Purpose: This will disable all IMAP and POP protocols on new accounts created after the change. Existing users will not be affected. This will help reduce attack surface area for our accounts.
Affected: All new O365 accounts will no longer have IMAP or POP3 available to them.
Purpose: Restarted Banner Job Submission to change a custom copy process for Financial Aid Job. This restart took about 10 seconds. Additionally, added 200 more JDBC connections to Banner Admin Pages, total available is now 400 JDBC connections, this was a live change and required no restart.
Impact: Job Submission was out for 10 seconds
Affected: Anyone trying to use Job submission during the restart.
Purpose: We will be moving the workflow application during the maintenance window to a new server. This is in preparation for the SSO changes on the following weekend to support the new Banner 9 Admin Pages.
Impact: This move should be brief and consist of approximately 1hr of down time of the workflow application.
Affected: Users of the Banner Workflow application will lose access during this move.
Purpose: To prepare for the changes related to SSO and the new Banner 9 Admin Pages. We will be making configuration changes during the maintenance window to test the setup in Banstage. Because the systems share some components this will make Production unavailable during this time.
Impact: Document Management will be unavailable during this process.
Affected: All users of Banner Document Management will not have access during this downtime.
Purpose: Routine plugin updates by developers.
Purpose: Update the OWA pools on the F5 such that the Exchange 2016 servers are the first to respond to client requests. The Exchange 2013 servers will have their traffic proxied via the 2016 servers. This is for testing an issue with shared and resource mailboxes not loading via OWA for users on a 2016 database.
Affected: OWA Access
Purpose: Security and bug fixes.
Affected: Radius authentications for wireless/vpn and guest wireless access.
Purpose: To upgrade KACE agents campus-wide.
Impact: Users not directly impacted, however a new "K" icon will appear in the System Tray in Windows (or Menu bar on Macs) that gives the status of the agent's connection to the KACE Systems Management Appliance. Icon also allows users or IT service providers to force an inventory update or restart the KACE agent service (a.k.a. "konea").
Affected: Marshall-owned workstations with KACE agent installed.
Purpose: Because of increased utilization with Banner 9 and other resources, we need to tune some of the Database parameters to facilitate the increased usage.
Impact: Will cause a brief outage as the database will need to be restarted for the changes to take affect. Should take around 15 min.
Affected: All Banner users and any systems or applications reliant on Banner.
Purpose: To upgrade KACE agents on Drinko staff workstations before deploying campus-wide.
Impact: Users not directly impacted, however a new "K" icon will appear in the System Tray in Windows (or Menu bar on Mac) that gives the status of the agent's connection to the KACE Systems Management Appliance. Icon also allows users or info-tech service providers to force an inventory update or restart the KACE agent service.
Affected: Drinko staff workstations
Purpose: To upgrade the linux time servers to CentOS 7
Affected: Any system relying upon mutime.marshall.edu for time. Impact should be minimal during the cutover as time is not updated every second on every device.
Purpose: Update the myMU Sharepoint environment security patches.
Impact: myMU will be periodically unavailable as servers come up and go down throughout the upgrade process.
Affected: Anyone who requires access to any mymu webpage.
Purpose: We will be migrating from the current Shibboleth 3.1.2 instance to a newer Shibboleth 3.2.1 to allow integration with the Marshall University ADFS SSO portal.
Impact: Any services that authenticate using the shibboleth service will be unavailable for approximately 5 to 10 minutes while the migration is taking place.
Affected: Tapingo services, Blackboard Transact for Eaccounts, Poll Everywhere services, WVAquavit access, eRezLife, and any other services that authenticate against the Marshall University Shibboleth instance.
Purpose: Installation of kernel and OS patches to update for critical vulnerabilities. Reference Footprints ticket TIC-8288. We will be working in conjunction with the Enterprise Applications group to perform controlled systems reboots to apply the new kernels.
Impact: Production Banner will be unavailable while systems are rebooted.
Affected: The following servers will be impacted: MUINFO7 MUENTAPPS03 MUENTAPPS04
Purpose: To test failover redundancy of the DHCP server
Impact: If the failover is successful no one will be affected due to the redundancy, If the failover is not successful user may experience a short interruption to their network connection as the failover server is manually enabled.
Affected: minimal devices may experience an interruption in network connection.
Purpose: To update the iApp to support ADFS v4
Affected: Office365 and ADFS-integrated sign-on services. These services will be unavailable during this time.
Purpose: Correct the Faculty Attendance tracking link and the Faculty Grade Entry link.
Impact: Short outage for Application Navigator and Banner Admin users.
Affected: Banner 9 Admin Page users.
Purpose: Upgrades to the Financial Aid Banner Administrative Module in Banner 8. Aditionally, applying a Banner Admin Common upgrade to support the new Financial Aid Updates in Banner 9.
Impact: Banner 9 Users will loose access to Admin Pages at some point during the upgrade process for about 15 - 30 minutes
Affected: Financial Aid Administrative Forms users, All Banner 9 Admin Page Users
Purpose: To upgrade the production Quest KACE SMA server to the latest version - 9.0
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE admins and KACE client computers. End users not directly affected.
Purpose: Restart required to apply kernel patches
Impact: Banner 8 Financial Aid 11gR2 production forms environment will be unavailable.
Affected: Financial Aid Banner 8 Forms users.
Purpose: Address Vulnerabilities
Affected: Not Expected
Purpose: Vendor provided update applied to Quest-KACE Systems Deployment Appliance (aka K2000) to v. 6.0.425 from v. 5.1.84. For fixes & enhancements, see the KACE Systems Deployment Appliance 6.0 - Release Notes at https://support.quest.com/technical-documents/kace-systems-deployment-appliance/6.0%20common%20documents/release-notes#TOPIC-944129.
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. K2000 SDA engineers should check their their image workstations are running the latest version of the System Deployment Toolkit and have appropriate version of the 'Windows Assessment and Deployment Toolkit' (WADK) installed. https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Purpose: Move 911 services from static assigned to enhanced 911 services.
Impact: Low to none
Affected: Voice services - 911 dialing
Purpose: Several bug fixes included multiple that have caused an unexpected controller reload.
Impact: High - All wireless connectivity provided by access points joined to this controller pair will be unavailable during reload. This is expected to take no longer than 30 minutes.
Affected: All access points joined to controller pair. This includes all wireless access at Byrd clinical and several remote locations.
Purpose: Vendor provided update applied to Dell Security Management Server Virtual and Front-End Proxy host upgraded from v. 184.108.40.206 to v. 10.0.0.29. For fixes & enhancements, see the Technical Advisories at http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/manuals
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. Clients running DDPE Client Agents should upgrade to v. 10.x clients for latest version support.
Purpose: ISE security patches and other resolved caveats.
Impact: Zero to Low
Affected: Possible authentication failures for wireless and VPN. No issues should be seen with redundancy of environment.
Completed with no issue.
Purpose: Reconfigure campus firewall to prevent direct SMTP delivery from EXTERNAL sources to campus Exchange servers. Unauthenticated SMTP delivery should be directed to the servers listed on the Marshall.edu DNS MX record (e.g. Barracuda Spam Firewalls). See IT Support SR-104
Impact: This change is enacted to prevent unsolicited or malicious e-mail from bypassing the Marshall.edu MX servers.
Affected: Unknown: any exceptional use cases or legacy configurations are asked to please contact the Marshall IT Service Desk and open a support request if they believe this configuration change may be affecting their e-mail processes. jbc
Purpose: To add one last temporary Exchange 2016 node to accommodate mass mailbox migrations from 2013 to 2016.
Impact: Mail routing and flow will not be affected. Users using or opening Microsoft Outlook on Marshall's network may see a certificate warning. This is expected behavior with a new Exchange installation. IT Service desk has a work around to resolve that issue should it persist for any affected users. This side-effect should be minimal.
Affected: Exchange/Office365 Hybrid Environment, Outlook clients
Purpose: IT Service Desk is working with several dozen individuals to convert their Adobe Creative Cloud application installs from 'per-device' to 'named-user' licensing mode. License expires 8/27/2018. There is a 30-day grace period until loss of service. See https://www.marshall.edu/it/adobe for details on requesting access for new/upgrade installs.
Impact: Creative Cloud Apps may prompt for reactivation or display in the Creative Cloud Desktop App as 'trial' mode.
Affected: Adobe Creative Cloud for Teams software deployed between Aug-2016 and July-2018 which was activated using 'per-device' licensing.
Purpose: Apply the latest Oracle Database and JVM security patches. Updates to Banner Financial Aid module, which also requires updates to the General and Banner 9 counterparts.
Impact: The Banner database will need to be down during the Oracle patches, as well as a couple of the Banner upgrades. Expectations is for 4 hours of downtime. Other minimal impact of services during other Banner upgrades which should only impact the Banner Web Admin Applications.
Affected: During the first part all services that rely on the Banner Database will be unable to connect. Some services will require a restart once Banner is brought back online. Anyone using Self Service Banner, Internet Native Banner, Banner Admin Pages, Workflow, Recruit, MUBert etc. will be unable to connect with Banner in the early hours of the morning.
Purpose: The ITI Systems Team will upgrade the ADFS Farm Behavior Level to the maximum supported by ADFS on current Windows Server Environment. This will allow further controls for security and additional features we can leverage in the future.
Impact: There is little impact as this process doesn't take ADFS offline and the DBs for ADFS are backed up and new ones are created for the new version of the farm, thus allowing for a roll back, should it be required.
Affected: No users have been negatively affected by this. This did change the PSSO lifetime from 60480 mins to 129600 mins. The device usage window was also increased from 7 to 14 days.
Purpose: 8 WordPress Plugins had required updates available.
Purpose: Returning Hardware to Vendor
Purpose: To stay within Microsoft's mandate of N-1 in a Hybrid environment
Impact: Exchange mail flow may be delayed or disrupted during upgrades
Affected: All Exchange mailboxes and mail routing
Purpose: To ensure our SfB environment stays at current release.
Impact: Potential phone outage during server failover. (<1 minute)
Affected: Polycom phones and SfB clients
Purpose: This is to upgrade our DHCP services currently hosted on Windows Server 2012R2 to be migrated to Windows Server 2016. This is to fix a current bug we are experiencing that is not allowing some scopes to create reservations.
Impact: There is a chance that devices that receive their IP address dynamically will have to query the server to get a new IP address, this may cause brief disconnects to wireless clients.
Affected: Clients connected to the network.
Purpose: Upgrade existing 1G circuit to 10G with a 3G UNI
Impact: Remote campus WAN connectivity - voice, data and video.
Affected: Remote campuses on the Frontier network: South Charleston, Gilbert Harless Center, MOVC - Pt. Pleasant, RCBI-Bridgeport, Spring Valley Medical Education Building and MUSOM Family Med Lavalette, WV.
Purpose: To upgrade Nexsan firmware. Support believes this will provide a fix for the outage sustained on 26 August thru 27 August
Impact: Commvault will be unavailable during the upgrade as a precautionary measure
Purpose: Correct some software defects and bring Twin Towers East up to the software standard.
Affected: All voice, video and data services.
Purpose: To correct a software defect in the data center switch software that is causing data loss in the redundant switch.
Impact: 0 - High
Affected: If all goes well no outages will occur. It the maintenance goes wrong it would impact all services coming out of the Drinko data center.
The standby switch has been completed. Scheduling the primary to complete the process.
Purpose: Resolve an issue with VLAN 11
Affected: All voice, video and data communications.
Completed. Everything is working as expected.
Purpose: To correct an issue with the switching hardware that services the 2nd and 3rd floors.
Affected: All voice, video and data services.
Purpose: To apply needed OS patches to linux systems.
Impact: There will be a brief outage on the listed systems as they are rebooted to apply updated kernels.
Affected: The following servers will be affected:
mudworksapp01 mudworksapp02 nagpra mubioinfo bannerxe04 muentapps04x muentapps03x muinfo7x mugrid02 mueaapex01 muban9adm01x muban9api01x muban9app01x muban9adm01 muban9api01 muban9app01 muesm01 mudworksdb-new
Purpose: WordPress update to Version 4.9.8
Purpose: BRIM will be upgraded to version 2.3 from version 220.127.116.11.
Impact: BRIM integration will be down for approximately five minutes.
Affected: Approx. 15 admissions users
Purpose: To complete the migration to 2016 native
Purpose: Annual maintenance, correct software defects, and move to a recommended software release.
Impact: All networked services.
Affected: Internet, voice, and video.
Purpose: At 8pm the ITI Systems team began controlled failover reboots of the Skype for Business front end servers in order to resync the Response Group services across the cluster. Due to the redundant nature of the environment services should not have been affected. The rolling reboots were completed by 8:30p and all services have been restored. If any issues are discovered, please report it to the IT Service desk.
Purpose: Cleanup and optimization of SharePoint enviroment
Impact: SharePoint services, (inside, sharepoint, etc) will be unavailable.
Purpose: Preventative maintenance and software defects
Affected: All data center services
Purpose: Preventative maintenance and encryption update.
Affected: Network Wired Network WiFi Banner Services Data Center Telephones Marshall Health and SoM
Purpose: This maintenance will move MUDC04 and MUDC06 to Windows Server 2016.
Impact: Minimal impact will be seen during the process since AD is a redundant service.
Purpose: Need to replace the expiring wildcard certificate.
Purpose: Preventative maintenance and software defects.
Impact: Due to the redundancy in the network design there will be minimal impact to internet traffic.
Affected: Internet services O365 Blackboard VPN
Purpose: The SSL/TLS certs on Skype for Business will expire soon. This will replace the certs with current ones and also introduces additional Subject Alternate Names for the SBAs.
Impact: Minimal impact; this will involve a rolling restart of services on Skype for Business.
Purpose: This is to move MUDC01 from Server 2012 to Windows Server 2016.
Impact: This will have minimal impact during the time. The redundant nature of Active Directory and the timing of the update minimizes any issues that a user would encounter during the syncing of the new MUDC01.
Affected: This affects all users on the Marshall domain, but is invisible to them as well.
Purpose: This update was to get the Compellent to the next stable release of code. It enables additional features we could leverage as well. The update took the system from 6.7.40 to 7.2.31.
Impact: There was no systems impact during this update. The update utilizes the fail over capacity of the SAN to perform the update in a non-interruptive manner.
Affected: No other systems were affected by this update.
Purpose: UI update, standardization, and software defects
Affected: Polycom VVX 60x series phones.
*Rescheduled for April the 29th
Purpose: To provide security updates as recommended by Tenable via Systems.
Impact: Minor downtime while server is being patched.
Affected: All Inside.marshall.edu and SharePoint.marshall.edu sites will be unavailable during the updates.
The ITI Systems Team has successfully applied the March 2018 SfB Cumulative Update to the University Skype for Business Server 2015 environment. Due to the redundant design of the SfB environment, services should not have been impacted. The version changes were:
Description Updated Version Previous Version Core Components 6.0.9319.516 6.0.9319.510 Core Runtime 64-bit 6.0.9319.516 6.0.9319.510 Mediation Server 6.0.9319.514 6.0.9319.272 Skype for Business Server 2015 6.0.9319.516 6.0.9319.510 Conferencing Server 6.0.9319.514 6.0.9319.503 Web Components Server 6.0.9319.516 6.0.9319.510 XMPP Translating Gateway 6.0.9319.516 6.0.9319.0
The ITI Systems team has performed a reorganization of the LcsCDR and QoEMetrics database indexes on the primary Skype for Business database server. This reorganization was required due to exceptionally high index fragmentation. The reorg took approximately 15 minutes to complete and didn’t affect SfB services.
Purpose: At 10pm the ITI Systems Team performed a rolling restart of the “Skype for Business Server Response Group” service on each of the front end nodes in the University SfB environment. There was a 30 second outage of response group services on each server during the reboot. All services are fully restored.
Impact: 30 second outage of Response Group services.
Affected: Skype for Business Environment