msec ;; SERVER: 130.238.39.248#53(130.238.39.248) ;; WHEN: Fri Feb 27 17:43:03 2015 ;; MSG SIZE rcvd: 304 $ _

There are two interesting things in this output.

  1. The contact person is domainmaster@uu.se. The first unescaped . (dot) in the field is substituted to an @.
  2. There are DNS-servers on uu.se.

Step 3. Send a mail to domainmaster and request the change

The main part of the mail may look like this:

To: domainmaster@uu.se From: me@department.uu.se Subject: change webserver www.department.uu.se Hello, Please make www.department.uu.se a CNAME to www.service.uu.se like this: www.department.uu.se. IN CNAME www.service.uu.se. Kind regards, My contact information

Or, if you wish to change both http://www.department.uu.se and http://department.uu.se it may look like this with only IPv4 addresses.

To: domainmaster@uu.se From: me@department.uu.se Subject: change webserver www.department.uu.se department.uu.se Hello, Please remove the old A-record for department.uu.se and any record for www.department.uu.se. Add the following: department.uu.se. IN A 130.238.39.248 department.uu.se. IN A 130.238.39.252 www.department.uu.se. IN A 130.238.39.248 www.department.uu.se. IN A 130.238.39.252 Kind regards, My contact information.

If you have any questions contact helpdesk@bmc.uu.se or domainmaster@uu.se.

35. How do I set up eduPrint for a Linux server?

Printing via mail (Scientific Linux, Ubuntu, Debian)

In this example the file FILE_TO_PRINT.pdf is sent to a fictive user.

echo "please print me" | mailx -r passivo.agressivo@department.uu.se -a FILE_TO_PRINT.pdf print@uu.onricoh.se

Printing via CUPS on Linux (Ubuntu 16.04 / 17.10) or macOS (10.12.6)

  1. Get the PPD.

    Download and save the PPD as /tmp/eduPrint-UU.ppd on your local computer. If you use another file name then change the commands below appropriately.

  2. Make sure you are using the Employee-ID accounts on the computer. The easiest way to assure this is to use the Active Directory, but it works as long as the names are identical.
  3. Configure the printer queue:

    sudo lpadmin -p eduPrint-UU -v lpd://edp-uu-prn01.user.uu.se/eduPrint-UU -P /tmp/eduPrint-UU.ppd -u allow:all -o printer-is-shared=false -E

  4. Set this as the default printer queue if you want:

    sudo lpadmin -d eduPrint-UU

  5. Print like this:

    lp -d eduPrint-UU HELLO.pdf

If you are using unique local user account names

You want to configure the print queue to use the correct user name.

lpadmin -p QUEUENAME -v lpd://UU-USERNAME@edp-uu-prn01.user.uu.se/eduPrint-UU -P /tmp/eduPrint.ppd -u allow:LOCAL_USERNAME -o printer-is-shared=false -E

You can let everything printed on the computer go to a specific users queue.

lpadmin -p QUEUENAME -v lpd://UU-USERNAME@edp-uu-prn01.user.uu.se/eduPrint-UU -P /tmp/eduPrint.ppd -u allow:all -o printer-is-shared=false -E

Please note that the environment variable CUPS_USER may be used instead of specifying a specific user. This may be used on a multi user system if the variable is set in the login scripts.

36. How do I compare the content of two directories?

The build in tools diff, comm, find and sort in macOS and Linux can be used to compare two directories to see if anything is changed.

Let us assume the files are in the directories called directory1 and directory2.

Finding difference in content

For large datasets this will take some time because the content of all files will be read and compared.

diff -r directory1 directory2

Finding missing or added files

This will be faster because only the list of files and directories in the two directories are compared. The content is not compared. All file names that do not exist in both are printed.

comm -3 <(find directory1 -mindepth 1 | sort) <(find directory2 -mindepth 1 | sort)

This displays files and directories that are unique for directory1.

comm -23 <(find directory1 -mindepth 1 | sort) <(find directory2 -mindepth 1 | sort)

This displays files and directories that are unique for directory2.

comm -13 <(find directory1 -mindepth 1 | sort) <(find directory2 -mindepth 1 | sort)

37. Troubleshooting mail - what can I do and whom do I ask?

The main mailservers at Uppsala University are taken care of by IT-division. The main spamfilter is taken care of by SUNET.

Please note that the anti-spam filter will put mail that has been classified as mail into the Skräppost / Junkmail folder automatically. Please check there if you are missing mail!

To troubleshoot mail you are missing you need the following information:

  1. Sender of mail
  2. Receiver of mail
  3. Subject
  4. Date and time

Send the request to the postmasters at Uppsala University who can be reached at helpdesk@uu.se.

If you have recieved the mail but still have questions where it was kept up you can open the mail headers and look at the ones beginning with received:. A mail only sent internally in the Exchange server at the university does not contain any such lines.

This can be found in Thunderbird by pressing CTRL-U. For Outlook 2013/2016: Open the message in its own window, On the File tab, select Properties and the header information should appear in the Internet headers box.

In the example below it looks like the mail was delayed 17 minutes in e-mailfilter04.sunet.se but it does not explain the reason - could the next receiver lyra.its.uu.se not receive the mail at that moment or were there queues internally in the e-mailfilter04.sunet.se? To investigate such things further the postmasters have to look at for example queue lengths or other logs for the mail servers.


Received: from lyra.its.uu.se (130.238.7.73) by smtp.user.uu.se (130.238.3.118) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 2 Nov 2016 11:47:01 +0100 Received: from e-mailfilter04.sunet.se (e-mailfilter04.sunet.se [192.36.171.204]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id C869F3942E for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:47:01 +0100 (CET) Received: from cursor.its.uu.se (smtp-out2.uu.se [130.238.7.173]) by e-mailfilter04.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id uA2AUbDF008508 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:38 +0100 Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [192.36.171.202]) by cursor.its.uu.se (Postfix) with ESMTP id C46F11D60 for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uu.se; s=centralsmtp; t=1478082636;bh=81SVPu1qJne0nNt3g29NneVtKglBV287biptFjHv6vs=;h=To:Subject:Date:From;b=YZ4xC5F4ISHQEggiwaTS1BJUH5MZ24o2ayd1o/bTadGliYtIveL/nj/kXkq4Ju5/MUsx5NkpjcY+hADrrESdBa2K75+LxUs2ORvv2O3koq7lk7n0YS/D2ZYCGFVqarvLlFYiA6kmrBRO4HTVKoN60GnDW6ef2l5JHS6HJsqaot0= Received: from velox.its.uu.se (velox.its.uu.se [130.238.7.74]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id uA2AUaGA005478 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:36 +0100 Received: from localhost (nimos.rudbeck.uu.se [130.238.63.61]) by velox.its.uu.se (Postfix) with ESMTP id E6AA634651 for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:35 +0100 (CET)

38. How do I use port forwarding and SOCKS-proxy in SSH?

Let us assume that there is a service on a server listening to a local port 8787.

Port forwarding using PuTTY in Windows

"c:\Program Files (x86)\PuTTY\putty.exe" -L 8787:localhost:8787 youraccount@server.department.uu.se

PuTTY can of course also be configured using the GUI.

Port forwarding using OpenSSH in Linux and macOS

ssh -L 8787:localhost:8787 youraccount@server.department.uu.se

SOCKS-proxy using PuTTY in Windows

Also be aware that you can use PuTTY and OpenSSH as a SOCKS-proxy which can be used to access arbitrary ports.

"c:\Program Files (x86)\PuTTY\putty.exe" -D 9999 youraccount@server.department.uu.se

SOCKS-proxy using OpenSSH in Linux and macOS

ssh -D 9999 youraccount@server.department.uu.se

Acessing the SOCKS-proxy from the web browser

Let your web browswer be configured to use this SOCKS-proxy.

Firefox is configured in Preferences, General and Connection Settings like this:

Chrome can be started with the SOCKS-proxy as a command line argument. This example is in macOS:

open /Applications/Google\ Chrome.app --args --proxy-server="socks5://localhost:9999"

Will it work?

Then start the web browser and go to a web page which displays where you are connecting from.

You can go to What is my IP-address and MAC-address? in this FAQ or perhaps www.whatismyip.com. Here I have connected to UPPMAX over SSH and proxied my browser via that server.

39. How do I access my work-computer from home?

  1. Find out if you need access to the files or the actual computer running programs on it.
  2. If you only need access to the files, then it might be easier to store the files on a file server. Access the files in a secure way from home over VPN connecting to the file server.
  3. If you need access to the computer to be able to run programs on the computer, then:
    1. Allow someone to connect to your computer using Remote Desktop Connection. (Read HOWTO in Swedish or Read HOWTO in English)
    2. Lock the computer to a specific IP (Contact your Local IT, computer name, your current IP and MAC-address)
    3. .. and open in the router filter so that you can run remote desktop from the VPN to the computer. (This is also done by your Local IT.)

Mac

In Mac, get Microsoft Remote Desktop which is free in the App Store.

Add a new host hosts with login (with the windows domain) and password and then Start!

Remember to add the Windows domain in for example the format username@domain, if the host is connected to a Windows domain.

Windows

In Windows, start Remote Desktop Connection and enter the details and then Connect.

Linux Ubuntu

Install rdesktop and run for example this command:

rdesktop -p MySecretPassword -u _jny25782-T -d USER -x 0x80 -g 1800x1100 -k sv dcts.user.uu.se

40. What do the different symbols in BlueCat mean?

Here is a description of what the different colors mean in BlueCat - the IPAM system at Uppsala University.

41. How do I access my scans for eduPrint in Linux?

Where are the scans stored

The DFS-path to the directory where your scans are stored is smb://user.uu.se/eduPrint/Scan/USERNAME. This path works fine in macOS but may or may not work in Linux. An alternative path is smb://uuc-file011.user.uu.se/eduprintscan$/USERNAME. This path may change in the future, but for the moment (2017-12-01) it works.

At 2017-12-11 also the host eduprint.its.uu.se exists but is hard to mount in Linux.

How to access them in Linux

Use smbclient to access your directory. But use your own username instead of mine. smbclient works like a very old school FTP-client if you remember those. It may be convenient because it is all in userspace.

smbclient -W USER -U jny25782 '//uuc-file011.user.uu.se/eduprintscan$/jny25782'

Works too:

smbclient -W USER -U jny25782 -I eduprint.its.uu.se '///eduprintscan$/jny25782'

Or mount directly on the command line like this. Use your own username and password.

mount -t cifs -o username=jny25782,password=PASSWORDA,domain=user '//uuc-file011.user.uu.se/eduprintscan$/jny25782' /mnt/

You may exclude your password and be prompted instead. This works in Scientific Linux 6 (compatible with RHEL6) and CentOS 7 (compatible with RHEL7).

mount -t cifs -o username=jny25782,domain=user '//uuc-file011.user.uu.se/eduprintscan$/jny25782' /mnt/

The default settings in Ubuntu 17.10 do not work. Try SMB version 2.1 like this:

mount -t cifs -o username=jny25782,domain=user,vers=2.1 '//uuc-file011.user.uu.se/eduprintscan$/jny25782' /mnt/

42. How do I convert an image from RGB to CMYK?

The software ImageMagick can do this. This can also be done in Photoshop and other tools. But ImageMagick works in both Windows, macOS and Linux (Ubuntu etc) and also has an interface in plenty of programming languages. And it is free.

  1. As an example we have a small sRGB PNG.

    $ identify start.image.png start.image.png PNG 448x54 448x54+0+0 8-bit sRGB 4101B 0.000u 0:00.009 $

  2. First convert the sRGB PNG into a sRGB TIFF.

    $ convert start.image.png start.image.tiff $

  3. Then convert the sRGB TIFF into a CMYK TIFF.

    $ convert start.image.tiff -colorspace CMYK output.image.tiff $

  4. Confirm that the resulting image is a CMYK TIFF.

    $ identify output.image.tiff output.image.tiff TIFF 448x54 448x54+0+0 8-bit CMYK 2376B 0.000u 0:00.000 $

The command line tool seems to work fine in Windows as well:

43. How do I convert EPS to PDF in Windows and macOS?

Mac OS X

  1. Open in Preview.
  2. Save as PDF.

Windows

There seems to be no built in way to convert EPS to PDF in Windows.

Use Adobe Acrobat Pro.

  1. Open the file.
  2. Save as PDF.

Use some external service like Cloudconvert

  1. Upload file
  2. Download PDF
  3. If you want to import a vector image into Word then convert into EMF instead.

Linux (Ubuntu, CentOS etc) / Windows / macOS

The software ImageMagick can do this.

convert fish.eps fish.pdf

44. What should I think about when adding my own network printer?

Be aware that the Uppsala University already have a central printing system currently called eduPrint. Getting your own printer is in general contra productive.

  1. The printer should in general be configured to use DHCP. In order for the printer to get an IP-address thne MAC-address should be added to the DHCP-server at the network. This is in general the central IPAM-system called Bluecat.
  2. Close down any older or unused protocols on the printer that are not in use, like telnet or FTP. No other services than those to be used should be open at the printer.
  3. Set up a local firewall on the printer and only let those networks that should be able to also be able to print directly onto the printer.
  4. Check that the manufacturer has working drivers or instructions for at least macOS, Windows and Linux (RHEL/CentOS).
  5. Check that the PostScript module is added to the printer. Double check this when the computer has arrived. This makes printing on macOS work better or at some models at all.
  6. For scanning purposes, use the central mail server called smtp.uu.se. As a sender for the mail use the receivers own mail-address or create a special account for this. The sender must be accepted at the university mail servers. People receiving mail will eventually reply to this sender so the behaviour should be known - do not send everyting to a black hole for example.
  7. For searching use the catalogue LDAP-server at ldap.uu.se or maybe the Active Directory LDAP-servers at dc.user.uu.se. For the later an account is needed for access so create a function account for this.
  8. Set up logging for the printer to syslog.uu.se using the syslog protocol.
  9. Set up a unique password for the department printers. Make sure the default passwords are removed. Make sure the IT-support know about the passwords.
  10. Make sure to update the firmware on the printer regularly in order to follow normal security guidelines.

45. What are the different PC form factors?


Dell OptiPlex 9020 family

Intel NUC

Full specifications for the Dell OptiPlex 9020 family

NUC - Next Unit of Computing (6th gen)
Dimensions (H x W x D): 3.2 x 11.2 x 11.7 cm
Two memory slots
No expansion
1 internal M.2 (to get a 2.5" drive add a cm or two in height)
Micro - Micro Form Factor
Dimensions (H x W x D): 18.2 x 3.6 x 17.6 cm
2 memory slots
No expansion

1 internal 2.5" bay

USFF - Ultra Small Form Factor
Dimensions (H x W x D): 23.7 x 6.5 x 24 cm
2 memory slots
1 miniPCIe connector
1 external 5.25" slimline bay

1 internal 2.5" bay

SFF - Small Form Factor
Dimensions (H x W x D): 29 x 9.3 x 31.2 cm
4 memory slots
1 low-profile PCI Express x16
1 low-profile PCI Express x4 (x16 slot)
1 internal 3.5" bay
1 external 5.25" slimline bay

MT - Mini Tower
Dimensions (H x W x D): 36 x 17.5 x 41.7 cm
4 memory slots
1 full height PCI Express x16
1 full height PCI Express x4 (x16 slot)
1 full height PCI Express x1
1 full height PCI (legacy with 32 bit 33 MHz)
2 internal 3.5" bay
2 external 5.25" bay

46. Installation of eduPrint in Mac OSX

How to install eduPrint on a non-standard Mac

Standard installed Macs from BMC-IT already have an eduPrint queue installed.

Prereqisites for this manual installation:

  1. Connected using eduroam wireless or by wired BMC-connection.
  2. You must have local admin access on your computer.
  3. You must have an active AKKA account (employee or student).
Ref:
https://mp.uu.se/c/perm/link?p=122453313

Install Ricoh driver

  1. Download the driver from: https://wiki.ub.uu.se/download/attachments/39452704/Ricoh_PS_Printers_Vol4_EXP_LIO_Driver.pkg?version=1&modificationDate=1505321371257&api=v2
  2. Install the downloaded “Ricoh_PS_Printers_Vol4_EXP_LIO_Driver.pkg”-file.

Install the print client

  1. Download the client from: https://wiki.ub.uu.se/download/attachments/39452704/eduPrint-Mac-Black.pkg?version=2&modificationDate=1509616716210&api=v2
  2. Install the downloaded “eduPrint-Mac-Black.pkg”-file.
  3. During installation, select “eduPrint via PaperCut-klient”:
  4. When prompted for login credentials for PaperCut, use your AKKA@user.uu.se and password A. Check “Remember my identity”.

How to print

  1. Use the “Public-UU” print queue. Fill in your AKKA and password A in the login box that appears:

Troubleshoot

  1. If you do not get a login box when you print, then the PaperCut client may have stopped. Restart the PaperCut client. Click Spotlight, search by entering "PCClient" and start the client. The login box will appear.
  2. Another way to start the client is to logout and login to the computer.
  3. The PaperCut client must be running when printing.
  4. If you don’t know how to use the printer, call Helpdesk 4400.
  5. If there are a hardware problem with the printer, call Ricoh 020-734 734.
  6. Go to https://mp.uu.se to read user guides and get info about current issues.

Uninstallation of the client

  1. Download the uninstall package from: https://wiki.ub.uu.se/download/attachments/39452704/eduPrint-Mac-PCClient-uninstall_signed.pkg?version=2&modificationDate=1504855782911&api=v2
  2. Install the downloaded “eduPrint-Mac-PCClient-uninstall_signed.pkg”-file if you want to uninstall the PaperCut client.

47. I would like SPSS on my computer.

The current cost 2018-04-12 for SPSS is 1500 SEK/year/user. The license is per user.

Search Progdist at UU Reload

This is how to install SPSS in Windows via ZENworks and trigger license registration

  1. Open ZENworks application window and click on the SPSS 22 icon.

  2. Accept the costs involved with license registration.

  3. Wait a while for the installation to complete.

  4. You can now start SPSS from the Start menu.

48. What is the cost for EndNote? What is Zotero? And Pages?

The current (2016-01-11) cost for EndNote X7 is 1376 SEK as a one-time cost, but please note, if you already have an older version of EndNote, an upgrade is only 781 SEK. EndNote is available for Windows and macOS.

Search Progdist at UU Reload

The University library regularly provides courses on the reference management software EndNote - but not EndNote basic.

EndNote basic is a free but limited version of EndNote. It does include EndNote integration in Word via a special plugin.

There are open source alternatives, for example Zotero and Mendeley which are free. They are not compatible with EndNote but may be used instead.

The University library regularly provides courses on the reference management software Zotero.

Pages is a Mac only application available in the Mac App Store. Some say it is great, but as usual, not directly compatible with neither EndNote nor Zotero.

49. Who is resposible for what on the BMC network? Who can help me?

Local IT

This may be you, your department, BMC-IT or client support at UUIT or any other organisation at the university, depending on where you work.

BMC-IT

Contact helpdesk@bmc.uu.se

UUIT

Contact Domainmaster (DNS/DHCP/TFTP), Netsupport (Network), IRT (Security) or UU helpdesk (everything else).

Responsibilities

These reflect how it is usually done, but are not carved in stone

  • All usage on the VLAN/subnet
  • Local security on the VLAN/subnet
  • Identity of the different computers
  • Request change in router filter
  • Physical network copper and fiber.
  • Buy switches
  • Request change of VLAN configuration of switch ports
  • Patch network in cross connect cabinets
  • Keep documentation of cross connect cabinet patches
  • May help Local IT track down rogue computers
  • Router and router filter (Netsupport)
  • Perimeter Firewall (Security division)
  • Install, configure, replace and maintain switches (Netsupport)
  • Security tracking (Security division)
  • TFTP, DNS and DHCP for UU (Domainmaster)
  • May help Local IT track down rogue computers (Netsupport and Security division)
Install a new network socket (or move an existing network socket) Installation of a new socket costs around 3000 SEK for a double socket. It depends on the amount of work. Several sockets in one room is less work (cheaper) per socket than one single socket. Please write the following information in the mail:

  • Room number
    Example A1:123d
  • Other requests
    Example right side, near the window
  • Who to charge (Kostnadsställe)
    Example 123ABC

If you want to connect the network sockets to the network (and not only telephone) then also supply:

  • Which VLAN at BMC you would like to use.
    Example Vlan680 "BMC-Data"
  • If you want one or two sockets to be connected. If you only want one, clarify which socket to activate.
    Example Left, right or both
Directly connect two network sockets Two network sockets connected to the same cross connect cabinet may be directly connected with two patch cables in the cross connect cabinet. Just send an email to helpdesk@bmc.uu.se with the network socket and cross connect cabinet identifiers.
New power socket Talk to Bo Ejdesjö at BMC. Will cost money. Hyresgästanpassning.
New pillar with power and network sockets Talk to technical service at BMC. Free of charge AFAIK.
All about fixed telephone Talk to teleservice at university. Will cost money.
Activate network socket () BMC-IT does the cross connect cabinet patching and requests VLAN change.

Please write the the following information in the mail. (Read more in FAQ on how the network sockets are identified.)

  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • VLAN name or number
    Example Vlan664 "NEURO"
  • If it is a double socket identifier, clarify which socket to activate
    Example Left, right or both

Here is an example how a mail could look like:

Deactivate network socket Send a message to BMC-IT with the following information in the mail. (Read more in FAQ on how the network sockets are identified.)

  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • If it is a double socket identifier, clarify which socket to deactivate
    Example Left, right or both
Change VLAN in an already activated socket Send the request to BMC-IT. Please write the following information in the mail:
  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • VLAN name or number
    Example Vlan664 "NEURO"
  • If it is a double socket identifier, clarify which socket to deactivate
    Example Left, right or both

Here is an example how a mail could look like:

UUIT Netsupport will do the configuration of VLAN in switch.
Server room access in D11:0 May give temporary guided access Contact UUIT for permanent access to your rack
Faster network Upgrades to 1 Gbit/s are available in most cross connect cabinets. Request upgrade from Fast Ethernet to Gigabit by sending a mail to helpdesk@bmc.uu.se with the following information written in the mail:
  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • If it is a double socket identifier, clarify which socket to upgrade
    Example Left, right or both
If you need 10 Gbit/s contact BMC-IT together with UUIT Netsupport. This is available in a few cross connect cabinets.
Order a new VLAN/subnet First find out how many IP you need
(Remember to fix DNS and perhaps DHCP, router filter settings, and possibly perimeter firewall settings)
BMC-IT may be aware of spare ranges or networks on the way of being decomissioned that can be reused. We do not want to create a lot of small VLANs if not needed. Contact UUIT Netsupport to get new subnet and VLAN assignments
Campus router filter settings (Cisco) Figure out what you need And let UUIT Netsupport configure the router filter
University perimeter firewall settings (Fortigate) Figure out what you need And let Security Division configure the firewall
DNS Local IT can do this but should not. Use the BlueCat IPAM system at UUIT.
DHCP Local IT can do this but should not. Use the BlueCat IPAM system at UUIT.
TFTP / PXE-boot Local IT can do this Use the UUIT TFTP-server.
Finding a rogue computer The responsibility belongs to Local IT Arpwatch service is available. Manual check in router and the Upunet Tracking Database (NetDB) service
Finding used and unused IP-addresses Keeping track of who is using what. Registration and removal of IP in DNS. Arpwatch service is available. Manual check in router, Bluecat (IPAM) and the Upunet Tracking Database (NetDB) service
Router and uplink bandwidth Linkstatus graphs available for BMC Netstat graphs available for UU
Magic network problems Contact your Local IT And then let Local IT contact UUIT Netsupport
My windows server does not work Contact your Local IT
Eduroam do not work on my client or in general Local IT may help with client configuration Broken wireless hotspots should be reported to UUIT Netsupport
Wireless (Eduroam) coverage is low in some rooms or corridors () Contact BMC-IT to discuss what can be done. All office corridors should have coverage, or at least they originally had. Over the years more and more equipment is using the wireless network or the free frequencies used by the wireless network for different purposes.
  1. BMC-IT can together with IT-division order more hotspots to get better coverage. This is a payed for by the tenant (department). Send a mail to helpdesk@bmc.uu.se with the following information
    1. A list of room numbers with low coverage
    2. Who to charge (Kostnadsställe) Example 123ABC

    An approximate cost would be 3000 SEK for the network socket and 5000 SEK for the wireless access point. Current delivery times are around two months for a new network socket to be installed and the wireless access point to be delivered and set up.

  2. With a start in 2018 the IT-division will upgrade the network at BMC to a new generation of wireless hotspots. Most of the switches and wireless hotspots will be upgraded. It will take some time for this to be completed.

  3. If you have a laptop computer with no ethernet port you can use a USB-adapter for attaching the wired network to the computer.

  4. Some laboratory instruments and door locks also use the same free frequences. It is not much we can do, the equipment manufacturers and the landlord / facility providers do not always have the same priorities as us (IT-support and network users).

UUIT Netsupport may together with BMC-IT install new wireless hotspots. This may cost money. All public rooms for students should have coverage.
I need a network cable Contact your Local IT
The IRT-group has disconnected my computer from the Internet! Contact your Local IT to fix your computer Let the Local IT contact the IRT-group to open the router filter when computer is fine.
My Internet do not work! Help! Check how to find the cause of the problem here. Finding configuration problems in the local computer is a job for Local IT. If it should work but get no link then perhaps switch port is broken. Contact helpdesk@bmc.uu.se. This might be a magic network problem. Then contact UUIT Netsupport.

Sometimes the Security division may have blocked an IP. So if a specific IP do not work but others do then this may be the case. This may have happened years ago when an old unpatched computer was using that IP.

50. How do I change default settings for a printer in macOS?

This can be done through the cups interface. Do this to change the default settings to duplex, black and white and options installed:

Enable cups interface

  • Enable the cups webinterface by starting the application "Terminal" (Applications/Utilities) and enter the command below, followed by Enter:

    You can copy the command here:

    cupsctl WebInterface=Yes

Change settings

Disable cups interface

51. How do I add a macOS printer at IMBIM?

Imbim has new printers since 2018-03-22. Users with macOS clients need to reinstall the printers. Remove old Imbim printers before installing new ones. Depending on your macOS version, you may need to install a printer driver before installing the printer. See instructions below.

One of the old printers remains (D9:4). That printer can still be used as before, without any changes.

Important! You need to be connected to the Imbim network via cable to print using these printers. If you're not, use the central printing system for the university, eduPrint!

Remove an old printer
Install printer drivers
Install a new Imbim printer
Click on a link below to download an installation package for all or individual Imbim printers. Run the installation package by double clicking it and follow the on screen instructions. Change default settings for a printer
Select your computer's OS below to view instructions for how to change the default settings for a printer.

52. Backing up via Rsync to Btrfs snapshots

BMC-IT is running a service for simple incremental file based backups to disk using Rsync and Btrfs snapshots. The service is used internally in BMC-IT for servers we do system administration for. You you can set up a similar system if you want to.

The service is documented in the SOP - Rsync backup to Btrfs snapshots.

hostname function OS hardware file system controller disks
neuro-l2 file server Scientific Linux 6 Supermicro 36 Ext4 XFS Areca ARC-1882 3×750GB 6x4x3TB 8x8TB 1xFree
bmc-esc2 backup Scientific Linux 6 HP Microserver G8 ZFS SATA 4x4TB
bmc-esc3 backup Scientific Linux 6 HP Microserver G8 ZFS SATA 4x4TB
bmc-t1 backup CentOS 7 Supermicro 24 Btrfs Areca ARC-1280 2xSystem 4x3TB 4x8TB 8x10TB 6xFree
bmc-t2 backup CentOS 7 Supermicro 24 Btrfs Areca ARC-1280 8x4TB 4x6TB 8x8TB
bmc-pcfs1 file server CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs2 backup CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs3 standby CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 6x8TB 18xFree
bmc-pcfs4 file server CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs5 backup CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-t3 backup CentOS 7 Supermicro 24 ZFS Areca ARC-1280 24x2TB
bmc-t4 backup CentOS 7 Supermicro 24 ZFS Areca ARC-1280 24x2TB
fbv-neo file server Scientific Linux 6 Supermicro 24 Btrfs Areca ARC-1280 24x2TB
fbv-one standby CentOS 7 Supermicro 36 Ext4 Areca ARC-18xx -

53. How do I use the UUPEL repository?

The Uppsala University Packages for Enterprise Linux (UUPEL) is a very small public repository aimed for collecting some of the extra packages we need at BMC at Uppsala University.

This is how to activate the repository for Centos 7:

yum -y install http://it.bmc.uu.se/repo/uupel/7/x86_64/uupel-release-7-4.noarch.rpm

To use the repository you just use yum as normal:

yum -y install kmod-arcmsr btrfs-backup

Building process

Currently the build host is a server running CentOS 7 at BMC-IT. These steps are done by BMC-IT.

  1. Do the changes to the sources... Check out of SVN, download, edit, whatever.

    emacs -nw rpmbuild/SOURCES/btrfs.backup.sh

  2. Update the version number of the RPM specification.

    emacs -nw rpmbuild/SPECS/btrfs-backup.spec

  3. The last step is just a script that copies the RPMs to the repository and then build new repository index files.

    rpmbuild/publish.sh


54. How do I change default settings for a printer in Windows?

Do this to change the default settings to duplex and black and white:

  • Click on the Start button in the lower left hand corner.
  • Start writing "Control Panel" (without quotation marks) and click on "Control Panel" when it's shown in the list.
  • Change from "Category to "Large icons" where it says "View by:" in the top right corner.
  • Click on "Devices and printers".
  • Right click on the printer and choose "Printing Preferences".
  • Change the option "Duplex:" to "Open to Left".
  • Change the option "Color/Black and white:" to "Black and White".
  • Click on "OK" and you have changed the default settings for the printer.

55. Should I upgrade to macOS Yosemite?

We do not recommend upgrades on computers older than 2011.

On computers with an third-party upgraded SSD, be aware that TRIM will stop working which may degrade performance.

Be aware that some programs may stop working, like old versions of Office and EndNote. Getting a new version of EndNote involves a cost. Office is free (not really, but the university already payed for it).

But other than that, go ahead. Most things work better. If you have any questions contact helpdesk@bmc.uu.se.

56. How do I add the Korint IPP printer in macOS?

Run this command in a terminal.

lpadmin -p Korint-FollowPrint-IPP -P `dirname "$0"`/PPD/Korint-FollowPrint.ppd -v ipp://ipp.korint.uu.se/printers/Korint-FollowPrint?compression=none -L "Uppsala University FollowPrint" -D "Uppsala University FollowPrint" -E

The -D option is the description. Read more at Korint homepage.

57. Which VLANs are at the campus BMC-router?

This list was updated in 2018-04-25.

IT-division has a tool called NetReg for looking up which IP-addresses belong to different VLANs and vice versa all over UpUnet. Contact Netsupport for access.

IT-division is also running NetDB - Network tracking database, that does similar things like Arptrack we are running on BMC and just like for Netreg please contact Netsupport for access.

There is also another router pair at the BMC server room. Please check the Vlans at NetReg and NetDB mentioned above.

VLAN numberVLAN name
1 default
2 Management
3 Backbone
4 Backbone-2
50 WLAN
660 FarmBio
661 ILK-fkog
662 MCB-instr
663 Kemi-analyt
664 Neuro
665 ILK-anafarm
666 Farmaci
667 Ytbioteknik
668 ILK-orgfarm
669 eu-support
670 Ludwig
671 Struktbio
672 LCB
673 Medcellbiol
674 IBG-kurs
675 IMBIM
676 Struktbio-internt
677 Kemi
678 BMC-Adm
679 BMC-Gemensamt
680 BMC-Data
681 FKI
682 BMC-Styr
683 Ludwig-internt
684 Bibliotek
685 NatBiokemi
686 ICM
687 SLU-hgen
688 Bioorgchem
690 MedfarmDoIT
691 SLU-mbv
692 BMMS
693 Neuro-micro
694 Ventilation
695 Netlogin
696 BMC-Mediatek
697 Medfarm-kansli
698 Korint
699 IBG-adm
900 BMC-AD
901 AKKIS-UU.225
902 IHV
903 HORS
904 Pubcare
905 AKKIS
906 Farmbio-cluster
907 BMC-signage
908 ICM-MB
909 IGP-Dumanski
910 IGP-A
911 IGP-B
912 ICM-MB-IB
913 ICM-MB-EN
914 ICM-MB-IPMI
915 Video-conf.
916 MEDSCI-ARRAY
917 IGP-UGC
918 IGP-FUG
919 UPPNEX
931 Molmed-client
932 Molmed-lab
933 SciLifeAdm
934 SciLifeLab
935 Neuro-IPMI
936 FarmBio-IPMI
937 IGP-C
938 IMV
939 BMC-CAM
940 BMC-PROJECTOR
941 ISP
942 RUD-Gemensamt

58. We have a server, where should we put it?

BMC has a server room in D11:0. The room was built in 2013 and is maintained together by the IT-division (UUIT) at the university administration (UADM) and Uppsala Biomedical Centre (BMC). The management team (styrgrupp) for the BMC-hall includes the IT director of the IT-division and the director of Uppsala Biomedical Centre.

The server room is equipped with:


The BMC-hall-router VLANs on the normal BMC-hall-switches cannot be shared with the VLANs on the router (called the BMC-router) for the rest of the building. Contact netsupport@its.uu.se for help with network configuration for the server room.

Current rate is 60000 SEK/rack/year or 2000 SEK/U/year plus a one time fee of 5000 SEK. (This should be about the cost of production. Prices from 2015-06-05.)

For renting space in the server room, contact bmc-hall@uu.se.

Also consider renting virtual servers or using some of the shared services at the university before buying your own physical servers. Contact uppdrag@its.uu.se for renting virtual servers in the the shared VMware environment or storage. Contact UPPMAX for using the shared HPC resources for computation and storage. Contact BMC-IT for shared storage using PC file server. Check on them from time to time to see what they are up to before building something on your own to reduce the duplicated effort.

59. How do I mount SMB share in Linux?

Command line

  1. If you are running Ubuntu make sure the package cifs-utils is installed by running the command:

    apt-get install cifs-utils

  2. To mount an SMB-share on the command line in Linux, first create a directory where to mount the share: example like this:

    mkdir /mnt/myfiles

  3. Then mount:

    mount -t cifs -o domain=USER,username=jny25782,password=XXX '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

    If you want to be prompted for a password try this instead where the password is not specified.

    mount -t cifs -o domain=USER,username=jny25782 '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

  4. Newer versions of Ubuntu do not fall back to older versions of the SMB protocol. Then please specify what version you want to use. In this example Ubuntu 17.10 is used connecting to the Hitachi NAS service at UU.

    mount -t cifs //inv-users.files.uu.se/INV-Common$/ /mnt/myfiles -o domain=USER,username=jny25782,password=XXX,vers=2.0

Permanently

To do this permanently add the following line (as a root user) in the file /etc/fstab

  1. First check your uid (uidNumber) as your normal user:

    id -u

  2. Then enter this line as an administrator in the file /etc/fstab.

    //inv-users.files.uu.se/inv-users$/jny25782 /mnt/myfiles cifs domain=USER,username=jny25782,password=XXX,uid=1000,iocharset=utf8 0 0

  3. Now the normal user with id 1000 should be able to access the files in /mnt/myfiles

Temporarily on an Ubuntu desktop

  1. Start the file browser and open Connect to server...
  2. Enter the path:

  3. Enter your credentials

60. How do I change my primary e-mail address?

Sometimes one has multiple e-mail addresses at the university. Example:

  1. jerker.nyberg@anotherdepartment.uu.se
  2. jerker.nyberg@bmc.uu.se

In order to change what is the primary address, contact Uppsala University central helpdesk at helpdesk@uu.se and ask for a change.

61. How do I install PyMOL?

PyMOL is computer software, a molecular visualization system created by Warren Lyford DeLano.
Read about PyMOL at Wikipedia.

Commercial version

First option is to buy the commercial version. Read the PyMOL - Academic and Non-Profit Price List. The current price at 2018 is 99 USD/year.

Open source version

The source code is available (not all features but usually good enough). You can download the source and install your self.

There are prepackaged solutions, either with prebuilt binaries or from source.

  1. Linux install
  2. macOS install
  3. Windows install

Status of PyMOL on macOS

For macOS we have tried (at 2018-03-28) the MacPorts, Homebrew and Fink distributions of PyMOL. Only PyMOL in Fink works. The MacPorts and Homebrew distributions of PyMOL are broken. This may change.

Other software

Also take a look at UCSF Chimera or read about UCFS Chimear on Wikipedia.

UCSF Chimera (or simply Chimera) is an extensible program for interactive visualization and analysis of molecular structures and related data, including density maps, supramolecular assemblies, sequence alignments, docking results, trajectories, and conformational ensembles.

62. How do I connect a private computer to the department network?

The most common way to connect private computers to the university network is to use the wireless network Eduroam. Read more about Eduroam on the central university support pages. Printing is done via eduPrint.

Some departments allow connecting private computers directly on the department internal LAN, because it might be the only way to use the internal department printers not connected to eduPrint.

When that is the case, the following information is needed to be put in the inventory. Please send the answers in a mail (in the body (text) of the mail not as an attachment) to helpdesk@bmc.uu.se.

  1. Full name of user and e-mail address
  2. Research group leader
  3. Serial number
  4. Computer name (hostname - what you are calling the computer)
  5. Computer manufacturer and model
  6. Operating system (Windows 10, macOS 10.12.6, Ubuntu 17.04 etc)
  7. Procurement date
  8. Name of anti-virus software
  9. Current firewall settings - enabled or disabled or something else? (Are there any open services on the computer? Please close any file shares, printers and similar services that are not needed and keep a password on those that must be open. No anonymous guest login should be possible for the services on the the computer.)
  10. Computer MAC-address on the LAN port
  11. Has the computer installed the latest updates for the operating system (Windows, macOS, Ubuntu etc) and major applications (Microsoft Office, Firefox, Google Chrome, anti-virus etc)?

The information is needed because the security division at Uppsala University must be able to trace security incidents, virus and similar activity. The university rules require every computer to run adequate anti-virus software. We also need too know if too old and insecure operating systems are being used (Windows XP) and who we should contact if there are any questions.

When the computer is registered it can be used on any network socket connected to the department network.

How to find some of this in Windows (type in command line)

  1. wmic csproduct get IdentifyingNumber
  2. hostname
  3. wmic csproduct get name
  4. ver && echo %PROCESSOR_ARCHITECTURE%
  1. getmac
    ipconfig /all (find the physical address for the ethernet adapter)

How to find some of this in macOS (type in command line)

  1. ioreg -l | grep IOPlatformSerialNumber (Also see How do I find the serial number on macOS? )
  2. hostname
  3. sysctl hw.model
  4. sw_vers -productVersion
  1. ifconfig en0 | grep ether

63. What is ransomware and CryptoLocker?

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows.
- Wikipedia on CryptoLocker

CryptoLocker and TorrentLocker infects computers running Windows via seemingly innocent email with links or attachments. There has appeared other ransomwares attacking Mac too.

Read more about ransomware, TorrentLocker and CryptoLocker on Wikipedia.

To be infected, the receiver has in most cases actively tried to open and execute the payload. The payload may be disguised as a Word-document, a script or something that give the impression that it is innocent. Do not open files or attachments you have not requested!

This (the example above in Microsoft Word) is not safe! Please be careful with Office files that require you to Enable Content. Enabling content may make it possible for evil macros to execute in Office allowing the attacker to take control of your computer.

This (the example above from Windows File Explorer) is an example of an opened .zip-file. .zip-files are in itself not dangerous it is just a way of storing one or many files into one compressed file, but it may be a way to bypass other simple security checks. For example the anti virus software may warn when downloading an .exe-file but may not warn when downloading a .zip-file.

This (the icon above) is an example of how an .js-file look like in the File Explorer. This file will run with the Windows Script Host (wscript/cscript) and execute and may download further potentially evil binaries. Windows Scripting Host also will run .jse and .wsf-files. Also note that a long file name like faktura.pdf.js may hide the real extension in File Explorer and show up as faktura.pdf which is a bit misleading. The real file name extension is hidden.

Even though a ransomware in itself easily can be removed, the files stay encrypted, waiting for a ransom to be payed in order to get the decryption key.

How to not get infected

What to do if infected

  1. Turn the computer off.
  2. Contact your local IT (helpdesk@bmc.uu.se) for help.
  3. Forward the evil mail to no-spam@uu.se so that the Uppsala University Security Division may adjust mail filter and network firewall rules.
  4. Change your passwords at the university. Change all passwords for all sites that you have automatically saved in your browser.
  5. In general, reinstall computer and restore data from backups or snapshots.

Lessons to be learned from CryptoLocker

Also read more

Read more from Europol's European Cybercrime Centre with friends at the No More Ransom! website.

The Uppsala University Security Division has courses in basic information security (in Swedish). Every chapters just takes 2-4 minutes. There are 16 chapters in total.

64. How do I connect to a file server via SMB on macOS?

  1. In the Finder, choose connect to server... from the menu.
  2. Enter server name and name of the share, in this example smb://filserver.uu.se/neuro


  3. Enter the Windows-domain USER, your username and your password A


    Problem and workaround with AD-connected macOS connecting to HNAS on some shares

    We have with macOS 10.12.6 had problems connecting to the HNAS service that he university in November 2017. By ignoring the Active Directory Kerberos but instead using old-school password maybe the problem go away. The way of fooling the Mac is to connect to the IP instead. Like this

    $ host bmci-users.files.uu.se bmci-users.files.uu.se is an alias for uuc-nas110.user.uu.se. uuc-nas110.user.uu.se has address 130.238.2.140 $

Another possible solution for this is to try using cifs instead of smb.

Just replace smb with cifs in the path. Read more about Cifs and SMB at Wikipedia.

65. How do I buy a new computer?

Short story

Contact BMC-IT at helpdesk@bmc.uu.se and describe what you need. We have prepared a couple of standard models.

Long story

Be aware of that Uppsala University is a government facility. This means we have to obey LOU, Swedish Public Procurement Act / Lagen om offentlig upphandling / SFS 2016:1145. This means we are not allowed to go down town in Uppsala to any shop and buy a computer. Or to any web-shop.

Please read the Procurement guide.

The university has a procurement division that have prepared a web site called Produktwebben with many different computers and models. Not all are appropriate to buy even if they are listed there. Technically any group/department can order from Produktwebben, but there may be other policies at the group/department, like wanting all computers to be pre-installed or of certain models to save time (and money). Please check first.

Please note! Contact your LocalIT first! Contact helpdesk@bmc.uu.se! If you do not know what you are doing and do not follow the procedures at your LocalIT / campus / department it is up to you to solve the problems this may create. It may not even be allowed.

Over time, some things have shown to be of extra importance when considering which computer to buy:

  1. The manufacturer should have at least three years support but up to five year support.
  2. The manufacturer should have next-business-day on-site-service. If the computer breaks down it is the responsibility of the manufacturer to come to us. We do not have to send the computer in to them via mail to fix it or pay for this service. This saves a lot of time and money.
  3. The computers should not be of cheapest consumer grade but built to work for a couple of years with replacement parts available. Usually all computers with three year support (or more) are not consumer grade.
  4. Windows Home edition is not supported. We prefer reinstalling computers with Windows Enterprise. Windows Pro may be acceptable if reinstalling is not possible.

At BMC-IT we have prepared some models that we find reasonable and have tested. This means we can quickly install them with operating system (multi language Windows Enterprise or macOS), all drivers, the department printers and common applications like Microsoft Office, Adobe Photoshop, Adobe Illustrator, Adobe Acrobat, EndNote, MATLAB, Symantec Endpoint Protection, ZENworks etc.

New odd PC models (like any PC model from produktwebben) that have not been tested first cannot be expected to be easily reinstalled right away. New Mac models are fine when running the latest macOS.

More information

You can read more about purchasing equipment here:
Purchase of goods and services
Direct Award Contracts (DACs)

66. How do I use an Apple AirPort Time Capsule?

Please do not buy one of these for use at BMC! If you do this you must contact your local IT. For most parts of BMC this is BMC-IT helpdesk@bmc.uu.se and we do not recommend these.

Apple Airport Time Capsule is a great tool for a home or small office, providing simple backup, WiFi hotspot and NAT-router all in one.

But we really recommend a normal external hard drive for backup. Keep one at home and one at work.

Also be aware that a backup, where the client has full write access to the backup and can erase old versions of the backup, do not protect against ransomware attacks. The attacker may destroy old backups from the compromised client.

Here is a summary what the problems may be with this kind of equipment:

NAT
SUNET and the Security and safety division at Uppsala University require that it is possible to identify which user is doing what on the network. NAT (in this level of home or small office equipment) is hiding this.

Read the Riktlinjer för säkerhetsområdet and the document UFV 2016/1944 Anskaffning och drift av IT-system in particular section 4.4 Anslutning till universitetets datornät.

DHCP-server
Apple AirPort has built in DHCP-server. When connected the wrong way (NAT-ports) to the department network the device will give IP-addresses to the other computers on the network. This will mess up the network. In the best case (when both WAN- and LAN-ports are connected at the same time to the department network) all that happens is that all traffic will pass through the Apple AirPort which will then act as a bottleneck. In the worst case (only LAN-ports are connected to department network) nothing will work and the whole department network will go down.

WiFi hotspot
The Uppsala University IT-division is responsible to set up WiFi-hotspots all over the Uppsala University campuses. The frequencies has been planned so that they do not interfere with each other. Even when using using a frequency that is not the same as the closest hotspot the frequency may interfere with other hotspots frequencies further away (but still in range).

Stability problems
We have been running the backups for many clients for several Mac servers using the same technology. It has shown that, although not very often, the backups using time machine over the network may go corrupt. Then the backup is not worth much. The problems may or may not be related to the use of a flaky network adapter (in particular the USB-Ethernet adapter used by Macbook Air).

Sharing the effort of building stable networks
By using the university centrally managed DHCP-server and routers it is possible try to help each other with management. Both the IT-division and the BMC-IT can help with finding problems with the network. When using this kind of small office / home office equipment it is really hard for somebody else to know what is going on. You are on your own.

It may be theoretically possible to turn off all server functions including NAT/WiFi and then secure it with accounts, but it may not be worth the effort. When doing that (turn off NAT and only do Network bridge, turn off WiFi) if the settings are reset by some reason, make sure that the AirPort in a reset state do not mess up the network - only attach the WAN port to the department LAN. The equipment is best used at home or at a small office.

At least these things has to be done:

  1. Turn off NAT and DHCP-functionality.
  2. Turn off WiFi.
  3. Set up with account and password protection.
  4. Set up internal firewall in the equipment so that no one outside the department network can access it.
  5. If that do not work:
    1. Set a fixed IP for the device
    2. Set up the campus router filter so that no one outside the department network can access it.
  6. Actually set up both internal firewall and router filter if possible.
  7. Make sure that the firewalls are working.
  8. Make sure only the user creating the backups can access them.

This list is not guaranteed to be complete.

Our suggestion is to move the equipment to the home office for a backup when working at home. Then get another hard drive for the office.

If you need better WiFi coverage contact helpdesk@bmc.uu.se and then we can together with IT-division hopefully improve the location and coverage of the WiFi hotspots.

So what to do instead?

  1. Get a normal hard drive and use Time Machine on that one. Get a hard drive at home and one at work. This will take hopefully a backup of the whole computer on two different places.
  2. Store important data on a file server. Like the HNAS file server at the university.

67. What is the postal address for BMC-IT?

Replace Surname Given-name with the receiver or reference. When ordering or sending an invoice you need to know the reference code.

Small packages and letters

Att: Surname Given-name
Biomedicinskt centrum (BMC)
Box 570
751 23 Uppsala

Larger packages

Att / Goods labeling: Surname Given-name
Biomedicinskt centrum (BMC)
Husargatan 3
752 37 UPPSALA

Invoices

Reference code: 123ABC
Reference name: Surname Given-name
Uppsala universitet
PG1254
737 84 Fagersta


68. How do I use AddPrinterGUI to add printers in Windows 7/8/10 x64?

If you have ZENworks on the computer

Look for the app PrintGUI in the ZENworksapplication Window and start it.

Continue below with installing the printers.

If you do not have ZENworks

  1. Access the share:

    • If the computer is connected to the Active Directory at Uppsala University (USER-AD) then go to the share \\user.uu.se\BMCI\Common
    • If the computer is NOT connected to the Active Directory then the same share can be reached at \\bmcit-common.files.uu.se\BMCIT-Common or \\uuit-nasutus.its.uu.se\BMCIT-Common
  2. Either map the drive in Windows or navigate to the paths in File Explorer.

    Here is an example from Windows 10 when we navigated to \\bmcit-common.files.uu.se\BMCIT-Common:

    Here is an example from Windows Server 2008 when we navigated to \\bmcit-common.files.uu.se\BMCIT-Common:

    Here is an example how it looks like in Windows 7 when we navigated to \\user.uu.se\BMCI\Common:

  3. Enter the directory called Apps_Printers_PC. There should be a file called AddPrinterGUI.exe. Open it.

  4. You really want to start it.

Installing the printers

The application shows a list of printers. The list is different depending on what subnet (department) your computer currently is located (or computer name). To view all printers in the application click on All but usually you don't need to since all printers you have access to should show up in the list.

Choose your printer and install it by double clicking. Wait a moment for it to install.

You have to be local administrator to add a printer.

If your printer do not show up in the list

If you want printers added to the list, look in the file PrinterList.txt to understand the format, then e-mail the printers you want added to helpdesk@bmc.uu.se or tobias.holm@bmc.uu.se.

AddPrinterGUI and the drivers installed with AddPrinterGUI are only available in English.

The full list of printers

The full list of printers that AddPrinterGui is using is stored in the file PrinterList.txt in the same folder.

69. How do I take backup of the data on my computer?

Option 1: Keep all data on file server and let the system administrators take backup

Option 2: Keep all data on the computer and take backup on your own

Discuss with helpdesk@bmc.uu.se if you need advice in this or help buying extra hardware or order storage space on a file server.

70. Do you have a virtual machine (server) I can use?

If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.

If you need help contact helpdesk@bmc.uu.se and we can guide you.

Rudbeck-IT VMware

Rudbeck-IT is setting up a highly-available VMware ESX environment where anyone at the university can rent a servier.

The rate will be 3500 SEK/year for a basic server with 100 GB disk, 4 GB RAM and 2 cores. (2018-02-08)

Contact helpdesk@rudbeck.uu.se if you are interested.

UUIT VMware

The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

The current rate is 5000 SEK/year. This includes 50 GB disk. Disk is available for 6000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (2017-10-18)

Contact uppdrag@its.uu.se at IT-division to order a virtual server.

SUNET OpenStack

SUNET is offering virtual machines using OpenStack with KVM and Ceph. Role-based access control via SWAMID. Contact them for more information.

The costs are more based on the resources used than the UUIT offer above. Direct link to price list here.


SNIC Science Cloud

SNIC Science Cloud (SSC) is a national cloud computing infrastructure run by the Swedish National Infrastructure for Computing (SNIC).

Read more at the home page for SNIC Science Cloud. Read introduction to the SNIC Science Cloud.

Others...

Several other department and local campuses have virtual machine environments that you already have payed for or are paying for. Check what your campus have. Please see the FAQ regarding computer platforms.

71. What about the GDPR?

Read more about information security at the security division at Uppsala University.

In this FAQ we have put the following symbol as a information security classifier. This is Konfidentialitet (Confidentiality), Riktighet (correctness), Tillgänglighet (availability) according to the SS-ISO/IEC 27001.

The lowest value is 0 and the highest is 3.

Please note that lowest value in the different other systems that a service is depending on gives the final grade of that value. Even if for example the UUIT VMware has level 333 the service (operating system and system administration) running in that environment may have a lower value.

At Uppsala Universty a fourth number has also been added representing Avbrottsskydd (interrupt protection). (Riktlinjer för informationssäkerhet UFV 2012/714 ). We need to find out if this is still in use or not.


72. What Internet bandwidth does the university have?

Check your own bandwidth



Bredbandsskollen is a bandwidth measuring service. However, above 100 Mbit/s the service may be inaccurate regarding exact speed since it depend too much on the local computer and web browser performance. It requires Flash in the browser in order to work.

For mobile and wireless networks it is quite usually good.

Fixed network

SUNET had 2 x 40 Gbit/s connection to NORDUnet but now even more.

SunetC statistics

The Uppsala University network (UpUnet) had 2 x 10 Gbit/s bandwidth to OptoSUNET but are now connected to SunetC with 2 x 100 Gbit/s.

BMC-campus-router has 2 x 10 Gbit/s to the rest of Uppsala University network (UpUnet) for the BMC-router and 4 x 10 Gbit/s for the BMC-hall-routers.

BMC has internally in the building either 10 Gbit/s, multiple 1 Gbit/s or single 1 Gbit/s bandwidth to the cross connect cabinet distribution switches. BMC linkstatus

The network sockets at BMC are connected via either 100 Mbit/s (Fast Ethernet) or 1 Gbit/s (gigabit Ethernet) to the edge switches. If you only have Fast Ethernet and need gigabit let us know at helpdesk@bmc.uu.se. A few servers have 10 Gbit/s or multiple 1 Gbit/s.

The network in BMC is built by Cisco equipment. Over the years we seem to have acquired all possible models, but mostly C5500, C3500, C2980, C2950, C2960, C2960S, C2960X, C2960XR. Our oldest Fast Ethernet switches - C5500, C3500 and C2980 - are currently being replaced (2015).

Due to lack of personal resources this have been postponed. We will hopefully continue the upgrade in 2017-2018 and then also include replacement of all of the the C2950 and C2960 switches. Only C2960S, C2960X and C2960XR are left of the old.

New cross connect cabinets are built with 10 Gbit/s or dual 1 Gbit/s uplink and flexstacked C2960X with 1 Gbit/s to the clients. Old switches without flexstack are connected via EtherChannel to the stack or have direct connections to the router.

The idea with the network topology is that no switch failure should bring down any other switch. No single interface or transceiver (SFP/SFP+/GBIC) failure should interrupt any switch. The BMC-router is the big exception but Cisco 6500 series are in general quite reliable and can have multiple boards/interface cards. It is equipped with with redundant power supplies and is connected to a small dedicated UPS.

Wireless network

Most of the wireless access points in BMC are Cisco AP1131 with support for IEEE 802.11a/b/g up to 54 Mbit/s but in practice less. We have a few Cisco AP2602i with support for IEEE 802.11a/b/g/n which are slightly faster, but usually not above 80-100 Mbit/s since most of them are limited by their connection to 100 Mbit/s PoE Fast Ethernet anyway.

73. How do I configure IPMI for remote management?

It is generally recommended to not expose the management interface for servers to the Internet. Not only does some computers come pre-configured with a default login and password, but the embedded software may have vulnerabilities that are not patched as fast as normal operating systems or in some cases are not patched at all.

Most servers with IPMI can change the IPMI out-of-band communication to go via a dedicated network. This is usually done in BIOS. Use a dedicated network or dedicated VLAN for this. In order to not let the servers expose them selves to each other use the Private VLAN (protected ports) feature in the switches. Read about Private VLAN in Wikipedia.

This is how to get the current settings in Linux:

ipmitool lan print

Change to using DHCP instead of Static:

ipmitool lan set 1 ipsrc dhcp

Setting the LAN MAC Address:

ipmitool lan set 1 macaddr 00:25:90:12:34:56

Supermicro

Some Supermicro servers come pre-configured with failover IPMI meaning that the out-of-band communication for IPMI will share the same network connection as the server is normally using.

This is quite unsafe and will expose IPMI with default login and password via the normal network. This can be changed when running with these commands in Linux:

Dedicated:

ipmitool raw 0x30 0x70 0x0c 0x01 0x00

Shared with LAN1:

ipmitool raw 0x30 0x70 0x0c 0x01 0x01

Failover:

ipmitool raw 0x30 0x70 0x0c 0x01 0x02

Even with correct router filters the management interface is not protected from traffic originating in the same VLAN. I addition to router filters blocking all traffic (except to clients using the management console) also set up local firewall in the management interface, for example by following these instructions.

74. How does the reinstallation of Windows computers work at BMC-IT?

These are instructions for installing Windows 7/8.1/10 x64 Enterprise via MDT 2013.

  1. Prepare installation
    1. Create USB flash drive
    2. Configuration for network boot
    3. Configuration of router filter
    4. Permissions for autojoin domain
    5. Hardware support
  2. Configure BIOS
  3. Starting install via USB flash drive
  4. Starting install via network
  5. Clearing partitions
  6. Continue with installing
    1. Select task sequence
    2. Fill in computer name and join domain
    3. Select applications
    4. Wait while installing
    5. Administrator password

Prepare installation

Create USB flash drive

  1. Get access to the installation directory through User-AD group bmc-autoadmin-group. Mail a mail to BMC-IT (helpdesk@bmc.uu.se) with your username and what you want.
  2. Get one or several 32 GB USB flash drives.
  3. Login on a Windows 10 machine with USB-ports as administrator.
    IMPORTANT: DO NOT HAVE A NETWORK DRIVE MAPPED TO G: H: I: OR J:!
  4. Insert the USB flash drives (max 4 at the same time) in Windows 7 machine.
  5. Start a command prompt as administrator cmd (use CTRL and SHIFT to run as administrator from the prompt in the start menu)
  6. Run command: net use n: \\uuit-nasutus.its.uu.se\BMCIT-Common /user:user\account and login using your university account and password A.
  7. Run command: \\uuit-nasutus.its.uu.se\BMCIT-Common\MDT\scripts\MDT_FormatUSB.cmd \\uuit-nasutus.its.uu.se\BMCIT-Common\MDT\MDT-MediaMT

    This will format and erase all USB flash drives inserted in machine!

  8. Wait a long time. The faster the USB flash drives the better.
  9. Done!

Update USB flash drive

  1. If you already have done the above steps on a USB flash drive, you can choose to only update the USB flash drive by running command: \\uuit-nasutus.its.uu.se\BMCIT-Common\MDT\scripts\MDT_FormatUSB.cmd \\uuit-nasutus.its.uu.se\BMCIT-Common\MDT\MDT-MediaMT sync
    This will not format, just update the sticks with changed files.

Configuration for Network boot

For Windows DHCP it looks like this:


For ISC dhcpd it looks like this: from dhcpd.conf (this is using the central tftp.its.uu.se server)

 filename "bmc/pxelinux.0";
 next-server "130.238.7.37";
/tftpboot/pxelinux.cfg/default (already done)
PROMPT 1
TIMEOUT 100
DEFAULT l
DISPLAY msgs/boot.msg

LABEL l
      MENU LABEL ^Local Boot (default)
      LOCALBOOT 0

LABEL mdt
  MENU LABEL Windows MDT LiteTouchPE x64
  KERNEL memdisk
  APPEND iso initrd=LiteTouchPE_x64.iso raw

/tftpboot/msgs/boot.msg (already done)
Displaying tftp://tftp.its.uu.se/bmc/msgs/boot.msg from 130.238.7.37

 l        Local Boot (default)
 mdt      Windows 7 Enterprise x64 (LiteTouchPE x64 MDT)

Pxelinux is coming from syslinux.org. It is included in most Linux-distributions.

The LiteTouchPE_x86.iso is located at \\BMCIT-Common.files.its.uu.se\BMCIT-Common\MDT\Boot\LiteTouchPE_x64.iso

Configuration of router filter

TFTP is using UDP. The request to the TFTP-server is sent on port 69/udp from any port. The TFTP-server at tftp.its.uu.se (130.238.7.37) is using UDP source ports 6900-6999 for responding.

Open up UDP, both directions, from host 130.238.7.37 to your clients. Usually this is all of your subnets. Send a request for this to netsupport@its.uu.se.

Permissions for autojoin domain

The account USER\bmc-autoadmin-mdt must at least have permission to Create Computer objects in the correct OU to be able to join automatically.

Hardware support

MDT 2013 based on Windows 10 have these requirements:

Microsoft has for Windows 8.1 dropped support for CPUs without the PrefetchW-feature. This includes the Pentium D 8xx CPUs hich are used in for example many Dell Optiplex GX620 desktops. So even if they have 4 GB RAM they cannot run the installation.

Some other Dell Optiplex with the slightly faster Intel Pentium D 9xx are working fine.

Check model with wmic csproduct get vendor, version

Configure BIOS

  1. Press F12 or F10 or whatever to enter BIOS. It depends on the computer model.

  2. To use UEFI-mode and install from USB flash drive, select:
    - Secure boot: OFF
    - SATA mode: AHCI (not RAID)
    - UEFI boot order: Deselect USB flash drive

  3. To use Legacy-mode and install from network, select:
    - Legacy option ROMs: ENABLED
    - Secure boot: OFF

Starting install via USB flash drive

  1. Press F12 or F10 or whatever it is to be able to select boot source. It depends on the computer model.
  2. Choose to boot via USB. Some older machines might be limited to boot from an USB2-port. USB3 might not work on older machines.
  3. Continue with installing.

Starting install via network

  1. Press F12 when starting machine to boot via Network. If the Network adapter do not show PXE-booting may have to be enabled in BIOS.
  2. Choose MDT-server by typing M D T M T and pressing ENTER

  3. This will boot the netinstallation ISO over TFTP.
    If it do not work, boot via USB flash drive instead.
  4. Enter your username and password A to connect to network share. (Use your normal username and not _username) If you do not have access, ask helpdesk@bmc.uu.se to add you to the group USER\bmc-autoadmin-mdt which will grant you read-only access.

  5. Continue with installing.

Clearing partitions

If the installation stops because of a previous installation attempt or if something else is weird with the partition table, previously created partitions may be cleared manually.
  1. Press F8 during installation to start a command prompt
  2. diskpart
  3. sel dis 0
  4. cle
  5. exit
Diskart can also be used for unmounting a drive:
  1. Press F8 during installation to start a command prompt
  2. diskpart
  3. list volume
  4. sel dis 0
  5. remove all dismount
  6. exit

Continue with installing

  1. Select task sequence:
    • W10E is the normal Win10 Enterprise x64 deploy.

  2. Fill in computer name. The new computer name standard is first three letters for institution, then a dash and the computer serial number. The serial number is automatically read from the computer BIOS.
    USER\bmc-autoadmin-for-mdt must be given privileges to create new computer accounts in the USER-AD.

  3. Select what applications or other packages to install during installation:

  4. Wait up to two hours, but normally 20-30 minutes while the computer is running MDT for installing OS and applications.
  5. For computers in USER-AD at BMC the local administrator password is set by a GPO to a unique hash for each computer. Any locally set password will be overwritten.

    Without the GPO SetLocalPassAsMD5 the password will be set to bytgenast which means that you are responsible to CHANGE PASSWORD when the installation is done.

    Currently the algorithm looks like this: The serial number is upper case, cut to 11 characters, and padded by zeroes until 12 characters length, and then a secret password is added. The following works at the command line at macOS or Linux to create the password.

    macOS:

    echo -n SERIAL000000SECRET | md5 | head -c 12

    Scientific Linux, Ubuntu etc:

    echo -n SERIAL000000SECRET | md5sum | head -c 12


75. What is the name standard for network equipment on BMC.

Unfortunately there are several systems still in use for naming the network equipment at BMC.

Name standardYearIntroduced byExplanation
? 1976- BMC Naming of old terminal network blessfully forgotten.
? 1986- BMC Naming of old ethernet network blessfully forgotten.
C5:2 1998 BMC The first C5500 fast ethernet twisted pair switches were named named after the cross connect cabinets where they were located.
C5:2-2 2000 BMC With the addition of C2980 and C3500 switches, the naming included a serial number for each cabinet.

Cluster_A1-1
Cluster_A1-1-1
C1-2-2mem1
C3:3-3-Mem_1

2005 UUIT

At some point in time the switches were clustered C2950 in order to minimize the use of IP-addresses.

  1. It is getting really hard to know which switch is which with all members and clusters.

A3:1_Poe-Manager
A3:1_Poe-Manager-1
A3:1_Poe-Manager-2

2007 UUIT A new naming standard for PoE switches showed up with the need to identify the PoE capable switches.

C2960S-C6-3-319c
C2960S-C5-3_3
C2960-C6:013b
C5K-C7-3
C5K-C7-2

2007 (?) UUIT At some point in time the switch model was introduced in the name, perhaps to easier identify the switches, at least the new ones. However, several different seperators where used. When switches where not put in cross connect cabinets the room number where introduced.

MODEL HOUSE FLOOR [NUMBER]

MODEL HOUSE ROOM

BMC-A9-1-3 2011 BMC A prefix was introduced to separate BMC-switches from other switches. The switches were still named after the termination of the cables in the cross connect cabinet. The naming was:

CAMPUS HOUSE FLOOR NUMBER

  1. Problem: Do not scale to several cross cabinets (racks).
BMC-D9-3-01b-8 2013 UUIT The cross connect cabinet room number where used instead of the network socket termination rack. The idea was to use the same system all over the university.

CAMPUS HOUSE FLOOR ROOM NUMBER

  1. Problem: the cross connect cabinet rooms change house and room number even if they are vertically located above each other.
  2. Problem: the markings on the switch do not match the markings on the network socket.
BMC-D11-0-09a_48-1 2014 UUIT

Server room required naming based on racks introducing a new system:

CAMPUS HOUSE FLOOR ROOM RACK NUMBER.

  1. Problem: by only looking at the switch name it is not possible to know what VLANs are on it. The BMC-HALL switches should probably have used another prefix than BMC. Perhaps a router prefix?
BMC-C11-3-D302-3 2015 BMC

The introduction of room numbers makes it harder to figure out what switches are located in what cross connect cabinet. Introduce the rack for the cross connect cabinets like the in the server room.

CAMPUS HOUSE FLOOR RACK NUMBER.

  1. Problem: Redundant floor number, both in the FLOOR and in RACK.
  2. Problem: New flexstacked switches appearing at this time share the same network name but introduce a new physical name making it hard to identify which network socket it is.
  3. Problem: Large flexstacked switches may sit in two racks.

BMC-C1-3-D302-S-1
BMC-C11-3-D302-S1
BMC-C3-2-D202-S1

2016 UUIT

No problem, just add a number telling it is a stack and then a number for for each member in the stack! Or perhaps a slash?

CAMPUS HOUSE FLOOR RACK ROOM "S" NUMBER.

  1. Problem: Not the full room number, the room numbers are always three numbers and perhaps a letter.
  2. Problem: Redundant floor number, both in the FLOOR and in RACK.
  3. Problem: Still a bit hard to figure out what name is a switch name an what is a flexstack number...
FAL01-C7-03-301B-1 #1
FAL01-C7-03-301B-1 #2
2017 UUIT

Switches are put in DNS! Great! Unfortunatelly this introduced a new name with the FQDN and also a new name not always exactly as the old switch names due to partial rename.

Using the same naming as the WiFi hotspots introducing block (kvarter) in the name via Byggnadsavdelningens register.

BLOCK HOUSE (with extra zero prefix)FLOOR ROOM NUMBER.

  1. Problem: introduce new prefix fal01- instead of bmc-
  2. Problem: the cross connect cabinet rooms change house and room number even if they are vertically located above each other.
  3. Problem: the markings on the switch do not match the markings on the network socket.
  4. Problem: The block name (fastighet / kvartetsnamn) for BMC is ROSENLUND. FALTLÄKAREN is the old Magistern or Kunskapsskolan. The plot is Kåbo 1:10.
  5. Problem: The NUMBER is not unique for each cross connect cabinet.
  6. Problem: Introduce a leading 0 in front of floor number.

76. Please help with installing the software Origin!

Origin is a proprietary computer program for interactive scientific graphing and data analysis. It is produced by OriginLab Corporation, and runs on Microsoft Windows.

Read more about Origin (software) at Wikipedia.

Uppsala University has (via the Department for Chemistry, the Department of Physics and Astronomy and the Department of Engineering Sciences) a floating site-license for Origin for 200 simultaneous users.

Download for Uppsala university, go to http://www.uu.se/goto/origin.

For questions or support contact support@angstrom.uu.se.

The easiest way to install is using Zenworks Applications.


77. What software applications do the university have that I can install?

Follow the links above for what is documented in this FAQ.

Also go to the Uppsala University IT-division service Progdist to search for what the IT-division distribute licenses for). Some of these the university has site-licenses for like Microsoft Office, Outlook, Windows which means they are available for no extra cost. Ask helpdesk@bmc.uu.se if you have any questions.


78. Spam filter settings in the SUNET Mailfilter

The default settings provide a reasonable protection, better than the old SpamAssassin based mailfilter the university used before. Usually the settings do not need to be changed. But if you really want to, this is how.

  1. Login to SUNET Mailfilter at https://mailfilter.sunet.se/canit/. Click on Login using SWAMID.

  2. Find Uppsala University by begin typing u p p s a l a.

  3. Login with your username and password A as normal for the Joint Web Login at UU.

  4. You can easily let SUNET Mailfilter always accept mail from a certain sender (e-mail-address or domain): (The accept list may also be called a white list.)

  5. Or you can reject (brutally) from a certain sender: (The reject list may also be called a black list.)

  6. To view what mail has been marked as spam, go to the Quarantine. Please note, this is not a real quarantine which holds the mail, but rather an incident log. All mail are sent to you anyway and are put in the Borttaget or Deleted Items folder in Outlook.

    To view the incident click on the date for the message. There it is possible to tell the filter to learn that a tagged spam should not be.

  7. To change the general spam threshold for you, go to Preferences / Quarantine Settings.

  8. If you need to you may lower the Spam threshold from the UU default 6.5 to something that still is reasonable like for example 5 and save by clicking on Submit Changes. If you lower the threshold you must keep an extra eye on your Junk mail folder where the mails that are catched will be delivered.

  9. By checking the mail header X-Spam-Score: on a spam that passed the filter you can get an indication on whether or not a changed threshold level would have caught the unwanted mail.

    • View headers in Thunderbird:

      1. View source by pressing CTRL-U.

      2. View headers in Outlook:

        1. Double-click the message to open it in a separate window.
        2. Find the meny Options (Outlook 2007) or Tags/Taggar (Outlook 2010/2013). Click the small arrow-symbol in the lower right corner.

        3. The Message Options window is displayed.
        4. The Internet headers are shown in a scroll area in the bottom of the window.

      3. View headers in OWA (Outlook on the Web aka the Exchange webwail):
        1. Double click on the spam to open it in a separate window.

        2. Click on the little icon for Message Details (Detaljinformation)

        3. Now you can view the headers in the small scroll area.

  10. You may also open the source of a mail and find the header X-Antispam-Training-Spam. By opening this link you can train the SUNET Mailfilter bayesian filter what spam look like.

  11. If you cut and paste the link into your web browser (and login if you are not already logged in) the response should look like this:

Read more about all the other settings in the on-line help or the user's guide (Användarhandledning för slutanvändare) available as a PDF at the SUNET website.

79. How do I access PCFS over SMB using smbclient?

The normal way is connect using the operating systems normal SMB-client.

However when you are on a server where that is not possible (like on HPC-clusters running Linux) you can use the command line SMB-client like this:

Please note - you have to use your own username at Uppsala University. Do not use your username at UPPMAX. This username is the same one you use for your mail, the central weblogin, UpUnet-S and EduRoam.

[jerker@rackham1 ~]$ smbclient -W USER -U jny25782 '\\imb-genomicsklt2.files.uu.se\imb-genomicsklt2' Enter USER\jny25782's password: Kinit for jny25782@USER to access imb-genomicsklt2.files.uu.se failed: Cannot find KDC for requested realm Domain=[USER] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> dir . D 0 Thu Dec 7 15:15:46 2017 .. D 0 Mon Aug 21 15:32:43 2017 .snapshots DH 0 Thu Dec 7 15:02:19 2017 GenomicsKLT2 D 0 Wed Mar 8 14:33:25 2017 tmp D 0 Thu Dec 7 15:16:35 2017 31249987584 blocks of size 1024. 31247872768 blocks available smb: \> cd tmp\ smb: \tmp\> mkdir tmp smb: \tmp\> dir . D 0 Thu Dec 7 15:19:02 2017 .. D 0 Thu Dec 7 15:15:46 2017 tmp D 0 Thu Dec 7 15:19:02 2017 31249987584 blocks of size 1024. 31247872768 blocks available smb: \tmp\> exit [jerker@rackham1 ~]$ _

80. Should I upgrade to the latest version of macOS?

Find out what version of macOS / macOS your computer is able to run by entering your serialnumber on the Ultimate Mac Lookup, go to the webpage for your model and look at Maximum MacOS.

They also have a list of all mac models and the latest OS they can run.

In general you should upgrade your Mac to a new version of Mac OS X. We also recommend replacing a HDD (slow rotating Hard Disk Drive) with a SSD (faster Solid State Drive) when doing major upgrades if it is possible.

CPU model

To find the CPU model run this command in the terminal:

sysctl -n machdep.cpu.brand_string

Known problems

But other than that, go ahead. Most things work better. If you have any questions contact helpdesk@bmc.uu.se.

81. What is my computer name in Windows?


Here are three ways of finding the computer name in Windows. On Windows this is called both PC name, computer name and hostname.

  1. Find the PC name in Preferences
  2. Find the hostname using the command line
  3. Find the computer name in the System view in the old Control Panel

Find the PC name in Preferences

  1. Click on Start button.
  2. Click on the Settings Button.
  3. Click on System
  4. Click on About
  5. Read the computer name called PC name here.

Find the hostname using the command line

  1. Click on Start button.
  2. Enter cmd and press Enther
  3. Enter hostname and press Enter
  4. The command will print the computer name.

Find the computer name in the System view in the old Control Panel

  1. Open File Explorer.
  2. Right click on This PC and choose Properties
  3. View the Computer name here.

82. I need a new subnet and a new VLAN!

83. What are your plans for a common client network configuration?

On BMC we have plenty of different client networks. See FAQ about VLANs at BMC.

We where hoping that the network investigation (2016) and the new Segerstedt building (2017) would solve some of this, but it has not. Maybe BMC is unique in having so many different department from different parts of the university in the same building.

  1. Proposed solution: Use Wireless
  2. Proposed solution: Continue using the wireless
    1. Option: Large and wide VLANs for all clients aka the Segerstedt model.
    2. Option: Use Private VLAN and PVLAN Edge
    3. Option: Use only Protected Ports.
    4. Option: Use Cisco software defined networks
    5. Option: Use automatically configured VLAN

Goals

Possible problems with relying on only Eduroam or a protected ports / Private VLAN network:

1. Possible solution: Use wireless

Let the new computers use Eduroam as the preferred network.

This may require a lot more rapid response in fixing coverage and capacity problems for the wireless network.

Cons: Shared medium. Easy to disrupt.

2. Possible solution: Continue using the wired network

2.A. Option: Large and wide VLANs for all clients aka the Segerstedt model.

Use a few big VLANs and dont worry too much.

Perhaps use DHCP Snooping.

All clients are wide open to all other clients on the VLAN.

All existing subnets could also be put in this VLAN and then no clients needs to change any settings, but then again, no security on the L2-level even if L3-level router filters stop legitimate traffic.

2.B. Option: Use Private VLAN and PVLAN Edge

Read more about Private VLAN. Get a new generation of switches that support Private VLAN. The current generation C2960S and C2960X do not support Private VLAN. Only the single C2960XR do support it. Continue using older switches as edge switches using the PVLAN Edge feature.

It looks like the I-Port on an Private VLAN can only carry a single untagged VLAN. This means that even though the simpler switches with PVLAN Edge could carry many VLANs they cannot be combined with the Private VLAN I-Ports. (Perhaps except using multiple uplinks but I do not think we want to go there.) This needs to be confirmed by testing.

It may be possible to build a hybrid network combining a backbone of distribution switches (C2960XR C3750 C3560 etc) using Private VLAN with access switches (directly connected to clients) using PVLAN Edge (C2960X C2960S etc). Connect all clients to I-Ports directly or on a hybrid network via switches with PVLAN Edge ports.


   ======================C6500=router=========================================
         Etherchannel                Etherchannel                  I-Port
            trunk                       I-Port                       |
            |   |                       |   |                        |
   =====C2960XR=stack=====    =====C2960S==stack=(1VLAN)===          |
         Etherchannel                Etherchannel                    |
            |   |                     Protected                      |
            |   |                       |   |                        |
   =====C2960X==(1VLAN)==     ====C2960S====(1VLAN)==    ====C2960X==(1VLAN)===
    Protected   Protected       Protected   Protected     Protected  Protected
        |           |               |           |            |          |
    Computer1   Computer2       Computer3   Computer4     Computer5  Computer6
    
Reference: Consolidated Platform Configuration Guide, Cisco IOS XE 15.2(6)E (Catalyst 2960-X Switch) - Configuring Private VLANs - Cisco
Reference: Cisco Catalyst 2960-X Series FAQ - Cisco

2.C. Option: Use only Protected Ports.

Only use PVLAN Edge (protected ports) feature to block traffic between clients. The problem with this solution is that because it cannot really be combined with multiple VLANs in the same uplinks unless it is used on the whole network using a switch topology with Protected Ports on the downlinks everywhere, but if this is possible on Cisco is unknown.

There is an L3-workaround for the L2-block by using local-proxy-arp, but probably not a good idea. That would in theory have been possible to run on all VLANS as is, but only L3. No L2 like zero-config networking (Apple Bonjour) will work.

See the background below for details on how to set it up. It is most probably not a practical solution.

2.D. Option: Use Cisco software defined networks

Probably expensive, requires new equipment and is a bit more complicated than we need.

Reference: Cisco Identity Services Engine Data Sheet - Cisco

Cisco SD-Access Ordering Guide - SD-Access Platform Support Summary - Cisco

2.E. Option: Use automatically configured VLAN

Use MAC-address or login to automatically configure the VLAN on each edge switch port.

All which are in a whitelist somewhere at the university in Bluecat (but not on BMC) should go to a common work network with no captive portal but access to EduPrint etc.

Maybe it is possible to populate the database server (RADIUS) with MAC-addresses from the BlueCat whitelists using the API. Good with integration.

1. Optional login with username and password and then select the correct VLAN based on the username. Extra security or special cases.
2. Check if the client MAC-address is in a Bluecat whitelist here at BMC (the local campus) and then select the correct VLAN: Vlan660
FarmBio
Vlan661
ILK-fkog
Vlan662
MCB-instr
Vlan663
Kemi-analut
Vlan664
Neuro
all the different local VLANs
3. Check if the client is in any whitelist at the university and pick the same VLAN for all of them: Vlan ? UU-Work
4. All others: Students, guests, private computers need to use the captive portal to login Vlan695 Netlogin

Pros:

Cons:

Unknowns:


Reference: MAC Authentication Bypass Deployment Guide - Cisco
Reference: Consolidated Platform Configuration Guide, Cisco IOS XE 15.2(6)E (Catalyst 2960-X Switch) - MAC Authentication Bypass - Cisco
Reference: Command Reference, Cisco IOS Release 15.2(2)E (Catalyst 2960, 2960-S, 2960-SF and 2960-Plus Switches) - authentication event - Cisco

Background: How does Protected Ports work on a multi-switch network

All uplinks must be normally configured as promiscuous. All downlinks must be protected. The network topology must be strictly hierarchical with all routers or servers connected via promiscuous ports on a single switch.

In this first example random clients port has been made protected. This does only work on a single switch - Computer1 and Computer2 cannot talk to each other since they are both on protected ports on a single Switch1. But protected ports on different switches can talk to each other because traffic may flow between protected and promiscuous ports on a single switch - Computer1 and Computer2 can both talk to Computer3


                     Router
                       |
         ===========Switch2===============
             |                    |
    =====Switch1=========   =====Switch3=====
     Protected  Protected      Protected
        |         |               |
     Computer1  Computer2      Computer3   

In the second example all downlinks are Protected. Traffic between Computer1 or Computer2 to Computer3 will be blocked on Switch2 because traffic cannot go between two protected ports on the same switch.


                     Router
                       |
         ===========Switch2===============
          Protected            Protected
             |                    |
    =====Switch1=========   =====Switch3=====
     Protected  Protected      Protected
        |          |              |
     Computer1  Computer2      Computer3   


Regarding the Cisco PVLAN Edge

It may be possible to use the protected ports feature on an EtherChannel group according to Configuring Protected Port for example the Cisco Catalyst C3850:

You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is enabled for all ports in the port-channel group.

This would in theory make it possible to cascade down from a stack of distribution switch to a edge switch. However it does not seem like it is possible to use the Protected Port feature on a trunk port and not on a single VLAN in a trunk. There are two possible solutions for this:


            Router
               |
    ====Switch1=C2960S=C2960S==== (multiple VLANs)
     Pro.  Pro.  Pro.  Protected
      |     |     |   Etherchannel
    Comp1 Comp2 Comp3  |  |  |
                       |  |  |
    ======SwitchC2960S=C2960S==== (single VLAN)
     Pro.   Pro.
      |      |
     Comp4 Comp5

84. Who is responsible for the network in the BMC server room?

Physical Network

Netsupport is responsible for the server room routers, the inter-rack connections and usually the top-of-rack switches.

For the IP-layer there are several different options on how to setup the network.

Currently the top-of-rack switches are usually connected with dual 1 Gbit/s connections to the server room routers (BMC-hall-routers). If there is a need for higher network connectivity please discuss with Netsupport.

Securing the management networks

Management ports for IPMI, LoM, RAID-controllers, dedicated NAS, etc are quite hard to get secure. In particular IPMI may use side-band management LAN connection. And some management controllers run their own operating system, complete with their own security problems and default passwords... This all means that the management ports has to be protected not only from the outside but maybe also from other management ports if they are located on the same network in order for an attacker not to jump between compromised systems over the management network.

Keeping every management controller on its own VLAN of course solves this, but it use too many VLANs and is too hard to manage.

On the BMC-IT management network in the server room (called BMC-hall-IPMI) we are using pricate VLAN (protected ports) feature in the switches to protect the management controllers from talking to each other. This is a RFC1918 network and incoming traffic there is restricted to the workstations meant for this management.

Good Option one - your own network

Tis option is good if you have a lot of servers in the server room, perhaps your own rack with equipment.

The users of the server room may, if needed, order their own VLAN and subnet. This VLAN will only be available in the BMC server room. Contact and discuss this with Netsupport.

BMC-IT will for their own servers (that BMC-IT do system administration for) have two VLANs, one network for the servers and one for the management.

Good Option two - the shared networks

This option is good if you need to put a single server or perhaps a small number of servers in the server room.

There are two shared network, currently (2016-09-15) Vlan956 Public_servers_ACLed or Vlan962 Public_servers_open, which is meant for shared usage in the BMC server room, for activity that do not require their own VLAN.

Please note that neither of these two networks have DHCP-servers activated. Neither static DHCP or dynamic DHCP. You need to set static IP on the server without using the DHCP-server.

The BMC-hall function at the IT-division (UUIT) and BMC is responsible for allocating IP-ranges in this network.

The normal procedure at the university is that the ones managing a network also is responsible for managing router filter (via Netsupport), perimeter firewall (via Security and safety division), DNS and DHCP (via IPAM or UUIT/Domainmaster).

But in this network the IP-ranges have been allocated to different users in different parts of the university organisation. Each individual system administrator using the different IP-ranges is responsible for their own activity in the IP-ranges they have been allocated. This responsibility includes managing changes in the router filter and the perimeter firewall. And manage DNS and DHCP via UUIT/Domainmaster.

Bad Option three - the BMC network

It is possible, but Not Recommended to attach equipment to the VLANs in BMC in the server room. The switch in one of the BMC-IT racks is connected with a single 10 Gbit/s to the campus router in BMC (BMC-campus-router). Discuss this with BMC-IT. Responsible for that VLAN is the Local IT for that VLAN (which may or may not be BMC-IT).

The only reasons we have seen for this is for example when handling old equipment with IP-related access control or using Bonjour-based services on Mac which work best over a single VLAN/Subnet.

It is very important to not connect equipment to both the BMC-router and the BMC-hall-routers at the same time since this may lead to STP-renegotiation which will mess up the network. Don't do this.

Bad Option four - dedicated network for a specific VLAN

It is possible, but Not Recommended to use dedicated network to connect to a VLAN somewhere else in the university (or SLU) too. This is only meant for shorter periods during for example migration from one server room to an other. Discuss this with UUIT/Netsupport. This configuration is only meant for a limited amount of time during a migration.

This is bad in several ways:

It is very important to not connect equipment to both other routers and the BMC-hall-routers at the same time since this may lead to STP-renegotiation which will mess up the network. Don't do this.


85. How to change language in Windows 7 Enterprise

Computers with Windows 7 Enterprise are installed with a default language. We install with either English or Swedish.

Install Swedish language pack

There are two ways of doing this.
  • If you are a local administrator you can start Windows Update and find the optional update Swedish Language Pack. Install.
  • If you have Zenworks installed you can in the ZENworks application window start Win7 LangPack SE to install the language pack. You don't have to be administrator for doing this.

Change language from Swedish to English

Microsoft Windows 7 Enterprise may change language after installation if you have more than one language installed.

(The version of Windows pre-installed (OEM) is usually Windows 7 Professional or Home. In those versions language cannot be changed after installation.)

  1. Start Byt visningsspråk or Change display language

  2. Change to English

  3. Copy settings to welcome screen and new users

  4. Click the checkboxes

  5. Restart computer

  6. Done

86. How do I map a network drive via SMB on Windows?

  1. Read about SMB Security Enhancements at Microsoft
  1. Open the file explorer. Press Left Windows key together with E.
  2. Right click on my computer and choose Map network drive...

  3. Enter the network folder you would like to map. In this example \\filserver.uu.se\neuro

  4. Enter your username and password. Please note that the Windows domain USER has to entered. Do not use my username jny25782 but your own username. Enter your password A.

87. How do you secure delete data from the computers and servers?

IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

References to backed up files can be delete from the client, but the data is not written over.

It is possible encrypt the files on the TSM system at the client.

The TSM systems at university is level at 3 3 2 or 3 3 1. (reliabilty, unaltered, availability) The availability is not 100% for example the system is down during times of softare updates.

When the backup system is changing generation all drives and tapes are destroyed.

Please read more about information classification at Uppsala University.

Clients

On clients we use the utility KillDisk to secure deletion of block devices. If needed the drives can also be sent to destruction via the Security Division at Uppsala University or in a way approved by them.

Servers

When the servers are put out of commision the drives are sent to destruction via the Security Division at Uppsala University or in a way approved by them.

88. I work for another part of the university too. How can they pay for my software licenses?

It is really easiest for everyone if just a single entity is responsible for the both the hardware and all software licenses for a computer.

External bills may easily be moved over to other parts of the university.

But internal billing, like software license bills from the university license server, are not easily splitted to other parts of the university. Therefore, that other part of the university should register and pay for the software. It will facilitate the administration.

BMC-IT can then help with installation of the software.

Do like this for software distributed via the Uppsala University license server:

  1. Make sure your research group leader (principal investigator or equivalent) are OK with spending money on this license.
  2. Register a license with the one responsible for license registration at that part of the university where the PI is active. Send a confirmation that the license is registered to BMC-IT at helpdesk@bmc.uu.se.
  3. We at BMC-IT may then install the software.
  4. Later on, the PI will get the internal bill from the software license administration at the university, via the department (or equivalent) administration.
  5. That other part is responsible for administration of the license. In this responsibility includes renewal and termination of license subscriptions.
  6. Removal of the software is the responsibility of the other part of the university and the user. But please ask BMC-IT for help if needed.

89. Help me I get so much spam! What can I do?

Spam is also known as junk email or unsolicited bulk email. Whatever name, it is spreading mayhem in the inbox.

The university is using the SUNET Mailfilter for all incoming and outgoing mail.

The antispam settings at the university were meant to be set at a reasonable level. If the rules are too tight we might miss proper mail. But it seems like the spam threshold has to be adjusted for the filter to catch the latest spam.

  1. Open the SUNET Mailfilter and login at Uppsala University with your account.
  2. Go to tab Preferences.
  3. Go to tab Quarantine Settings.
  4. Change Spam threshold to about 5.

No mail that has been delivered to your account will be blocked. All that happens is that the mail is marked as spam and then automatically put in the Junk mail folder. Remember to check your junk mail folder once in a while.

Read more about mail filtering at Uppsala University at Medarbetarportalen.

You can also report spam to the IT security group at the university by forwarding it to no-spam@uu.se. If there is a directed attack at the university they appreciate different variants of the spam so firewall and anti-spam filters can be configured to catch it. Read more about IT security at Uppsala University.

90. After my employment at the university has finished, may I bring home my old computer?

Unfortunately no. The computer belongs to the university even if you bought it with your research money through the university. This is the general rule.

In certain cases, if you move your employment to another government facility, like another university, it may be ok if all of the following rules match:

  1. It has to be a government facility (like a university). The computer may not be brought to a private company even if the private company do research.
  2. There has to be an agreement (understanding) between the old employer (head of department) and the new employer.
  3. The equipment has to be removed from the university (department) inventory and added to the new employers (department) inventory. The equipment will not belong to the individual but follow the normal rules of the new employer.

Also be aware that the storage of the computer usually contain sensitive data. Before scrapping or repurposing equipment you have two options;

  1. Remove the permanent storage and send it to destruction. Permanent storage may be a hard drive (HDD), a solid state drive (SSD) etc.
  2. Overwrite the whole of the permanent storage with other data on the block level. (This may take a couple of hours.)

    Please note that even block level wipe of the storage does not delete bad blocks. If the data is so sensitive that this is not acceptable the storage has to be destroyed and cannot be repurposed.

Contact BMC-IT for help with this.

From time to time, the department, campus or university may sell old equipment to the employees. But it has to be sold at market value and the costs involved have to be covered. All software licensed to the university have to be removed. For example all our versions of Windows and Office have to be removed. Instead of Windows for example Ubuntu or any other free operating system or software may be installed. In practice all of this makes it very hard to sell old equipment in an usable state at a reasonable price.

Read more in Regler för försäljning av inventarier UFV 2008/159 (local copy)


Old equipment may sometimes be valuable in itself. The computer in the picture is a PDP-12 belonging to the Update computer club at Uppsala University.


91. How do I downgrade to Java 6 for Mac?

  1. Go to Download Java for OS X 2017-001.
  2. Proceed with the Download link.
  3. Save File.
  4. Open.

  5. Go ahead with installation.

  6. Continue, accept, install, etc.
  7. Done.

92. How do I merge documents with Preview in macOS?

Apple has a guide on Use Preview to combine PDFs on your Mac.

This guide works on the latest macOS Sierra, I have not tried previous versions:

  1. Create a new copy of the first PDF-document you which to merge into (because Preview saves the result in the source).
  2. Open the copy of the first PDF-document in Preview.
  3. Open Finder and drag the second document below the last page of the first document.
  4. Close Preview. It will automatically save the document with the edits you made.

93. How do I set default language in Word 2011 Mac?

To change the default language for new documents in Microsoft Word 2011, go to menu Tools and select Language...

In the opened dialog, choose a language and click on the "Default..." button to apply.

94. How do I unlock a protected document in Word?

Please follow Microsofs guide to Allow changes to parts of a protected document in the section Unlock a protected document.

  1. Go to Review tab
  2. Go to section Protect and open Restrict Editing.
  3. Click on Stop Protection in the bottom right conrner.


95. What is my IP-address and MAC-address?

The easiest way to see what IP your computer or phone is currently using when contacting Internet is to go to a web page that displays it.

How to look up the local IP-address on different operating systems:

Your local IP-address may be translated into another external IP-address over a router using NAT (network address translation).

  1. macOS
  2. Linux
  3. Windows

1. macOS

On a Mac this is also displayed in System Preferences:

  1. Open the Network tab in System Preferences and go to active interface to see the IP-address. Example 130.238.39.228

  2. Open Advanced. The IP-address is displayed again.

  3. Check MAC-address in Advanced. Example a8:20:66:19:5b:b8

2. Linux

For Linux (or macOS) open a terminal and type ifconfig.

3. Windows

For Windows, open a command window and type ipconfig /all

Example: IP-address is 130.238.39.229 and MAC-address is 08:00:27:27:06:ad

The command getmac also display the currently used MAC-address.

96. There is no wired network here - what to do?

Is your room running out of network sockets? Here are your options.

This usually happens when a room was planned for less persons than currently are using it.

97. What is ZENworks? How to I install applications via ZENworks application window?

Distribution and installation of software

Novell ZENworks is a computer management software.

The most used feature of ZENworks is the ZENworks application window where anyone can easily install software on client computers.

  1. Open ZENworks Application Window

  2. Start any program. If it is the first time you have to wait for the installation to finish.

Remote management session request

ZENworks can make a remote management session request, which makes it possible to do directly cooperative control of a client. The client has to make the request. (This is done together with a phone call to the person the request is sent to and not a way to initiate a request, because the listener has to be started a the other end first.)

  1. Open ZENworks Show Properties

  2. Open General under Remote Management.
  3. Open Request Remote Management Session.

Prerequisite for installing ZENworks Adaptive Agent

If you want to run ZENworks client on a computer that has not been preinstalled by BMC-IT, you have to make sure of this first:

  1. The computer has to be owned by the university.
  2. Name the computer like XXX-SERIALNUMBER for example INV-CZC133F3 for a computer with the serial number CZC133F3 at the Department of Neuroscience. This makes it easier to identify the computers.
  3. Take a backup.
  4. Install client. Ask helpdesk@bmc.uu.se for help with this.

Blissful ZENworking!

98. How do I install Ubuntu?

This is documentation for a network installation of Ubuntu.

You can always do a manuall installation. Just download the DVD from Ubuntu and install. Skip a few steps in the instructions below.

  1. Netboot the computer, usually by pressing F12 at BIOS boot time.
  2. In the PXE-boot men, start the latest and greatest Ubuntu installation. For example type uwEnter to begin a text installation of Ubuntu 15.04 Wily x64:
    uw
  3. Step through the text installation. Activate automatic updates.
  4. If you want to keep the Windows installation, if there is one on the computer, you can resize the existing partitions.
  5. You can choose several different desktop environments, but I recommend to begin with the standard Ubuntu desktop. This is how the Xubuntu desktop looks like:

  6. If you install in VirtualBox, remember to install the VirtualBox Guest Additions to enable shared clipboard and files between the host and guest OS.
    1. The CD is mounted automatically by VirtualBox. If everything works fine Ubuntu will find the CD and ask you for permission to install the guest additions. Just go ahead.
    2. Otherwise, tro to mount the CD via the menu in VirtualBox with Devices - Insert Guest Additions CD image.... Continue as above.
    3. And finally if the autorun does not execute but the CD has been mounted, you can manually run the installation:
      cd /media/jerker/VBOXADDITIONS_4.3.28_1003095
      sudo ./VBoxLinuxAdditions.run

    99. How do I uninstall the Zenworks agent?

    Zenworks is used for these major reasons:

    1. Do automatic installation of software and settings when the computer is deployed. Some of the effort in this is shared all over the university.
    2. May be used for remote interactive control by user request.
    3. Self-service installation of software by the users, even without local administrator privileges, and far away from the university network over the Internet.
    4. Do inventory. This may save a lot of time when we really need to find out exactly how many copies of a certain program are installed on the computers.

    The Zenworks agent load on the computer is not much on a modern computer, but if the computer is very old and slow there are a chance to notice a performance impact. In this case you might want to uninstall the Zen agent even though this will increase the load of your local IT-support. There are often other better ways of speeding up the computer:

    1. Make sure the computer has enough RAM. Upgrade to at least 8 GB RAM so that all programs fit in memory.
    2. Replace HDD with SSD. Solid state drives are a lot faster than rotating hard disk drives.
    3. Reinstall Windows. Windows-computers seem to get slower and slower over time. An extreme example was Windows Update in Windows XP that got glacially slow over time. This has been improved with later versions of Windows but it still exists.

    In the Zenworks console

    Anyway. The Zenworks agent is protected from uninstallation by the settings in Zenworks. A system administrator (contact helpdesk@bmc.uu.se) has to open the client in the Zenworks console, open Settings, open Device Management, open Zenworks Agent, choose Override the System settings and enable the option Allow users to uninstall the ZENworks Adaptive Agent.

    On the computer

    1. You have to be local administrator on the computer.
    2. Refresh the Zenworks agent in the task bar.

    3. Then on the computer open Programs and Features

    4. Find the Zenworks client and choose uninstall.

    5. Check the box Local uninstallation only.

    6. Do not keep anything. Do not retain CASA.

    7. Ok, go ahead...

    8. Wait for the Zenworks Uninstaller to complete.

    9. It will probably complain about not being able to remove everyting, but just go ahead and restart when done.

    10. Uninstall done.

    100. How do I start an elevated command prompt (as administrator) in Windows?

    1. Start a command interpreter window by entering cmd in the search prompt.

    2. Launch by pressing CTRL SHIFT and ENTER at the same time.

    3. Answer Yes to run as administrator.

      It should look like this for Windows 7:

      And like this for Windows 10:

    4. If everything works fine you are running as administrator. The Window title bar should contain the text Administrator:.

      It should look like this for Windows 7:

      It should look like this for Windows 10:

    It does not work! What do I do now?

    1. If you need to be local administrator, send a mail to helpdesk@bmc.uu.se where you specify your computer name and your account name. We can then add you as a local administrator, after we have confirmed that it is your computer. Then restart computer.

    2. If it does not work anyway, restart computer again. When the computer restarts it should read the group policy which adds the members in a group in the Active Directory to that computers local administrators.
    3. If the group has been created and populated with members and it still do not work? Run the command gpupdate /force in a command window to force the computer to update the group policy if this was not done automatically. It may look like this. Answer y and enter to logoff. Then login and try again.

    101. How I do send mail from multiple e-mail addresses in Thunderbird?

    Thunderbird can send mail from multiple identities for a single account. This is useful if you have multiple e-mail addresses that all go to single account.

    1. First enter the Account settings by right clicking on the account in the left panel and pick Settings.

    2. Go to Manage identities....

    3. Here you Add... a new identity.

    4. Enter your information. In this example the outgoing mailserver is smtp.uu.se but it should work fine with the Exchange server at mail.uu.se too (as long as the settings for that server are correct). Save.

    5. Send one mail to each of your two addresses. When replying to them Thunderbird will pick the appropriate identity. Here is when replying to a mail sent to jerkertestar@bmc.uu.se.

    6. Here is when replying to a mail sent to the other identity jerker.nyberg@bmc.uu.se.

    102. Some Cisco switch commands

    Show VLAN and port configuration:

    • show vlan
    • show vlan brief
    BMC-D11-0-A47-1>show vlan brief
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Te1/0/2
    2    Management                       active
    3    Backbone                         active
    4    Backbone-2                       active
    50   WLAN                             active
    660  FarmBio                active    Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
                                          Gi1/0/19
    - - -
    

    Show all ports and which VLAN they have and if they are connected:

    • show interface
    • show interface status
    BMC-D11-0-A47-1>show interface status
    
    Port      Name             Status       Vlan       Duplex  Speed Type
    Gi1/0/1                    connected    933        a-full a-1000 10/100/1000BaseTX
    Gi1/0/2                    connected    664        a-full a-1000 10/100/1000BaseTX
    Gi1/0/3                    notconnect   664          auto   auto 10/100/1000BaseTX
    Gi1/0/4                    connected    935        a-full  a-100 10/100/1000BaseTX
    - - -
    

    Show possible disabled ports:

    • show interface status err-disabled

    List all mac-addresses:

    • show mac address-table
    • show mac address-table address 3c07.541d.c8ab

    Show DHCP-helper and other info about the VLAN

    • show ip interface vlan 904

    Show error-disabled recovery timeout

    C7:3-5>show errdisable recovery
    ErrDisable Reason            Timer Status
    -----------------            --------------
    arp-inspection               Disabled
    bpduguard                    Disabled
    channel-misconfig (STP)      Disabled
    dhcp-rate-limit              Disabled
    dtp-flap                     Disabled
    gbic-invalid                 Disabled
    inline-power                 Disabled
    link-flap                    Enabled
    mac-limit                    Disabled
    loopback                     Disabled
    pagp-flap                    Disabled
    port-mode-failure            Disabled
    pppoe-ia-rate-limit          Disabled
    psecure-violation            Disabled
    security-violation           Disabled
    sfp-config-mismatch          Disabled
    small-frame                  Disabled
    storm-control                Disabled
    udld                         Disabled
    vmps                         Disabled
    
    Timer interval: 40 seconds
    
    Interfaces that will be enabled at the next timeout:
    
    C7:3-5> _
    
    
    Show members in a stack.
    fal01-C7-03-301B-1#show switch stack-ports
      Switch #    Port 1       Port 2
      --------    ------       ------
        1           Ok           Ok
        2           Ok           Ok
        3           Ok           Ok
        4          Down          Ok
        6           Ok          Down
        7           Ok           Ok
    
    fal01-C7-03-301B-1#sh switch
    Switch/Stack Mac Address : 2852.61bb.e200
                                               H/W   Current
    Switch#  Role   Mac Address     Priority Version  State
    ----------------------------------------------------------
    *1       Master 2852.61bb.e200     13     4       Ready
     2       Member 0038.df8f.6480     1      4       Ready
     3       Member 2852.61bb.0480     1      4       Ready
     4       Member 0038.df87.7100     1      4       Ready
     5       Member 0000.0000.0000     0      0       Removed
     6       Member 2c0b.e973.6b80     1      4       Ready
     7       Member 0038.dfa4.6180     1      4       Ready 
    
    fal01-C7-03-301B-1# _
    

    103. How do I get deduplication to work in Linux?

    ZFS

    ZFS is great for compression and snapshots, but regarding deduplication: Don't go there. ZFS on Linux is doing inline deduplication and requires at least 5 GB of RAM for each TB of storage. It is usually better to get more hard drives. When using too much RAM everything will slow down to a crawl.

    Btrfs


    Btrfs is not as old and stable as ZFS, but it has compression, snapshots and deduplication. The deduplication in Btrfs is out-of-band.

    Compression is stable. Go ahead.

    When using snapshots and Btrfs, we recommend not saving more than 24+6+3+11 snapshots, each hour for a day, each day for a week, each week for a month and each month for a year. Otherwise (like saving a snapshot every day and not removing them) the snapshots may take too long time to remove. It seems like Btrfs is checking each file for each snapshot when snapshots are removed on order to know if the original file can be removed. There must be more than enough time (and IOPS to spare) to remove snapshots before new can be created.

    Deduplication is run using en external tool. Easiest is to use duperemove on the dataset, we have however not tried any larger datasets.

    Other ways...

    There most probably are other ways to do this. Let us know.

    104. My Android device is running out of storage. What is using it?

    The app DiskUsage by Ivan Volosyuk is quite good in visualizing and finding what applications are using a lot of storage on an Android device.

    105. What is the point with the zone files.uu.se?

    The initiative for the domain files.uu.se was taken in 2015-05 by BMC in order to get an aliases to file server shares with unique names.

    For example, the file server share is named with the TLA-SHARENAME, like INV-Common. Then the CNAME will be TLA-SHARENAME.files.uu.se or INV-Common.files.uu.se pointing to the current file server where the share is located.

    The reasoning behind this is the following:

    1. Get a unique name in DNS to each file server share. This will faciliate migration of file server shares to new servers.

      We (the university) had a lot of troubles with migration from the old NetApp file server to the new HNAS file servers. This zone with an extra level of abstraction in front of the real file server names was intended as a proactive way of eliminating one part of the problem in preparation for the next file server migration. It also makes it easier for those users users (research groups or department) that wish to or have to move their share from one storage system to another.

    2. Make it work for all operating systems. There is a function in the Microsoft Active Directory (with a similar goal) called the DFS that put all file server shares in a single name space. This however do not work all the time in all operating systems, like non-AD connected Windows-clients, macOS (not all of the time), Linux (it depends a lot on the configuration it do not work for example in Ubuntu out of the box).
    3. Network agnostic Get access to the servers even from other networks where needed when the USER-AD (user.uu.se) is not accessible due to using split DNS and access restrictions, like UAS, SLU, UPPMAX, HPC-centers in Sweden and maybe mobile data. It is also not a requirement to use the university resolvers, it should work even if the local resolvers are down.

    106. How do I mount my home directory or shared storage at HNAS?

    For Windows clients in USER-AD your home directory and the department common (public) share will automatically be mounted when you login using the drive letters below.

    This storage is in the university shared HNAS file server. Some departments also have other storage available - contact helpdesk@bmc.uu.se for details.

    1. Please select your department:

      DepartmentAcronym
      Biomedical Centre Campus Management
      Department of Cell and Molecular Biology
      Department of Medical Biochemistry and Microbiology
      Department of Medical Cell Biology
      Department of Neuroscience
      Department of Pharmaceutical Biosciences
      Department of Public Health and Caring Sciences
      International Science Programme (ISP)
      . . .
    2. Please enter your username here:


      PurposePlatformDFS-pathDirect path Driver letter
      Home directory for personal files Windows \\user.uu.se\BMCI\TLA-Users\account \\TLA-Users.files.uu.se\TLA-Users$\account X:
      Mac smb://account@user.uu.se/BMCI/TLA-Users/account smb://user\account@TLA-Users.files.uu.se/TLA-Users$/account
      Common (public) share for department,
      research groups etc.
      Windows \\user.uu.se\BMCI\TLA-Common \\TLA-Common.files.uu.se\TLA-Common$ P:
      Mac smb://account@user.uu.se/BMCI/TLA-Common smb://user\account@TLA-Common.files.uu.se/TLA-Common$
    3. Sometimes you want to mount via the command line.

      • Windows, command line version on mapping a network share:
        net use x: \\TLA-Users.files.uu.se\TLA-Users$\account /user:user\account
      • macOS, command line version on how to connect to a file server:
        mkdir ~/Desktop/account
        mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account
      • On Linux, command line version on how to mount a CIFS file system:
        mkdir ~/Desktop/account
        sudo mount -o username=account,domain=user -t cifs //TLA-users.files.uu.se/TLA-users$/account ~/Desktop/account
    4. Also read in the SOP - Connect a Mac to HNAS (v1.0).pdf or follow the links to other FAQs above on how to use the Windows Explorer or Mac Finder GUI. Remember to use the VPN if you are connecting from outside the university network.

      Connect from Mac

      Problems with accessing the shared folders

      A common problem may be that your account has not got the correct permissions called group membership in AKKA, the university catalogue. Please then contact your department administration to get this fixed.

    107. How do I find the serial number on macOS?

    1. Open Apple-menu and choose About this computer

    2. Here it is!

    3. For older macOS, double click on the version number to display the serial number.

    4. You can also find the serial number in the hardware section of System Information.

    Read more at Apple: Find your Mac`s serial number in About This Mac or System Information

    108. How do I force activation of Windows 10 using KMS?

    When updating Windows Pro 7 to Windows 10 activation may fail. The name of the university KMS-server has also changed a few times, making Windows computers using the old name get unactivated.

    It may look like this:

    1. Connect to the university fixed network (ethernet).
    2. First start a command window as administrator.
    3. The command slmgr.vbs /ato should try to do an automatic activation if the computer is part of the Active Directory. If it is not part if the Active Directory you need to specify the KMS-server, see below.

    4. If that do not work, try to specify the activation server first with slmgr.vbs /skms kms.user.uu.se and then followed by slmgr.vbs /ato again.
    5. And if that do not work, try to reset the product key and then do an activation with the command slmgr.vbs /rearm.

    6. Display information about activation with slmgr.vbs /dli. It should look like this:

    7. You can also check when the license expires with the command slmgr.vbs /xpr.
    8. If things do not work, maybe the KMS-address has changed? You can also check the current address with the command nslookup -type=srv _vlmcs._tcp.user.uu.se. If that is the case, the address kms.user.uu.se should be changed to the new one. Please send mail to helpdesk@bmc.uu.se to let us know if this is the case. In the example below both reference to the same server which is correct.

    109. May I have SIMCA and MODDE for Windows please?

    SIMCA is software for multivariate data analysis.

    Modde is software for design of experiments and optimization

    The university has a site license payed for by some departments that are using SIMCA and MODDE. In practice that means that SIMCA and MODDE are not payed for initially when installed but the departments and researchgroups that are using it has to pay when the site license is renewed. For this to be fair we need to keep track of every installation of the software. The computers that are using it are also tracked via the license server.

    There are Zenworks bundles for SIMCA and MODDE, so check if it is available in the ZENworks application window for you. (Otherwise, ask for it and it can be added).

    Contact helpdesk@bmc.uu.se for help with licenses or manual installation.

    110. How are the network sockets identified?

    This is a double socket. The identifiers are written together on a sticker on the socket. This is how to decipher them:

    Network socket identifier Cross connect cabinet identifier
    Left socket B1.216:05 C1-D202-01-03
    Right socket B1.216:06 C1-D202-01-04

    These numbers mean that the socket is located at the B1:216 beam in the B1:2 corridor. The cross connect cabinet serving this network socket is located in C1:2 and in this case the rack called C1-D202 in the panel number 1 and socket number 3 and 4.

    Some of the sockets have room numbers instead of beam numbers where the beam numbers are not applicable.

    111. Who is an employee and who is a student at the university?

    There are three different major types of active identity categories at the university - students, employees and other active (övrigt verksamma).

    • A student is always a private individual and cannot act as part of the university authority (myndighet).
    • An employee is always a part of the university authority.
    • An other active is a person where the head of department (or similar) take responsibility for that the other active acts in the same way as an employee.

    Persons who are students but are also working on behalf of the department should not use their Student ID but an Employee ID instead. This way the private use is separated from the use as an university employee or other active.

    Persons using an Employee ID can via the catalogue get group embership controlling access to shared electronic resources belonging to the research group (file server shares, high-performance computing clusters) and other electronic resources at the university.

    So why should a person use the role as an other active rather than a student?

    1. The research group leader can give the person group membership access to the shared electronic resources for the research group.
    2. The research group leader control start and stop date for the person getting acccess to the shared electronic resources.
    3. The responsibilites are clearly divided between technical access to the resource for the whole group (initially configured by a system administrator) and including the person in the shared resources for that research group (given by the research group leader).
    4. There is no additional administration by system administrators to manually provide access. This is done automatically via AKKA through the directory services (Active Directory (USER-AD) and LDAP) using groups from the catalogue.
    5. No person that has been given access is forgotten since the access is automatically removed.
    6. Depending on the computer systems that are used, a person using an employee ID and with group membership (access to shared electonic resources) will automatically get backup of important files (usually on Windows computers this includes Desktop and Documents).
    7. If a student (working on behalf of the university using their Employee ID as an other active) later will get employed all data is already at the right place and with correct ownership. Otherwise the data would have to be moved from their old place to the new and change ownership from the old Student ID to the new Employee ID.

    Please read more:

    Active category In AKKA controlled by department Type of ID Physical access to department Group membership in AKKA Visible in catalogue
    Student No Student ID No No No
    Employee Yes Employee ID Usually Yes Usually Yes Usually Yes
    Other Active Yes Employee ID Yes or No Yes or No Usually No

    112. GraphPad Prism, what does it cost?

    GraphPad Prism is a commercial scientific 2D graphing and statistics software for Windows and macOS.

    Perpetual license

    Search Progdist at UU Reload

    Personal subscription license

    There are Personal Subscription Licenses available at the GraphPad Prism homepage. However, those licenses we at BMC-IT cannot order for you via the university. But when using the software for a shorter time that license form is advantageous.

    Send a message to helpdesk@bmc.uu.se for help with installing GraphPad Prism.

    113. How does the presenter view work in Powerpoint and where are my videos?

    This is what your laptop displays to the left and what the video projector displays to the right.

    Lets imagine you connect your laptop to a projector and you have a duplicated display.

    When starting Powerpoint both the computer and the projector will show the same image.

    There is a small check-box in the Slide show tab called Use Presenter View. If it is not checked then it will look like this, with the normal Powerpoint view on the local computer screen and the slides on the projector. Powerpoint will automatically switch the computer display settings to extended view when two screens are attached.

    If the checkbox in the Slide show called Use Presenter View is checked then the presenter view will show up in the local computer screen instead of the normal Powerpoint edit view.

    Powerpoint has now switched the computer display into extended mode instead of duplicate mode. If the presenter now starts to watch a video on the computer local screen, then that video will only show up on that screen. The audience will not see the video.

    For the presenter to see what is going on the presenter either has to switch back into duplicate mode (by for example pressing Win-P and choose duplicate mode) Both the audience and the presenter can see the video.

    114. How do I install anti-virus software on macOS?

    Contact helpdesk@bmc.uu.se for advice.

    All computers have to run adequate anti-virus software according to the rules at Uppsala University.

    We recommend Symantec Endpoint Protection (SEP). Licenses for this are in most cases payed for by the department, but you must notify BMC-IT if you install on your own so that we know what is going on. Notify BMC-IT by mailing to helpdesk@bmc.uu.se

    The server is run by Polacksbacken campus for the whole of the university for those who like to cooperate on this.

    For this to work your computer host name must follow the Uppsala University naming scheme. This is first a three-letter-ancronym for the department, then a dash and then your serial number (or some unique identifier, if not using your serial number let us know) so that when we receive a warning we can identify the computer. As an example, a computer may be named BMC-07JD0NADJD3.

    How to install

    First the preparation:

    1. Make sure your computer host name follow the Uppsala University naming scheme.
    2. Notify BMC-IT what you are doing by mailing helpdesk@bmc.uu.se. Send the name of the computer.
    3. You must be located on the Uppsala University network or connect via VPN.

    Then the actual installation:

    1. Open the server smb://bmcit-common.files.uu.se/BMCIT-Common in Finder
    2. Open Public
    3. Open Public Installation Files
    4. Open Symantec_Endpoint_Protection_version_14.0.2332.0100_English for Mac (ANG) Pick the directory with this or the latest version number!
    5. Download Symantec_Endpoint_Protection_version_14.0.2332.0100_English.pkg by copying it to your local computer (for example the Desktop). Pick the package with this or the latest version number!
    6. Open the package and do the installation.
    7. Reboot computer.
    8. Start application Symantec Endpoint Protection and make sure it is working as it should.

    115. My computer has got a virus! What do I do?

    Contact helpdesk@bmc.uu.se for advice.

    First, if the anti-virus program catches the virus, it is usually not a big problem and the infected file may have been put in quarantine.

    These instructions are mainly meant for Windows.

    Try to clean the computer with Symantec Endpoint Protection and McAfee Stinger

    1. Run LiveUpdate in SEP again. If there is a new definition now SEP might be able to clean up the file.
    2. Run Full Scan in SEP.

    3. If the files are in quarantine, open with View Quarantine in SEP.
    4. Delete permanently or clean the files
    5. Download another antivirus tool. We recommend McAfee Stinger. Download a new version directly from McAfee which includes updated virus definitions. Do not download tools from unknown sources if you do not trust them.

    6. Wait for it to complete.

    7. We seem to be safe.

    How do I enable and test the Symantec Endpoint Protection?

    1. Open Symantec Endpoint Protection
    2. Make sure the Status is green like this:

    3. Test by going to EICAR site and download a test-virus. You may have to download the Zip to even be able to get it to your computer.
    4. SEP should print a warning message when trying to run the test-virus.

    5. And also show a detection result window:

    How to fix the computer to be safe?

    Computers that have been running with a virus or trojan usually download a lot more trojans and viruses. It is really hard to clean them all. To be sure, reinstall computer.

    1. Contact helpdesk@bmc.uu.se for advice. How to do this the most efficient way depend on the computer and environment. For example, if all files are on the file servers then just reinstall computer.
    2. Get a new (or an other unused) harddrive.
    3. Replace the old harddrive with the new one.
    4. Install operating system and applications on the computer using the new hard drive.
    5. Copy files from the old hard drive to the new computer while checking them for viruses.

    116. My Windows 7 computer is stuck in a Windows Update loop!

    Windows 7 in particular sometimes get stuck during updates. Windows will try to install the updates, then revert, and they try again. After a few iterations in this loop it will allow the user to login.

    Microsoft has the following instructions regarding how to try to fix problems with Windows Update: How do I reset Windows Update components?

    The easy way out is just to temporarily block the offending update. This will give you some time until the next cumulative update shows up. Hopefully Microsoft has fixed the problem then.

    1. Start Windows Update.

    2. Check for Updates

    3. Select the important updates.

    4. Hide the problematic update.

    5. It will be grey in the list...

    6. ...and show up in Restore hidden updates.

    117. How do I temporarily disable an update in Windows 10?

    Please read more at Microsoft about: How to temporarily prevent a Windows Update from reinstalling in Windows 10
    To temporarily prevent the update from being reinstalled until an updated fix is available, a troubleshooter is available that provides a user interface for hiding and showing Windows Updates and drivers for Windows 10. You can obtain and run the "Show or hide updates" troubleshooter by downloading it from the Microsoft Download Center:

    Download it here: http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

    118. What service levels does BMC-IT have compared to others at the university?

    The different organisations at the university have different level of service in order to fullfull their missions on a cost-efficient way.

    UUIT (IT-division) provides highly available services for the whole university.

    BMC-IT is focused on providing great services for the people at the campus and is trying to keep it simple and durable.

    UPPMAX is providing the best high-performance computing environment available, but is neither focused on high-availability nor user-focused service (not the individual users, but as a collective of course).

    ServiceUUITBMC-ITUPPMAX
    Server room cooling Redundant with backup (BMC-hall) Non-redundant
    Server room fire extinguisher Yes Yes
    Server room power Dual redundant UPS. Backup diesel power generator. Dual power to each rack. Non-redundant, UPS on critical systems
    Server room network Redundant routers, in general non-redundant top-of-rack switches but redundant etherchannel to clients via flexstacked switches also available Non-redundant (redundant core network)
    Server room stand-by personel in-house Yes No
    Server room stand-by personel external techician (power, cooling) Yes
    Stand-by decision making personel, possible to order in technical personel Yes No No
    Stand-by technical personel No No No
    Vacation spread out so that somebody always on duty during work hours Yes Yes Yes
    All systems maintained by a group (not individuals) Yes Usually, but with a primary responsible person and contact Yes (Primary and secondary contact)
    Somebody among the contacts or responsble for a service always on duty. (Not vacation on the same time) Yes No No
    Redundant storage systems which handle partial failure gracefully Yes (HNAS) Yes
    Simple and small storage system with faster full restore No Yes (PCFS) No
    Maintenance window adapted to individual user groups No Yes No

    119. How do I activate group membership in AKKA?

    AKKA can control whether the user will get group membership to the AKKA-group of the group.

    For example a person employed at the BMC campus management will get membership into the group called AKKA - SI29_9 in USER-AD.

    This group control access to network home directories for the department, shared folders for the group and automatic shared areas in Medarbetarportalen.

    1. You must be personal manager for the department.
    2. Get permission from the responsible person for the group. Group membership may give access (read-write) to research data belonging to the group.
    3. Find the user in AKKA. Check current status.

    4. Check the box gruppmedlemsskap

    120. How do I merge PDF documents with PDF-Xchange in Windows?

    1. Install PDF-Xchange PRO via the ZENworks Application Window:

    2. Wait for it to install.

    3. Opening the Zenworks Progress window by right clicking on the ZENworks icon in the mini-taskbar show the installation progress. This is optional.

    4. PDF-XChange will launch directly when installation is done. It will ask you if you want to use it as a default PDF application. You can do that, but it is optional.

    5. Start from the menu File (Fil) - New document (Nytt dokument) - Combine Files into a single PDF...

    6. Pick Add Files (Lägg till filer...). You can choose several at the same time.

    7. Press OK. You now have the new document in PDF-Xchange.
    8. Click the Save icon or Save as... (Spara som...) in the menu.

    9. Pick a name and click Save (Spara). The documents should now be merged in the new file.
    10. Done!

    121. Why use the university central storage (HNAS)?

    The department’s user documents should be stored in a central storage, preferably the Uppsala University IT department storage (HNAS), which has routines for backup with snapshots (snapshots of how a folder looks at a certain time). The snapshot feature saves old versions of files so that all users can retrieve them if need arises. They are stored every fifteen minutes for an hour, every hour for a day and every month for two months.

    In addition to high security, it also means that you do not need to plan for your own separate system's lif ecycle and perform upgrades of the system. If needed, the central IT department will take care of it, and you can be assured that your documents will be taken care of, in case of any migration to a new system.

    In the central storage there will be a personal file space created, where the user stores his/her documents. The file space can then be accessed from another computer, from within the university or from outside via a VPN connection. The permissions of the personal file space is controlled by the user's user account at the university. Of course, common file spaces can also be created. The permissions for a common file area is controlled by a user's membership of university groups.

    The cost of the central storage depends on how much that is stored and it is paid by the department, which then in turn can distribute the cost further. Storage on HNAS costs 7000 SEK/TB/year (2017-06-21).

    A secure storage should have high availability and reliability. In addition to this, in the light of recent alarms of "Ransomware" that can encrypt a computer's files and even spread to connected common file areas, it is very important to use backup with snapshots to be able to recover files. HNAS meets these criteria, and by using a central storage as HNAS for your documents, you also protect your backed up data from theft or destruction of another kind (e.g. fire and liquids) when traveling.

    Default snapshot time schedule for HNAS (2017-06-21):

    • Every 15 minutes for an hour
    • Every hour for a day
    • Every day for a week
    • Every month for two months

    122. Print using locked print on macOS

    1. First you have to make sure you are printing using the driver made for the Ricoh printer. When adding a printer do not use AirPrint but the PostScript driver (the one ending with PS) at the Use: drop down menu.

    2. If you do not have any PostScript driver, you have to download it from Ricoh. The Ricoh homepage is a bit hard to link to, but go to for example https://www.ricoh-usa.com/downloads/ enter the model number of the printer and download drivers.
    3. Then, when printing, enter Show details.

    4. In the drop down menu (currently showing Safari since I was printing from Safari) pick Job Log.

    5. In the Job Log settings, change Job Type: to Locked Print.

    6. Enter your settings - your username and a unique password.

    7. Print using these preset settings.
    8. Go to printer and enter the password to get the printer to print.

    123. After my employment at the university has finished, may I keep my old e-mail address?

    Picture of cast-iron mail slot letter box from Wikipedia

    In general your e-mail address will be removed when your employment is ended at the university.

    If you want to keep your address a bit longer you must change the settings for you in the university catalogue.

    There are as far as we know three ways of doing this:

    1. Contact the catalogue responsible person at the department. Increase the end date for employment in the catalogue AKKA. This will not make the person employed for a longer time, it is just affecting the catalogue (and e-mail address).
    2. Contact the head of department to get permission. Then get help from IT-division to increase the end date for employment in the catalogue AKKA.
    3. The person can also change status from being employed to other active and also have an end date put into the future. This is done by responsible for the catalogue at the department.


    124. How much memory does my Mac have? Can I get more? How much do I need?

    1. Go to the Apple menu and go to About this computer or Om den här datorn.

    2. Check Memory in GB too see what is currently have. Example with macOS Yosemite and 16 GB.

    3. Open the Memory tab to see how the memory banks are populated:

    4. The more memory the better:
      Tasks
      Memory Writing, Web browsing, Mail Running Virtual Machines with Windows Several Virtual Machines, MATLAB with large datasets, Photoshop with very large images, building large apps locally etc
      2 GB RAM Upgrade (works but very slowly - one task at a time) Upgrade (not possible) Upgrade (not possible)
      4 GB RAM Ok Upgrade (works but really slow hard to work in both at the same time) Upgrade (not possible)
      8 GB RAM Great Ok Upgrade (works but slow)
      16 GB RAM Great Great Ok
      32 GB RAM Great Great Great
    5. Find out what model you have. Example from above Mac mini (middle 2011)
    6. Send a message to helpdesk@bmc.uu.se. Supply the following information:
      1. What model the Mac is (see above)
      2. How much memory it currently have (see above)
      3. What room it is in. (Check your room number above the door)
      4. Payment details. (The research group leader and research group name)
      5. Your contact information (phone number) unless it is in the university catalogue.
    7. As Local IT (or interested user) Go to a website with all Apple models and their memory upgrades. Here are two examples from two memory manufacturers:

      At EveryMac you can also see the highest version of the operating system that is possible to run.

    8. As Local IT: Buy memory via produktwebben.

      Please note, this is done by the Local IT. Do not do this unless you really know what you are doing. And then you are on your own if the memory do not fit or something else goes wrong.

    9. As Local IT: Install memory on the Mac.

    Troubleshooting

    1. Reset the Mac parameter memory. After rebooting try and hold down these four keys together until it reboots again:
      Cmd/Command/⌘-Alt/Option/⌥-P-R
    2. Change the order of the memory physically. This may just clean the oxide from the connectors.
    3. Remove the memory modules, one at a time, and run the computer with the remaining memory to see of this solves the problem. Replace the faulty memory module.

    125. There is a problem with my screen

    Regarding Apple products:

    1. About LCD display pixel anomalies for Apple products released in 2010 and later
    2. About LCD display pixel anomalies for Apple products released before 2010

    Different type of problems:

    Here are examples of screen problems picked from HP support. Visit their excellent guide for further information. Here are some highlights.

    The screen is unsharp or stretched.

    It may be so that the computer resolution do not match the screen resolution.

    • Restart computer
    • For Windows, change screen resolution to the one recommended for the screen by right clicking on background and pick the correct one.

    • For macOS, open system preferences and the screen tab and change resolution to the one recommended for the screen.

    Some pixels are dead.

    The vendors usually have certain amount of allowed dead pixels on a screen. In practice one often have to live with it if the number is low.

    There are vertical or horizontal lines permanently on the screen.

    This is a hardware problem that cannot be fixed without replacing the screen.

    The screen is bleeding along the edges or corners

    1. This is a hardware problem that cannot be fixed without replacing the screen or parts of the screen. If it is really bothering then get a new screen.
    2. For old thick CRT-screens disconnecting the screen over the night could help. However, for modern LCD/LED-screens we have still not heard that that should help.

    On Mac, colors in the background is bleeding through front window

    The Yosemite GUI introduces transparency for window. For example here in Safari top of window (red) and right side (brown):

    Fix by activating Reduce transparency in Accessibility preferences.

    126. I cannot read my USB-drive. What do I do?

    Drive is ok but has lost power a bit too much

    If the drive can be seen (accessed) by the computer but cannot be read (open file system), I would try to check the file system of the drive.

    I assume the drive is using a DOS or NTFS file system (this is the standard file system for Windows).

    1. Open Start-menu and click on Computer.
    2. Right-click the drive that you want to check and click Properties.
    3. In the Tools-tab, under Error checking, click Check now. Enter administrator password.

    Cabinet is broken but drive is ok

    Secondly, if the drive cannot be seen at all, maybe the electronics in the cabinet is broken but the drive is OK. Contact helpdesk@bmc.uu.se to get help.

    1. You can do this yourself too. Send a mail to helpdesk@bmc.uu.se and ask for a spare SATA-USB-adapter if you do not have one. The internal SATA-port and SATA-power in a PC might work too (only connect when the computer is turned off).

    2. Open the USB-drive cabinet and remove the drive.
    3. Insert the drive into the SATA-USB-adapter and connect the USB to the computer.
    4. Open file system and read your files.

    Broken drive with bad blocks

    If the drive has bad blocks and is generally messed up, reading the blocks one by one may help.

    1. Run Linux on a computer. Contact helpdesk@bmc.uu.se to get help if you cannot do this yourself.
    2. Use the tool ddrescue to create a block image of the drive.
    3. Also HDD Raw Copy Tool may be used to take a complete copy of the device.
    4. Take the file and write it to a disk or virtual device. (A copy of the file).
    5. Try to read the file system in Windows and perhaps check the file system.

    Files has been erased by mistake

    1. The tool TestDisk (read about TestDisk on Wikipedia) can be useful for partition recovery and deleted files recovery.

    Drive show transient errors

    Some USB-drives with transient errors may not work in Linux or Mac but work in Windows. And where File Explorer in Windows times out and is amost unusable, RoboCopy may prevail.

    Here is an example copying files from the D: drive into another directory, retrying a copyple of times and excluding the recycle bin.

    robocopy d:\. c:\recover\. /E /R:10 /W:1 /XD "$RECYCLE.BIN"

    Almost all hope is gone

    Send it to a company that can rescue broken drives by for example changing the electronics from another identical drive. This does cost a lot of money. IBAS is one of them.

    If the drive plate is confetti even these companies cannot help you.

    127. How do snapshots in the HNAS file server work?

    The HNAS file server saves old versions of files so that any user can retrieve them.

    The default snapshot time schedule looks like this: (2017-06-21)

    • Every 15 minutes for an hour
    • Every hour for a day
    • Every day for a week
    • Every month for two months

    In Windows open Properties of a file or folder and then in the Previous versions tab pick an appropriate version.

    In macOS mount with an extra /~snapshot in the path to access the snapshots folders. Use your own university account instead of the example below.

    Then enter the appropriate folder to search for the lost version.

    128. I have installed R in another location. How do I use it in a script?

    If you are running macOS or Ubuntu and have installed R in for example in /opt/local64/R/3.1.1/ and have /opt/local64/R/3.1.1/bin in your path would like to write scripts that use this location, and any other location where you install new versions of R, you may use /bin/env to start R.

    The general idea in Unix is that the operating system and the packaging system install software in /bin and /usr/bin. The user install for a local system manually in /usr/local/bin. Shared software over a distributed file system (NFS, Lustre, CepFS..) usually resides in /sw /opt /srv. A packaging system external to the OS (like MacPorts) usually resides in /opt/local.

    $ which R
    /opt/local64/R/3.1.1/bin/R
    $ cat >test.r <<EOF
    > #!/bin/env Rscript
    >
    > print('hello')
    >
    > EOF
    $ cat test.r
    #!/bin/env Rscript
    
    print('hello')
    
    $ chmod +x test.r
    $ ./test.r
    [1] "hello"
    $ _
    

    129. How to get started with SNIC Science Cloud?

    1. First go to https://cloud.snic.se. It should be a webpage with a menu to the left with lots of interesting information and a link To the Dashbord:

    2. If you now go to the Dashboard and follow the normal SWAMID login procedure this will show up:

    3. Create new proposal by logging into https://supr.snic.se/ and and go to Proposals https://supr.snic.se/round/ and the select SNIC Science Cloud 2017.

    4. Create the proposal and at Resources.

    5. Select Add Resource to proposal. Select the number of coins.

    6. Edit Basic Information.

    7. Select a proper SCB-code when applying.

    8. You may want to add a co-investigator. The co-investigator also has to create an account at supr.snic.se.

    9. Now we are ready to Submit.

    10. And Confirm.

    11. There are more steps here, but this is at least a beginning!

    130. My Outlook do not start! What can I do?

    Run Outlook in safe mode and will repair and start again.

    You can also hold down ctrl when starting Outlook or you can start Outlook with the argument /safe like this:

    Follow the instructions from Microsoft on how to Open Office apps in safe mode on a Windows PC.

    131. I have several employers at the university and I would like to change my primary email address!

    This is changed centrally at the university. Your local department cannot change this.

    Please contact helpdesk@uu.se.


    132. What is the cost of a PC file server?


    Please note! BMC-IT has a PC storage solution service. Read more in the SOP - Common service PC file server. Also note that for home directories we recommend using the IT-division HNAS file server.

    These are examples of the costs of buying and maintaining a PC file server. The example below includes a server from Supermicro and one from HP. HP includes on-site support, Supermicro do not. Please note that TSM-backup is not included in these figures! (Prices updated in September 2016.)

    • Very cheap Good for lots of data when the price has to be low.
    • Acceptable speed Good bandwidth - can receive and send 1 Gbit/s (or 10 Gbit/s with appropriate network and multiple clients). Since the drives are rotating HDD, relative SSD the latency is high and IOPS are lower. But it works fine with large files.
    • Low availability BMC-IT in general only do support during office hours. If the PC server totally breaks down (it may happen!) it will take some time to get service or spare parts or restoring from backups. Compare this with the IT-division HNAS file server which has built in redundancy.
    • Linux and Active Directory These examples uses Linux (preferably CentOS 7) as an operating system and connects to the university Active Directory and works as a file server using Samba. More complex setups than this may need extra time to set up and maintain. For example running a Windows server instead of Linux requires extra costs for licenses.

    This is a Supermicro file server with enterprise drives. Includes ship-in support from Southpole.

    Normal HP file server with enterprise drives, three year next business day on-site support from HP.

    This is a Supermicro file server with archive drices.

    Cost of a rack unit per year: 1250 (full rack) or 2000 (single machine) SEK
    Number of rack units in the server room:
    (If no new space is needed, set a 0 here)
    U
    Cost for the server with no drives: SEK
    The number of drives: drives
    Size of the drives: TB
    Number of years to run the server
    (warranty)
    years
    Cost of each drive: SEK
    The number of working hours spent each year:
    (system administration and support)
    h/year
    The cost of a working hour: SEK/h
    The part of the raw storage that is usable:
    (RAID6 (two parity drives) on five drives equals 0.6.)
    usable storage factor

    Purchase cost SEK.

    Raw storage TB.

    Usable storage TB.

    Yearly cost SEK/year over years (includes everything)

    Cost for raw disk SEK/TB/year.

    Cost for usable storage SEK/TB/year.

    Two identical file servers (one for backup using snapshots / shadow copy) would cost SEK/TB/year

    Two servers (as above) and a cold standy (no drives) would cost SEK/TB/year

    133. My mailbox is full! What do I do?

    The Exchange mailserver at the university has a limited amount of storage quota for each user. This is to prevent a single user from accidentally filling up all space.

    No worries. Just contact contact helpdesk@uu.se to get more space. Send a mail from your own account and ask for a more mailbox space.

    How to check usage

    In Exchange 2016 you do this to check your usage:

    1. Open Options in the top right corner cogwheel
    2. Go to General in the left menu
    3. And then to My account
    4. Mailbox usage should be reported in the right bottom corner.

    134. How to connect with VPN using AnyConnect in Windows

    1. First you must apply for a VPN account.
    2. Start Cisco AnyConnect Secure Mobility Client.
    3. Enter vpn.uu.se and press Connect.

    4. Enter Username and password A and press OK.

    5. When connected it should briefly look like this.

    6. Open the client again by for example clicking the little icon in the toolbar.

    7. Disconnect by pressing Disconnect.

    135. How do I change Windows offline files disk usage?

    1. Start Manage Offline Files from the Start menur via Sync Center.

    2. Open the Disk Usage tab:

    3. Open Change limits. You have to be local administrator in order to do this.

    4. Change the settings.

    136. How do I use offline files?

    What are offline files?

    Short story: It lets you always have access to your files even when not connected to the file server at the Uppsala University network.

    Long story: Windows has a feature for making files on a file server available offline even when the connection to the file server is lost. The client stores the files in a offline cache. Changes in the file when offline is stored locally. When the computer or server is back online the data is synced to the server. This works well on files a single user changes but not so well on shared folders where different users make changes on the same files.

    Enable offline files

    1. New computers installed and maintained by BMC-IT has offline files already enabled.

    2. In the start-menu, type offline to find and start Enable offline files On this computer the administrator (BMC-IT) has already activated it.

    3. In the Offline Files window, click on Enable offline files.
    4. Restart computer for the changes to take effect.

    Make files or folders available offline

    1. The default settings make the folder redirected folders always available offline. This includes Desktop, My documents, AppData etc. For normal use when all data is saved in these locations.

    2. It is possible to get other folders in the home directory available offline. In Explorer, right click on a folder or file and then choose Always available offline.
    3. The shared folders with other users should not be used with offline files. It is technically possible but may lead to conflicts.

    View offline files

    1. In the window Offline files (see above) choose the button View your offline files.

    2. Here is a representation of all files available offline. Enter the different directories to see what has been picked up.

    Keeping an eye on what's going on

    1. Open the task bar notification window for offline files. It looks like a green recycle circle.

    2. Right click to for example View conflicts

    3. Since the notification did not show a warning there are no conflicts:

    Conflicts and how to handle them!

    1. However, we can provoke a conflikt.
      1. Go offline by pressing Work offline in the file explorer.

      2. Change a file on your computer.
      3. Change the same file on another computer.
      4. Then Work online again on your computer.

      5. The status notification should now show a conflict:

      6. Thge View Conflicts dialog now show the file where there is a conflict:

      7. By right-clicking on the file and show View options to resolve... Windows try to help with what to do:

      8. Keeping both versions make both show in the file explorer:

      137. How do I use Eduroam, the wireless network, in Windows?

      For manual installation follow this guide.

      With ZENworks you do like this.

      1. Start ZENworks application window and open Eduroam

      2. Wait for installation. It will not take long.
      3. Windows will ask for user and password

      4. Enter your username followed by @user.uu.se and your password B. This is not the password you use for logging in to your computer but the other one.

      5. If you have disconnected from Eduroam and want to connect again open the wireless connections in the taskbar and click on Eduroam.

      138. Connect to eduroam using iPhone with iOS 10

      Instructions how to connect to eduroam using an iPhone with iOS10.

      1. First, open "Settings". Then select "Wi-Fi". Select "eduroam".

      2. Enter your AKKA-id followed by "@user.uu.se" and then enter your password B.

      If you have forgotten your password B you can reset it using https://akka-anv.uu.se and password A.

      3. Click to trust the certificate. After this step the phone should connect to eduroam. It might take 30-60 seconds.

      If it doesn't work, try to reboot the phone and repeat the procedure.

      If it still doesn't work, you can try to reset the network settings (Allmänt / Nollställ / Nollställ nätverk). Beware though that if you do this you'll need to enter all WiFi-passwords again on all networks.

      139. How do I send Bcc from Apple Mail and import recipients from Excel?

      1. Put the e-mail addresses in a column in Excel:
      2. Copy the column with Cmd-C

      3. Paste the content into the Bcc field in Apple Mail with Cmd-V

      4. Fill up with other content and then send!

      140. How to use WinSCP to access files over SCP on Windows

      SCP is encrypted making this a relatively secure way to access files even from home or over WLAN (wireless network).

      1. Download and install WinSCP from http://winscp.net/eng/download.php or open it in ZENworks application Window.
      2. Login on the server, in this example neuro-l2.neuro.uu.se using your username and password A.

      3. Accept the host key.

      4. Access your files. This is your home directory. If this is on a file server where the group store data. you should not put stuff here.

      5. Change directory into the share for your group. On this particular server the shares are located in /data/hl, /data/kl2 etc. Go here by clicking on the / in the location and then on data.

        Or click on this little icon first and then on data.

      141. How do I look in the event log in Windows?

      In the event log Windows stores events that happened on the computer. For example - who has logged into your computer and when.

      First start Event Viewer.

      Then find the Security log and scan for interesting events.

      Using the Filter Current Log... feature it is possible to only display events of a certain type.

      To catch all logon events there is a setting in the group policy to activate auditing of these. Start up gpedit and change Computer Configuration / Windows Settings - Security Settings - Local Policies - Audit Policy - Audit login events. This is the setting you wish to change:

      Audit both Success and Failure.

      It should look like this after you are done:

      142. How do I process orders using shopping carts in produktwebben?

      If you know what you want but do not want to place the order yourself.

      1. Go to Produktwebben
      2. Create a Shopping Cart

      3. Put products in the cart
      4. Send the cart to BMC-IT at helpdesk@bmc.uu.se or directly to your contact at BMC-IT

      5. Write down the invoice reference (fakturareferens), for example 123ABC. Here you can also write a message. This may for example be about (but is not restricted to) register licenses or installing software.

      143. How do I order computer accessories and peripherals?

      1. First check with your department Local IT (this may be helpdesk@bmc.uu.se) (and of course your supervisor if applicable) to make sure you are following the procedures at your department and research group.

      2. If you are the unsure of what to buy, ask your Local IT.

      3. If you know what you are doing, proceed. Otherwise ask for help.

      4. You have to know the reference to use when ordering. If you do not know this talk to your supervisor.

      5. Go to Uppsala universitets Produktwebb.

      6. Find what you want. To follow the rules of government procurement you have to buy the cheapest one that fulfill your requirements.

        Everything in Produktwebben is a not good choise just because it is there. For example with computers, your IT-support usually has a list of models that have been tested and is preferred. Read more about this in the FAQ about How do I buy a new computer.


      7. Place the order or get help with ordering.


      144. How do I activate my Office using KMS?

      Microsoft Office 2010, 2013 or 2016 on Windows 7 or Windows 10 connected to the USER-AD, the university Active Directory (using the university accounts), should automatically activate on the university network.

      If it does not work or if the computer is not part of the Active Directory, follow these steps:

      1. Connect computer to the wired network at your department.
      2. Start an elevated command prompt window - run cmd (command prompt) as administrator. Please see the FAQ How do I check if I am a local administrator in Windows? on how to do this.
      3. Enter the Office installation directory (
        Office 2010 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office14
        Office 2013 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office15
        Office 2016 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office16
        Office 2016 (64-bit)
        Enter the Office installation directory with typing cd c:\Program Files\Microsoft Office\Office16
      4. Run the activation script:
        1. First try to run the command cscript ospp.vbs /act. (Read more about this here: Tools to manage Office 2013 volume activation.)
        2. If the computer cannot find the KMS-server (you may be behind NAT in a virtual machine) you can try the command: slmgr /skms kms.user.uu.se first and then the command slmgr /ato to activate (Windows) or cscript ospp.vbs /act (just Office).

          To find the correct host (currently 2016-05-30 kms.user.uu.se) follow these instructions: How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

      5. Close the command prompt window.

      If an old version if Windows in some way managed to block the new installation, then run the EasyFix uninstall tool from Microsoft

      1. Uninstall Office 2016, Office 2013, or Office 365 from a PC using the easy fix tool (Really useful if you have an Surface Pro or any other new computer with pre-installed Office 365 that you want to get rid of!)
      2. Uninstall or remove Office

      It is possible to do a manual uninstall of Office

      145. My Windows computer is running out of storage. What is using it?


      Wikipedia has a list of disk space analyzers. Disk space analyzers do a scan of the file system and display what is using up all the resources.

      We have tested TreeSize Free which can be downloaded from Jam-software.

      After installation it will scan the hard drive and display a nice window that looks like a file manager. It will display the size for every directory and the contents in it.


      146. How to downgrade to Java 7 for Windows

      Some applications at the university (like Raindance and NyA) do only work with the soon obsolete Java 7 and not the current (2015) Java 8.

      1. First go to Programs and Features.
      2. Uninstall Java 8

      3. Go to the download Java 7 page.
      4. Save as.

      5. Save as File Name with .exe in the end

      6. View downloads, open folder, run and install.
      7. Remember to not install the Ask tool bar. Uncheck it.

      8. Done.

      147. My computer was stolen! What should I do?

      1. Report to police. Call 11414. If it is not urgent you can do this online at https://polisen.se/Utsatt-for-brott/Gor-en-anmalan/
      2. Report to head of department.
      3. Report to Local IT. BMC-IT can be reached at helpdesk@bmc.uu.se.
      4. Change all your passwords at the university. Go to Akka self-service.
      5. Change the passwords of all the web services you use. Many people save their passwords in the web browser.
      6. Have you used any of these on your computer - change password: Apple (iTunes), Google (Gmail), PayPal, eBay, Spotify, BankID
      7. If you are using SSH with public key authentication without password (you should not), you have to remove your old public keys from the servers where you use this authentication. (If you do not know what SSH is then skip this step.) Create new public and private keys for your new computer.
      8. If you are using a Mac, you can try to find the location of your stolen computer at iCloud. You must have activated this in the system preferences in your Mac. Login at https://www.icloud.com/#find with your Apple ID to try to find it. This only works if the computer has been online after it was stolen.
      9. Order new computer. Contact Local IT to borrow a computer while waiting. (Usually there are some old computers around. For example BMC-IT has plenty of old stationary PCs with Core 2 Duo, 3 GB RAM, mechanical HDD and 19" screens.)
      10. Remove computer from inventory at department by marking it as stolen. This requires a copy of the report to the police.
      11. Restore data from backups and/or file server.

      148. How do I access my home directory?

      Open the Explorer in Windows and look for X: and P:. Store your personal stuff on the file server in X:. The P: is used for shared (public) storage between members in a group or at the university.

      If should look like this:

      On some computers (all the new ones) the desktop is also stored on the file server. Check if you put stuff on the desktop it also shows up on X:\Desktop.

      149. My Save as dialog doesn't show the desktop!

      In Windows, sometimes some of the favourite save as locations may have been removed. This is how to restore them:

      1. Right click on Favorites

      2. Choose Restore favourite links

      3. Now the Desktop should be back.

      150. How do I overwrite deleted data in Windows?

      Microsoft Windows has a tool called cipher which can erase (fill with zeroes) unused space on the harddrive, including already removed files.

      151. How do the different types of storage compare to each other?

      This is an illustration how how the different types of storage that is available compare to each other regarding Availability, Reliability, Performance and Price.

      Reliability
      High reliability means a low risk of data loss over a long period of time.
      Availability
      High availability means the system is (almost) always online and in order to do this it has to handle equipment failures of different kinds and still be running.
      Performance
      Performance may both mean high IOPS (many small requests) and bandwidth (lots of data), but here it is simplified.
      Price
      This is the cost in SEK per terabyte of stored data per year. (Updated in December 2015.)

      One of many things that are beyond this comparison is the cost of entry. A single big PC-server with a lot of disk is around 250 kSEK and can store 576 TB raw data (around half of that is usable when using 3+2 RAID6 plus hot spares) and may last with support for around 5 years. A small share on the HNAS file server, which may be useful for a whole department storing small but important files, may be as low as 1 TB and cost 7000 SEK/year. A Ceph system is only recommended if one is scaling it up to a lot of file servers (and a lot of time for system administration) providing huge amount of bandwidth.

      In practice this means that a PC file server, with proper backup or remote snapshotting to another PC file server, may be useful for storing a lot of data cheaply, but not for example used as 24/7 available file storage.

      The university HNAS file server service is a very good for general storage of data in a safe way.

      Availability-Performance comparison The performance in the HNAS system and a PC with SSDs is great, but HNAS is a lot more available since it has fault-tolerant hardware to higher extent.

      Reliability-Price comparison There is a very small risk of data loss in a well set up PC file server with backups. The same applies to the HNAS system, although it is more expensive and as seen above, more available.

      152. Open the server room for me please

      BMC-IT can help you access the server room during daytime if your normal access methods by some reason are not possible.

      We need the following information:

      • We need to know who you are. If we do not know you we need to confirm via photo-ID (drivers license or passport) or by someone we know
      • Authorization (written or via phone) from someone responsible at your department or the IT-division

      Either send a mail to helpdesk@bmc.uu.se or visit us in person at BMC C6:3.

      153. Do you have a VMware virtual server I can use?

      The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

      The current rate is 7000 SEK/year. This includes 50 GB disk. Disk is available for 7000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (Prices from 2016-03-10)

      Contact uppdrag@its.uu.se at IT-division to order a virtual server. If you need help contact helpdesk@bmc.uu.se and we can guide you.

      If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.


      154. How do I install EndNote?

      To do a manual installation of EndNote, contact helpdesk@bmc.uu.se. Also get approval from the one with the money.

      EndNote can be installed via ZENworks in Windows, just click on icon in ZENworks application window like this. An email will be sent to helpdesk@bmc.uu.se who will arrange licensing.

      Accept the cost:

      155. How do I access my work-computer from home?

      1. Find out if you need access to the files or the actual computer running programs on it.
      2. If you only need access to the files, then it might be easier to store the files on a file server. Access the files in a secure way from home over VPN connecting to the file server.
      3. If you need access to the computer to be able to run programs on the computer, then:
        1. Allow someone to connect to your computer using Remote Desktop Connection. (Read HOWTO in Swedish or Read HOWTO in English)
        2. Lock the computer to a specific IP (Contact your Local IT, computer name, your current IP and MAC-address)
        3. .. and open in the router filter so that you can run remote desktop from the VPN to the computer. (This is also done by your Local IT.)

      Mac

      In Mac, get Microsoft Remote Desktop which is free in the App Store.

      Add a new host hosts with login (with the windows domain) and password and then Start!

      Remember to add the Windows domain in for example the format username@domain, if the host is connected to a Windows domain.

      Windows

      In Windows, start Remote Desktop Connection and enter the details and then Connect.

      Linux Ubuntu

      Install rdesktop and run for example this command:

      rdesktop -p MySecretPassword -u _jny25782-T -d USER -x 0x80 -g 1800x1100 -k sv dcts.user.uu.se
      

      156. How do I start Primula? (or install a new version)

      1. Open Zenworks Application Window

      2. Find the Pimula Icon in the ZENworks Window

      3. Doubleclick to start. If this is a new version you have to wait a bit for it do download and install first.

      4. Next time, Primula can be started from the Start Menu in Windows. Primula has an automatic upgrade function, but it does not always seem to work. To install a new version, follow this instruction again.

      157. How do I log in to Raindance-portalen?

      1. Go to Medarbetarportalen - mp.uu.se.
      2. You have to log in. Press Logga in / Log in .

      3. Log in as usual with your username and password A

      4. Go to Min sida / My page.

      5. To get Raindance-portalen in the little list you have to press the cog wheel (settings) to the right.

      6. Scroll down a bit in the list to check the mark in front of Raindance-portalen

      7. Now you can go directy to the Raindance-portalen.

      8. Ok, ready to log in using your username and password A.

      158. I do not work in Uppsala, how can I activate my university account?

      There are several options at www.uu.se/konto.

      An easy way is to use an account at www.antagning.se and then activate the university account.

      If you already have a student account, use this account to change the password for your employee account.

      159. Add a printer in Ubuntu 14.04

      1. Find System Settings.

      2. Open System Settings

      3. Open Printers in System Settings

      4. Add a New Printer

      5. Expand the Network tree and see if it is browsable. Choose a way to connect. It usually does not matter. If the printer has dynamic DHCP (different IP from time to time) then use DNS-SD (Bonjour).

      6. Many printers are automatically found correct drivers for, but if not, see if you can find it in the driver database. You need to know:
        • Manufacturer
        • Model
        • Perhaps the IP-address of the printer

      7. If not found automatically, pick Maker

      8. If not found automatically, pick Model

      9. Give it a name. We recommend room number and model.

      10. Ok! Lets go! Print Test Page and press Ok.

      11. Done!

      160. Print using locked print on Windows

      1. Open print dialog for a Ricoh printer.
      2. Open preferences.
      3. Chose Locked Print at Job Type.

      4. Open Details...
      5. Enter user-ID (your own) and password (unique)

      6. Print using these settings.
      7. Go to printer and enter the password to get the printer to print.

      161. Print using UserCode for Ubuntu

      Some printers are set up using UserCode for internal billing purposes. If no UserCode is used one cannot print on the printer.

      After adding a printer in Ubuntu, using the correct driver, select Properties for the printer.

      1. In the Printer Options set User Code to Custom UserCode.

      2. In the Job Options add a new option called UserCode.

      3. Enter the code here in the new UserCode option.

      162. Manage your Xibo display

      1. Get an account for Xibo from the Xibo administrator (contact helpdesk@bmc.uu.se with correct permissions for your displays.
      2. Go to the Xibo server address to manage the device.
      3. Upload media (images)
      4. Create Layout
      5. Edit display and set default layout.

      163. Install Xibo client on local computer for testing

      1. Save MSI-package.

      2. Run it and follow the wizard.

      3. Accept Xibo license.

      4. Go ahead with default path.

      5. Run the installation. You need to be local administrator.

      6. Enter the magic key for register the display (which you get by contacting Xibo administrator)

      7. Register with an appropriate name:

      8. Wait for a Xibo administrator will register the display.

      9. This is how an unregistered display looks when the Xibo client is running:

      10. For the next step the Xibo administrator needs the register the display by pressing Edit on the display and save in the Xibo web interface.

        164. My harddrive broke! Do you have any spare parts?

        Yes, we usually have a couple of 120 GB or 250 GB Samsung EVO 8X0 SSD.

        You can take one if you order a new one (or your Local IT order for you) and replace it.

        Here are examples from produktwebben with current (2015-02-17) prices:

        Contact helpdesk@bmc.uu.se as usual to replace your harddrive.

        Remember, if you do this on your own and open your computer yourself you got to know what you are doing.

        165. How to create a local Windows user

        1. You need to be local administrator on the computer for this to work. If you are not then contact helpdesk@bmc.uu.se for help.


          Please note local accounts with local files will not be backed up!

        2. Start computer management:

        3. Go to System Tools and Local Users and Groups and create a New User...

        4. Enter the details. Use a password with more than 10 characters.

        5. Now the user is created.

        6. Opening Properties for the user and add the user to the local group Administrators:

        7. Find the administrators group by typing administrators, press Check Names and then confirm with OK.

        8. It should look like this - the user is member of the local administrators group:

        9. Logout and login with .\labuser (Not the .\ in the beginning so it is a local login and not a Windows-domain user) and the new password.

        This documentation is covered by GNU Free Documentation License.