Frequently Asked Questions - BMC-IT

  1. How do I access my work-computer from home? [jump in page] 2018-08-21
  2. How do I use an Apple AirPort Time Capsule? [jump in page] 2018-10-04
  3. My Android device is running out of storage. What is using it? [jump in page] 2017-12-12
  4. How do I take backup of the data on my computer? [jump in page] 2018-10-22
  5. Backing up via Rsync to Btrfs snapshots [jump in page] 2018-05-22
  6. What are the bitrates for different digital video quality? [jump in page] 2018-06-13
  7. After my employment at the university has finished, may I bring home my old computer? [jump in page] 2018-01-11
  8. What do I do with old computers or phones? [jump in page] 2018-08-29
  9. How do I connect to a file server via SMB on macOS? [jump in page] 2018-03-23
  10. What is ransomware and CryptoLocker? [jump in page] 2018-03-23
  11. How do I get deduplication to work in Linux? [jump in page] 2017-12-12
  12. Do you have some examples of fanless computers we can buy? [jump in page] 2018-06-05
  13. What is the point with the zone files.uu.se? [jump in page] 2017-12-07
  14. What about the GDPR? [jump in page] 2018-10-22
  15. Why use the university central storage (HNAS)? [jump in page] 2017-08-16
  16. How do snapshots in the HNAS file server work? [jump in page] 2017-06-22
  17. How do I map a network drive via SMB on Windows? [jump in page] 2018-01-18
  18. How do I find the last updated file or the file with the longest file name? [jump in page] 2018-08-21
  19. My mailbox is full! What do I do? [jump in page] 2017-05-31
  20. How do I mount SMB share in Linux? [jump in page] 2018-04-09
  21. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync? [jump in page] 2018-10-15
  22. What is the BMC-IT computer platform and how does it work? [jump in page] 2018-09-11
  23. How do you secure delete data from the computers and servers? [jump in page] 2018-01-11
  24. We have a server, where should we put it? [jump in page] 2018-10-22
  25. What service levels does BMC-IT have compared to others at the university? [jump in page] 2017-08-23
  26. How do I send a large file to someone outside (or inside) the university? [jump in page] 2018-10-16
  27. How do I order a standard computer? [jump in page] 2018-10-08
  28. We need more storage! Do you have a file server we can use? [jump in page] 2018-10-22
  29. How do I manage access to a group storage at Argos? [jump in page] 2018-11-13
  30. How do I connect to storage at Argos? [jump in page] 2018-11-13
  31. How do I order a group storage at Argos? [jump in page] 2018-11-13
  32. How do I order a personal storage at Argos? [jump in page] 2018-11-13
  33. How do the different types of storage compare to each other? [jump in page] 2016-06-23
  34. How do I mount my home directory or shared storage at HNAS? [jump in page] 2017-12-06
  35. What is the cost of a PC file server? [jump in page] 2017-06-02
  36. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM) [jump in page] 2018-06-04
  37. Do you have a virtual machine (server) I can use? [jump in page] 2018-10-22
  38. My Windows computer is running out of storage. What is using it? [jump in page] 2016-12-06
  39. How do I access my home directory? [jump in page] 2016-10-10
  40. How do I access my work-computer from home? [jump in page] 2016-01-22

1. How do I access my work-computer from home?

  1. Find out if you need access to the files or the actual computer running programs on it.
  2. If you only need access to the files, then it might be easier to store the files on a file server. Access the files in a secure way from home over VPN connecting to the file server.
  3. If you need access to the computer to be able to run programs on the computer, then:
    1. Allow someone to connect to your computer using Remote Desktop Connection. (Read HOWTO in Swedish or Read HOWTO in English)
    2. Lock the computer to a specific IP (Contact your Local IT, computer name, your current IP and MAC-address)
    3. .. and open in the router filter so that you can run remote desktop from the VPN to the computer. (This is also done by your Local IT.)

Mac

In Mac, get Microsoft Remote Desktop which is free in the App Store.

Add a new host hosts with login (with the windows domain) and password and then Start!

Remember to add the Windows domain in for example the format username@domain, if the host is connected to a Windows domain.

Windows

In Windows, start Remote Desktop Connection and enter the details and then Connect.

Linux Ubuntu

Install rdesktop and run for example this command:

rdesktop -p MySecretPassword -u _jny25782-T -d USER -x 0x80 -g 1800x1100 -k sv dcts.user.uu.se

1. How do I use an Apple AirPort Time Capsule?

Please do not buy one of these for use at BMC! Your Local IT must be involved and usually do not allow these on the network. For large parts of BMC this is BMC-IT, Rudbeck-IT, IT-division/UADM/EP or Uppsala University Library and as far as I know none of us allow or recommend these. (2018-09-21)

Apple Airport Time Capsule is a great tool for a home or small office, providing simple backup, Wi-Fi hotspot and NAT-router all in one.

But we really recommend a normal external hard drive for backup. Keep one at home and one at work.

Also be aware that a backup, where the client has full write access to the backup and can erase old versions of the backup, do not protect against ransomware attacks. The attacker may destroy old backups from the compromised client.

Here is a summary what the problems may be with this kind of equipment:

NAT
SUNET and the Security and safety division at Uppsala University require that it is possible to identify which user is doing what on the network. NAT (in this level of home or small office equipment) is hiding this.

Read the Riktlinjer för säkerhetsområdet and the document UFV 2016/1944 Anskaffning och drift av IT-system in particular section 4.4 Anslutning till universitetets datornät.

DHCP-server
Apple AirPort has built in DHCP-server. When connected the wrong way (NAT-ports) to the department network the device will give IP-addresses to the other computers on the network. This will mess up the network. In the best case (when both WAN- and LAN-ports are connected at the same time to the department network) all that happens is that all traffic will pass through the Apple AirPort which will then act as a bottleneck. In the worst case (only LAN-ports are connected to department network) nothing will work and the whole department network will go down.

Wi-Fi hotspot
The Uppsala University IT-division is responsible to set up Wi-Fi-hotspots all over the Uppsala University campuses. The frequencies has been planned so that they do not interfere with each other. Even when using using a frequency that is not the same as the closest hotspot the frequency may interfere with other hotspots frequencies further away (but still in range).

Stability problems
We have been running the backups for many clients for several Mac servers using the same technology. It has shown that, although not very often, the backups using time machine over the network may go corrupt. Then the backup is not worth much. The problems may or may not be related to the use of a flaky network adapter (in particular the USB-Ethernet adapter used by Macbook Air).

Sharing the effort of building stable networks
By using the university centrally managed DHCP-server and routers it is possible try to help each other with management. Both the IT-division and the BMC-IT can help with finding problems with the network. When using this kind of small office / home office equipment it is really hard for somebody else to know what is going on. You are on your own.

It may be theoretically possible to turn off all server functions including NAT/Wi-Fi and then secure it with accounts, but it may not be worth the effort. When doing that (turn off NAT and only do Network bridge, turn off Wi-Fi) if the settings are reset by some reason, make sure that the AirPort in a reset state do not mess up the network - only attach the WAN port to the department LAN. The equipment is best used at home or at a small office.

At least these things has to be done:

  1. Turn off NAT and DHCP-functionality.
  2. Turn off Wi-Fi.
  3. Set up with account and password protection.
  4. Set up internal firewall in the equipment so that no one outside the department network can access it.
  5. If that do not work:
    1. Set a fixed IP for the device
    2. Set up the campus router filter so that no one outside the department network can access it.
  6. Actually set up both internal firewall and router filter if possible.
  7. Make sure that the firewalls are working.
  8. Make sure only the user creating the backups can access them.

This list is not guaranteed to be complete.

Our suggestion is to move the equipment to the home office for a backup when working at home. Then get another hard drive for the office.

If you need better Wi-Fi coverage contact helpdesk@bmc.uu.se and then we can together with IT-division hopefully improve the location and coverage of the Wi-Fi hotspots.

So what to do instead?

  1. Get a normal hard drive and use Time Machine on that one. Get a hard drive at home and one at work. This will take hopefully a backup of the whole computer on two different places.
  2. Store important data on a file server. Like the HNAS file server at the university.

2. My Android device is running out of storage. What is using it?

The app DiskUsage by Ivan Volosyuk is quite good in visualizing and finding what applications are using a lot of storage on an Android device.

3. How do I take backup of the data on my computer?

Option 1: Keep all data on file server and let the system administrators take backup

KRT
3*32

Option 2: Keep all data on the computer and take backup on your own

Discuss with helpdesk@bmc.uu.se if you need advice in this or help buying extra hardware or order storage space on a file server.

4. Backing up via Rsync to Btrfs snapshots

BMC-IT is running a service for simple incremental file based backups to disk using Rsync and Btrfs snapshots. The service is used internally in BMC-IT for servers we do system administration for. You you can set up a similar system if you want to.

The service is documented in the SOP - Rsync backup to Btrfs snapshots.

hostname function OS hardware file system controller disks
neuro-l2 file server Scientific Linux 6 Supermicro 36 Ext4 XFS Areca ARC-1882 3×750GB 6x4x3TB 8x8TB 1xFree
bmc-esc2 backup Scientific Linux 6 HP Microserver G8 ZFS SATA 4x4TB
bmc-esc3 backup Scientific Linux 6 HP Microserver G8 ZFS SATA 4x4TB
bmc-t1 backup CentOS 7 Supermicro 24 Btrfs Areca ARC-1280 2xSystem 4x3TB 4x8TB 8x10TB 6xFree
bmc-t2 backup CentOS 7 Supermicro 24 Btrfs Areca ARC-1280 8x4TB 4x6TB 8x8TB
bmc-pcfs1 file server CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs2 backup CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs3 standby CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 6x8TB 18xFree
bmc-pcfs4 file server CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-pcfs5 backup CentOS 7 Supermicro 36 Btrfs Areca ARC-1882 36x8TB
bmc-t3 backup CentOS 7 Supermicro 24 ZFS Areca ARC-1280 24x2TB
bmc-t4 backup CentOS 7 Supermicro 24 ZFS Areca ARC-1280 24x2TB
fbv-neo file server Scientific Linux 6 Supermicro 24 Btrfs Areca ARC-1280 24x2TB
fbv-one standby CentOS 7 Supermicro 36 Ext4 Areca ARC-18xx -

5. What are the bitrates for different digital video quality?

Please check the webpage at Youtube regarding Live encoder settings, bitrates, and resolutions.



1080p @60fps 480p @60fps Other
video bitrate kbit/s kbit/s kbit/s
Storage for a day of video GB/day GB/day GB/day
Storage for a week of video GB/week GB/week GB/week

6. After my employment at the university has finished, may I bring home my old computer?

Unfortunately no. The computer belongs to the university even if you bought it with your research money through the university. This is the general rule.

In certain cases, if you move your employment to another government facility, like another university, it may be ok if all of the following rules match:

  1. It has to be a government facility (like a university). The computer may not be brought to a private company even if the private company do research.
  2. There has to be an agreement (understanding) between the old employer (head of department) and the new employer.
  3. The equipment has to be removed from the university (department) inventory and added to the new employers (department) inventory. The equipment will not belong to the individual but follow the normal rules of the new employer.

Also be aware that the storage of the computer usually contain sensitive data. Before scrapping or repurposing equipment you have two options;

  1. Remove the permanent storage and send it to destruction. Permanent storage may be a hard drive (HDD), a solid state drive (SSD) etc.
  2. Overwrite the whole of the permanent storage with other data on the block level. (This may take a couple of hours.)

    Please note that even block level wipe of the storage does not delete bad blocks. If the data is so sensitive that this is not acceptable the storage has to be destroyed and cannot be repurposed.

Contact BMC-IT for help with this.

From time to time, the department, campus or university may sell old equipment to the employees. But it has to be sold at market value and the costs involved have to be covered. All software licensed to the university have to be removed. For example all our versions of Windows and Office have to be removed. Instead of Windows for example Ubuntu or any other free operating system or software may be installed. In practice all of this makes it very hard to sell old equipment in an usable state at a reasonable price.

Read more in Regler för försäljning av inventarier UFV 2008/159 (local copy)


Old equipment may sometimes be valuable in itself. The computer in the picture is a PDP-12 belonging to the Update computer club at Uppsala University.


7. What do I do with old computers or phones?

Why can I not leave everything at the electronic recycle room?

The storage (usually a hard drive or flash memory with permanent storage) in may contains software with licenses belonging to Uppsala University (Windows, Office, Adobe etc).

Sometimes the storage contains passwords (stored in Firefox, Safari, Internet Explorer, Outlook, Thunderbird etc), password hashes (kerberos keys in Windows, macOS etc) or private keys (PyTTY, OpenSSH etc).

Sometimes the drives also contains sensitive personal data or data of other sensitive nature.

Option one - give it to BMC-IT

  1. Please fill in the form Data deletion approval.
  2. Give the equipment to BMC-IT. We will either scrap it or try to reuse the parts. If it is not for scrapping or possible reuse we cannot store it.
  3. Report the equipment as scrapped in the department inventory.

Option two - scrap it right away

  1. Remove the permanent storage (hard drive, solid-state drive, flash or other). This may not be possible in all devices.
  2. Please fill in the form Data deletion approval.
  3. Give the storage to BMC-IT (or your Local IT).
    1. If the storage contain really sensitive data it will be sent to the Security and safety division or the facility they recommend.
    2. If the data is not as sensitive and the drive is meaningsful to reuse, we will erase the drive on the block level (killdisk) and then reuse it.
  4. Bring the equipment to the electronic recycle room at The Goods reception at BMC.
  5. Report the equipment as scrapped in the department inventory.

8. How do I connect to a file server via SMB on macOS?

  1. In the Finder, choose connect to server... from the menu.
  2. Enter server name and name of the share, in this example smb://filserver.uu.se/neuro


  3. Enter the Windows-domain USER, your username and your password A


    Problem and workaround with AD-connected macOS connecting to HNAS on some shares

    We have with macOS 10.12.6 had problems connecting to the HNAS service that he university in November 2017. By ignoring the Active Directory Kerberos but instead using old-school password maybe the problem go away. The way of fooling the Mac is to connect to the IP instead. Like this

    $ host bmci-users.files.uu.se bmci-users.files.uu.se is an alias for uuc-nas110.user.uu.se. uuc-nas110.user.uu.se has address 130.238.2.140 $

Another possible solution for this is to try using cifs instead of smb.

Just replace smb with cifs in the path. Read more about Cifs and SMB at Wikipedia.

9. What is ransomware and CryptoLocker?

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows.
- Wikipedia on CryptoLocker

CryptoLocker and TorrentLocker infects computers running Windows via seemingly innocent email with links or attachments. There has appeared other ransomwares attacking Mac too.

Read more about ransomware, TorrentLocker and CryptoLocker on Wikipedia.

To be infected, the receiver has in most cases actively tried to open and execute the payload. The payload may be disguised as a Word-document, a script or something that give the impression that it is innocent. Do not open files or attachments you have not requested!

This (the example above in Microsoft Word) is not safe! Please be careful with Office files that require you to Enable Content. Enabling content may make it possible for evil macros to execute in Office allowing the attacker to take control of your computer.

This (the example above from Windows File Explorer) is an example of an opened .zip-file. .zip-files are in itself not dangerous it is just a way of storing one or many files into one compressed file, but it may be a way to bypass other simple security checks. For example the anti virus software may warn when downloading an .exe-file but may not warn when downloading a .zip-file.

This (the icon above) is an example of how an .js-file look like in the File Explorer. This file will run with the Windows Script Host (wscript/cscript) and execute and may download further potentially evil binaries. Windows Scripting Host also will run .jse and .wsf-files. Also note that a long file name like faktura.pdf.js may hide the real extension in File Explorer and show up as faktura.pdf which is a bit misleading. The real file name extension is hidden.

Even though a ransomware in itself easily can be removed, the files stay encrypted, waiting for a ransom to be payed in order to get the decryption key.

How to not get infected

What to do if infected

  1. Turn the computer off.
  2. Contact your local IT (helpdesk@bmc.uu.se) for help.
  3. Forward the evil mail to no-spam@uu.se so that the Uppsala University Security Division may adjust mail filter and network firewall rules.
  4. Change your passwords at the university. Change all passwords for all sites that you have automatically saved in your browser.
  5. In general, reinstall computer and restore data from backups or snapshots.

Lessons to be learned from CryptoLocker

Also read more

Read more from Europol's European Cybercrime Centre with friends at the No More Ransom! website.

The Uppsala University Security Division has courses in basic information security (in Swedish). Every chapters just takes 2-4 minutes. There are 16 chapters in total.

10. How do I get deduplication to work in Linux?

ZFS

ZFS is great for compression and snapshots, but regarding deduplication: Don't go there. ZFS on Linux is doing inline deduplication and requires at least 5 GB of RAM for each TB of storage. It is usually better to get more hard drives. When using too much RAM everything will slow down to a crawl.

Btrfs


Btrfs is not as old and stable as ZFS, but it has compression, snapshots and deduplication. The deduplication in Btrfs is out-of-band.

Compression is stable. Go ahead.

When using snapshots and Btrfs, we recommend not saving more than 24+6+3+11 snapshots, each hour for a day, each day for a week, each week for a month and each month for a year. Otherwise (like saving a snapshot every day and not removing them) the snapshots may take too long time to remove. It seems like Btrfs is checking each file for each snapshot when snapshots are removed on order to know if the original file can be removed. There must be more than enough time (and IOPS to spare) to remove snapshots before new can be created.

Deduplication is run using en external tool. Easiest is to use duperemove on the dataset, we have however not tried any larger datasets.

Other ways...

There most probably are other ways to do this. Let us know.

11. Do you have some examples of fanless computers we can buy?

Please check this detailed list of fanless laptops and ultrabooks available in 2018.

Please note that even fanless computers with no moving parts may emit high-frequency sounds that some but not everyone can hear.

2-in-1

Dell Latitude 7285 2-in-1
Price from 12077 SEK (2018-05-31) with 12.3" screen, Intel i5 1.2 GHz, 8 GB RAM and 256 GB SSD.
Dell XPS 9365 2-in-1
Price from 12244 SEK (2018-05-31) with Intel m5 1.2 GHz, 8 GB RAM and 256 GB SSD.
Microsoft Surface Pro m3
Price from 7677 SEK (2018-06-01) with Intel m3 1 GHz, 4 GB RAM and 128 GB SSD.
Microsoft Surface Pro i5
Price example 10854 SEK with Intel i5 7300U 2.6 GHz, 8 GB RAM and 256 GB SSD.

Laptop

Apple Macbook 12"
Price from 10200 SEK (2018-05-31) with Intel i3 1.2 GHz, 8 GB RAM and 256 GB SSD.
HP EliteBook Folio G1
Price from 12414 SEK (2018-05-21) with 12.5" screen, Intel m7 1.2 GHz, 8 GB RAM and 512 GB SSD

Desktop

MSI Cubi N 067NE
Price from 2034 SEK (2018-05-31) with Intel Celeron N3160, 4 GB RAM and 32 GB SSD.
MSI Cubi 3 Silent S 026EU
Price from 5931 SEK (2018-05-31) with Intel i5 7200U 2.5 GHz, 8 GB RAM and 256 GB SSD.

Embedded

Raspberry Pi 3 Model B
Price 304 SEK (2018-05-31) with ARM 1.2 GHz quad core and 1 GB RAM.
Also requires case, storage, charger etc. This is not a PC and cannot run normal Windows.
Go to the Raspberry Pi homepage Download Section for software, including Raspbian, Windows 10 IOT Core or others.
Dell Embedded Box PC 3000 (Order via Dell Punchout)
Price from 9060 SEK (2018-05-31) with Intel Atom 1.33 GHz, 4 GB RAM, 500 GB HDD.
Dell Embedded Box PC 5000 (Order via Dell Punchout)
Price from 14995 SEK (2018-05-31) with Intel Celeron 2.8 GHz, 4 GB RAM, 500 HDD.
Intel Compute Stick
Price from 1100 SEK (2018-05-31) with Intel Atom Z8300 1.44 GHz, 2 GB RAM and 32 GB flash.

12. What is the point with the zone files.uu.se?

The initiative for the domain files.uu.se was taken in 2015-05 by BMC in order to get an aliases to file server shares with unique names.

For example, the file server share is named with the TLA-SHARENAME, like INV-Common. Then the CNAME will be TLA-SHARENAME.files.uu.se or INV-Common.files.uu.se pointing to the current file server where the share is located.

The reasoning behind this is the following:

  1. Get a unique name in DNS to each file server share. This will faciliate migration of file server shares to new servers.

    We (the university) had a lot of troubles with migration from the old NetApp file server to the new HNAS file servers. This zone with an extra level of abstraction in front of the real file server names was intended as a proactive way of eliminating one part of the problem in preparation for the next file server migration. It also makes it easier for those users users (research groups or department) that wish to or have to move their share from one storage system to another.

  2. Make it work for all operating systems. There is a function in the Microsoft Active Directory (with a similar goal) called the DFS that put all file server shares in a single name space. This however do not work all the time in all operating systems, like non-AD connected Windows-clients, macOS (not all of the time), Linux (it depends a lot on the configuration it do not work for example in Ubuntu out of the box).
  3. Network agnostic Get access to the servers even from other networks where needed when the USER-AD (user.uu.se) is not accessible due to using split DNS and access restrictions, like UAS, SLU, UPPMAX, HPC-centers in Sweden and maybe mobile data. It is also not a requirement to use the university resolvers, it should work even if the local resolvers are down.

13. What about the GDPR?

KRT
???

In this FAQ we have put the following symbol as a information security classifier. This is Konfidentialitet (Confidentiality), Riktighet (correctness), Tillgänglighet (availability) according to the SS-ISO/IEC 27001.

The lowest value is 0 and the highest is 3.

Please note that lowest value in the different other systems that a service is depending on gives the final grade of that value. Even if for example the UUIT VMware has level 333 the service (operating system and system administration) running in that environment may have a lower value.

At Uppsala Universty a fourth number has also been added representing Avbrottsskydd (interrupt protection). (Riktlinjer för informationssäkerhet UFV 2012/714 ). We need to find out if this is still in use or not.

Uppsala University provide the following support documents for GDPR:

As part of the above work, the data owner has to classify the data. BMC-IT provides no advice or support in regards to this. You can contact the Data Protection Officer (DPO) at UU if you need advice and support regarding issues that concern GDPR. Use this form but you can also send an e-mail to dataskyddsombud@uu.se.

BMC-IT provides storage services and some technical solutions for protecting your data. We also guide you to other storage solutions at the university. Please read more at The storage section in this FAQ.

Also read the Rudbeck IT FAQ regarding GDPR.

14. Why use the university central storage (HNAS)?

The department’s user documents should be stored in a central storage, preferably the Uppsala University IT department storage (HNAS), which has routines for backup with snapshots (snapshots of how a folder looks at a certain time). The snapshot feature saves old versions of files so that all users can retrieve them if need arises. They are stored every fifteen minutes for an hour, every hour for a day and every month for two months.

In addition to high security, it also means that you do not need to plan for your own separate system's lif ecycle and perform upgrades of the system. If needed, the central IT department will take care of it, and you can be assured that your documents will be taken care of, in case of any migration to a new system.

In the central storage there will be a personal file space created, where the user stores his/her documents. The file space can then be accessed from another computer, from within the university or from outside via a VPN connection. The permissions of the personal file space is controlled by the user's user account at the university. Of course, common file spaces can also be created. The permissions for a common file area is controlled by a user's membership of university groups.

The cost of the central storage depends on how much that is stored and it is paid by the department, which then in turn can distribute the cost further. Storage on HNAS costs 7000 SEK/TB/year (2017-06-21).

A secure storage should have high availability and reliability. In addition to this, in the light of recent alarms of "Ransomware" that can encrypt a computer's files and even spread to connected common file areas, it is very important to use backup with snapshots to be able to recover files. HNAS meets these criteria, and by using a central storage as HNAS for your documents, you also protect your backed up data from theft or destruction of another kind (e.g. fire and liquids) when traveling.

Default snapshot time schedule for HNAS (2017-06-21):

15. How do snapshots in the HNAS file server work?

The HNAS file server saves old versions of files so that any user can retrieve them.

The default snapshot time schedule looks like this: (2017-06-21)

In Windows open Properties of a file or folder and then in the Previous versions tab pick an appropriate version.

In macOS mount with an extra /~snapshot in the path to access the snapshots folders. Use your own university account instead of the example below.

Then enter the appropriate folder to search for the lost version.

16. How do I map a network drive via SMB on Windows?

  1. Read about SMB Security Enhancements at Microsoft
  1. Open the file explorer. Press Left Windows key together with E.
  2. Right click on my computer and choose Map network drive...

  3. Enter the network folder you would like to map. In this example \\filserver.uu.se\neuro

  4. Enter your username and password. Please note that the Windows domain USER has to entered. Do not use my username jny25782 but your own username. Enter your password A.

17. How do I find the last updated file or the file with the longest file name?

These tools work on Linux (Ubuntu/CentOS/etc) and probably on macOS too.

Finding the last updated file

Here is a way of displaying the last updated file.

bash$ find directory -type f -print0 | xargs -0 -P 1 stat --format '%Y :%y %n' | sort -nr | cut -d: -f2- | head

In this example the script is run in the files in this FAQ. This FAQ entry is the last one updated!
$ find .  -type f -print0 | xargs -0 -P 1 stat --format '%Y :%y %n' | sort -nr | cut -d: -f2- | head
2018-04-27 08:55:47.517999369 +0200 ./last.updated.file.txt
2018-04-27 08:54:07.277999790 +0200 ./last.updated.file.txt~
2018-04-27 08:51:50.658000281 +0200 ./compare.directories.txt
2018-04-26 15:40:44.030253321 +0200 ./compare.directories.txt~
2018-04-25 13:39:28.802347956 +0200 ./vlan.txt
2018-04-23 08:19:00.582125333 +0200 ./platform.txt
2018-04-20 16:01:09.194378641 +0200 ./serverroom.use.txt
2018-04-17 14:20:59.742186698 +0200 ./storage.txt
2018-04-13 13:28:04.770412453 +0200 ./spss.txt
2018-04-09 12:51:46.146083485 +0200 ./support.txt
$ _

Finding the file with the longest file name

This little script display the number of files in the current directory, the character length of the longest file name and the name of that file.
$ find directory1 | awk 'BEGIN{N=0} {N=N+1; if ( length > L ) { L=length ;s=$0 } }END{ print N" "L" "s }'
$ _

Here is an example running on the files in this FAQ. There are in total 219 files and the longest filename has 49 characters in the path which is ./how.to.map.network.drive.via.SMB.on.Windows.txt.

$ find . | awk 'BEGIN{N=0} {N=N+1; if ( length > L ) { L=length ;s=$0 } }END{ print N" "L" "s }'
219 49 ./how.to.map.network.drive.via.SMB.on.Windows.txt
$ _

18. My mailbox is full! What do I do?

The Exchange mailserver at the university has a limited amount of storage quota for each user. This is to prevent a single user from accidentally filling up all space.

No worries. Just contact contact helpdesk@uu.se to get more space. Send a mail from your own account and ask for a more mailbox space.

How to check usage

In Exchange 2016 you do this to check your usage:

  1. Open Options in the top right corner cogwheel
  2. Go to General in the left menu
  3. And then to My account
  4. Mailbox usage should be reported in the right bottom corner.

19. How do I mount SMB share in Linux?

Command line

  1. If you are running Ubuntu make sure the package cifs-utils is installed by running the command:

    apt-get install cifs-utils

  2. To mount an SMB-share on the command line in Linux, first create a directory where to mount the share: example like this:

    mkdir /mnt/myfiles

  3. Then mount:

    mount -t cifs -o domain=USER,username=jny25782,password=XXX '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

    If you want to be prompted for a password try this instead where the password is not specified.

    mount -t cifs -o domain=USER,username=jny25782 '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

  4. Newer versions of Ubuntu do not fall back to older versions of the SMB protocol. Then please specify what version you want to use. In this example Ubuntu 17.10 is used connecting to the Hitachi NAS service at UU.

    mount -t cifs //inv-users.files.uu.se/INV-Common$/ /mnt/myfiles -o domain=USER,username=jny25782,password=XXX,vers=2.0

Permanently

To do this permanently add the following line (as a root user) in the file /etc/fstab

  1. First check your uid (uidNumber) as your normal user:

    id -u

  2. Then enter this line as an administrator in the file /etc/fstab.

    //inv-users.files.uu.se/inv-users$/jny25782 /mnt/myfiles cifs domain=USER,username=jny25782,password=XXX,uid=1000,iocharset=utf8 0 0

  3. Now the normal user with id 1000 should be able to access the files in /mnt/myfiles

Temporarily on an Ubuntu desktop

  1. Start the file browser and open Connect to server...
  2. Enter the path:

  3. Enter your credentials

20. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?

The PCFS storage provided by BMC-IT is normally accessed via SMB. However the Uppsala University perimeter firewall in front of UpUnet (Fortigate) is blocking incoming SMB. The Uppsala University HPC center UPPMAX (Uppsala Multidisciplinary Center for Advanced Computational Science) has its own Internet connection via SUNET so SMB access from SUNET is blocked in the firewall.

For those cases Rrsync (restricted Rsync) can be set up as well.

It could for example look like this on the server:

[root@bmc-pcfs4 ~]# tail -5 /etc/ssh/sshd_config Ciphers +arcfour AllowUsers root jny25782 Match User jny25782 ForceCommand /usr/local/bin/rrsync.data.sh Match all [root@bmc-pcfs4 ~]# cat /usr/local/bin/rrsync.data.sh #!/bin/bash exec /usr/local/bin/rrsync /data [root@bmc-pcfs4 ~]#

To access it use Rsync as normally. However, Rsync now is using the /data directory above as base directory. ALl the shares are mounted under the /data directory.

To access the data with Rsync may look like this. Here I tried to download the contents of a share I do not have access to, so just igore the error and use rsync as normal for transfer data.

gforce:~ jerker$ rsync -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. jny25782@imb-genomicsklt2.files.uu.se's password: receiving file list ... rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) 3 files to consider sent 20 bytes received 222 bytes 69.14 bytes/sec total size is 0 speedup is 0.00 rsync error: some files could not be transferred (code 23) at /BuildRoot/Library/Caches/com.apple.xbs/Sources/rsync/rsync-52/rsync/main.c(1404) [generator=2.6.9] gforce:~ jerker$ ls -la tmp/ total 0 drwxr-xr-x 4 jerker staff 128 Mar 30 2017 . drwxr-xr-x+ 225 jerker staff 7200 Dec 5 11:27 .. drwxr-xr-x 2 jerker staff 64 Dec 5 11:02 .snapshots drwxrwx--- 2 jerker staff 64 Mar 8 2017 GenomicsKLT2 gforce:~ jerker$ ls -la tmp/GenomicsKLT2/ total 0 drwxrwx--- 2 jerker staff 64 Mar 8 2017 . drwxr-xr-x 4 jerker staff 128 Mar 30 2017 .. gforce~ jerker$ _

If you want to use your public SSH-key instead of your password for authentication then send the SSH key to the administrator. Kerberos single-sign-on is currently not supppoerted.

From UPPMAX

  1. Connect to Uppmax with SSH, in this example I am connecting to rackham.uppmax.uu.se. Start a screen so that you can keep your processes running even when your SSH-client disconnect to UPPMAX when you for example shutdown your computer.

    [jerker@rackham3 ~]$ screen

  2. Then connect to that server with rsync. In the following example we are trying to reach the share that also can be reached as smb://IMB-GenomicsKLT2.files.uu.se/IMB-GenomicsKLT2/

    [jerker@rackham3 ~]$ rsync -avx --progress jny25782@imb-genomicsklt2.files.uu.se:IMB-GenomicsKLT2/. tmp/.

    In this example we are using another port because the normal port 22 was at that point still blocked in the firewall between UPPMAX and UpUnet. Also, compression is turned off, faster ciphers are being used and ssh escape characters are turned off.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -p 2222 -o Compression=no -c arcfour,aes128-ctr' -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. The authenticity of host '[imb-genomicsklt2.files.uu.se]:2222 ([130.238.54.70]:2222)' can't be established. ECDSA key fingerprint is SHA256:zUs82pMdiZzQoqaR86iGFp2A/6LzHAy6WBbKC+46sSo. ECDSA key fingerprint is MD5:12:c7:98:f6:65:3e:39:0d:df:59:dc:a7:f8:96:2a:f4. Are you sure you want to continue connecting (yes/no)? yes You have to type yes here Warning: Permanently added '[imb-genomicsklt2.files.uu.se]:2222,[130.238.54.70]:2222' (ECDSA) to the list of known hosts. jny25782@imb-genomicsklt2.files.uu.se's password: Enter your password here receiving incremental file list rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) .snapshots/ sent 16 bytes received 226 bytes 19.36 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1518) [generator=3.0.9] [jerker@rackham3 ~]$ _

    Here is an example when the contents of the directory /proj/mystuff/directory/to/upload/. on UPPMAX will be synced to the directory TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/. on PCFS.

    This destination can also be reached over SMB as as the smb://TLA-ShareName.files.uu.se/TLA-ShareName/ShareName/directory.to.upload/ or \\TLA-ShareName.files.uu.se\TLA-ShareName\ShareName\directory.to.upload\

    The flag --delete will erase all files from the destination that do not exist in the source.x

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -o Compression=no -c arcfour,aes128-ctr' --delete -avx --progress /proj/mystuff/directory/to/upload/. jny25782@TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/.

    By using the notation above (the /. in the end) the rsync can be run multiple times to update/sync modified files again.

  3. Have fun! Disconnect from the screen with Ctrl-A Ctrl-D. Attach to the screen again with the command screen -x.

21. What is the BMC-IT computer platform and how does it work?

The platform is the stack of software and infrastructure that BMC-IT use.

Goals for the BMC-IT work with the platform:

  1. Provide a well working platform environment for the end users.
  2. Listen to what the users need. Implement changes in the platform when possible.
  3. Work together with the university and use central systems whenever possible.
  4. Provide options for the users with different needs regarding management, storage and operating system.

These are the major components of the platform

UpUnet and internal campus network

  • backbone and router financed via IT-division
  • campus switches financed via BMC
  • maintained by IT-division
  • cross connect patched by BMC-IT

The network and maintenance is payed for by the rent. There are no extra cost involved. However new networks sockets have to be payed for by the tenant.

BlueCat

  • pushed for and initiated by BMC-IT via IPAM-talk on IT-forum
  • maintained by and financed via IT-division

BlueCat is a tool for IPAM, an interface to manage DHCP and DNS. BMC-IT are using whitelists in BlueCat to control what clients will get an IP on which networks. BMC-IT also using central TFTP (PXE) server maintained by IT-division.

BMC server room

  • owned via IT-division and BMC
  • maintained by Akademiska Hus
  • operated by IT-division with assistance by BMC-IT
  • financed by the users from the whole university

The server room is for use by the whole university. Servers BMC-IT maintain for the departments we give support too are paid for by the users of BMC-IT.

Microsoft deployment toolkit (MDT)

  • included in present licenses
  • maintained by BMC-IT

MDT is used for installation of Windows and an engine for software distribution (Zenworks) on client computers.

Munki

  • open source software
  • maintained by BMC-IT

Munki is used for software distribution on Mac. Munki does one thing, program and configuration distribution, and does that very well.

Microsoft Active Directory

  • maintained by IT-division

The client computers are joined to the Active Directory providing authentication and directory services.

OCS Inventory

  • maintained by BMC-IT

Light weight inventory of software and hardware. Currently run in Mediateket (student computer laboratories) and some Linux servers at BMC.

Zenworks

  • maintained by Uppsala University

Zenworks is used for software distribution on Windows. Packages that BMC-IT uses are mostly built by BMC-IT but some are shared over the university.

HNAS file server

  • owned and maintained by IT-division
  • financed by the users

Better storage. Cost 7000 SEK/TB/year (7 SEK/GB/year) in steps of 500 GB. Offline files may be used for access of Documents and Desktop, but not shared group folders.

PCFS (Archive storage)

  • owned maintained by BMC-IT
  • financed by the users

In the price range of cloud storage. Simple storage with compression, snapshots and rsync to secondary server. The solution can handle tens of millions of files with hundres of snapshots with snapshots for over a year.

OwnCloud sync storage (In development)

  • open source software
  • maintained by BMC-IT

Syncronized storage, similar to Dropbox in functionality. Currently used by a single department.

IBM Spectrum Protect tape backup

  • owned and maintained by IT-division
  • financed by the users

IMB Spectrum protect is a enterprise standard backup and recovery system maintained by IT-division for the whole university. It is not very fast for many small files, in particular when backing up tens of millions of files incrementally.

Shared parts of the platform and comparison with some of the other platforms at UU made in 2018

SUNET highed BMC-IT EPI UADM UUIT RBL-IT POL-IT EBC UUB EKIT GT BLAS
info / contact JNvB JNvB BB various CR HH SÅ+BG EL AL
server room 3000 SEK/U/y BMC server room BMC server room
BMC server room
UUIT
BMC server room
Ångström
ITC + Ångström EBC
CAR
BMC server room
Ekonomikum
virtual machine platform Openstack KVM
UUIT VMWare VCenter ESXi
KVM
Microsoft Datacenter Hyper-V UUIT VMWare VCenter ESXi RUD-IT VMWare VCenter
Cloud­system OpenStack
POL-IT VMWare VCenter ESXi
EBC VMWare VCenter ESXi
UBIT VMWare VCenter ESXi
KVM
MS Hyper-V
network infra­structure Cisco Cisco
Fortinet
Cisco
Cisco
Fortinet
HP
Cisco
Cisco Cisco Cisco
IPAM solution BlueCat BlueCat BlueCat
Bluecat
ISC DHCP
?
BlueCat
ISC DHCP
BlueCat BlueCat
tape backup solution IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect Arcserve IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect
main client storage
UUIT Hitachi NAS (HNAS)
RBL-IT EMC Isilon
Microsoft Windows Storage Spaces UUIT Hitachi NAS (HNAS) RBL-IT EMC Isilon HP 3Par NetApp UBIT SAN EKIT SAN
sync storage SUNET box
Windows offline files
OwnCloud
UUB Microfocus Filr
Windows work folders -
dat­Anywhere
Micro­focus Filr (2018)
Micro­focus Filr Windows offline files UUB Microfocus Filr
Microfocus Filr
SUNET Box
software distribution and inventory
SCCM
Jamf Casper Suite
Munki
Microfocus Zenworks
Munki
OCS Inventory
SCCM
Jamf Casper Suite
- LanRev Microfocus Zenworks Microfocus Zenworks
Microfocus Zenworks
Mobile Manage­ment
Microfocus Zenworks
anti-virus software POL-IT SEP ? - RUD-IT SEP POL-IT SEP F-Secure F-Secure EKIT SEP
printing system eduPrint
eduPrint
direct print
? eduPrint eduPrint
eduPrint
direct print
eduPrint
eduPrint
direct print
Gespage
eduPrint
signage Xibo ? ? Samsung ? ? ? EKO-sign
number of computers in USER-AD active since 2016 updated 2017-10-06 1314
bmc- fbv- farmbio- icm- ifv- ikv- imb- neuro- inv- isp- kmb- mcb- sll- mms- !inv‑opht !inv-srv00
2873
epi- ep- uadm- ucr- ilk- farmaci- nai- far-
- 1256
surgsci- igp- rud- rudb- inv-d0 inv-l1 imv- inv‑opht-
1004
itc- mat- pol- fys- ang- kem- it- pol- polb-
354

ebc-
540
uub-
590
eki- kug- eh- fek- im- obs- kg- stat- nek-
Number of Workstations in Zenworks 1226 - - - 1967 395 545 228 611 668

22. How do you secure delete data from the computers and servers?

IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

References to backed up files can be delete from the client, but the data is not written over.

It is possible encrypt the files on the TSM system at the client.

The TSM systems at university is level at 3 3 2 or 3 3 1. (reliabilty, unaltered, availability) The availability is not 100% for example the system is down during times of softare updates.

When the backup system is changing generation all drives and tapes are destroyed.

Please read more about information classification at Uppsala University.

Clients

On clients we use the utility KillDisk to secure deletion of block devices. If needed the drives can also be sent to destruction via the Security Division at Uppsala University or in a way approved by them.

Servers

When the servers are put out of commision the drives are sent to destruction via the Security Division at Uppsala University or in a way approved by them.

23. We have a server, where should we put it?

BMC has a server room in D11:0. The room was built in 2013 and is maintained together by the IT-division (UUIT) at the university administration (UADM) and Uppsala Biomedical Centre (BMC). The management team (styrgrupp) for the BMC-hall includes the IT director of the IT-division and the director of Uppsala Biomedical Centre.

KRT
333

The server room is equipped with:


The BMC-hall-router VLANs on the normal BMC-hall-switches cannot be shared with the VLANs on the router (called the BMC-router) for the rest of the building. Contact netsupport@its.uu.se for help with network configuration for the server room.

Current rate is 60000 SEK/rack/year or 2000 SEK/U/year plus a one time fee of 5000 SEK. (This should be about the cost of production. Prices from 2015-06-05.)

For renting space in the server room, contact bmc-hall@uu.se.

Also consider renting virtual servers or using some of the shared services at the university before buying your own physical servers. Contact uppdrag@its.uu.se for renting virtual servers in the the shared VMware environment or storage. Contact UPPMAX for using the shared HPC resources for computation and storage. Contact BMC-IT for shared storage using PC file server. Check on them from time to time to see what they are up to before building something on your own to reduce the duplicated effort.

24. What service levels does BMC-IT have compared to others at the university?

The different organisations at the university have different level of service in order to fullfull their missions on a cost-efficient way.

UUIT (IT-division) provides highly available services for the whole university.

BMC-IT is focused on providing great services for the people at the campus and is trying to keep it simple and durable.

UPPMAX is providing the best high-performance computing environment available, but is neither focused on high-availability nor user-focused service (not the individual users, but as a collective of course).

ServiceUUITBMC-ITUPPMAX
Server room cooling Redundant with backup (BMC-hall) Non-redundant
Server room fire extinguisher Yes Yes
Server room power Dual redundant UPS. Backup diesel power generator. Dual power to each rack. Non-redundant, UPS on critical systems
Server room network Redundant routers, in general non-redundant top-of-rack switches but redundant etherchannel to clients via flexstacked switches also available Non-redundant (redundant core network)
Server room stand-by personel in-house Yes No
Server room stand-by personel external techician (power, cooling) Yes
Stand-by decision making personel, possible to order in technical personel Yes No No
Stand-by technical personel No No No
Vacation spread out so that somebody always on duty during work hours Yes Yes Yes
All systems maintained by a group (not individuals) Yes Usually, but with a primary responsible person and contact Yes (Primary and secondary contact)
Somebody among the contacts or responsble for a service always on duty. (Not vacation on the same time) Yes No No
Redundant storage systems which handle partial failure gracefully Yes (HNAS) Yes
Simple and small storage system with faster full restore No Yes (PCFS) No
Maintenance window adapted to individual user groups No Yes No

25. How do I send a large file to someone outside (or inside) the university?

We recommend using SUNET Box for this kind of service. Please read more at Medarbetarportalen - SUNET Box: cloud file storage and sharing.

Please also read about comparison between different services at the UB FAQ Filr vs SUNET Box vs Dropbox.

26. How do I order a standard computer?

Currently (2018-09-18) we recommend Intel Core i5 with 16 GB RAM and 256 GB SSD storage or better.

Please note that all prices mentioned below are subject to change.

Computers

  1. Apple Macbook Pro (13.3", i5 3.1GHz with 2 cores, 256 GB SSD) - around 15700 SEK (not including adaptors / dock) (one year warranty)
    »Produktwebben (2018-02-22)
  2. Apple Macbook Pro (15.6", i7 2.8GHz with 4 cores, AMD Radeon Pro 555 2GB) (not including adaptors / dock and one year warranty)
    Standard model with 256 GB SSD - around 18500 SEK »Produktwebben (2018-03-01)
    With 512 GB SSD - around 20000 SEK. »Produktwebben (2018-03-01)
    With 1 TB GB SSD - around 22900 SEK. »Produktwebben (2018-03-01)
  3. Dell Latitude 7390 (13.3", i5-8250U (4 cores), 256B SSD, 16GB RAM) - around 8900 SEK (not including adaptors / dock) (service 3 year next business day ProSupport)
    »Produktwebben Dell Punchout (2018-09-18)
  4. Dell Optiplex 7060 SFF - around 6500 SEK with i5-8400, 16 GB RAM and 256 GB SSD (not including screen) (basic service 3 year next business day onsite)
    »Produktwebben Dell Punchout (2018-06-04

Accessories

  1. Dell WD15 - around 1200 SEK
    USB-C dock with battery charging, gigabit Ethernet, VGA, HDMI, mini DisplayPort, 5x USB-A ports, headset-jack, line-out. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (only one simultanious external 4K display supported, two simultanious external 2K displays supported)
    »Produktwebben Dell Punchout (2018-09-18)
    »Dell WD15 Specification
  2. Dell DA200 - around 420 SEK
    USB-C adapter with USB-A, gigabit Ethernet, VGA and HDMI. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (VGA and HDMI cannot be used at the same time.)
    »Produktwebben Dell Punchout (2018-09-18)
  3. Dell DA300 - around 520 SEK
    USB-C adapter with USB-A, USB-C, gigabit Ethernet, DisplayPort, VGA, and HDMI.
    »Produktwebben Dell Punchout (2018-09-18)
  4. Lenovo USB-A Gigabit Ethernet - around 130 SEK
    USB-A adapter suitable for using with Dell P2x19HC.
    »Produktwebben 4X90E51405 (2018-09-18)
  5. Dell P2419HC - 1450 SEK
    Screen 24" with 1920x1080 resolution with USB-C, HDMI and DisplayPort. May be used as dock together with Dell Ethernet USB-A adapter, may charge computer via USB-C
    »Produktwebben Dell Punchout (2018-09-18)
  6. Dell P2719HC - 1890 SEK
    Screen 27" with 1920x1080 resolution with USB-C, HDMI and DisplayPort. May be used as dock together with Dell Ethernet USB-A adapter, may charge computer via USB-C
    »Produktwebben Dell Punchout (2018-09-18)
  7. Dell Ultrasharp U2419HC - 1890 SEK
    Screen 24" with 1920x1080 resolution. USB-C (PD 65W), HDMI, DP, DP out, 4x USB 3.0. Cables USB-C and DP included.
    »Produktwebben Dell Punchout (2018-10-08)
  8. Dell Ultrasharp U2719DC - 3190 SEK
    Screen 27" with 2560x1440 resolution. USB-C (PD 65W), HDMI, DP, DP out, 4x USB 3.0. Cables USB-C and DP included.
    »Produktwebben Dell Punchout (2018-10-08)

External hard drive (examples)

  1. WD My Passport for Mac 2 TB - around 663 SEK
    External 2.5" drive with USB 3.0 USB-A USB-C formatted for Mac »Produktwebben (2018-02-01)
  2. Toshiba Canvio for Desktop 2 TB - around 535 SEK
    External 2.5" drive with USB 3.0 USB-A interface. »Produktwebben (2018-02-01)

Send a mail to helpdesk@bmc.uu.se with your request.

Apple Macbook Pro Dell Latitude 7390 Dell P2719HC
Dell Optiplex 7050 SFF Dell WD15 HP EliteDisplay E272q
Dell DA200 Dell DA300 Samsung SE650

27. We need more storage! Do you have a file server we can use?

UUIT HDS NAS file server (HNAS)

KRT
3*32

The university has a common file server service run by IT-division running Hitachi NAS called file area (filarea)

In general order by contacting IT-division or contact helpdesk@bmc.uu.se if your department is already using the service.

BMC-IT PC file server (PCFS)

KRT
3*21

The PC file server storage service is a cost-efficient storage solution for mostly high volume archive data. It is built of commodity PC hardware (which means the hardware can be replaced with equipment from other vendors) and open source software (no hidden costs or support agreements). This gives us freedom and a low price but it also means that we are on our own.

The concept is from around 2010 where it was used for two departments. The service was originally built in 2016 for users at BMC who do not have to own their storage but since it is self-sustained it may be used by everyone at the university.

The setup is fully documented in SOP - Install PC file server, SOP - Common service PC file server and SOP - Rsync backup to Btrfs snapshots. This means you can set up a very similar setup using the same concept on your own if you want to.

Order by contacting BMC-IT at helpdesk@bmc.uu.se.

RBL-IT EMC Isilon file server (Argos)

KRT
3*32

(The KRT-value 332 requires Gold-level.)

Everyone at the university may use the Rudbeck-IT file servers running EMC Isilon. Technical Specifications Guide - Dell EMC Isilon OneFS and IsilonSD Edge.

For ordering please contact RBL-IT helpdesk@rudbeck.uu.se with this information:

Connect use Windows: \\argos.rudbeck.uu.se\MyGroups$

Connect use Mac OSX: smb://argos.rudbeck.uu.se/MyGroups$

UPPMAX

Uppmax has storage which is free if you have applied for and been granted resources. Please go to www.uppmax.uu.se to figure out what UPPMAX can do for you.


28. How do I manage access to a group storage at Argos?

Follow the guide at the portal “My Rudbeck” to manage the access to your group storage. Remember to make one user "Admin" (probably you).

29. How do I connect to storage at Argos?

The file server is currently only accessible within the Uppsala University network or from home using VPN.

Please use the guides at Rudbeck-IT portal “My Rudbeck” to see the different options to access the storage spaces.
Windows
Please note that Windows users with a BMC-IT installed computer should use the alternative "Access via server address" to connect to the storage. Learn more about how to map a network drive to your Personal Storage above.

30. How do I order a group storage at Argos?

The group leader (or designated person) can create a group storage on his/her own. Follow the guide at the portal “My Rudbeck” to order a group storage.

Storage Title
Protection level (level of security for your group folder)

Check your group policy for which level of security you should choose.

Payment

If you have a voucher with prepaid storage that you want to use, click on the voucher alternative. If you don’t have a voucher, or if you want to have more space than the voucher pays for, click on the alternative “No Voucher” and enter a Payment Code (usually the reference code for the group), for where to place the cost for the storage.


31. How do I order a personal storage at Argos?

Follow the guide at the portal “My Rudbeck” to order a personal storage. Payment
If you have a voucher with prepaid storage that you want to use, click on the voucher alternative.

If you don’t have a voucher, or if you want to have more space than the voucher pays for, click on the alternative “No Voucher” and enter a Payment Code (usually the reference code for the group ), for where to place the cost for the storage.

32. How do the different types of storage compare to each other?

This is an illustration how how the different types of storage that is available compare to each other regarding Availability, Reliability, Performance and Price.

Reliability
High reliability means a low risk of data loss over a long period of time.
Availability
High availability means the system is (almost) always online and in order to do this it has to handle equipment failures of different kinds and still be running.
Performance
Performance may both mean high IOPS (many small requests) and bandwidth (lots of data), but here it is simplified.
Price
This is the cost in SEK per terabyte of stored data per year. (Updated in December 2015.)

One of many things that are beyond this comparison is the cost of entry. A single big PC-server with a lot of disk is around 250 kSEK and can store 576 TB raw data (around half of that is usable when using 3+2 RAID6 plus hot spares) and may last with support for around 5 years. A small share on the HNAS file server, which may be useful for a whole department storing small but important files, may be as low as 1 TB and cost 7000 SEK/year. A Ceph system is only recommended if one is scaling it up to a lot of file servers (and a lot of time for system administration) providing huge amount of bandwidth.

In practice this means that a PC file server, with proper backup or remote snapshotting to another PC file server, may be useful for storing a lot of data cheaply, but not for example used as 24/7 available file storage.

The university HNAS file server service is a very good for general storage of data in a safe way.

Availability-Performance comparison The performance in the HNAS system and a PC with SSDs is great, but HNAS is a lot more available since it has fault-tolerant hardware to higher extent.

Reliability-Price comparison There is a very small risk of data loss in a well set up PC file server with backups. The same applies to the HNAS system, although it is more expensive and as seen above, more available.

33. How do I mount my home directory or shared storage at HNAS?

For Windows clients in USER-AD your home directory and the department common (public) share will automatically be mounted when you login using the drive letters below.

This storage is in the university shared HNAS file server. Some departments also have other storage available - contact helpdesk@bmc.uu.se for details.

  1. Please select your department:

    DepartmentAcronym
    Biomedical Centre Campus Management
    Department of Cell and Molecular Biology
    Department of Medical Biochemistry and Microbiology
    Department of Medical Cell Biology
    Department of Neuroscience
    Department of Pharmaceutical Biosciences
    Department of Public Health and Caring Sciences
    International Science Programme (ISP)
    . . .
  2. Please enter your username here:


    PurposePlatformDFS-pathDirect path Driver letter
    Home directory for personal files Windows \\user.uu.se\BMCI\TLA-Users\account \\TLA-Users.files.uu.se\TLA-Users$\account X:
    Mac smb://account@user.uu.se/BMCI/TLA-Users/account smb://user\account@TLA-Users.files.uu.se/TLA-Users$/account
    Common (public) share for department,
    research groups etc.
    Windows \\user.uu.se\BMCI\TLA-Common \\TLA-Common.files.uu.se\TLA-Common$ P:
    Mac smb://account@user.uu.se/BMCI/TLA-Common smb://user\account@TLA-Common.files.uu.se/TLA-Common$
  3. Sometimes you want to mount via the command line.

    • Windows, command line version on mapping a network share:
      net use x: \\TLA-Users.files.uu.se\TLA-Users$\account /user:user\account
    • macOS, command line version on how to connect to a file server:
      mkdir ~/Desktop/account
      mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account
    • On Linux, command line version on how to mount a CIFS file system:
      mkdir ~/Desktop/account
      sudo mount -o username=account,domain=user -t cifs //TLA-users.files.uu.se/TLA-users$/account ~/Desktop/account
  4. Also read in the SOP - Connect a Mac to HNAS (v1.0).pdf or follow the links to other FAQs above on how to use the Windows Explorer or Mac Finder GUI. Remember to use the VPN if you are connecting from outside the university network.

    Connect from Mac

    Problems with accessing the shared folders

    A common problem may be that your account has not got the correct permissions called group membership in AKKA, the university catalogue. Please then contact your department administration to get this fixed.

34. What is the cost of a PC file server?


Please note! BMC-IT has a PC storage solution service. Read more in the SOP - Common service PC file server. Also note that for home directories we recommend using the IT-division HNAS file server.

These are examples of the costs of buying and maintaining a PC file server. The example below includes a server from Supermicro and one from HP. HP includes on-site support, Supermicro do not. Please note that TSM-backup is not included in these figures! (Prices updated in September 2016.)

  • Very cheap Good for lots of data when the price has to be low.
  • Acceptable speed Good bandwidth - can receive and send 1 Gbit/s (or 10 Gbit/s with appropriate network and multiple clients). Since the drives are rotating HDD, relative SSD the latency is high and IOPS are lower. But it works fine with large files.
  • Low availability BMC-IT in general only do support during office hours. If the PC server totally breaks down (it may happen!) it will take some time to get service or spare parts or restoring from backups. Compare this with the IT-division HNAS file server which has built in redundancy.
  • Linux and Active Directory These examples uses Linux (preferably CentOS 7) as an operating system and connects to the university Active Directory and works as a file server using Samba. More complex setups than this may need extra time to set up and maintain. For example running a Windows server instead of Linux requires extra costs for licenses.

This is a Supermicro file server with enterprise drives. Includes ship-in support from Southpole.

Normal HP file server with enterprise drives, three year next business day on-site support from HP.

This is a Supermicro file server with archive drices.

Cost of a rack unit per year: 1250 (full rack) or 2000 (single machine) SEK
Number of rack units in the server room:
(If no new space is needed, set a 0 here)
U
Cost for the server with no drives: SEK
The number of drives: drives
Size of the drives: TB
Number of years to run the server
(warranty)
years
Cost of each drive: SEK
The number of working hours spent each year:
(system administration and support)
h/year
The cost of a working hour: SEK/h
The part of the raw storage that is usable:
(RAID6 (two parity drives) on five drives equals 0.6.)
usable storage factor

Purchase cost SEK.

Raw storage TB.

Usable storage TB.

Yearly cost SEK/year over years (includes everything)

Cost for raw disk SEK/TB/year.

Cost for usable storage SEK/TB/year.

Two identical file servers (one for backup using snapshots / shadow copy) would cost SEK/TB/year

Two servers (as above) and a cold standy (no drives) would cost SEK/TB/year

35. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)



IBM Spectrum Protect is the backup system run at the university at the IT-division. The software was previously known as TSM - Tivoli Storage Manager and is still referenced as both names.

Financing and pricing

The services is paid for by the users. This includes salaries for everyone involved in maintaining the system and all equipment. The costs includes a starting cost per node and (decreasing) cost per GB depending on how much data that is stored in the system. Read the pricelist.

Documentation

IBM has their own documentation of TSM 7.1.3 (the latest version at 2016-04-14)

Schedule

Usually on Windows-systems the backup-client is asking the server whether it should backup or not. Send a mail to backup-admin to let them know.

On Mac and Linux (and other Unix-based systems) instead the client is called at a certain point in time doing the backup like this:

dsmc incr

To put this in crontab in a Linux system first run editor for the crontab as root using emacs as an editor.

EDITOR=emacs crontab -e

Or use the default vi editor:

crontab -e

Then enter the point in time to run the backups (with the full path to the client)

1 1 * * * /usr/bin/dsmc incr

Performance with TSM

TSM store files in tapes and after a while the incremental backups will store files in several different tapes. One way of taking care of this is to instead from time to time do a selection backup or a image (block device) backup. The block device backup is harder to read back for certain files obviously.

There are several options to decrease the amount of data being sent on the wire by doing more work on the client. Inside the university network this usually it not a problem since we usually have enough bandwidth betwen the campuses and to the backup servers.

  • Zip up many small files and exclude the originals from backup.
  • Use virtual mount points to divide up the files in smaller sets.
  • Use journal-based backup to track which files have been changed
  • Use memory efficient backup, if the client is running out of memory.

Compression yes Memoryefficientbackup yes

Examples: Query the backup...

To list what partitions (or file systems) have been backed up:

dsmc query files

To list files that have a backup date during a certain date range: (However, running with options time limits (todate, fromdate) will change the behaviour for the client and read a lot of data into RAM. With several millions of files this will be slow. Read about Classic Restore versus No Query Restore (NQR) at IBM)

The option -inactive will list both active and inactive files.

dsmc q ba -inact -fromdate=01/01/2016 -todate=01/03/2016 -subdir=yes '/blue/*'

To get summary of all files backed up and the size:

dsmc query backup '/etc/*' -subdir=yes -querysummary

To get more details, for example to see files with the wrong backupclass which still are taking up space in the backup, run this command:

dsmc query backup '/etc/*' -subdir=yes -querysummary -detail

Examples: Restoring backup...

To interactively pick and restore the files, restoring to the directory /tmp:

dsmc restore -pick '/blue/*' "/tmp/"

To also interactively pick among the inactive files when restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive

To also restore subdirectories while restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive -subdir=yes

To restore the state of a directory at certain different points in time. This will run the restore command each for the specified dates and restore the directory as it were at that point in time.

for i in 10 11 12 13 14 15 16 17 ; do mkdir /var/tmp/jerker.restore.2016-04-$i-12.00.00/ dsmc restore -pitd=04/$i/2016 -pitt=12:00:00 -subdir=yes '/home/jerker/*' /var/tmp/jerker.restore.2012-11-$i-12.00.00/ done

To backup everything irrespective of whether files have changed since the last backup, use the selective command:

dsmc sel '/green/home/USER/jny25782/*' -subdir=yes

Examples: Deleting old backup data...

To delete a backup (which may require extra permissions), use the delete command. This time the -pick makes it interactive.

dsmc delete backup '/archive/jerker/*' -subdir=yes -pick

To delete all inactive files:

dsmc delete backup '/archive/jerker/*' -subdir=yes -deltype=inactive

To delete all inactive files backed up during a certain date range:

dsmc delete backup -fromdate=01/01/2010 -todate=01/01/2016 '/green/home/USER/jny25782/*' -subdir=yes -deltype=inactive

With the number of files into multiple tens of millions, this may not work so well since it takes up too memory or perhaps timeout when waiting too long for the confirmation prompt unless the operator (you) are staring at the window. Use the -noprompt option and break it down inte smaller parts like this:

for i in /home/* ; do dsmc delete backup -fromdate=01/01/2010 -todate=04/01/2016 $i/'*' -subdir=yes -deltype=inactive -noprompt ; done

To delete all files from the backup, including inactive files, specify -deltype=all. Do not prompt for confirmation.

dsmc delete backup '/unwanted.data/' -deltype=all -noprompt

This however do not delete parent directories from the backup. To remove them to, run the expire command. The position of the wildcard is described at IBM but look a bit strange, so be careful!

dsmc expire '/unwanted.data*' -noprompt

Different management classes:

To view the different management classes:

dsmc q mgmtclass

To list the details different backup management classes:

dsmc q mgmtclass -detail

To change class when taking backup, the new class can be specified in the file dsm.opt when including file systems:

include /myfilesystem/* TWOYEARCLASS

Please note that this may (or may not) only affect new objects created in the backup system. Manual clean up (using the method in the previous section) may have to be done.

The way I know about how to view the current backup management class is to start the graphical client: dsmj and in the menu Utilities the entry View policy information

This is a small script to list managment classes:

#!/bin/bash echo 'Management Retain Only Retain Extra Version Version' echo 'Class Version Version Data Exists Data Deleted' echo '--------------- --------------- --------------- --------------- --------------' ( dsmc q mgmtclass -detail ; echo DONE ) | grep -e 'MgmtClass Name' -e 'Retain Only Version' -e 'Retain Extra Version' -e 'Versions Data Exists' -e 'Versions Data Deleted' -e 'DONE' | ( while read A B C D E F ; do if test "$A" = "MgmtClass" -o "$A" = "DONE" ; then if test "$EXTRA" != "" -a "$ONLY" != "" ; then echo -e $MGMT'\t'$ONLY'\t'$EXTRA'\t'$EXISTS'\t'$DELETED | expand --tabs=16,32,48,64 ONLY="" EXTRA="" MGMT="" DELETED="" EXISTS="" fi MGMT=$D fi if test "$B" = "Only" ; then ONLY=$D fi if test "$B" = "Extra" ; then EXTRA=$D fi if test "$C" = "Exists...:" ; then if test "$D $E" = "No Limit" ; then EXISTS="NoLim" else EXISTS="$D" fi fi if test "$C" = "Deleted..:" ; then if test "$D $E" = "No Limit" ; then DELETED="NoLim" else DELETED="$D" fi fi done ) | sort -n --key=2,5

The output looks like this on the current (2016-05-16) classes on the domain that I are using. Note that there may be different domains with different management classes.

# ./tsm.list.mgmtclasses.sh Management Retain Only Retain Extra Version Version Class Version Version Data Exists Data Deleted --------------- --------------- --------------- --------------- -------------- ITSDBCLASS 0 0 1 0 ORACLECLASS 0 200 3 0 ONEDAYCLASS 1 1 3 2 DAYCLASS 2 0 1 1 MONTHCLASS 9 9 8 7 TWOWEEKS 14 14 14 1 TDPDIFF 30 30 No Limit No Limit TDPDIFF-META 30 30 No Limit No Limit TDPFULL 30 30 No Limit No Limit TDPFULL-META 30 30 No Limit No Limit TDPLOGS 30 30 No Limit No Limit TDPLOGS-META 30 30 No Limit No Limit PUBCLASS 60 30 2 1 STANDARD 60 30 2 1 QUARTERCLASS 120 90 3 2 ITSCLASS 300 200 3 2 LOGCLASS 300 200 3 2 ITS_DISK 365 200 3 2 DEVCLASS 500 450 4 3 TWOYEARSCLASS 750 30 2 1 ADMCLASS 900 800 8 7 TENYEARSCLASS 4000 30 2 1 # date Fri Aug 26 13:51:51 CEST 2016 # _

This is how to Assign management class to specified directories or default.

36. Do you have a virtual machine (server) I can use?

If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.

If you need help contact helpdesk@bmc.uu.se and we can guide you.

Rudbeck-IT VMware

Rudbeck-IT have a a highly-available VMware ESX environment. Anyone at the university can rent a server.

The rate will be 3500 SEK/year for a basic server with 100 GB disk, 4 GB RAM and 2 cores. (2018-02-08)

Contact helpdesk@rudbeck.uu.se if you are interested.

UUIT VMware

KRT
333

The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

The current rate is 5000 SEK/year. This includes 50 GB disk. Disk is available for 6000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (2017-10-18)

Contact uppdrag@its.uu.se at IT-division to order a virtual server.

SUNET OpenStack

SUNET is offering virtual machines using OpenStack with KVM and Ceph. Role-based access control via SWAMID. Contact them for more information.

The costs are more based on the resources used than the UUIT offer above. Direct link to price list here.


SNIC Science Cloud

SNIC Science Cloud (SSC) is a national cloud computing infrastructure run by the Swedish National Infrastructure for Computing (SNIC).

Read more at the home page for SNIC Science Cloud. Read introduction to the SNIC Science Cloud.

Others...

Several other department and local campuses have virtual machine environments that you already have payed for or are paying for. Check what your campus have. Please see the FAQ regarding computer platforms.

37. My Windows computer is running out of storage. What is using it?


Wikipedia has a list of disk space analyzers. Disk space analyzers do a scan of the file system and display what is using up all the resources.

We have tested TreeSize Free which can be downloaded from Jam-software.

After installation it will scan the hard drive and display a nice window that looks like a file manager. It will display the size for every directory and the contents in it.


38. How do I access my home directory?

Open the Explorer in Windows and look for X: and P:. Store your personal stuff on the file server in X:. The P: is used for shared (public) storage between members in a group or at the university.

If should look like this:

On some computers (all the new ones) the desktop is also stored on the file server. Check if you put stuff on the desktop it also shows up on X:\Desktop.

39. How do I access my work-computer from home?

  1. Find out if you need access to the files or the actual computer running programs on it.
  2. If you only need access to the files, then it might be easier to store the files on a file server. Access the files in a secure way from home over VPN connecting to the file server.
  3. If you need access to the computer to be able to run programs on the computer, then:
    1. Allow someone to connect to your computer using Remote Desktop Connection. (Read HOWTO in Swedish or Read HOWTO in English)
    2. Lock the computer to a specific IP (Contact your Local IT, computer name, your current IP and MAC-address)
    3. .. and open in the router filter so that you can run remote desktop from the VPN to the computer. (This is also done by your Local IT.)

Mac

In Mac, get Microsoft Remote Desktop which is free in the App Store.

Add a new host hosts with login (with the windows domain) and password and then Start!

Remember to add the Windows domain in for example the format username@domain, if the host is connected to a Windows domain.

Windows

In Windows, start Remote Desktop Connection and enter the details and then Connect.

Linux Ubuntu

Install rdesktop and run for example this command:

rdesktop -p MySecretPassword -u _jny25782-T -d USER -x 0x80 -g 1800x1100 -k sv dcts.user.uu.se

This documentation is covered by GNU Free Documentation License.