Frequently Asked Questions - BMC-IT


windows ubuntu macos xibo network zenworks android storage
  1. We have a server, where should we put it?     [jump in page]   2019-01-11
  2. What about the GDPR?     [jump in page]   2019-01-11
  3. How do I take backup of the data on my computer?     [jump in page]   2019-01-11
  4. Do you have a virtual machine (server) I can use?     [jump in page]   2019-01-11
  5. We need more storage! Do you have a file server we can use?     [jump in page]   2019-01-11
  6. What should be done to introduce a new system administrator at BMC?     [jump in page]   2018-12-21
  7. How do I mount my home directory or shared storage at HNAS?     [jump in page]   2018-12-21
  8. Where do I store my data? How do I take backup?     [jump in page]   2018-12-20
  9. How do I order a standard computer?     [jump in page]   2018-12-18
  10. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?     [jump in page]   2018-12-11
  11. How does the new Adobe Creative Cloud Named license model work?     [jump in page]   2018-12-10
  12. What is the BMC-IT computer platform and how does it work?     [jump in page]   2018-12-10
  13. How do I connect to storage at Argos?     [jump in page]   2018-11-15
  14. How do I manage access to a group storage at Argos?     [jump in page]   2018-11-15
  15. How do I order a group storage at Argos?     [jump in page]   2018-11-15
  16. How do I order a personal storage at Argos?     [jump in page]   2018-11-15
  17. How do I send a large file to someone outside (or inside) the university?     [jump in page]   2018-10-16
  18. What do I do with old computers or phones?     [jump in page]   2018-08-29
  19. What are the bitrates for different digital video quality?     [jump in page]   2018-06-13
  20. Do you have some examples of fanless computers we can buy?     [jump in page]   2018-06-05
  21. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)     [jump in page]   2018-06-04
  22. What is ransomware and CryptoLocker?     [jump in page]   2018-03-23
  23. How do you secure delete data from the computers and servers?     [jump in page]   2018-01-11
  24. After my employment at the university has finished, may I bring home my old computer?     [jump in page]   2018-01-11
  25. How do I get deduplication to work in Linux?     [jump in page]   2017-12-12
  26. My Android device is running out of storage. What is using it?     [jump in page]   2017-12-12
  27. What is the point with the zone files.uu.se?     [jump in page]   2017-12-07
  28. What service levels does BMC-IT have compared to others at the university?     [jump in page]   2017-08-23
  29. Why use the university central storage (HNAS)?     [jump in page]   2017-08-16
  30. What is the cost of a PC file server?     [jump in page]   2017-06-02
  31. My mailbox is full! What do I do?     [jump in page]   2017-05-31
  32. My Windows computer is running out of storage. What is using it?     [jump in page]   2016-12-06
  33. How do I access my home directory?     [jump in page]   2016-10-10
  34. How do the different types of storage compare to each other?     [jump in page]   2016-06-23




1. We have a server, where should we put it?

See also: What is the postal address for BMC-IT?
See also: Who is resposible for what on the BMC network? Who can help me?
See also: How do I buy a new computer?
See also: Do you have a virtual machine (server) I can use?
See also: Who manages IT-support for whom at BMC?
See also: Open the server room for me please
See also: Who is responsible for the network in the BMC server room?
See also: What is the cost of a PC file server?

BMC has a server room in D11:0. The room was built in 2013 and is maintained together by the IT-division (UUIT) at the university administration (UADM) and Uppsala Biomedical Centre (BMC). The management team (styrgrupp) for the BMC-hall includes the IT director of the IT-division and the director of Uppsala Biomedical Centre.

K R T
333

The server room is equipped with:


The BMC-hall-router VLANs on the normal BMC-hall-switches cannot be shared with the VLANs on the router (called the BMC-router) for the rest of the building. Contact netsupport@its.uu.se for help with network configuration for the server room.

Current rate is 60000 SEK/rack/year or 2000 SEK/U/year plus a one time fee of 5000 SEK. (This should be about the cost of production. Prices from 2015-06-05.)

For renting space in the server room, contact bmc-hall@uu.se.

Also consider renting virtual servers or using some of the shared services at the university before buying your own physical servers. Contact uppdrag@its.uu.se for renting virtual servers in the the shared VMware environment or storage. Contact UPPMAX for using the shared HPC resources for computation and storage. Check on them from time to time to see what they are up to before building something on your own to reduce the duplicated effort.

The BMC server room does not have a postal address. If you need want to do deliveries of servers or other equipment to the server room at BMC please send to BMC-IT to with your name. Send us a mail to helpdesk@bmc.uu.se so that we know what is going on. When your package has been delivered you can pick it up at The Goods Reception.



2. What about the GDPR?

See also: We need more storage! Do you have a file server we can use?
See also: We have a server, where should we put it?
See also: How do I take backup of the data on my computer?
See also: Do you have a virtual machine (server) I can use?
K R T
???

In this FAQ we have put the following symbol as a information security classifier. This is Konfidentialitet (Confidentiality), Riktighet (correctness), Tillgänglighet (availability) according to the SS-ISO/IEC 27001.

The lowest value is 0 and the highest is 3.

Please note that lowest value in the different other systems that a service is depending on gives the final grade of that value. Even if for example the UUIT VMware has level 333 the service (operating system and system administration) running in that environment may have a lower value.

K R TA
????

At Uppsala Universty a fourth number has also been added representing Avbrottsskydd (interrupt protection). (Riktlinjer för informationssäkerhet UFV 2012/714 ). We need to find out if this is still in use or not.

Uppsala University provide the following support documents for GDPR:

As part of the above work, the data owner has to classify the data. BMC-IT provides no advice or support in regards to this. You can contact the Data Protection Officer (DPO) at UU if you need advice and support regarding issues that concern GDPR. Use this form but you can also send an e-mail to dataskyddsombud@uu.se.

BMC-IT provides storage services and some technical solutions for protecting your data. We also guide you to other storage solutions at the university. Please read more at The storage section in this FAQ.

Also read the Rudbeck IT FAQ regarding GDPR.




3. How do I take backup of the data on my computer?

See also: Why use the university central storage (HNAS)?
See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to Btrfs snapshots
See also: What about the GDPR?

Option 1: Keep all data on file server and let the system administrators take backup

K R T
332

Option 2: Keep all data on the computer and take backup on your own

Discuss with helpdesk@bmc.uu.se if you need advice in this or help buying extra hardware or order storage space on a file server.



4. Do you have a virtual machine (server) I can use?

See also: We have a server, where should we put it?
See also: How do I install Ubuntu?
See also: What is the BMC-IT computer platform and how does it work?
See also: How to get started with SNIC Science Cloud?
See also: What about the GDPR?

If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.

If you need help contact helpdesk@bmc.uu.se and we can guide you.

Rudbeck-IT VMware

Rudbeck-IT have a a highly-available VMware ESX environment. Anyone at the university can rent a server.

The rate will be 3500 SEK/year for a basic server with 100 GB disk, 4 GB RAM and 2 cores. (2018-02-08)

Contact helpdesk@rudbeck.uu.se if you are interested.

UUIT VMware

K R T
333

The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

The current rate is 5000 SEK/year. This includes 50 GB disk. Disk is available for 6000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (2017-10-18)

Contact uppdrag@its.uu.se at IT-division to order a virtual server.

SUNET OpenStack

SUNET is offering virtual machines using OpenStack with KVM and Ceph. Role-based access control via SWAMID. Contact them for more information.

The costs are more based on the resources used than the UUIT offer above. Direct link to price list here.


SNIC Science Cloud

SNIC Science Cloud (SSC) is a national cloud computing infrastructure run by the Swedish National Infrastructure for Computing (SNIC).

Read more at the home page for SNIC Science Cloud. Read introduction to the SNIC Science Cloud.

Others...

Several other department and local campuses have virtual machine environments that you already have payed for or are paying for. Check what your campus have. Please see the FAQ regarding computer platforms.



5. We need more storage! Do you have a file server we can use?

See also: How do the different types of storage compare to each other?
See also: How do I mount my home directory or shared storage at HNAS?
See also: How do I map a network drive via SMB on Windows?
See also: What is the cost of a PC file server?
See also: Backing up via Rsync to Btrfs snapshots
See also: How do I use an Apple AirPort Time Capsule?
See also: What is the BMC-IT computer platform and how does it work?
See also: What about the GDPR?

UUIT HDS NAS file server (HNAS)

K R T
332

The university has a common file server service run by IT-division running Hitachi NAS called file area (filarea)

In general order by contacting IT-division or contact helpdesk@bmc.uu.se if your department is already using the service.

BMC-IT PC file server (PCFS)

K R T
221

The PC file server storage service is a cost-efficient storage solution for mostly high volume archive data. It is built of commodity PC hardware (which means the hardware can be replaced with equipment from other vendors) and open source software (no hidden costs or support agreements). This gives us freedom and a low price but it also means that we are on our own.

The concept is from around 2010 where it was used for two departments. The service was originally built in 2016 for users at BMC who do not have to own their storage but since it is self-sustained it may be used by everyone at the university.

The setup is fully documented in SOP - Install PC file server, SOP - Common service PC file server and SOP - Rsync backup to Btrfs snapshots. This means you can set up a very similar setup using the same concept on your own if you want to.

Order by contacting BMC-IT at helpdesk@bmc.uu.se.

RBL-IT EMC Isilon file server (Argos)

K R T
331

(The KRT-value 332 requires Gold-level.)

Everyone at the university may use the Rudbeck-IT file servers running EMC Isilon. Technical Specifications Guide - Dell EMC Isilon OneFS and IsilonSD Edge.

For ordering please contact RBL-IT helpdesk@rudbeck.uu.se with this information:

Connect use Windows: \\argos.rudbeck.uu.se\MyGroups$

Connect use Mac OSX: smb://argos.rudbeck.uu.se/MyGroups$

UPPMAX

K R T
???

Uppmax has storage which is free if you have applied for and been granted resources. Please go to www.uppmax.uu.se to figure out what UPPMAX can do for you.






6. What should be done to introduce a new system administrator at BMC?

There are several different systems a new employee may get access to. This is not a complete list of all systems that should be given access to but rather a list of external systems that one should at least be aware of.

Some of these things have to be done before an employee start.

Some of this applies to more than just BMC so you are more than welcome to take a look. Please let us know if there are things we are missing.

Personal computer and work space

Get an office. Chair, table, network. Do you need an ergonomic adjustable table? Make a raid down to the BMC campus office supply cabinet and get some pens, a notebook, a scissor and other office stuff that you might need.

If you have a Mac, get an external hard drive to run local Time Machine backups.

Get a standard PC and/or Mac up and running with the standard installation. When you have a UU account, make sure you are a local administrator.

If you need to, get two USB-sticks, one with Windows (with MDT) and one with latest macOS so that you can reinstall computers. Be familiar with the instructions regarding reinstallation of Windows and macOS.

There is a Mac installation server available on the BMC-Data network. There is a PXE boot menu available on almost all networks where legacy (not UEFI) installations of Windows can be done. Also basic network boot options for installing CentOS, installing Ubuntu and running Memtest86 etc are available there.

Configure the computer to work with EduRoam and EduPrint. Make sure it works.

Order a home directory at My Rudbeck and use the Medfarm voucher to get it for free. Make sure you can access this storage on your computer.

Try out Filr the file sync system. Install the Filr client on your computer. Understand where data is stored. Make sure you can access the data both via Filr and directly.

Let your boss order a phone, either fixed phone or mobile.

Activate your access to the VPN service by following the instructions.

Work clothing

You may get your own fancy BMC/UU hoodie at Grolls. Or whatever work clothing you need for doing your job.

Administrator access

Apply for administrator access to the Local IT organisation in the Active Directory. This will control access to USER.UU.SE\BMC and USER.UU.SE\LocalIT\BMCI in the Active Directory. The terminalserver to use is called dcts.user.uu.se.

The group BMC Computing Department in USER-AD (sorry for the odd name of this group) control some access to different systems, including the file share \\BMCIT-Common.files.uu.se\BMCIT-Common aka \\USER.UU.SE\BMCI\Common.

The Zenworks system for management of Windows (just FYI)

The Munki system for managemnt of Mac (just FYI)

The Symantec server (just FYI).

Physical access

You need an employee key card. This will grant access to the corridors at BMC but not to other campuses.

You need a key to your office. Almost all offices at BMC campus management share the same lock and key.

After instructions, you may get access to the BMC computer room at D11:0.

The cross connect cabinets of BMC are locked with a special key which could be granted access via the BMC-administration if needed. There exists an extra key in the Nyckelpiga at the basement so one do not need a physical key all the time.

Network management systems

There are some network administrative systems that one should be aware of and maybe given access. This includes:

  1. NetDB (for IP / VLAN / Mac / Switch-port information) (Ask Netsupport for access)
  2. NetReg (for Vlan and router and router filter configuration)
  3. Bluecat (the IPAM system for DNS DHCP information) (Ask Servicedesk for access)

Medarbetarportalen

Login at Medarbetarportalen. Here you can find for example:

  1. Sympa - mailing list server. You may want to join these mailing lists:
    • bmc-it@lists.uu.se
    • da-info@lists.uu.se
    • it-forum@lists.uu.se
    Someone at BMC-IT have to add you to:
    • bmc-it@lists.uu.se
    You will be automatically added to:
    • bmc-int@lists.uu.se
  2. Primula Web - wage, vacation, sick leave, parental leave etc.
  3. Product Web - procurement
  4. Progdist - software licence server
  5. Akka-self service - how to change password and create guest accounts
  6. eduPrint - the printing system
  7. EasIT - the helpdesk system. This is the tool to handle support requests.

Documentation to read

Read the docs in the FAQ at http://it.bmc.uu.se/faq/ and SOPs at http://it.bmc.uu.se/sop/. You do not have to read everything but it is good to have an idea of what it is. Of special interest may be how to reinstall computers with Windows and macOS.

There are more docs at the INV-Common share as well.

Take a look at the central IT helpdesk documentation at mp.uu.se/web/info/stod/it-telefoni

Take a look at the environment and security web pages at BMC. Make sure you know the way to the recycle rooms and to the container for the combustible fraction.

New employee introduction

The university has intrductions to new employees. Book in the next scheduled event!

Wellness at BMC

There are a gym, table tennis room, showers and sauna at BMC. Read more at BMC - health. Please note that employees at Uppsala University get a small wellness subsidy every year which can be used for gym membership and other similar activites. Also when job allows you may have one hour of wellness activities every week on paid time.

Welcome! :-)





7. How do I mount my home directory or shared storage at HNAS?

See also: How do snapshots in the HNAS file server work?
See also: We need more storage! Do you have a file server we can use?
See also: How do I map a network drive via SMB on Windows?
See also: How do I connect to a file server via SMB on macOS?
See also: How do I mount SMB share in Linux?
See also: How do I access my home directory?
See also: What is the point with the zone files.uu.se?

For Windows clients in USER-AD your home directory and the department common (public) share will automatically be mounted when you login using the drive letters below.

This storage is in the university shared HNAS file server. Some departments also have other storage available - contact helpdesk@bmc.uu.se for details.

  1. Please select your department:

    DepartmentAcronym
    Biomedical Centre Campus Management
    Department of Cell and Molecular Biology
    Department of Medical Biochemistry and Microbiology
    Department of Medical Cell Biology
    Department of Neuroscience
    Department of Pharmaceutical Biosciences
    Department of Public Health and Caring Sciences
    International Science Programme (ISP)
    . . .
  2. Please enter your username here:


    PurposePlatformDFS-pathDirect path Driver letter
    Home directory for personal files Windows \\user.uu.se\BMCI\TLA-Users\account \\TLA-Users.files.uu.se\TLA-Users$\account X:
    Mac smb://account@user.uu.se/BMCI/TLA-Users/account smb://user\account@TLA-Users.files.uu.se/TLA-Users$/account
    Common (public) share for department,
    research groups etc.
    Windows \\user.uu.se\BMCI\TLA-Common \\TLA-Common.files.uu.se\TLA-Common$ P:
    Mac smb://account@user.uu.se/BMCI/TLA-Common smb://user\account@TLA-Common.files.uu.se/TLA-Common$
  3. Sometimes you want to mount via the command line.

    • Windows, command line version on mapping a network share:

      net use x: \\TLA-Users.files.uu.se\TLA-Users$\account /user:user\account

    • macOS, command line version on how to connect to a file server:

      mkdir ~/Desktop/account
      mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account

    • On Linux, command line version on how to mount a CIFS file system:

      mkdir ~/Desktop/account
      sudo mount -o username=account,domain=user -t cifs //TLA-users.files.uu.se/TLA-users$/account ~/Desktop/account

  4. Also read in the SOP - Connect a Mac to HNAS (v1.0).pdf or follow the links to other FAQs above on how to use the Windows Explorer or Mac Finder GUI. Remember to use the VPN if you are connecting from outside the university network.

    Connect from Mac

Problems with accessing the shared folders

A common problem may be that your account has not got the correct permissions called group membership in AKKA, the university catalogue. Please then contact your department administration to get this fixed.



8. Where do I store my data? How do I take backup?

See also: How do I manage access to a group storage at Argos?
See also: How do I connect to storage at Argos?
See also: How do I order a group storage at Argos?
See also: How do I order a personal storage at Argos?
See also: What is ransomware and CryptoLocker?
See also: We need more storage! Do you have a file server we can use?

The general idea is to focus on where do I store my data instead of how do I take backup. The user has to be aware of where the data is stored.

In our experience over the years, taking complete backups of the clients have proven to be too hard. It does not scale with the increasing storage capacity and the number of files and is very time consuming to maintain.

Ideally the client should not need to be backed up - all data should be on the file server or synced to the client. If the client breaks down it should be possible to just grab another computer, login and access the data. Most standard software and configuration should be easy to reinstall.

Where do I put my data

Keep your personal data on your Personal Storage on the file server.

Keep your data for your research group (or similar) on Group Storage for your research group. These are shared folders where only you and your research group, or those that you define, can access the data.

You may have a lot of files that needs to be saved in Archive Storage. This is data that do not need to be accessed 24/7 but needs to be saved. It needs to be safe enough but but not highly available. In general this is only of interest of large amounts (>20TB) of data.

How do I work with my data

The easiest is to mount your storage on your local computer and work directly with the files on the file server. This works fine on both macOS or Windows.

Data can also be synced to your client:

Please note that the general idea is to not put all your data synced to your computer but only the data you need offline. You must make sure that the data is synced to the file server and be aware of how to detect when that is not the case.

But I need all my data on the client!

We do not recommend this, but sometimes, this is the only solution that works. You have to find a solution that works for you.

  1. MacOS Use Time machine to take full disk backups to a local external drive. This makes it a lot faster to restore data being lost. (Please note that this not a complete backup system, it may not protect against malware or ransomware.) Also TSM can be used.
  2. Windows We recommend using the TSM system to take complete backups of Windows computers.

Step-by-step instruction about what to do now

Check if your computer has a local disk backup.

If your computer do not have local disk backup you have to:

  1. Be aware where you store your data
  2. Be aware that data stored on your local computer only will not be backed up automatically unless you arrange it.
  3. Be aware that you can use your computer offline if you sync your data to the server. If you make sure all your data that you need offline is synced this way you do not need local disk backup.




9. How do I order a standard computer?

See also: What are the different PC form factors?
See also: How do I buy a new computer?
See also: What software applications do the university have that I can install?
See also: Do you have some examples of fanless computers we can buy?

Currently (2018-09-18) we recommend Intel Core i5 with 16 GB RAM and 256 GB SSD storage or better.

Please note that all prices mentioned below are subject to change.

Computers

  1. Apple Macbook Pro (13.3", i5 3.1GHz with 2 cores, 256 GB SSD) - around 15700 SEK (not including adaptors / dock) (one year warranty)
    »Produktwebben (2018-02-22)
  2. Apple Macbook Pro (15.6", i7 2.8GHz with 4 cores, AMD Radeon Pro 555 2GB) (not including adaptors / dock and one year warranty)
    Standard model with 256 GB SSD - around 18500 SEK »Produktwebben (2018-03-01)
    With 512 GB SSD - around 20000 SEK. »Produktwebben (2018-03-01)
    With 1 TB GB SSD - around 22900 SEK. »Produktwebben (2018-03-01)
  3. Dell Latitude 7390 (13.3", i5-8250U (4 cores), 256B SSD, 16GB RAM) - around 8900 SEK (not including adaptors / dock) (service 3 year next business day ProSupport)
    »Produktwebben Dell Punchout (2018-09-18)
  4. Dell Optiplex 7060 SFF - around 6500 SEK with i5-8400, 16 GB RAM and 256 GB SSD (not including screen) (basic service 3 year next business day onsite)
    »Produktwebben Dell Punchout (2018-06-04

Accessories

  1. Dell WD15 - around 1200 SEK
    USB-C dock with battery charging, gigabit Ethernet, VGA, HDMI, mini DisplayPort, 5x USB-A ports, headset-jack, line-out. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (only one simultaneous external 4K display OR two simultaneous external 2K displays supported)
    »Produktwebben Dell Punchout (2018-09-18)
    »Dell WD15 Specification
  2. Dell TB16 - around 1950 SEK
    USB-C dock with battery charging, Thunderbolt 3/USB-C, gigabit Ethernet, VGA, HDMI, mini DisplayPort, 5x USB-A ports, headset-jack, line-out. Only works with Dell Latitude and Dell XPS from above. (three simultaneous external 2K-displays supported, or two 4K-displays, or one 5K-display) »Produktwebben (2018-12-18)
    »Dell TB16 specifications
  3. Dell DA200 - around 420 SEK
    USB-C adapter with USB-A, gigabit Ethernet, VGA and HDMI. Works with both Apple Macbook Pro, Dell Latitude and Dell XPS from above. (VGA and HDMI cannot be used at the same time.)
    »Produktwebben Dell Punchout (2018-09-18)
  4. Dell DA300 - around 520 SEK
    USB-C adapter with USB-A, USB-C, gigabit Ethernet, DisplayPort, VGA, and HDMI.
    »Produktwebben Dell Punchout (2018-09-18)
  5. Lenovo USB-A Gigabit Ethernet - around 130 SEK
    USB-A adapter suitable for using with Dell P2x19HC.
    »Produktwebben 4X90E51405 (2018-09-18)
  6. Dell P2419HC - 1450 SEK
    Screen 24" with 1920x1080 resolution with USB-C, HDMI and DisplayPort. May be used as dock together with Dell Ethernet USB-A adapter, may charge computer via USB-C
    »Produktwebben Dell Punchout (2018-09-18)
  7. Dell P2719HC - 1890 SEK
    Screen 27" with 1920x1080 resolution with USB-C, HDMI and DisplayPort. May be used as dock together with Dell Ethernet USB-A adapter, may charge computer via USB-C
    »Produktwebben Dell Punchout (2018-09-18)
  8. Dell Ultrasharp U2419HC - 1890 SEK
    Screen 24" with 1920x1080 resolution. USB-C (PD 65W), HDMI, DP, DP out, 4x USB 3.0. Cables USB-C and DP included.
    »Produktwebben Dell Punchout (2018-10-08)
  9. Dell Ultrasharp U2719DC - 3190 SEK
    Screen 27" with 2560x1440 resolution. USB-C (PD 65W), HDMI, DP, DP out, 4x USB 3.0. Cables USB-C and DP included.
    »Produktwebben Dell Punchout (2018-10-08)

External hard drive (examples)

  1. WD My Passport for Mac 2 TB - around 663 SEK
    External 2.5" drive with USB 3.0 USB-A USB-C formatted for Mac »Produktwebben (2018-02-01)
  2. Toshiba Canvio for Desktop 2 TB - around 535 SEK
    External 2.5" drive with USB 3.0 USB-A interface. »Produktwebben (2018-02-01)

Send a mail to helpdesk@bmc.uu.se with your request.

Apple Macbook Pro Dell Latitude 7390 Dell P2719HC
Dell Optiplex 7050 SFF Dell WD15 HP EliteDisplay E272q
Dell DA200 Dell DA300 Samsung SE650




10. What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?

See also: What is the point with the zone files.uu.se?
See also: How do I access PCFS over SMB using smbclient?
See also: How do I do parallel rsync?

The PCFS storage provided by BMC-IT is normally accessed via SMB. However the Uppsala University perimeter firewall in front of UpUnet (Fortigate) is blocking incoming SMB. The Uppsala University HPC center UPPMAX (Uppsala Multidisciplinary Center for Advanced Computational Science) has its own Internet connection via SUNET so SMB access from SUNET is blocked in the firewall.

For those cases Rrsync (restricted Rsync) can be set up as well.

It could for example look like this on the server:

[root@bmc-pcfs4 ~]# tail -5 /etc/ssh/sshd_config Ciphers +arcfour AllowUsers root jny25782 Match User jny25782 ForceCommand /usr/local/bin/rrsync.data.sh Match all [root@bmc-pcfs4 ~]# cat /usr/local/bin/rrsync.data.sh #!/bin/bash exec /usr/local/bin/rrsync /data [root@bmc-pcfs4 ~]#

To access it use Rsync as normally. However, Rsync now is using the /data directory above as base directory. ALl the shares are mounted under the /data directory.

To access the data with Rsync may look like this. Here I tried to download the contents of a share I do not have access to, so just igore the error and use rsync as normal for transfer data.

gforce:~ jerker$ rsync -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. jny25782@imb-genomicsklt2.files.uu.se's password: receiving file list ... rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) 3 files to consider sent 20 bytes received 222 bytes 69.14 bytes/sec total size is 0 speedup is 0.00 rsync error: some files could not be transferred (code 23) at /BuildRoot/Library/Caches/com.apple.xbs/Sources/rsync/rsync-52/rsync/main.c(1404) [generator=2.6.9] gforce:~ jerker$ ls -la tmp/ total 0 drwxr-xr-x 4 jerker staff 128 Mar 30 2017 . drwxr-xr-x+ 225 jerker staff 7200 Dec 5 11:27 .. drwxr-xr-x 2 jerker staff 64 Dec 5 11:02 .snapshots drwxrwx--- 2 jerker staff 64 Mar 8 2017 GenomicsKLT2 gforce:~ jerker$ ls -la tmp/GenomicsKLT2/ total 0 drwxrwx--- 2 jerker staff 64 Mar 8 2017 . drwxr-xr-x 4 jerker staff 128 Mar 30 2017 .. gforce~ jerker$ _

If you want to use your public SSH-key instead of your password for authentication then send the SSH key to the administrator. Kerberos single-sign-on is currently not supppoerted.

From UPPMAX

  1. Connect to Uppmax with SSH, in this example I am connecting to rackham.uppmax.uu.se. Start a screen so that you can keep your processes running even when your SSH-client disconnect to UPPMAX when you for example shutdown your computer.

    [jerker@rackham3 ~]$ screen

  2. Then connect to that server with rsync. In the following example we are trying to reach the share that also can be reached as smb://IMB-GenomicsKLT2.files.uu.se/IMB-GenomicsKLT2/

    [jerker@rackham3 ~]$ rsync -avx --progress jny25782@imb-genomicsklt2.files.uu.se:IMB-GenomicsKLT2/. tmp/.

    In this example we are using another port because the normal port 22 was at that point still blocked in the firewall between UPPMAX and UpUnet. Also, compression is turned off, faster ciphers are being used and ssh escape characters are turned off.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -p 2222 -o Compression=no -c arcfour,aes128-ctr' -avx --progress jny25782@IMB-GenomicsKLT2.files.uu.se:IMB-GenomicsKLT2/. tmp/. The authenticity of host '[imb-genomicsklt2.files.uu.se]:2222 ([130.238.54.70]:2222)' can't be established. ECDSA key fingerprint is SHA256:zUs82pMdiZzQoqaR86iGFp2A/6LzHAy6WBbKC+46sSo. ECDSA key fingerprint is MD5:12:c7:98:f6:65:3e:39:0d:df:59:dc:a7:f8:96:2a:f4. Are you sure you want to continue connecting (yes/no)? yes You have to type yes here Warning: Permanently added '[imb-genomicsklt2.files.uu.se]:2222,[130.238.54.70]:2222' (ECDSA) to the list of known hosts. jny25782@imb-genomicsklt2.files.uu.se's password: Enter your password here receiving incremental file list rsync: opendir "/data/IMB-GenomicsKLT2/GenomicsKLT2" failed: Permission denied (13) .snapshots/ sent 16 bytes received 226 bytes 19.36 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1518) [generator=3.0.9] [jerker@rackham3 ~]$ _

    Here is an example when the contents of the directory /proj/mystuff/directory/to/upload/. on UPPMAX will be synced to the directory TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/. on PCFS.

    This destination can also be reached over SMB as as the smb://TLA-ShareName.files.uu.se/TLA-ShareName/ShareName/directory.to.upload/ or \\TLA-ShareName.files.uu.se\TLA-ShareName\ShareName\directory.to.upload\

    The flag --delete will erase all files from the destination that do not exist in the source.

    [jerker@rackham3 ~]$ rsync -e 'ssh -e none -o Compression=no -c arcfour,aes128-ctr' --delete -avx --progress /proj/mystuff/directory/to/upload/. jny25782@TLA-ShareName.files.uu.se:TLA-ShareName/ShareName/directory.to.upload/.

    By using the notation above (the /. in the end) the rsync can be run multiple times to update/sync modified files again.

  3. Have fun! Disconnect from the screen with Ctrl-A Ctrl-D. Attach to the screen again with the command screen -x.




11. How does the new Adobe Creative Cloud Named license model work?

See also: How do I sign my documents with an electronic signature?

Included products

License model

License information

The Named license is attached to the user who the license is registered to and can be installed on multiple computers. The cost for a NAMED USER license is a bit higher but it has it advantages. For instance, you can install it on severalcomputers and mobile units. Then, you choose which two units that shall be activated by logging in to Adobe CC on them. When you want to activate a third unit, you will get a question about which one of the already activated units you want to deactivate and because it is as simple as logging out from Adobe CC on the chosen unit, it's easy to have access to Adobe CC on several units with a NAMED USER-license.

Important! - The Named User license contains functionality for cloud storage at Adobe. There are special rules for what and what not to store in a cloud service. It is completely forbidden for certain types of information. The user must know and comply with the regulations for cloud storage. Guidelines are available below, and decision regarding use of cloud storage with Adobe's Named license is available below.





12. What is the BMC-IT computer platform and how does it work?

See also: What service levels does BMC-IT have compared to others at the university?
See also: Who manages IT-support for whom at BMC?
See also: What do the different symbols in BlueCat mean?
See also: Do you have a virtual machine (server) I can use?
See also: How does the reinstallation of Windows computers work at BMC-IT?
See also: We need more storage! Do you have a file server we can use?

The platform is the stack of software and infrastructure that BMC-IT use.

Goals for the BMC-IT work with the platform:

  1. Provide a well working platform environment for the end users.
  2. Listen to what the users need. Implement changes in the platform when possible.
  3. Work together with the university and use central systems whenever possible.
  4. Provide options for the users with different needs regarding management, storage and operating system.

These are the major components of the platform

UpUnet and internal campus network

  • backbone and router financed via IT-division
  • campus switches financed via BMC
  • maintained by IT-division
  • cross connect patched by BMC-IT

The network and maintenance is payed for by the rent. There are no extra cost involved. However new networks sockets have to be payed for by the tenant.

BlueCat

  • pushed for and initiated by BMC-IT via IPAM-talk on IT-forum
  • maintained by and financed via IT-division

BlueCat is a tool for IPAM, an interface to manage DHCP and DNS. BMC-IT are using whitelists in BlueCat to control what clients will get an IP on which networks. BMC-IT also using central TFTP (PXE) server maintained by IT-division.

BMC server room

  • owned via IT-division and BMC
  • maintained by Akademiska Hus
  • operated by IT-division with assistance by BMC-IT
  • financed by the users from the whole university

The server room is for use by the whole university. Servers BMC-IT maintain for the departments we give support too are paid for by the users of BMC-IT.

Microsoft deployment toolkit (MDT)

  • included in present licenses
  • maintained by BMC-IT

MDT is used for installation of Windows and an engine for software distribution (Zenworks) on client computers.

Munki

  • open source software
  • maintained by BMC-IT

Munki is used for software distribution on Mac. Munki does one thing, program and configuration distribution, and does that very well.

Microsoft Active Directory

  • maintained by IT-division

The client computers are joined to the Active Directory providing authentication and directory services.

OCS Inventory

  • maintained by BMC-IT

Light weight inventory of software and hardware. Currently run in Mediateket (student computer laboratories) and some Linux servers at BMC.

Zenworks

  • maintained by Uppsala University

Zenworks is used for software distribution on Windows. Packages that BMC-IT uses are mostly built by BMC-IT but some are shared over the university.

HNAS file server

  • owned and maintained by IT-division
  • financed by the users

Better storage. Cost 7000 SEK/TB/year (7 SEK/GB/year) in steps of 500 GB. Offline files may be used for access of Documents and Desktop, but not shared group folders.

PCFS (Archive storage)

  • owned maintained by BMC-IT
  • financed by the users

In the price range of cloud storage. Simple storage with compression, snapshots and rsync to secondary server. The solution can handle tens of millions of files with hundres of snapshots with snapshots for over a year.

OwnCloud sync storage (In development)

  • open source software
  • maintained by BMC-IT

Syncronized storage, similar to Dropbox in functionality. Currently used by a single department.

IBM Spectrum Protect tape backup

  • owned and maintained by IT-division
  • financed by the users

IMB Spectrum protect is a enterprise standard backup and recovery system maintained by IT-division for the whole university. It is not very fast for many small files, in particular when backing up tens of millions of files incrementally.

Shared parts of the platform and comparison with some of the other platforms at UU made in 2018

SUNET highed BMC-IT EPI UADM UUIT RBL-IT POL-IT EBC UUB EKIT GT BLAS
info / contact JNvB JNvB BB various CR HH SÅ+BG EL AL
server room 3000 SEK/U/y BMC server room BMC server room
BMC server room
UUIT
BMC server room
Ångström
ITC + Ångström EBC
CAR
BMC server room
Ekonomikum
virtual machine platform Openstack KVM
UUIT VMWare VCenter ESXi
KVM
Microsoft Datacenter Hyper-V UUIT VMWare VCenter ESXi RUD-IT VMWare VCenter
Cloud­system OpenStack
POL-IT VMWare VCenter ESXi
EBC VMWare VCenter ESXi
UBIT VMWare VCenter ESXi
KVM
MS Hyper-V
network infra­structure Cisco Cisco
Fortinet
Cisco
Cisco
Fortinet
HP
Cisco
Cisco Cisco Cisco
IPAM solution BlueCat BlueCat BlueCat
Bluecat
ISC DHCP
?
BlueCat
ISC DHCP
BlueCat BlueCat
tape backup solution IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect Arcserve IBM Spectrum Protect IBM Spectrum Protect IBM Spectrum Protect
main client storage
UUIT Hitachi NAS (HNAS)
RBL-IT EMC Isilon
Microsoft Windows Storage Spaces UUIT Hitachi NAS (HNAS) RBL-IT EMC Isilon HP 3Par NetApp UBIT SAN EKIT SAN
sync storage SUNET box
Windows offline files
OwnCloud
UUB Micro Focus Filr
Windows work folders -
dat­Anywhere
Micro­focus Filr (2018)
Micro­focus Filr Windows offline files UUB Micro Focus Filr
Micro Focus Filr
SUNET Box
software distribution and inventory
SCCM
Jamf Casper Suite
Munki
Micro Focus Zenworks
Munki
OCS Inventory
SCCM
Jamf Casper Suite
- LanRev Micro Focus Zenworks Micro Focus Zenworks
Micro Focus Zenworks
Mobile Manage­ment
Micro Focus Zenworks
anti-virus software POL-IT SEP ? - RUD-IT SEP POL-IT SEP F-Secure F-Secure EKIT SEP
printing system eduPrint
eduPrint
direct print
? eduPrint eduPrint
eduPrint
direct print
eduPrint
eduPrint
direct print
Gespage
eduPrint
signage Xibo ? ? Samsung ? ? ? EKO-sign
number of computers in USER-AD active since 2016 updated 2017-10-06 1314
bmc- fbv- farmbio- icm- ifv- ikv- imb- neuro- inv- isp- kmb- mcb- sll- mms- !inv‑opht !inv-srv00
2873
epi- ep- uadm- ucr- ilk- farmaci- nai- far-
- 1256
surgsci- igp- rud- rudb- inv-d0 inv-l1 imv- inv‑opht-
1004
itc- mat- pol- fys- ang- kem- it- pol- polb-
354

ebc-
540
uub-
590
eki- kug- eh- fek- im- obs- kg- stat- nek-
Number of Workstations in Zenworks 1226 - - - 1967 395 545 228 611 668




13. How do I connect to storage at Argos?

See also: How do I map a network drive via SMB on Windows?
See also: How do I order a personal storage at Argos?
See also: How do I order a group storage at Argos?
See also: How do I manage access to a group storage at Argos?

The file server is currently only accessible within the Uppsala University network or from home using VPN.

Please use the guides at Rudbeck-IT portal “My Rudbeck” to see the different options to access the storage spaces.
Windows
Please note that Windows users with a BMC-IT installed computer should use the alternative "Access via server address" to connect to the storage. Learn more about how to map a network drive to your Personal Storage above.



14. How do I manage access to a group storage at Argos?

See also: How do I order a personal storage at Argos?
See also: How do I order a group storage at Argos?
See also: How do I connect to storage at Argos?
Follow the guide at the portal “My Rudbeck” to manage the access to your group storage. Remember to make one user "Admin" (probably you).



15. How do I order a group storage at Argos?

See also: How do I order a personal storage at Argos?
See also: How do I manage access to a group storage at Argos?
See also: How do I connect to storage at Argos?

The group leader (or designated person) can create a group storage on his/her own. Follow the guide at the portal “My Rudbeck” to order a group storage.

Storage Title
Protection level (level of security for your group folder)

Check your group policy for which level of security you should choose.

Payment

If you have a voucher with prepaid storage that you want to use, click on the voucher alternative. If you don’t have a voucher, or if you want to have more space than the voucher pays for, click on the alternative “No Voucher” and enter a Payment Code (usually the reference code for the group), for where to place the cost for the storage.






16. How do I order a personal storage at Argos?

See also: How do I order a group storage at Argos?
See also: How do I manage access to a group storage at Argos?
See also: How do I connect to storage at Argos?
Follow the guide at the portal “My Rudbeck” to order a personal storage. Payment
If you have a voucher with prepaid storage that you want to use, click on the voucher alternative.

If you don’t have a voucher, or if you want to have more space than the voucher pays for, click on the alternative “No Voucher” and enter a Payment Code (usually the reference code for the group ), for where to place the cost for the storage.





17. How do I send a large file to someone outside (or inside) the university?

We recommend using SUNET Box for this kind of service. Please read more at Medarbetarportalen - SUNET Box: cloud file storage and sharing.

Please also read about comparison between different services at the UB FAQ Filr vs SUNET Box vs Dropbox.




18. What do I do with old computers or phones?

See also: After my employment at the university has finished, may I bring home my old computer?
See also: What software applications do the university have that I can install?

Why can I not leave everything at the electronic recycle room?

The storage (usually a hard drive or flash memory with permanent storage) in may contains software with licenses belonging to Uppsala University (Windows, Office, Adobe etc).

Sometimes the storage contains passwords (stored in Firefox, Safari, Internet Explorer, Outlook, Thunderbird etc), password hashes (kerberos keys in Windows, macOS etc) or private keys (PyTTY, OpenSSH etc).

Sometimes the drives also contains sensitive personal data or data of other sensitive nature.

Option one - give it to BMC-IT

  1. Please fill in the form Data deletion approval.
  2. Give the equipment to BMC-IT. We will either scrap it or try to reuse the parts. If it is not for scrapping or possible reuse we cannot store it.
  3. Report the equipment as scrapped in the department inventory.

Option two - scrap it right away

  1. Remove the permanent storage (hard drive, solid-state drive, flash or other). This may not be possible in all devices.
  2. Please fill in the form Data deletion approval.
  3. Give the storage to BMC-IT (or your Local IT).
    1. If the storage contain really sensitive data it will be sent to the Security and safety division or the facility they recommend.
    2. If the data is not as sensitive and the drive is meaningsful to reuse, we will erase the drive on the block level (killdisk) and then reuse it.
  4. Bring the equipment to the electronic recycle room at The Goods reception at BMC.
  5. Report the equipment as scrapped in the department inventory.





19. What are the bitrates for different digital video quality?

See also: How do I play movies on my webpage?
See also: How do I convert video between different formats with free software?

Please check the webpage at Youtube regarding Live encoder settings, bitrates, and resolutions.



1080p @60fps 480p @60fps Other
video bitrate kbit/s kbit/s kbit/s
Storage for a day of video GB/day GB/day GB/day
Storage for a week of video GB/week GB/week GB/week




20. Do you have some examples of fanless computers we can buy?

See also: What are the different PC form factors?
See also: How do I order a standard computer?

Please check this detailed list of fanless laptops and ultrabooks available in 2018.

Please note that even fanless computers with no moving parts may emit high-frequency sounds that some but not everyone can hear.

2-in-1

Dell Latitude 7285 2-in-1
Price from 12077 SEK (2018-05-31) with 12.3" screen, Intel i5 1.2 GHz, 8 GB RAM and 256 GB SSD.
Dell XPS 9365 2-in-1
Price from 12244 SEK (2018-05-31) with Intel m5 1.2 GHz, 8 GB RAM and 256 GB SSD.
Microsoft Surface Pro m3
Price from 7677 SEK (2018-06-01) with Intel m3 1 GHz, 4 GB RAM and 128 GB SSD.
Microsoft Surface Pro i5
Price example 10854 SEK with Intel i5 7300U 2.6 GHz, 8 GB RAM and 256 GB SSD.

Laptop

Apple Macbook 12"
Price from 10200 SEK (2018-05-31) with Intel i3 1.2 GHz, 8 GB RAM and 256 GB SSD.
HP EliteBook Folio G1
Price from 12414 SEK (2018-05-21) with 12.5" screen, Intel m7 1.2 GHz, 8 GB RAM and 512 GB SSD

Desktop

MSI Cubi N 067NE
Price from 2034 SEK (2018-05-31) with Intel Celeron N3160, 4 GB RAM and 32 GB SSD.
MSI Cubi 3 Silent S 026EU
Price from 5931 SEK (2018-05-31) with Intel i5 7200U 2.5 GHz, 8 GB RAM and 256 GB SSD.

Embedded

Raspberry Pi 3 Model B
Price 304 SEK (2018-05-31) with ARM 1.2 GHz quad core and 1 GB RAM.
Also requires case, storage, charger etc. This is not a PC and cannot run normal Windows.
Go to the Raspberry Pi homepage Download Section for software, including Raspbian, Windows 10 IOT Core or others.
Dell Embedded Box PC 3000 (Order via Dell Punchout)
Price from 9060 SEK (2018-05-31) with Intel Atom 1.33 GHz, 4 GB RAM, 500 GB HDD.
Dell Embedded Box PC 5000 (Order via Dell Punchout)
Price from 14995 SEK (2018-05-31) with Intel Celeron 2.8 GHz, 4 GB RAM, 500 HDD.
Intel Compute Stick
Price from 1100 SEK (2018-05-31) with Intel Atom Z8300 1.44 GHz, 2 GB RAM and 32 GB flash.




21. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

See also: How do I take backup of the data on my computer?
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to Btrfs snapshots
See also: What is ransomware and CryptoLocker?
See also: How do you secure delete data from the computers and servers?


IBM Spectrum Protect is the backup system run at the university at the IT-division. The software was previously known as TSM - Tivoli Storage Manager and is still referenced as both names.

Financing and pricing

The services is paid for by the users. This includes salaries for everyone involved in maintaining the system and all equipment. The costs includes a starting cost per node and (decreasing) cost per GB depending on how much data that is stored in the system. Read the pricelist.

Documentation

IBM has their own documentation of TSM 7.1.3 (the latest version at 2016-04-14)

Schedule

Usually on Windows-systems the backup-client is asking the server whether it should backup or not. Send a mail to backup-admin to let them know.

On Mac and Linux (and other Unix-based systems) instead the client is called at a certain point in time doing the backup like this:

dsmc incr

To put this in crontab in a Linux system first run editor for the crontab as root using emacs as an editor.

EDITOR=emacs crontab -e

Or use the default vi editor:

crontab -e

Then enter the point in time to run the backups (with the full path to the client)

1 1 * * * /usr/bin/dsmc incr

Performance with TSM

TSM store files in tapes and after a while the incremental backups will store files in several different tapes. One way of taking care of this is to instead from time to time do a selection backup or a image (block device) backup. The block device backup is harder to read back for certain files obviously.

There are several options to decrease the amount of data being sent on the wire by doing more work on the client. Inside the university network this usually it not a problem since we usually have enough bandwidth betwen the campuses and to the backup servers.

Compression yes Memoryefficientbackup yes

Examples: Query the backup...

To list what partitions (or file systems) have been backed up:

dsmc query files

To list files that have a backup date during a certain date range: (However, running with options time limits (todate, fromdate) will change the behaviour for the client and read a lot of data into RAM. With several millions of files this will be slow. Read about Classic Restore versus No Query Restore (NQR) at IBM)

The option -inactive will list both active and inactive files.

dsmc q ba -inact -fromdate=01/01/2016 -todate=01/03/2016 -subdir=yes '/blue/*'

To get summary of all files backed up and the size:

dsmc query backup '/etc/*' -subdir=yes -querysummary

To get more details, for example to see files with the wrong backupclass which still are taking up space in the backup, run this command:

dsmc query backup '/etc/*' -subdir=yes -querysummary -detail

Examples: Restoring backup...

To interactively pick and restore the files, restoring to the directory /tmp:

dsmc restore -pick '/blue/*' "/tmp/"

To also interactively pick among the inactive files when restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive

To also restore subdirectories while restoring:

dsmc restore -pick '/blue/*' "/tmp/" -inactive -subdir=yes

To restore the state of a directory at certain different points in time. This will run the restore command each for the specified dates and restore the directory as it were at that point in time.

for i in 10 11 12 13 14 15 16 17 ; do mkdir /var/tmp/jerker.restore.2016-04-$i-12.00.00/ dsmc restore -pitd=04/$i/2016 -pitt=12:00:00 -subdir=yes '/home/jerker/*' /var/tmp/jerker.restore.2012-11-$i-12.00.00/ done

To backup everything irrespective of whether files have changed since the last backup, use the selective command:

dsmc sel '/green/home/USER/jny25782/*' -subdir=yes

Examples: Deleting old backup data...

To delete a backup (which may require extra permissions), use the delete command. This time the -pick makes it interactive.

dsmc delete backup '/archive/jerker/*' -subdir=yes -pick

To delete all inactive files:

dsmc delete backup '/archive/jerker/*' -subdir=yes -deltype=inactive

To delete all inactive files backed up during a certain date range:

dsmc delete backup -fromdate=01/01/2010 -todate=01/01/2016 '/green/home/USER/jny25782/*' -subdir=yes -deltype=inactive

With the number of files into multiple tens of millions, this may not work so well since it takes up too memory or perhaps timeout when waiting too long for the confirmation prompt unless the operator (you) are staring at the window. Use the -noprompt option and break it down inte smaller parts like this:

for i in /home/* ; do dsmc delete backup -fromdate=01/01/2010 -todate=04/01/2016 $i/'*' -subdir=yes -deltype=inactive -noprompt ; done

To delete all files from the backup, including inactive files, specify -deltype=all. Do not prompt for confirmation.

dsmc delete backup '/unwanted.data/' -deltype=all -noprompt

This however do not delete parent directories from the backup. To remove them to, run the expire command. The position of the wildcard is described at IBM but look a bit strange, so be careful!

dsmc expire '/unwanted.data*' -noprompt

Different management classes:

To view the different management classes:

dsmc q mgmtclass

To list the details different backup management classes:

dsmc q mgmtclass -detail

To change class when taking backup, the new class can be specified in the file dsm.opt when including file systems:

include /myfilesystem/* TWOYEARCLASS

Please note that this may (or may not) only affect new objects created in the backup system. Manual clean up (using the method in the previous section) may have to be done.

The way I know about how to view the current backup management class is to start the graphical client: dsmj and in the menu Utilities the entry View policy information

This is a small script to list managment classes:

#!/bin/bash echo 'Management Retain Only Retain Extra Version Version' echo 'Class Version Version Data Exists Data Deleted' echo '--------------- --------------- --------------- --------------- --------------' ( dsmc q mgmtclass -detail ; echo DONE ) | grep -e 'MgmtClass Name' -e 'Retain Only Version' -e 'Retain Extra Version' -e 'Versions Data Exists' -e 'Versions Data Deleted' -e 'DONE' | ( while read A B C D E F ; do if test "$A" = "MgmtClass" -o "$A" = "DONE" ; then if test "$EXTRA" != "" -a "$ONLY" != "" ; then echo -e $MGMT'\t'$ONLY'\t'$EXTRA'\t'$EXISTS'\t'$DELETED | expand --tabs=16,32,48,64 ONLY="" EXTRA="" MGMT="" DELETED="" EXISTS="" fi MGMT=$D fi if test "$B" = "Only" ; then ONLY=$D fi if test "$B" = "Extra" ; then EXTRA=$D fi if test "$C" = "Exists...:" ; then if test "$D $E" = "No Limit" ; then EXISTS="NoLim" else EXISTS="$D" fi fi if test "$C" = "Deleted..:" ; then if test "$D $E" = "No Limit" ; then DELETED="NoLim" else DELETED="$D" fi fi done ) | sort -n --key=2,5

The output looks like this on the current (2016-05-16) classes on the domain that I are using. Note that there may be different domains with different management classes.

# ./tsm.list.mgmtclasses.sh Management Retain Only Retain Extra Version Version Class Version Version Data Exists Data Deleted --------------- --------------- --------------- --------------- -------------- ITSDBCLASS 0 0 1 0 ORACLECLASS 0 200 3 0 ONEDAYCLASS 1 1 3 2 DAYCLASS 2 0 1 1 MONTHCLASS 9 9 8 7 TWOWEEKS 14 14 14 1 TDPDIFF 30 30 No Limit No Limit TDPDIFF-META 30 30 No Limit No Limit TDPFULL 30 30 No Limit No Limit TDPFULL-META 30 30 No Limit No Limit TDPLOGS 30 30 No Limit No Limit TDPLOGS-META 30 30 No Limit No Limit PUBCLASS 60 30 2 1 STANDARD 60 30 2 1 QUARTERCLASS 120 90 3 2 ITSCLASS 300 200 3 2 LOGCLASS 300 200 3 2 ITS_DISK 365 200 3 2 DEVCLASS 500 450 4 3 TWOYEARSCLASS 750 30 2 1 ADMCLASS 900 800 8 7 TENYEARSCLASS 4000 30 2 1 # date Fri Aug 26 13:51:51 CEST 2016 # _

This is how to Assign management class to specified directories or default.



22. What is ransomware and CryptoLocker?

See also: Help me I get so much spam! What can I do?
See also: My computer has got a virus! What do I do?
See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I use an Apple AirPort Time Capsule?
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows.
- Wikipedia on CryptoLocker

CryptoLocker and TorrentLocker infects computers running Windows via seemingly innocent email with links or attachments. There has appeared other ransomwares attacking Mac too.

Read more about ransomware, TorrentLocker and CryptoLocker on Wikipedia.

To be infected, the receiver has in most cases actively tried to open and execute the payload. The payload may be disguised as a Word-document, a script or something that give the impression that it is innocent. Do not open files or attachments you have not requested!

This (the example above in Microsoft Word) is not safe! Please be careful with Office files that require you to Enable Content. Enabling content may make it possible for evil macros to execute in Office allowing the attacker to take control of your computer.

This (the example above from Windows File Explorer) is an example of an opened .zip-file. .zip-files are in itself not dangerous it is just a way of storing one or many files into one compressed file, but it may be a way to bypass other simple security checks. For example the anti virus software may warn when downloading an .exe-file but may not warn when downloading a .zip-file.

This (the icon above) is an example of how an .js-file look like in the File Explorer. This file will run with the Windows Script Host (wscript/cscript) and execute and may download further potentially evil binaries. Windows Scripting Host also will run .jse and .wsf-files. Also note that a long file name like faktura.pdf.js may hide the real extension in File Explorer and show up as faktura.pdf which is a bit misleading. The real file name extension is hidden.

Even though a ransomware in itself easily can be removed, the files stay encrypted, waiting for a ransom to be payed in order to get the decryption key.

How to not get infected

  • Do not execute programs or even open attachments that random people have sent you.
  • Please don't do it.
  • If you have any suspicions regarding something you received via mail contact helpdesk@bmc.uu.se (BMC-IT).
  • Please forward the evil mail to no-spam@uu.se. Then the Uppsala University Security Division may adjust the rules for the mail filter and network firewall.

What to do if infected

  1. Turn the computer off.
  2. Contact your local IT (helpdesk@bmc.uu.se) for help.
  3. Forward the evil mail to no-spam@uu.se so that the Uppsala University Security Division may adjust mail filter and network firewall rules.
  4. Change your passwords at the university. Change all passwords for all sites that you have automatically saved in your browser.
  5. In general, reinstall computer and restore data from backups or snapshots.

Lessons to be learned from CryptoLocker

  • Use a file server with snapshots for storing data you do not want to lose. For example the central university HNAS file server store snapshots up to a month per default.
  • Everything locally on the computer running in the same security context as the user is not safe.
    • This means that local previous versions / snapshots are not safe, if the users can turn them off. But to have these are better than not.
    • This also means that backups like Time Machine, Cobian or similar where the system stores a copy of the files on another storage place is not safe, unless the backup storage in is snapshotted outside of the users security context.
    • If you store extra backups of your files on external USB-attached storage, do not keep it plugged in all the time. Keep a couple of them and in rotation so that you can go back to an older version.
  • Already taken backups should not be allowed to be overwritten from the client. This can be accomplished by for example using snapshots on the backup storage, like on a file server.
  • Even more advanced backup systems like TSM may not be safe since it only stores a limited number of versions of each file. If the ransomware encrypt the files and then make some small updates to the file each day, then after the limited number of days have passed, all old uncorrupted versions will be gone.

Also read more

Read more from Europol's European Cybercrime Centre with friends at the No More Ransom! website.

The Uppsala University Security Division has courses in basic information security (in Swedish). Every chapters just takes 2-4 minutes. There are 16 chapters in total.



23. How do you secure delete data from the computers and servers?

See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

References to backed up files can be delete from the client, but the data is not written over.

It is possible encrypt the files on the TSM system at the client.

The TSM systems at university is level at 3 3 2 or 3 3 1. (reliabilty, unaltered, availability) The availability is not 100% for example the system is down during times of softare updates.

When the backup system is changing generation all drives and tapes are destroyed.

Please read more about information classification at Uppsala University.

Clients

On clients we use the utility KillDisk to secure deletion of block devices. If needed the drives can also be sent to destruction via the Security Division at Uppsala University or in a way approved by them.

Servers

When the servers are put out of commision the drives are sent to destruction via the Security Division at Uppsala University or in a way approved by them.



24. After my employment at the university has finished, may I bring home my old computer?

See also: After my employment at the university has finished, may I keep my old e-mail address?
See also: How do I buy a new computer?
See also: What do I do with old computers or phones?

Unfortunately no. The computer belongs to the university even if you bought it with your research money through the university. This is the general rule.

In certain cases, if you move your employment to another government facility, like another university, it may be ok if all of the following rules match:

  1. It has to be a government facility (like a university). The computer may not be brought to a private company even if the private company do research.
  2. There has to be an agreement (understanding) between the old employer (head of department) and the new employer.
  3. The equipment has to be removed from the university (department) inventory and added to the new employers (department) inventory. The equipment will not belong to the individual but follow the normal rules of the new employer.

Also be aware that the storage of the computer usually contain sensitive data. Before scrapping or repurposing equipment you have two options;

  1. Remove the permanent storage and send it to destruction. Permanent storage may be a hard drive (HDD), a solid state drive (SSD) etc.
  2. Overwrite the whole of the permanent storage with other data on the block level. (This may take a couple of hours.)

    Please note that even block level wipe of the storage does not delete bad blocks. If the data is so sensitive that this is not acceptable the storage has to be destroyed and cannot be repurposed.

Contact BMC-IT for help with this.

From time to time, the department, campus or university may sell old equipment to the employees. But it has to be sold at market value and the costs involved have to be covered. All software licensed to the university have to be removed. For example all our versions of Windows and Office have to be removed. Instead of Windows for example Ubuntu or any other free operating system or software may be installed. In practice all of this makes it very hard to sell old equipment in an usable state at a reasonable price.

Read more in Regler för försäljning av inventarier UFV 2008/159 (local copy)


Old equipment may sometimes be valuable in itself. The computer in the picture is a PDP-12 belonging to the Update computer club at Uppsala University.






25. How do I get deduplication to work in Linux?

See also: How do I configure my resolver on a Linux machine?
See also: How do I install Ubuntu?

ZFS

ZFS is great for compression and snapshots, but regarding deduplication: Don't go there. ZFS on Linux is doing inline deduplication and requires at least 5 GB of RAM for each TB of storage. It is usually better to get more hard drives. When using too much RAM everything will slow down to a crawl.

Btrfs


Btrfs is not as old and stable as ZFS, but it has compression, snapshots and deduplication. The deduplication in Btrfs is out-of-band.

Compression is stable. Go ahead.

When using snapshots and Btrfs, we recommend not saving more than 24+6+3+11 snapshots, each hour for a day, each day for a week, each week for a month and each month for a year. Otherwise (like saving a snapshot every day and not removing them) the snapshots may take too long time to remove. It seems like Btrfs is checking each file for each snapshot when snapshots are removed on order to know if the original file can be removed. There must be more than enough time (and IOPS to spare) to remove snapshots before new can be created.

Deduplication is run using en external tool. Easiest is to use duperemove on the dataset, we have however not tried any larger datasets.

Other ways...

There most probably are other ways to do this. Let us know.



26. My Android device is running out of storage. What is using it?

See also: My Windows computer is running out of storage. What is using it?

The app DiskUsage by Ivan Volosyuk is quite good in visualizing and finding what applications are using a lot of storage on an Android device.





27. What is the point with the zone files.uu.se?

See also: What is Rrsync (restricted rsync)? How do I access PCFS storage over rsync?
See also: How do I access PCFS over SMB using smbclient?
See also: How do I mount my home directory or shared storage at HNAS?

The initiative for the domain files.uu.se was taken in 2015-05 by BMC in order to get an aliases to file server shares with unique names.

For example, the file server share is named with the TLA-SHARENAME, like INV-Common. Then the CNAME will be TLA-SHARENAME.files.uu.se or INV-Common.files.uu.se pointing to the current file server where the share is located.

The reasoning behind this is the following:

  1. Get a unique name in DNS to each file server share. This will faciliate migration of file server shares to new servers.

    We (the university) had a lot of troubles with migration from the old NetApp file server to the new HNAS file servers. This zone with an extra level of abstraction in front of the real file server names was intended as a proactive way of eliminating one part of the problem in preparation for the next file server migration. It also makes it easier for those users users (research groups or department) that wish to or have to move their share from one storage system to another.

  2. Make it work for all operating systems. There is a function in the Microsoft Active Directory (with a similar goal) called the DFS that put all file server shares in a single name space. This however do not work all the time in all operating systems, like non-AD connected Windows-clients, macOS (not all of the time), Linux (it depends a lot on the configuration it do not work for example in Ubuntu out of the box).
  3. Network agnostic Get access to the servers even from other networks where needed when the USER-AD (user.uu.se) is not accessible due to using split DNS and access restrictions, like UAS, SLU, UPPMAX, HPC-centers in Sweden and maybe mobile data. It is also not a requirement to use the university resolvers, it should work even if the local resolvers are down.




28. What service levels does BMC-IT have compared to others at the university?

See also: Who manages IT-support for whom at BMC?
See also: How do the different types of storage compare to each other?
See also: What Internet bandwidth does the university have?
See also: What is the cost of a PC file server?
See also: What is the BMC-IT computer platform and how does it work?

The different organisations at the university have different level of service in order to fullfull their missions on a cost-efficient way.

UUIT (IT-division) provides highly available services for the whole university.

BMC-IT is focused on providing great services for the people at the campus and is trying to keep it simple and durable.

UPPMAX is providing the best high-performance computing environment available, but is neither focused on high-availability nor user-focused service (not the individual users, but as a collective of course).

ServiceUUITBMC-ITUPPMAX
Server room cooling Redundant with backup (BMC-hall) Non-redundant
Server room fire extinguisher Yes Yes
Server room power Dual redundant UPS. Backup diesel power generator. Dual power to each rack. Non-redundant, UPS on critical systems
Server room network Redundant routers, in general non-redundant top-of-rack switches but redundant etherchannel to clients via flexstacked switches also available Non-redundant (redundant core network)
Server room stand-by personel in-house Yes No
Server room stand-by personel external techician (power, cooling) Yes
Stand-by decision making personel, possible to order in technical personel Yes No No
Stand-by technical personel No No No
Vacation spread out so that somebody always on duty during work hours Yes Yes Yes
All systems maintained by a group (not individuals) Yes Usually, but with a primary responsible person and contact Yes (Primary and secondary contact)
Somebody among the contacts or responsble for a service always on duty. (Not vacation on the same time) Yes No No
Redundant storage systems which handle partial failure gracefully Yes (HNAS) Yes
Simple and small storage system with faster full restore No Yes (PCFS) No
Maintenance window adapted to individual user groups No Yes No




29. Why use the university central storage (HNAS)?

See also: How do I take backup of the data on my computer?
See also: How do snapshots in the HNAS file server work?
See also: What is ransomware and CryptoLocker?

The department’s user documents should be stored in a central storage, preferably the Uppsala University IT department storage (HNAS), which has routines for backup with snapshots (snapshots of how a folder looks at a certain time). The snapshot feature saves old versions of files so that all users can retrieve them if need arises. They are stored every fifteen minutes for an hour, every hour for a day and every month for two months.

In addition to high security, it also means that you do not need to plan for your own separate system's lif ecycle and perform upgrades of the system. If needed, the central IT department will take care of it, and you can be assured that your documents will be taken care of, in case of any migration to a new system.

In the central storage there will be a personal file space created, where the user stores his/her documents. The file space can then be accessed from another computer, from within the university or from outside via a VPN connection. The permissions of the personal file space is controlled by the user's user account at the university. Of course, common file spaces can also be created. The permissions for a common file area is controlled by a user's membership of university groups.

The cost of the central storage depends on how much that is stored and it is paid by the department, which then in turn can distribute the cost further. Storage on HNAS costs 7000 SEK/TB/year (2017-06-21).

A secure storage should have high availability and reliability. In addition to this, in the light of recent alarms of "Ransomware" that can encrypt a computer's files and even spread to connected common file areas, it is very important to use backup with snapshots to be able to recover files. HNAS meets these criteria, and by using a central storage as HNAS for your documents, you also protect your backed up data from theft or destruction of another kind (e.g. fire and liquids) when traveling.

Default snapshot time schedule for HNAS (2017-06-21):

  • Every 15 minutes for an hour
  • Every hour for a day
  • Every day for a week
  • Every month for two months




30. What is the cost of a PC file server?

See also: How do the different types of storage compare to each other?
See also: We need more storage! Do you have a file server we can use?
See also: What service levels does BMC-IT have compared to others at the university?
See also: We have a server, where should we put it?

Please note! BMC-IT has a PC storage solution service. Read more in the SOP - Common service PC file server. Also note that for home directories we recommend using the IT-division HNAS file server.

These are examples of the costs of buying and maintaining a PC file server. The example below includes a server from Supermicro and one from HP. HP includes on-site support, Supermicro do not. Please note that TSM-backup is not included in these figures! (Prices updated in September 2016.)

  • Very cheap Good for lots of data when the price has to be low.
  • Acceptable speed Good bandwidth - can receive and send 1 Gbit/s (or 10 Gbit/s with appropriate network and multiple clients). Since the drives are rotating HDD, relative SSD the latency is high and IOPS are lower. But it works fine with large files.
  • Low availability BMC-IT in general only do support during office hours. If the PC server totally breaks down (it may happen!) it will take some time to get service or spare parts or restoring from backups. Compare this with the IT-division HNAS file server which has built in redundancy.
  • Linux and Active Directory These examples uses Linux (preferably CentOS 7) as an operating system and connects to the university Active Directory and works as a file server using Samba. More complex setups than this may need extra time to set up and maintain. For example running a Windows server instead of Linux requires extra costs for licenses.

This is a Supermicro file server with enterprise drives. Includes ship-in support from Southpole.

Normal HP file server with enterprise drives, three year next business day on-site support from HP.

This is a Supermicro file server with archive drices.

Cost of a rack unit per year: 1250 (full rack) or 2000 (single machine) SEK
Number of rack units in the server room:
(If no new space is needed, set a 0 here)
U
Cost for the server with no drives: SEK
The number of drives: drives
Size of the drives: TB
Number of years to run the server
(warranty)
years
Cost of each drive: SEK
The number of working hours spent each year:
(system administration and support)
h/year
The cost of a working hour: SEK/h
The part of the raw storage that is usable:
(RAID6 (two parity drives) on five drives equals 0.6.)
usable storage factor

Purchase cost SEK.

Raw storage TB.

Usable storage TB.

Yearly cost SEK/year over years (includes everything)

Cost for raw disk SEK/TB/year.

Cost for usable storage SEK/TB/year.

Two identical file servers (one for backup using snapshots / shadow copy) would cost SEK/TB/year

Two servers (as above) and a cold standy (no drives) would cost SEK/TB/year





31. My mailbox is full! What do I do?

See also: Troubleshooting mail - what can I do and whom do I ask?

The Exchange mailserver at the university has a limited amount of storage quota for each user. This is to prevent a single user from accidentally filling up all space.

No worries. Just contact contact helpdesk@uu.se to get more space. Send a mail from your own account and ask for a more mailbox space.

How to check usage

In Exchange 2016 you do this to check your usage:

  1. Open Options in the top right corner cogwheel
  2. Go to General in the left menu
  3. And then to My account
  4. Mailbox usage should be reported in the right bottom corner.





32. My Windows computer is running out of storage. What is using it?

See also: My Android device is running out of storage. What is using it?

Wikipedia has a list of disk space analyzers. Disk space analyzers do a scan of the file system and display what is using up all the resources.

We have tested TreeSize Free which can be downloaded from Jam-software.

After installation it will scan the hard drive and display a nice window that looks like a file manager. It will display the size for every directory and the contents in it.






33. How do I access my home directory?

See also: How do I mount my home directory or shared storage at HNAS?
See also: How do I use offline files?
Open the Explorer in Windows and look for X: and P:. Store your personal stuff on the file server in X:. The P: is used for shared (public) storage between members in a group or at the university.

If should look like this:

On some computers (all the new ones) the desktop is also stored on the file server. Check if you put stuff on the desktop it also shows up on X:\Desktop.



34. How do the different types of storage compare to each other?

See also: We need more storage! Do you have a file server we can use?
See also: What is the cost of a PC file server?
See also: What service levels does BMC-IT have compared to others at the university?

This is an illustration how how the different types of storage that is available compare to each other regarding Availability, Reliability, Performance and Price.

Reliability
High reliability means a low risk of data loss over a long period of time.
Availability
High availability means the system is (almost) always online and in order to do this it has to handle equipment failures of different kinds and still be running.
Performance
Performance may both mean high IOPS (many small requests) and bandwidth (lots of data), but here it is simplified.
Price
This is the cost in SEK per terabyte of stored data per year. (Updated in December 2015.)

One of many things that are beyond this comparison is the cost of entry. A single big PC-server with a lot of disk is around 250 kSEK and can store 576 TB raw data (around half of that is usable when using 3+2 RAID6 plus hot spares) and may last with support for around 5 years. A small share on the HNAS file server, which may be useful for a whole department storing small but important files, may be as low as 1 TB and cost 7000 SEK/year. A Ceph system is only recommended if one is scaling it up to a lot of file servers (and a lot of time for system administration) providing huge amount of bandwidth.

In practice this means that a PC file server, with proper backup or remote snapshotting to another PC file server, may be useful for storing a lot of data cheaply, but not for example used as 24/7 available file storage.

The university HNAS file server service is a very good for general storage of data in a safe way.

Availability-Performance comparison The performance in the HNAS system and a PC with SSDs is great, but HNAS is a lot more available since it has fault-tolerant hardware to higher extent.

Reliability-Price comparison There is a very small risk of data loss in a well set up PC file server with backups. The same applies to the HNAS system, although it is more expensive and as seen above, more available.

This documentation is covered by GNU Free Documentation License. 38 ms