RE: Re: [Micronet] Upgrades and Security Requirements

Hi Roy,

I think you may be running your own Active Directory forest, and as such,
may have different settings, but if it would be helpful, we can team up with
you to provide an Active Directory test environment (2000 or 2003) and our
infrastructure support experience to help you test your Mac 10.3 server.
Let me know.

-Mike Blasingame

_____

From: owner-micronet-list@lists.berkeley.edu
[mailto:owner-micronet-list@lists.berkeley.edu] On Behalf Of Roy A. Baril
Sent: Thursday, June 24, 2004 9:20 AM
To: Mark Ingles
Cc: micronet-list@lists.berkeley.edu; magnet-list@lists.berkeley.edu
Subject: Re: [MAGNet] Re: [Micronet] Upgrades and Security Requirements

I , for one, am a little appalled at all the sniping going on between "so
called Mac only" users and "windows admin folks". I have been supporting
Macs and Windows based pcs for about 20 years. At the Journalism school we
support a good mix (about 50-50) of both. Our servers are mainly Windows
based, although our web server is an Apple Xserve. Over the last 5 years we
have consistently budgeted for and planned for upgrades on both platforms.
Now I will be the first one to admit that I do not jump on the "latest and
greatest" upgrades until I have had a chance check them out first. But,
currently we are running Windows 2000 server and pro with all the latest
updates and Mac OS 10.3x with all the latest updates. We are planning on a
switch to Windows server 2003 in the near future. With the emphasis on
updates and security, both Microsoft and Apple have put these tasks to the
forefront. Microsoft will launch Windows Update Services (WUS)
http://www.microsoft.com/windowsserversystem/sus/default.mspx , later this
year for Server 2003. Apple is already using a pretty stable software update
system.
   I am a one person Systems dept. here supporting about 150 computers, and
about 200 students, faculty and staff. And, while I would love to have the
perfect method of keeping my system updated, it takes constant supervision
to keep them running in top form (it is my job after all) . Up until
recently, (about a month ago when sasser hit us all), my systems were
running at 99% uptime. After sasser and being blocked by Security, I had to
rebuild all of my Windows based Servers and workstations. My point is
this.... Instead of trying to put bandaids on old, unsupported systems, it
makes more sense to plan for the long haul and have a consistent upgrade
path. That includes purchases of both Apple and Windows pcs that have
upgrade paths built in. Get rid of the Macs that will not support the newest
software -- you will spend almost as much money trying to keep them working
than if you had purchase a new computer. As for Windows based computers,
purchase computer units that have the ability to be upgraded over time. My
windows machines have been upgraded for the last five years -- they are
clones of my design that included a buy back option from the vendor to
update motherboards, memory and cpu's. Which meant that I did not have to
reinvent the wheel every year.

  Personally it matters not what platform I use... they all work in my
environment. What does matter is how I am able to integrate the two
platforms together to utilize the best of what both platforms have to offer.
Which brings me to my last posting to these groups. I only recieved one
message back. I find it hard to believe that no one on campus is trying to
do what we are trying.... soooooo.... I will post it again... here.

" Has anyone out there integrated a Mac Xserver into a Windows domain. We
just upgraded to Mac Server 10.3 Panther and it gives us an opportunity to
use the Ldap and Active directory features of Windows to allow Mac users to
logon with windows based permissions, etc. Apple is very sketchy about
setting this up and Microsoft has even less info. If anyone has set this up
successfully, please email either myself or Scot Hacker
(shacker@berkeley.edu)."

I apologize for this very long diatribe, but sometimes I feel like the
solution is simple: Just get rid of the old equipment and standardize on the
new equipment whether that be Mac or Windows or Linux or Unix or whatever.

Thanks,

Roy

At 06:16 PM 6/23/2004, Mark Ingles wrote:

On Jun 23, 2004, at 12:18 PM, Johnathon P Kogelman wrote:

(is there really anyone left on Campus that solely supports Mac?).

Yes. There are people on campus who only support Macs. Believe it or not,
some departments are entirely Mac. The tendency on campus, with
Windows-dominated thinking, is to assume that Macs have the same 2-3%
presence as the outer world. This translates into ignoring them like the
Campus AD did last month with the NTLMv1 abatement. They didn't test how
NTLMv2 would affect Mac connectivity with Windows shares until after the
change took place and people complained that they couldn't connect. There
would be more tech cohesion on campus, and more user productivity, if
Windows admin folks took Macs more seriously. As Michael Sinatra pointed out
in July 2003 (see message below), 15% of campus is using a Mac.

        From: michael@rancid.berkeley.edu
        Subject: Re: [MAGNet] administrative staff using Macs?
        Date: July 22, 2003 12:12:54 PM PDT
        To: gmerritt@uclink.berkeley.edu
        Cc: magnet-list@uclink.berkeley.edu

On Mon, 21 Jul 2003, Greg Merritt wrote:

        Our administrative office staff (accounting, payroll,
personnel, grants, etc.) here at the Institute of Transportation
Studies use mostly Macs. What other departments/groups on campus are
predominantly Macintosh for administrative functions?

This discussion reminded me of something Tom H. asked me to do a long
while back, which is to provide a *rough* estimate of the number of
Apple/Mac devices on campus using CNS's ARP cache data. So here's what I
did:

CNS maintains "snapshots" of each day's ARP data over the past six months.
I looked at <http://standards.ieee.org/regauth/oui/index.shtml> and found
all of the registered MAC address prefixes that belong to Apple Computer.
I then chose some representative days and searched for the set of Apple
MAC (pardon the pun) addresses for each day. I removed duplicates and
compared the resulting number to the days full data (again with duplicates
removed). Duplicates would be caused by one machine changing networks/IP
addresses during the day, changing airbears networks or getting a new dhcp
address durning the day, etc. I then computed the percentage of Apple MAC
addresses to the total. This would represent the percentage Apple/Mac
devices powered on and connected to the network at any time of the day.

I picked some representative days and here's what I found (each day is
measured roughly from midnight to midnight):

Monday, July 21, 2003: 3283 Apple, 20423 total (16.1%)
Saturday, July 19, 2003: 1811 Apple, 14241 total (12.7%)
Thursday, June 5, 2003: 3404 Apple, 20107 total (16.9%)
Tuesday, April 15, 2003: 4227 Apple, 27077 total (15.6%)
Tuesday, April 30, 2003: 4212 Apple, 27226 total (15.5%)
Monday, March 17, 2003: 4127 Apple, 26615 total (15.5%)
Saturday, February 8, 2003: 2338 Apple, 19351 total (12.1%)
Thursday, Jan 23, 2003: 4128 Apple, 26444 total (15.6%)
Thursday, Dec 19, 2002: 3445 Apple, 22457 total (15.3%)
Wednesday, Oct 30, 2002: 4100 Apple, 26593 total (15.4%)

CAVEATS:

1. We do not poll ARP data for the entire campus. Specifically, the
modems, EECS, University Extension, Space Sciences Lab, University Health
Services, and UC Printing are not polled, for a variety of technical
reasons. Also any host that is behind some sort of NAT box or non-briding
firewall will NOT show up in the ARP cache. The survey DOES include the
Res Halls.

2. Many network devices show up in the ARP cache and some have multiple
MAC addresses that may or may not show up in the cache. CNS has roughly
1500 manageable network devices on campus. These MAC address do not
represent actual USER HOSTS, so the percentage of Apple/Mac devices
compared to actual user hosts may actually be higher.

3. Some Apple/Mac devices may be using third-party networking devices,
which would NOT show up in this survey as an Apple/Mac device. It's also
possible that some Apple-branded devices *may* use third-party chipsets,
which may or may not show up as an Apple MAC address. This may imply that
the number of Apple devices is higher than the percentages show, but it's
not completely unknown what effect this has, if any.

4. This survey also includes network-attached printers and other devices.
It's possible that an all-mac shop uses an HP network printer or that an
all-PC shop uses an Apple network printer, but I have no idea how this
might skew the overall results, or if anyone cares.

END OF CAVEATS

The results look pretty consistent, with an obvious drop-off on weekends
of the total number of connected hosts. (It's nice to see that some
people turn their computers off over the weekend, thereby saving the
University money and making it (slightly?) less likely that we'll be
taking pay cuts soon.) Interestingly, the Macintosh percentage drops on
the weekend also. I draw the following possible conclusions from this,
with varying credibility:

1. A higher percentage of Apple/Mac computers are used for administrative
applications; hence, the higher weekday percentage.

2. Apple/Mac users are more environmentally and pay-cut conscious than
their Windows and (especially) Unix bretheren and sisteren. They are
therefore more likely to turn off their computers or put them into
power-saving mode on weekends.

3. Apple/Mac users are more possessive of their weekend leisure time and
are less likely to come to work on weekends. (I am sure some Mac fans
will say that they don't *have* to come to work on weekends because
they're so productive on their Macs.)

You can draw your own conclusions, too.

michael

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.

Mark Ingles
643-3107
Departmental On-site Computing Support
264 Evans Hall http://docs.berkeley.edu/

<br>
</blockquote></x-html>

Roy A. Baril
Director of Technology
U. C. Berkeley Graduate School of Journalism
121 North Gate Hall
Berkeley, CA. 94720
(510) 643-9215

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Tue Jul 6 14:33:37 2004