Frequently Asked Questions - BMC-IT


windows ubuntu macos xibo network zenworks android storage
  1. What do I do with old computers or phones?     [jump in page]   2019-08-27
  2. What should be done to introduce a new system administrator at BMC?     [jump in page]   2019-07-10
  3. How do I take backup of the data on my computer?     [jump in page]   2019-05-29
  4. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)     [jump in page]   2019-05-29
  5. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?     [jump in page]   2019-03-14
  6. How do I map a network drive via SMB on Windows?     [jump in page]   2019-03-08
  7. How do I connect to a file server via SMB on macOS?     [jump in page]   2019-03-01
  8. We have a server, where should we put it?     [jump in page]   2019-02-25
  9. My Windows computer is running out of storage. What is using it?     [jump in page]   2019-02-13
  10. Where do I store my data? How do I take backup?     [jump in page]   2019-01-22
  11. What about the GDPR?     [jump in page]   2019-01-11
  12. Do you have a virtual machine (server) I can use?     [jump in page]   2019-01-11
  13. How do I mount my home directory or shared storage at HNAS?     [jump in page]   2018-12-21
  14. How does the new Adobe Creative Cloud Named license model work?     [jump in page]   2018-12-10
  15. How do I send a large file to someone outside (or inside) the university?     [jump in page]   2018-10-16
  16. What are the bitrates for different digital video quality?     [jump in page]   2018-06-13
  17. What is ransomware and CryptoLocker?     [jump in page]   2018-03-23
  18. How do you secure delete data from the computers and servers?     [jump in page]   2018-01-11
  19. How do I get deduplication to work in Linux?     [jump in page]   2017-12-12
  20. My Android device is running out of storage. What is using it?     [jump in page]   2017-12-12
  21. What is the point with the zone files.uu.se?     [jump in page]   2017-12-07
  22. What is the cost of a PC file server?     [jump in page]   2017-06-02
  23. My mailbox is full! What do I do?     [jump in page]   2017-05-31




1. What do I do with old computers or phones?

See also:
See also: What software applications do the university have that I can install?

Why can I not leave everything at the electronic recycle room?

The storage (usually a hard drive or flash memory with permanent storage) in may contains software with licenses belonging to Uppsala University (Windows, Office, Adobe etc).

Sometimes the storage contains passwords (stored in Firefox, Safari, Internet Explorer, Outlook, Thunderbird etc), password hashes (kerberos keys in Windows, macOS etc) or private keys (PyTTY, OpenSSH etc).

Sometimes the drives also contains sensitive personal data or data of other sensitive nature.

Option one - give it to BMC-IT

  1. Please fill in the form Data deletion approval.
  2. Give the equipment to BMC-IT. We will either scrap it or try to reuse the parts. If it is not for scrapping or possible reuse we cannot store it.
  3. Report the equipment as scrapped in the department inventory.

Option two - scrap it right away

  1. Remove the permanent storage (hard drive, solid-state drive, flash or other). This may not be possible in all devices.
  2. Please fill in the form Data deletion approval.
  3. Give the storage to BMC-IT (or your Local IT).
    1. If the storage contain really sensitive data it will be sent to the Security and safety division or the facility they recommend.
    2. If the data is not as sensitive and the drive is meaningsful to reuse, we will erase the drive on the block level (killdisk) and then reuse it.
  4. Bring the equipment to the electrical waste room at BMC D0:109.
  5. Report the equipment as scrapped in the department inventory.





2. What should be done to introduce a new system administrator at BMC?

There are several different systems a new employee may get access to. This is not a complete list of all systems that should be given access to but rather a list of external systems that one should at least be aware of.

Some of these things have to be done before an employee start.

Some of this applies to more than just BMC so you are more than welcome to take a look. Please let us know if there are things we are missing.

Personal computer and work space

Get an office. Chair, table, network. Do you need an ergonomic adjustable table? Make a raid down to the BMC campus office supply cabinet and get some pens, a notebook, a scissor and other office stuff that you might need.

If you have a Mac, get an external hard drive to run local Time Machine backups.

Get a standard PC and/or Mac up and running with the standard installation. When you have a UU account, make sure you are a local administrator.

If you need to, get two USB-sticks, one with Windows (with MDT) and one with latest macOS so that you can reinstall computers. Be familiar with the instructions regarding reinstallation of Windows and macOS.

There is a Mac installation server available on the BMC-Data network. There is a PXE boot menu available on almost all networks where legacy (not UEFI) installations of Windows can be done. Also basic network boot options for installing CentOS, installing Ubuntu and running Memtest86 etc are available there.

Configure the computer to work with eduroam and eduPrint. Make sure it works.

Order a home directory at My Rudbeck and use the Medfarm voucher to get it for free. Make sure you can access this storage on your computer.

Try out Filr the file sync system. Install the Filr client on your computer. Understand where data is stored. Make sure you can access the data both via Filr and directly.

Let your boss order a phone, either fixed phone or mobile.

Activate your access to the VPN service by following the instructions.

Work clothing

You may get your own fancy BMC/UU hoodie at Grolls. Or whatever work clothing you need for doing your job.

Administrator access

Apply for administrator access to the Local IT organisation in the Active Directory. This will control access to USER.UU.SE\BMC and USER.UU.SE\LocalIT\BMCI in the Active Directory. The terminalserver to use is called dcts.user.uu.se.

The group BMC Computing Department in USER-AD (sorry for the odd name of this group) control some access to different systems, including the file share \\BMCIT-Common.files.uu.se\BMCIT-Common aka \\USER.UU.SE\BMCI\Common.

The Zenworks system for management of mainly Windows.

The Munki system (Managed software center) for list packages etc for Mac and the Munki bootstrap.

The Symantec server (just FYI).

Physical access

You need an employee key card. This will grant access to the corridors at BMC but not to other campuses.

You need a key to your office. Almost all offices at BMC campus management share the same lock and key.

After instructions, you may get access to the BMC computer room at D11:0.

The cross connect cabinets of BMC are locked with a special key which could be granted access via the BMC-administration if needed. There exists an extra key in the Nyckelpiga at the basement so one do not need a physical key all the time.

Network management systems

There are some network administrative systems that one should be aware of and maybe given access. This includes:

  1. NetDB (for IP / VLAN / Mac / Switch-port information) (Ask Netsupport for access)
  2. NetReg (for Vlan and router and router filter configuration) (you need a static IP for this on your client so fix this in the following system first...)
  3. Bluecat (the IPAM system for DNS DHCP information) (Ask Servicedesk for access)

Medarbetarportalen

Login at Medarbetarportalen. Here you can find for example:

  1. Sympa - mailing list server. You may want to join these mailing lists:
    • da-info@lists.uu.se
    • it-forum@lists.uu.se
    Someone at BMC-IT have to add you to:
    • bmc-it@lists.uu.se
    You will be automatically added to:
    • bmc-int@lists.uu.se
  2. Primula Web - wage, vacation, sick leave, parental leave etc.
    • Send in reciepts for healthcare (visiting the doctor or prescribed medication)
    • Send in reciepts for wellness (gym membership, swimming and many other forms of wellness activities)
  3. Product Web - procurement
  4. Progdist - software licence server
  5. Akka-self service - how to change password and create guest accounts
  6. eduPrint - the printing system
  7. EasIT - the helpdesk system. This is the tool to handle support requests.

Other systems:

  1. Rudbeck-IT has a chat at https://chat.rudbeck.uu.se
  2. BMC-IT has an old arpwatch at http://net.bmc.uu.se/

Documentation to read

Read the docs in the FAQ at http://it.bmc.uu.se/faq/ and SOPs at http://it.bmc.uu.se/sop/. You do not have to read everything but it is good to have an idea of what it is. Of special interest may be how to reinstall computers with Windows and macOS.

There are more docs at the INV-Common share as well.

Take a look at the central IT helpdesk documentation at mp.uu.se/web/info/stod/it-telefoni

Take a look at the environment and security web pages at BMC. Make sure you know the way to the recycle rooms and to the container for the combustible fraction.

New employee introduction

The university has introductions for new employees. Book in the next scheduled event!

Wellness, waste and environment at BMC

There are a gym, table tennis room, showers and sauna at BMC. Read more at BMC - health. Please note that employees at Uppsala University get a small wellness subsidy every year which can be used for gym membership and other similar activites. Also when job allows you may have one hour of wellness activities every week on paid time.

There are a couple of in-service bikes at BMC, two normal and two are electical. Lend them at the reception.

In order to learn on how to handle waste on BMC, please read the documentation.

Please note that no smoking is allowed closer than 15 meters from any university entrance.

Welcome! :-)





3. How do I take backup of the data on my computer?

See also:
See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to ZFS or Btrfs snapshots
See also: What about the GDPR?

Option 1: Keep all data on file server and let the system administrators take backup

K R T
332

Option 2: Keep all data on the computer and take backup on your own

Discuss with helpdesk@bmc.uu.se if you need advice in this or help buying extra hardware or order storage space on a file server.



4. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

See also: How do I take backup of the data on my computer?
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to ZFS or Btrfs snapshots
See also: What is ransomware and CryptoLocker?
See also: How do you secure delete data from the computers and servers?


IBM Spectrum Protect is the backup system run at the university at the IT-division. The software was previously known as TSM - Tivoli Storage Manager and is still referenced as both names.

Financing and pricing

The services is paid for by the users. This includes salaries for everyone involved in maintaining the system and all equipment. The costs includes a starting cost per node and (decreasing) cost per GB depending on how much data that is stored in the system. Read the pricelist.

Documentation

IBM has their own documentation of TSM 7.1.3 (the latest version at 2016-04-14)

Schedule

Usually on Windows-systems the backup-client is asking the server whether it should backup or not. Send a mail to backup-admin to let them know.

On Mac and Linux (and other Unix-based systems) instead the client is called at a certain point in time doing the backup like this:

dsmc incr

To put this in crontab in a Linux system first run editor for the crontab as root using emacs as an editor.

EDITOR=emacs crontab -e

Or use the default vi editor:

crontab -e

Then enter the point in time to run the backups (with the full path to the client)

1 1 * * * /usr/bin/dsmc incr

Performance with TSM

TSM store files in tapes and after a while the incremental backups will store files in several different tapes. One way of taking care of this is to instead from time to time do a selection backup or a image (block device) backup. The block device backup is harder to read back for certain files obviously.

There are several options to decrease the amount of data being sent on the wire by doing more work on the client. Inside the university network this usually it not a problem since we usually have enough bandwidth betwen the campuses and to the backup servers.

Compression yes Memoryefficientbackup yes

Examples: Query the backup...

To list what partitions (or file systems) have been backed up:

dsmc query files

To list files that have a backup date during a certain date range: (However, running with options time limits (todate, fromdate) will change the behaviour for the client and read a lot of data into RAM. With several millions of files this will be slow. Read about Classic Restore versus No Query Restore (NQR) at IBM)

The option -inactive will list both active and inactive files.

dsmc q ba -inact -fromdate=01/01/2016 -todate=01/03/2016 -subdir=yes '/blue/*'

To get summary of all files backed up and the size:

dsmc query backup '/etc/*' -subdir=yes -querysummary

To get more details, for example to see files with the wrong backupclass which still are taking up space in the backup, run this command:

dsmc query backup '/etc/*' -subdir=yes -querysummary -detail

Examples: Restoring backup...

To interactively pick and restore the files, restoring to the directory /tmp:

dsmc restore -pick '/blue/*' "/tmp/"

To also interactively pick among the inactive files when restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive

To also restore subdirectories while restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive -subdir=yes

To restore the state of a directory at certain different points in time. This will run the restore command each for the specified dates and restore the directory as it were at that point in time.

for i in 10 11 12 13 14 15 16 17 ; do mkdir /var/tmp/jerker.restore.2016-04-$i-12.00.00/ dsmc restore -pitd=04/$i/2016 -pitt=12:00:00 -subdir=yes '/home/jerker/*' /var/tmp/jerker.restore.2012-11-$i-12.00.00/ done

To backup everything irrespective of whether files have changed since the last backup, use the selective command:

dsmc sel '/green/home/USER/jny25782/*' -subdir=yes

Examples: Deleting old backup data...

To delete a backup (which may require extra permissions), use the delete command. This time the -pick makes it interactive.

dsmc delete backup '/archive/jerker/*' -subdir=yes -pick

To delete all inactive files:

dsmc delete backup '/archive/jerker/*' -subdir=yes -deltype=inactive

To delete all inactive files backed up during a certain date range:

dsmc delete backup -fromdate=01/01/2010 -todate=01/01/2016 '/green/home/USER/jny25782/*' -subdir=yes -deltype=inactive

With the number of files into multiple tens of millions, this may not work so well since it takes up too memory or perhaps timeout when waiting too long for the confirmation prompt unless the operator (you) are staring at the window. Use the -noprompt option and break it down inte smaller parts like this:

for i in /home/* ; do dsmc delete backup -fromdate=01/01/2010 -todate=04/01/2016 $i/'*' -subdir=yes -deltype=inactive -noprompt ; done

To delete all files from the backup, including inactive files, specify -deltype=all. Do not prompt for confirmation.

dsmc delete backup '/unwanted.data/' -deltype=all -noprompt

This however do not delete parent directories from the backup. To remove them to, run the expire command. The position of the wildcard is described at IBM but look a bit strange, so be careful!

dsmc expire '/unwanted.data*' -noprompt

Different management classes:

To view the different management classes:

dsmc q mgmtclass

To list the details different backup management classes:

dsmc q mgmtclass -detail

To change class when taking backup, the new class can be specified in the file dsm.opt when including file systems:

include /myfilesystem/* TWOYEARCLASS

Please note that this may (or may not) only affect new objects created in the backup system. Manual clean up (using the method in the previous section) may have to be done.

The way I know about how to view the current backup management class is to start the graphical client: dsmj and in the menu Utilities the entry View policy information

This is a small script to list managment classes:

#!/bin/bash echo 'Management Retain Only Retain Extra Version Version' echo 'Class Version Version Data Exists Data Deleted' echo '--------------- --------------- --------------- --------------- --------------' ( dsmc q mgmtclass -detail ; echo DONE ) | grep -e 'MgmtClass Name' -e 'Retain Only Version' -e 'Retain Extra Version' -e 'Versions Data Exists' -e 'Versions Data Deleted' -e 'DONE' | ( while read A B C D E F ; do if test "$A" = "MgmtClass" -o "$A" = "DONE" ; then if test "$EXTRA" != "" -a "$ONLY" != "" ; then echo -e $MGMT'\t'$ONLY'\t'$EXTRA'\t'$EXISTS'\t'$DELETED | expand --tabs=16,32,48,64 ONLY="" EXTRA="" MGMT="" DELETED="" EXISTS="" fi MGMT=$D fi if test "$B" = "Only" ; then ONLY=$D fi if test "$B" = "Extra" ; then EXTRA=$D fi if test "$C" = "Exists...:" ; then if test "$D $E" = "No Limit" ; then EXISTS="NoLim" else EXISTS="$D" fi fi if test "$C" = "Deleted..:" ; then if test "$D $E" = "No Limit" ; then DELETED="NoLim" else DELETED="$D" fi fi done ) | sort -n --key=2,5

The output looks like this on the current (2016-05-16) classes on the domain that I are using. Note that there may be different domains with different management classes.

# ./tsm.list.mgmtclasses.sh Management Retain Only Retain Extra Version Version Class Version Version Data Exists Data Deleted --------------- --------------- --------------- --------------- -------------- ITSDBCLASS 0 0 1 0 ORACLECLASS 0 200 3 0 ONEDAYCLASS 1 1 3 2 DAYCLASS 2 0 1 1 MONTHCLASS 9 9 8 7 TWOWEEKS 14 14 14 1 TDPDIFF 30 30 No Limit No Limit TDPDIFF-META 30 30 No Limit No Limit TDPFULL 30 30 No Limit No Limit TDPFULL-META 30 30 No Limit No Limit TDPLOGS 30 30 No Limit No Limit TDPLOGS-META 30 30 No Limit No Limit PUBCLASS 60 30 2 1 STANDARD 60 30 2 1 QUARTERCLASS 120 90 3 2 ITSCLASS 300 200 3 2 LOGCLASS 300 200 3 2 ITS_DISK 365 200 3 2 DEVCLASS 500 450 4 3 TWOYEARSCLASS 750 30 2 1 ADMCLASS 900 800 8 7 TENYEARSCLASS 4000 30 2 1 # date Fri Aug 26 13:51:51 CEST 2016 # _

This is how to Assign management class to specified directories or default.



5. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?

See also: What is the point with the zone files.uu.se?
See also: How do I access PCFS over SMB using smbclient?
See also: How do I do parallel rsync?

The PCFS storage provided by BMC-IT is normally accessed via SMB. However the Uppsala University perimeter firewall in front of UpUnet (Fortigate) is blocking incoming SMB. The Uppsala University HPC center UPPMAX (Uppsala Multidisciplinary Center for Advanced Computational Science) has its own Internet connection via SUNET so SMB access from SUNET is blocked in the firewall.

For those cases Rrsync (restricted Rsync) can be set up as well.

It could for example look like this on the server:

[root@bmc-pcfs4 ~]# tail -5 /etc/ssh/sshd_config Ciphers +arcfour AllowUsers root jny25782 Match User jny25782 ForceCommand /usr/local/bin/rrsync.data.sh Match all [root@bmc-pcfs4 ~]# cat /usr/local/bin/rrsync.data.sh #!/bin/bash exec /usr/local/bin/rrsync /data [root@bmc-pcfs4 ~]#

To access it use Rsync as normally. However, Rsync now is using the /data directory above as base directory. ALl the shares are mounted under the /data directory.

To access the data with Rsync may look like this. Here I tried to download the contents of a share I do not have access to, so just igore the error and use rsync as normal for transfer data.

gforce:~ jerker$ rsync -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. jny25782@imb-genomicsklt2.files.uu.se's password: receiving file list ... rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) 3 files to consider sent 20 bytes received 222 bytes 69.14 bytes/sec total size is 0 speedup is 0.00 rsync error: some files could not be transferred (code 23) at /BuildRoot/Library/Caches/com.apple.xbs/Sources/rsync/rsync-52/rsync/main.c(1404) [generator=2.6.9] gforce:~ jerker$ ls -la tmp/ total 0 drwxr-xr-x 4 jerker staff 128 Mar 30 2017 . drwxr-xr-x+ 225 jerker staff 7200 Dec 5 11:27 .. drwxr-xr-x 2 jerker staff 64 Dec 5 11:02 .snapshots drwxrwx--- 2 jerker staff 64 Mar 8 2017 GenomicsKLT2 gforce:~ jerker$ ls -la tmp/GenomicsKLT2/ total 0 drwxrwx--- 2 jerker staff 64 Mar 8 2017 . drwxr-xr-x 4 jerker staff 128 Mar 30 2017 .. gforce~ jerker$ _

If you want to use your public SSH-key instead of your password for authentication then send the SSH key to the administrator. Kerberos single-sign-on is currently not suppported.

From UPPMAX

  1. Connect to Uppmax with SSH, in this example I am connecting to rackham.uppmax.uu.se. Start a screen so that you can keep your processes running even when your SSH-client disconnect to UPPMAX when you for example shutdown your computer.

    [jerker@rackham3 ~]$ screen

  2. Then connect to that server with rsync. In the following example we are trying to reach the share that also can be reached as smb://IMB-GenomicsKLT2.files.uu.se/IMB-GenomicsKLT2/

    [jerker@rackham3 ~]$ rsync -avx --progress jny25782@imb-genomicsklt2.files.uu.se:IMB-GenomicsKLT2/. tmp/.

    In this example we are using another port because the normal port 22 was at that point still blocked in the firewall between UPPMAX and UpUnet. Also, compression is turned off, faster ciphers are being used and ssh escape characters are turned off.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -p 2222 -o Compression=no -c arcfour,aes128-ctr' -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. The authenticity of host '[imb-genomicsklt2.files.uu.se]:2222 ([130.238.54.70]:2222)' can't be established. ECDSA key fingerprint is SHA256:zUs82pMdiZzQoqaR86iGFp2A/6LzHAy6WBbKC+46sSo. ECDSA key fingerprint is MD5:12:c7:98:f6:65:3e:39:0d:df:59:dc:a7:f8:96:2a:f4. Are you sure you want to continue connecting (yes/no)? yes You have to type yes here Warning: Permanently added '[imb-genomicsklt2.files.uu.se]:2222,[130.238.54.70]:2222' (ECDSA) to the list of known hosts. jny25782@imb-genomicsklt2.files.uu.se's password: Enter your password here receiving incremental file list rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) .snapshots/ sent 16 bytes received 226 bytes 19.36 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1518) [generator=3.0.9] [jerker@rackham3 ~]$ _

    Here is an example when the contents of the directory /proj/mystuff/directory/to/upload/. on UPPMAX will be synced to the directory TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/. on PCFS.

    This destination can also be reached over SMB as as the smb://TLA-ShareName.files.uu.se/TLA-ShareName/ShareName/directory.to.upload/ or \\TLA-ShareName.files.uu.se\TLA-ShareName\ShareName\directory.to.upload\

    The flag --delete will erase all files from the destination that do not exist in the source.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -o Compression=no -c arcfour,aes128-ctr' --delete -avx --progress /proj/mystuff/directory/to/upload/. jny25782@TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/.

    By using the notation above (the /. in the end) the rsync can be run multiple times to update/sync modified files again.

  3. Have fun! Disconnect from the screen with Ctrl-A Ctrl-D. Attach to the screen again with the command screen -x.




6. How do I map a network drive via SMB on Windows?

See also: How do I mount my home directory or shared storage at HNAS?
See also: How do I access PCFS over SMB using smbclient?
See also: How do I use AddPrinterGUI to add printers in Windows 7/8/10 x64?
  1. Open the file explorer. Press Left Windows key together with E.
  2. Right click on my computer and choose Map network drive...

  3. Enter the network folder you would like to map. In this example \\filserver.uu.se\neuro
    Learn about server name and path to your home directory or shared storage at "HNAS" above.

  4. Enter your username and password. Please note that the Windows domain USER has to entered. Do not use my username jny25782 but your own username. Enter your password A.

Not working?

You may want to read about SMB Security Enhancements at Microsoft.



7. How do I connect to a file server via SMB on macOS?

See also: How do I mount my home directory or shared storage at HNAS?
See also: How do I install anti-virus software on macOS?
See also: How do I access PCFS over SMB using smbclient?
  1. In the Finder, choose connect to server... from the menu.
  2. Enter server name and name of the share, in this example smb://filserver.uu.se/neuro
    Learn about server name and path to your home directory or shared storage at "HNAS" above.


  3. Enter the Windows-domain USER, your username and your password A


    Problem and workaround with AD-connected macOS connecting to HNAS on some shares

    We have with macOS 10.12.6 had problems connecting to the HNAS service that he university in November 2017. By ignoring the Active Directory Kerberos but instead using old-school password maybe the problem go away. The way of fooling the Mac is to connect to the IP instead. Like this

    $ host bmci-users.files.uu.se bmci-users.files.uu.se is an alias for uuc-nas110.user.uu.se. uuc-nas110.user.uu.se has address 130.238.2.140 $

Another possible solution for this is to try using cifs instead of smb.

Just replace smb with cifs in the path. Read more about Cifs and SMB at Wikipedia.

Using the command line

Here are a few examples on how to mount on the command line

mkdir ~/Desktop/account mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account

/usr/bin/osascript -e "try" -e "mount volume \"smb://jny25782@bmcit-common.files.uu.se/bmcit-common\"" -e "end try"

mkdir ~/Desktop/account open "smb://jny25782@bmcit-common.files.uu.se/bmcit-common/"





8. We have a server, where should we put it?

See also: What is the postal address for BMC-IT?
See also:
See also: How do I buy a new computer?
See also: Do you have a virtual machine (server) I can use?
See also: Who manages IT-support for whom at BMC?
See also: Open the server room for me please
See also: Who is responsible for the network in the BMC server room?
See also: What is the cost of a PC file server?

BMC has a server room in D11:0. The room was built in 2013 and is maintained together by the IT-division (UUIT) at the university administration (UADM) and Uppsala Biomedical Centre (BMC). The management team (styrgrupp) for the BMC-hall includes the IT director of the IT-division and the director of Uppsala Biomedical Centre.

K R T
333

The server room is equipped with:

  • Diesel backup power generator (maintained by Akademiska Hus and tested each month)
  • Dual battery banks
  • Dual UPS
  • Dual power to each rack
  • Dual routers (called the BMC-hall-routers) each with dual connections to the university backbone routers.
  • Single switch in each rack with single power and dual EtherChannel uplink (For dual network to a single server, connect to two switches and make sure these are connected to each of the two power sources)
  • In-rack cooling (Redundant supply from both district cooling from Vattenfall and tap-water from Uppsala Vatten. Redundant cooling equipment maintained by Akademiska Hus.)
  • Gigabit ethernet to each server. Dual redundant network and higher speeds can be arranged.

The BMC-hall-router VLANs on the normal BMC-hall-switches cannot be shared with the VLANs on the router (called the BMC-router) for the rest of the building. Contact netsupport@its.uu.se for help with network configuration for the server room.

Current rate is 60000 SEK/rack/year or 2000 SEK/U/year plus a one time fee of 5000 SEK. (This should be about the cost of production. Prices from 2015-06-05.)

For renting space in the server room, contact bmc-hall@uu.se.

Also consider renting virtual servers or using some of the shared services at the university before buying your own physical servers. Contact uppdrag@its.uu.se for renting virtual servers in the the shared VMware environment or storage. Contact UPPMAX for using the shared HPC resources for computation and storage. Check on them from time to time to see what they are up to before building something on your own to reduce the duplicated effort.

The BMC server room does not have a postal address. If you want to send packages of servers or other equipment to the server room at BMC please send to BMC-IT with your name as the recipient. (If you or your department has offices at BMC just send it to yourself at your department, do not send to BMC-IT.) Send us a mail to helpdesk@bmc.uu.se so that we know what is going on. When your package has been delivered you can pick it up at The Goods Reception and you need to show your ID.



9. My Windows computer is running out of storage. What is using it?

See also: My Android device is running out of storage. What is using it?

Wikipedia has a list of disk space analyzers. Disk space analyzers do a scan of the file system and display what is using up all the resources.


After installation it will scan the hard drive and display a nice window that looks like a file manager. It will display the size for every directory and the contents in it.






10. Where do I store my data? How do I take backup?

See also:
See also:
See also:
See also:
See also: What is ransomware and CryptoLocker?
See also:

Strategy

The general idea is to focus on where you store your data instead of how you take backup of your data. You have to be aware of where your data is stored!

Ideally the computer should not need to be backed up - all data should be on a secure file server. If the computer breaks down it should be possible to just grab another computer, login and access the data. Most standard software and configuration should be easy to reinstall.

Where do I put my data

Make sure you store your data safely on a secure file server. Check with your IT support organisation which file server you should use. Recommended file servers are "HNAS" and "Argos".

  • Store your personal data in a personal storage where only you can access the data.
  • Store your group's data in a group storage where all users in the group can access the data.

How do I work with my data?

Mount your storage folder on your local computer and work directly with the files on the file server. If you need to access the data when not at the university, you can connect to the university network via VPN and then mount the storage folder.

Guides for connecting to the file server and mount a storage folder on your local computer:

But I need all my data on the client!

Do you really? We do not recommend this, but sometimes, this is the only solution that works. In that case:

    macOS
  • Use Apple's TimeMachine to make full computer backups to a local, external drive. Please note that this is not a complete backup system. It may not protect your data against malware or ransomware, and if the computer and the external drive are at the same place when something bad happens, it might happen to both of them...
  • Also, the central service TSM can be used.
    Windows
  • We recommend using the central service TSM to take complete backups of the Windows computer.

What do I do now?

Check if your computer was backed up with Retrospect or Time Machine (over the network). These services are no longer available and if your computer was configured to use them you need to make sure your data is secured in another way:

    macOS
  • Start storing your data safely on a secure file server.
  • In addition to the above, the recommendation is that macOS users have a local, external hard drive that backs up the entire computer with Apple’s TimeMachine service. Since it's easy to setup and cheap to use, there is no reason to not take backup this way too. The hard drive should always be connected to the computer when in office, and then stored in a safe place when not in use. Don't bring it when travelling!
  • Also, the central backup service TSM can be used.
    Windows
  • If your Windows computer is part of the BMC-IT platform, everything that is stored on your "Desktop" and in your "Documents" folder may already be automatically synchronized to your personal storage on the file server “HNAS”, and you don't need to do anything more than make sure your data is stored in one of these folders on your computer.
  • If not, start storing your data safely on a secure file server, in a personal or group storage as mentioned above.
  • Also, the central backup service TSM can be used.





11. What about the GDPR?

See also:
See also: We have a server, where should we put it?
See also: How do I take backup of the data on my computer?
See also: Do you have a virtual machine (server) I can use?
K R T
???

In this FAQ we have put the following symbol as a information security classifier. This is Konfidentialitet (Confidentiality), Riktighet (correctness), Tillgänglighet (availability) according to the SS-ISO/IEC 27001.

The lowest value is 0 and the highest is 3.

Please note that lowest value in the different other systems that a service is depending on gives the final grade of that value. Even if for example the UUIT VMware has level 333 the service (operating system and system administration) running in that environment may have a lower value.

K R TA
????

At Uppsala Universty a fourth number has also been added representing Avbrottsskydd (interrupt protection). (Riktlinjer för informationssäkerhet UFV 2012/714 ). We need to find out if this is still in use or not.

Uppsala University provide the following support documents for GDPR:

As part of the above work, the data owner has to classify the data. BMC-IT provides no advice or support in regards to this. You can contact the Data Protection Officer (DPO) at UU if you need advice and support regarding issues that concern GDPR. Use this form but you can also send an e-mail to dataskyddsombud@uu.se.

BMC-IT provides storage services and some technical solutions for protecting your data. We also guide you to other storage solutions at the university. Please read more at The storage section in this FAQ.

Also read the Rudbeck IT FAQ regarding GDPR.




12. Do you have a virtual machine (server) I can use?

See also: We have a server, where should we put it?
See also: How do I install Ubuntu?
See also:
See also: How to get started with SNIC Science Cloud?
See also: What about the GDPR?

If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.

If you need help contact helpdesk@bmc.uu.se and we can guide you.

Rudbeck-IT VMware

Rudbeck-IT have a a highly-available VMware ESX environment. Anyone at the university can rent a server.

The rate will be 3500 SEK/year for a basic server with 100 GB disk, 4 GB RAM and 2 cores. (2018-02-08)

Contact helpdesk@rudbeck.uu.se if you are interested.

UUIT VMware

K R T
333

The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

The current rate is 5000 SEK/year. This includes 50 GB disk. Disk is available for 6000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (2017-10-18)

Contact uppdrag@its.uu.se at IT-division to order a virtual server.

SUNET OpenStack

SUNET is offering virtual machines using OpenStack with KVM and Ceph. Role-based access control via SWAMID. Contact them for more information.

The costs are more based on the resources used than the UUIT offer above. Direct link to price list here.


SNIC Science Cloud

SNIC Science Cloud (SSC) is a national cloud computing infrastructure run by the Swedish National Infrastructure for Computing (SNIC).

Read more at the home page for SNIC Science Cloud. Read introduction to the SNIC Science Cloud.

Others...

Several other department and local campuses have virtual machine environments that you already have payed for or are paying for. Check what your campus have. Please see the FAQ regarding computer platforms.



13. How do I mount my home directory or shared storage at HNAS?

See also: How do snapshots in the HNAS file server work?
See also:
See also: How do I map a network drive via SMB on Windows?
See also: How do I connect to a file server via SMB on macOS?
See also: How do I mount SMB share in Linux?
See also:
See also: What is the point with the zone files.uu.se?

For Windows clients in USER-AD your home directory and the department common (public) share will automatically be mounted when you login using the drive letters below.

This storage is in the university shared HNAS file server. Some departments also have other storage available - contact helpdesk@bmc.uu.se for details.

  1. Please select your department:

    DepartmentAcronym
    Biomedical Centre Campus Management
    Department of Cell and Molecular Biology
    Department of Medical Biochemistry and Microbiology
    Department of Medical Cell Biology
    Department of Neuroscience
    Department of Pharmaceutical Biosciences
    Department of Public Health and Caring Sciences
    International Science Programme (ISP)
    . . .
  2. Please enter your username here:


    PurposePlatformDFS-pathDirect path Driver letter
    Home directory for personal files Windows \\user.uu.se\BMCI\TLA-Users\account \\TLA-Users.files.uu.se\TLA-Users$\account X:
    Mac smb://account@user.uu.se/BMCI/TLA-Users/account smb://user\account@TLA-Users.files.uu.se/TLA-Users$/account
    Common (public) share for department,
    research groups etc.
    Windows \\user.uu.se\BMCI\TLA-Common \\TLA-Common.files.uu.se\TLA-Common$ P:
    Mac smb://account@user.uu.se/BMCI/TLA-Common smb://user\account@TLA-Common.files.uu.se/TLA-Common$
  3. Sometimes you want to mount via the command line.

    • Windows, command line version on mapping a network share:

      net use x: \\TLA-Users.files.uu.se\TLA-Users$\account /user:user\account

    • macOS, command line version on how to connect to a file server:

      mkdir ~/Desktop/account
      mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account

    • On Linux, command line version on how to mount a CIFS file system:

      mkdir ~/Desktop/account
      sudo mount -o username=account,domain=user -t cifs //TLA-users.files.uu.se/TLA-users$/account ~/Desktop/account

  4. Also read in the SOP - Connect a Mac to HNAS (v1.0).pdf or follow the links to other FAQs above on how to use the Windows Explorer or Mac Finder GUI. Remember to use the VPN if you are connecting from outside the university network.

    Connect from Mac

Problems with accessing the shared folders

A common problem may be that your account has not got the correct permissions called group membership in AKKA, the university catalogue. Please then contact your department administration to get this fixed.



14. How does the new Adobe Creative Cloud Named license model work?

See also: How do I sign my documents with an electronic signature?

Included products

  • All products from Adobe Creative Cloud – except Acrobat and Elements.

License model

  • The products can be rented separately or in a package called "Creative Cloud for teams All Apps".
  • The rental period is one year and cut-off date is 24/12. Licenses that shouldn't be renewed should be terminated before the cut-off date, or they will automatically be extended for another year.
  • Notice of termination shall be sent in due time before the date of expiry.

License information

The Named license is attached to the user who the license is registered to and can be installed on multiple computers. The cost for a NAMED USER license is a bit higher but it has it advantages. For instance, you can install it on severalcomputers and mobile units. Then, you choose which two units that shall be activated by logging in to Adobe CC on them. When you want to activate a third unit, you will get a question about which one of the already activated units you want to deactivate and because it is as simple as logging out from Adobe CC on the chosen unit, it's easy to have access to Adobe CC on several units with a NAMED USER-license.

Important! - The Named User license contains functionality for cloud storage at Adobe. There are special rules for what and what not to store in a cloud service. It is completely forbidden for certain types of information. The user must know and comply with the regulations for cloud storage. Guidelines are available below, and decision regarding use of cloud storage with Adobe's Named license is available below.





15. How do I send a large file to someone outside (or inside) the university?

We recommend using SUNET Box for this kind of service. Please read more at Medarbetarportalen - SUNET Box: cloud file storage and sharing.

Please also read about comparison between different services at the UB FAQ Filr vs SUNET Box vs Dropbox.




16. What are the bitrates for different digital video quality?

See also: How do I play movies on my webpage?
See also: How do I convert video between different formats with free software?

Please check the webpage at Youtube regarding Live encoder settings, bitrates, and resolutions.



1080p @60fps 480p @60fps Other
video bitrate kbit/s kbit/s kbit/s
Storage for a day of video GB/day GB/day GB/day
Storage for a week of video GB/week GB/week GB/week




17. What is ransomware and CryptoLocker?

See also:
See also: My computer has got a virus! What do I do?
See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I use an Apple AirPort Time Capsule?
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows.
- Wikipedia on CryptoLocker

CryptoLocker and TorrentLocker infects computers running Windows via seemingly innocent email with links or attachments. There has appeared other ransomwares attacking Mac too.

Read more about ransomware, TorrentLocker and CryptoLocker on Wikipedia.

To be infected, the receiver has in most cases actively tried to open and execute the payload. The payload may be disguised as a Word-document, a script or something that give the impression that it is innocent. Do not open files or attachments you have not requested!

This (the example above in Microsoft Word) is not safe! Please be careful with Office files that require you to Enable Content. Enabling content may make it possible for evil macros to execute in Office allowing the attacker to take control of your computer.

This (the example above from Windows File Explorer) is an example of an opened .zip-file. .zip-files are in itself not dangerous it is just a way of storing one or many files into one compressed file, but it may be a way to bypass other simple security checks. For example the anti virus software may warn when downloading an .exe-file but may not warn when downloading a .zip-file.

This (the icon above) is an example of how an .js-file look like in the File Explorer. This file will run with the Windows Script Host (wscript/cscript) and execute and may download further potentially evil binaries. Windows Scripting Host also will run .jse and .wsf-files. Also note that a long file name like faktura.pdf.js may hide the real extension in File Explorer and show up as faktura.pdf which is a bit misleading. The real file name extension is hidden.

Even though a ransomware in itself easily can be removed, the files stay encrypted, waiting for a ransom to be payed in order to get the decryption key.

How to not get infected

  • Do not execute programs or even open attachments that random people have sent you.
  • Please don't do it.
  • If you have any suspicions regarding something you received via mail contact helpdesk@bmc.uu.se (BMC-IT).
  • Please forward the evil mail to no-spam@uu.se. Then the Uppsala University Security Division may adjust the rules for the mail filter and network firewall.

What to do if infected

  1. Turn the computer off.
  2. Contact your local IT (helpdesk@bmc.uu.se) for help.
  3. Forward the evil mail to no-spam@uu.se so that the Uppsala University Security Division may adjust mail filter and network firewall rules.
  4. Change your passwords at the university. Change all passwords for all sites that you have automatically saved in your browser.
  5. In general, reinstall computer and restore data from backups or snapshots.

Lessons to be learned from CryptoLocker

  • Use a file server with snapshots for storing data you do not want to lose. For example the central university HNAS file server store snapshots up to a month per default.
  • Everything locally on the computer running in the same security context as the user is not safe.
    • This means that local previous versions / snapshots are not safe, if the users can turn them off. But to have these are better than not.
    • This also means that backups like Time Machine, Cobian or similar where the system stores a copy of the files on another storage place is not safe, unless the backup storage in is snapshotted outside of the users security context.
    • If you store extra backups of your files on external USB-attached storage, do not keep it plugged in all the time. Keep a couple of them and in rotation so that you can go back to an older version.
  • Already taken backups should not be allowed to be overwritten from the client. This can be accomplished by for example using snapshots on the backup storage, like on a file server.
  • Even more advanced backup systems like TSM may not be safe since it only stores a limited number of versions of each file. If the ransomware encrypt the files and then make some small updates to the file each day, then after the limited number of days have passed, all old uncorrupted versions will be gone.

Also read more

Read more from Europol's European Cybercrime Centre with friends at the No More Ransom! website.

The Uppsala University Security Division has courses in basic information security (in Swedish). Every chapters just takes 2-4 minutes. There are 16 chapters in total.



18. How do you secure delete data from the computers and servers?

See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

References to backed up files can be delete from the client, but the data is not written over.

It is possible encrypt the files on the TSM system at the client.

The TSM systems at university is level at 3 3 2 or 3 3 1. (reliabilty, unaltered, availability) The availability is not 100% for example the system is down during times of softare updates.

When the backup system is changing generation all drives and tapes are destroyed.

Please read more about information classification at Uppsala University.

Clients

On clients we use the utility KillDisk to secure deletion of block devices. If needed the drives can also be sent to destruction via the Security Division at Uppsala University or in a way approved by them.

Servers

When the servers are put out of commision the drives are sent to destruction via the Security Division at Uppsala University or in a way approved by them.



19. How do I get deduplication to work in Linux?

See also: How do I configure my resolver on a Linux machine?
See also: How do I install Ubuntu?

ZFS

ZFS is great for compression and snapshots, but regarding deduplication: Don't go there. ZFS on Linux is doing inline deduplication and requires at least 5 GB of RAM for each TB of storage. It is usually better to get more hard drives. When using too much RAM everything will slow down to a crawl.

Btrfs


Btrfs is not as old and stable as ZFS, but it has compression, snapshots and deduplication. The deduplication in Btrfs is out-of-band.

Compression is stable. Go ahead.

When using snapshots and Btrfs, we recommend not saving more than 24+6+3+11 snapshots, each hour for a day, each day for a week, each week for a month and each month for a year. Otherwise (like saving a snapshot every day and not removing them) the snapshots may take too long time to remove. It seems like Btrfs is checking each file for each snapshot when snapshots are removed on order to know if the original file can be removed. There must be more than enough time (and IOPS to spare) to remove snapshots before new can be created.

Deduplication is run using en external tool. Easiest is to use duperemove on the dataset, we have however not tried any larger datasets.

Other ways...

There most probably are other ways to do this. Let us know.



20. My Android device is running out of storage. What is using it?

See also: My Windows computer is running out of storage. What is using it?

The app DiskUsage by Ivan Volosyuk is quite good in visualizing and finding what applications are using a lot of storage on an Android device.





21. What is the point with the zone files.uu.se?

See also: What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?
See also: How do I access PCFS over SMB using smbclient?
See also: How do I mount my home directory or shared storage at HNAS?

The initiative for the domain files.uu.se was taken in 2015-05 by BMC in order to get an aliases to file server shares with unique names.

For example, the file server share is named with the TLA-SHARENAME, like INV-Common. Then the CNAME will be TLA-SHARENAME.files.uu.se or INV-Common.files.uu.se pointing to the current file server where the share is located.

The reasoning behind this is the following:

  1. Get a unique name in DNS to each file server share. This will faciliate migration of file server shares to new servers.

    We (the university) had a lot of troubles with migration from the old NetApp file server to the new HNAS file servers. This zone with an extra level of abstraction in front of the real file server names was intended as a proactive way of eliminating one part of the problem in preparation for the next file server migration. It also makes it easier for those users users (research groups or department) that wish to or have to move their share from one storage system to another.

  2. Make it work for all operating systems. There is a function in the Microsoft Active Directory (with a similar goal) called the DFS that put all file server shares in a single name space. This however do not work all the time in all operating systems, like non-AD connected Windows-clients, macOS (not all of the time), Linux (it depends a lot on the configuration it do not work for example in Ubuntu out of the box).
  3. Network agnostic Get access to the servers even from other networks where needed when the USER-AD (user.uu.se) is not accessible due to using split DNS and access restrictions, like UAS, SLU, UPPMAX, HPC-centers in Sweden and maybe mobile data. It is also not a requirement to use the university resolvers, it should work even if the local resolvers are down.




22. What is the cost of a PC file server?

See also:
See also:
See also:
See also: We have a server, where should we put it?

Please note! BMC-IT has a PC storage solution service. Read more in the SOP - Common service PC file server. Also note that for home directories we recommend using the IT-division HNAS file server.

These are examples of the costs of buying and maintaining a PC file server. The example below includes a server from Supermicro and one from HP. HP includes on-site support, Supermicro do not. Please note that TSM-backup is not included in these figures! (Prices updated in September 2016.)

  • Very cheap Good for lots of data when the price has to be low.
  • Acceptable speed Good bandwidth - can receive and send 1 Gbit/s (or 10 Gbit/s with appropriate network and multiple clients). Since the drives are rotating HDD, relative SSD the latency is high and IOPS are lower. But it works fine with large files.
  • Low availability BMC-IT in general only do support during office hours. If the PC server totally breaks down (it may happen!) it will take some time to get service or spare parts or restoring from backups. Compare this with the IT-division HNAS file server which has built in redundancy.
  • Linux and Active Directory These examples uses Linux (preferably CentOS 7) as an operating system and connects to the university Active Directory and works as a file server using Samba. More complex setups than this may need extra time to set up and maintain. For example running a Windows server instead of Linux requires extra costs for licenses.

This is a Supermicro file server with enterprise drives. Includes ship-in support from Southpole.

Normal HP file server with enterprise drives, three year next business day on-site support from HP.

This is a Supermicro file server with archive drices.

Cost of a rack unit per year: 1250 (full rack) or 2000 (single machine) SEK
Number of rack units in the server room:
(If no new space is needed, set a 0 here)
U
Cost for the server with no drives: SEK
The number of drives: drives
Size of the drives: TB
Number of years to run the server
(warranty)
years
Cost of each drive: SEK
The number of working hours spent each year:
(system administration and support)
h/year
The cost of a working hour: SEK/h
The part of the raw storage that is usable:
(RAID6 (two parity drives) on five drives equals 0.6.)
usable storage factor

Purchase cost SEK.

Raw storage TB.

Usable storage TB.

Yearly cost SEK/year over years (includes everything)

Cost for raw disk SEK/TB/year.

Cost for usable storage SEK/TB/year.

Two identical file servers (one for backup using snapshots / shadow copy) would cost SEK/TB/year

Two servers (as above) and a cold standy (no drives) would cost SEK/TB/year





23. My mailbox is full! What do I do?

See also: Troubleshooting mail - what can I do and whom do I ask?

The Exchange mailserver at the university has a limited amount of storage quota for each user. This is to prevent a single user from accidentally filling up all space.

No worries. Just contact contact helpdesk@uu.se to get more space. Send a mail from your own account and ask for a more mailbox space.

How to check usage

In Exchange 2016 you do this to check your usage:

  1. Open Options in the top right corner cogwheel
  2. Go to General in the left menu
  3. And then to My account
  4. Mailbox usage should be reported in the right bottom corner.

This documentation is covered by GNU Free Documentation License. 36 ms