Transcript WolfWise Migration Support

WolfWise Migration Support Training for IT Staff
Office of Information Technology
May 12, 2009
May 20, 2009
Why?
Chancellor's charge to consolidate
two incompatible calendar
systems in alignment with
business needs of the university.
Oracle Calendar service is being
decommissioned on June 26,
2009.
Training objectives
IT staff training
In addition to this class, we’re holding two WolfWise Mobile Support sessions.
Objective:
Provide IT staff with knowledge to support the migration process for their end-users.
End-user training
Several open sessions are scheduled. See the ClassMate website for dates and
locations. Custom sessions can be scheduled for your department upon request to
[email protected].
Objective
Train end-users how to accomplish tasks in GroupWise.
Migration challenges include…
• Calendar data must be migrated within a narrow window to maintain integrity of
the multi-user scheduling functionality
• Technical complexity, including integrated authentication and the new linuxbased Novell platform, variations in RFC implementations across vendors.
• Diversity and size of the University’s colleges and departments, including widely
varying business requirements and usage patterns
• Email usage is traditionally highly personalized, creating additional
requirements when deploying an integrated calendar-email system (e.g.,
custom “from” addresses for external email)
Technical architecture
See PDF on WolfWise website at:
Migration process overview
Over about a week…not yet set but likely first week of June, 2009. SysNews will be updated accordingly.
1. Resource Owners specify which resources are to be migrated or deleted from
Oracle Calendar – almost completed. Some stragglers will be contacted.
2. Oracle Calendar account creation freeze – approx. 1 week before migration.
3. Oracle Calendar user opt-in deadline. – 1 week before migration. Default is “opt
out;” so users not taking action will not be migrated. Email sent to all OC users with
instructions and link to opt-in web page (see SysNews post).
4. Oracle Calendar data snapshot exported. – Monday of migration week. Estimated
to take approx. 24 hours to run. All data changes made after this point will be users’
responsibility to re-create in WolfWise. This step creates for each OC user an
exported ical (ics) file.
5. Migration import processes will start Friday of designated weekend…
Continued…
Migration process overview
Continued…
5. Starting Friday of migration weekend and continuing until completed Monday a.m. (or
sooner) :
a) WolfWise account creation (synced with Portal eDirectory credentials) and provisioning
with online campus directory info, including Primary Email address as “from” address,
preferred names and titles.
b) Calendar data import begins using OC-exported ical files (from step 3). Estimated at 26
hours. Imported events prefixed with “[OC]”. Files are processed through an API gateway
to import into WW user accounts.
c) Email import begins from Cyrus email store. Estimated at 24 hours. Users are sent
email at beginning and end of process and may access email throughout so there is no
actual outage (though old email may not be copied over yet). Changes include batch
editing of DNS records so unityid.mail.ncsu.edu points to WolfWise IMAP servers and
forwards of Unity email addresses to WolfWise.
NOTE: Calendar and Email migration processes will run concurrently and SysNews will be updated periodically
through the migration weekend.
Migration process overview
Continued…
6. Post-migration actions taken by users , IT staff and resource owners, including:
a) Resource owners recreate permissions.
b) Proxy rights are granted by end-users to mirror “delegates” in Oracle Calendar.
c) Global Calendar URLs in Oracle are republished as GW Extranet calendars
(very few of these)
d) Optional: local mail stores and address books are migrated by local IT staff or
end-users.
Key migration facts
1.
Migrated Oracle Calendar (OC) events will be prefixed with the string [OC]
2.
Delegated permissions (called Proxy access in GroupWise) will have to be recreated
for all resources and for user accounts as needed.
3.
DNS changes will redirect UNITYID.MAIL.NCSU.EDU to WW Post Office servers (122). This causes SquirrelMail to point to WolfWise rather than Cyrus when a
WolfWise user logs in.
4.
WolfWise IMAP services require SSL and over port 993 (vs 143 in Cyrus). IMAP
clients will break unless already set up accordingly.
5.
WolfWise directory services, including the “From” address, will be synced daily from
the online directory preferences for faculty/staff.
Continued…
Key migration facts…continued
6.
Authentication credentials will be synced to Unity via the Portal eDirectory. However,
password changes will not be forced within WolfWise itself.
7.
Sieve filtering rules will not be imported. Rules will have to be recreated in WolfWise.
8.
Spam is automatically quarantined in WolfWise without a rule, but can be released for
viewing. Antivirus filters at the campus mail relays are still applicable.
9.
Quotas will not be immediately enforced in WolfWise pending an archive solution.
“Trash” folder contents older than 7 days are automatically deleted.
10. Cyrus “Trash” and “Junk Mail” folders will not be migrated to WolfWise.
11. Only users who opt-in via the webpage will be migrated. If no action is taken, a user
will not be migrated, but they still bear responsibility for saving his/her Oracle Calendar
data (via manual export from OC) as needed before the service is decommissioned on
6/26/2009.
Local mail…and archiving
Storage considerations when moving local mail to the WolfWise servers
OIT is asking that before moving large amounts of local mail up to the WolfWise servers,
which we’re defining a over 1.5GB,/account that you send a ticket in to the Help Desk to
coordinate with us to be sure there is room on users’ Post Office’s. We hope to
accommodate all requests, but there are limits to how much storage we have allocated on
each new PO. See http://www.ncsu.edu/wolfwise/faq/faq-general.php#local_mail
Local Mail within GroupWise
OIT is enabling a user-configurable native GW local mail store (called an “archive”) in the
WolfWise environment. The old GroupWise environment will continue to operate with the
fixed native archive location of “W:”. GW archives are password protected and encrypted.
Archiving
An new enterprise email archive solution will be studied this summer for possible
deployment later in the year.
Pre-migration considerations
1.
You should attend an end-user training session and encourage your users to do the
same. Both lecture style and hands-on sessions will be are being scheduled.
2.
For a list of Oracle Calendar Users, check SysNews->Other Tools->Oracle Calendar
Users by OUC. Opt-in results are available via “Oracle WolfWise Migration Status.”
3.
Have users check/update their online campus directory information. This is also a
good time to check aliases for your users.
4.
Let users dependent on Cyrus Sieve filtering rules know they will have to be recreated
in WolfWise (except for spam filtering rules). Ditto for proxy permissions.
5.
If you are a designated resource owner you should already have been contacted via
email to specify whether they should be migrated. Please respond accordingly if you
have not already done so. The naming convention for resources in WolfWise is almost
identical (space replaces “_”). Keep a list of which resources will need to have
permissions recreated after the migration.
Continued…
Pre-migration considerations…continued
6.
Consider whether you want to advise users to switch to the GW client for both email
and calendar access and advise them to opt-in accordingly.
7.
Consider easing the crunch after the migration by reconfiguring email clients in
advance to use IMAP over SSL on port 993 (Cyrus supports this configuration) so
things keep working after mail servers are redirected to the WolfWise IMAP servers.
This is a good idea for security reasons for users not migrating anyhow.
8.
If you have users who will be switching to the GW client, decide how you’re going to
handle their local mail folders (if any). Local mail can be moved with the Transend tool
or through an IMAP drag-and-drop action. Consider pre-installing the GW client.
9.
Some groups are moving local address books as well. Consider how you will handle
this when users ask. The GroupWise Windows client can import addresses in VCARD
format and there are tools available which can convert CSV and LDIF formats to
VCARD.
Tools available
Transend
Transend is a Windows-only tool which can handle importing to local mail (via IMAP copy),
address books and local calendar data to GroupWise. To request, send email to
[email protected] with an estimate of how many accounts you will migrate. We are
investigating setting up a VCL image with Transend to facilitate use on Macs.
Usage tips
Install GroupWise (required). Install Transend and reboot (required).
•Address books: When moving address books into GroupWise, create the new address
book in the GroupWise client first. In Transend you have to change the name that of the
target address book you created in GroupWise. Names are case sensitive.
•Mail (local): Choose from the dropdowns to specify the source client/format and select
GroupWise in the destination drop down. You will need to get the correct path to the mail
files; it autofills but may not be correct.
Tools
Other tools…
Local Mail -- IMAP client drag-and-drop
Connect to WolfWise IMAP servers from the mail client and drag-and-drop folders. For
very large local mail folders, you may have to move them in parts. YMMV.
Address Books
GW Windows Client allows importing of address books in VCARD (vcf) format. Sadly, the
GW Mac client does not allow importing address books. Transend will also handle address
books but might be overkill in most situations.
Web-based conversion tools:
CSV (Webmail, Outlook) to VCARD: http://homepage.mac.com/phrogz/CSV2vCard_2.html
LDIF (Thunderbird export) to VCARD: http://oit.ncsu.edu/oit-dl-resources/convert-mozillaldif-address-book-file-vcard-format
NCSU Webmail address book export (choose VCARD): https://sysnews.ncsu.edu/toolsbin/webmail-addressbook
Tools
SysNews tools
Other Tools->Oracle Calendar Users By OUC
https://sysnews.ncsu.edu/docs/corptime/data/dss/dss.csv
Provides a list of Oracle Calendar users in CSV format that can be opened in Excel and
includes a flag for Global Viewing. Handy to see how your Oracle Calendar users are. You
can check a user’s OUC in Remedy (user lookup). Students have null OUCs.
Other Tools->Oracle to WolfWise Migration Status
https://sysnews.ncsu.edu/docs/corptime/data/dss/ww_migration.csv
Provides a CSV file showing migration opt-in choices for responding customers Unity IDs.
User Lookups->User Lookup Tool
https://sysnews.ncsu.edu/user-lookup/
Shows lots of useful information for a user, including mail aliases and forwards, and which
mail server unityid.mail.ncsu.edu points to.
Support structure in OIT
Tiered support
• Tier 1 - NC State Help Desk. Call logging and triage.
• Tier 2 - Local IT support in collaboration with new WolfWise support position
• Tier 3 - Campus Messaging
Clients
Native GW Clients




Windows 32-bit client
Mac and Linux -- Cross-Platform (Java) client – Novell recommends JRE 1.6+
Web client
Outlook Connector discontinued for GW8 (not recommended)
Client comparison charts:
GW 7 (current Wolfwise version)
http://www.novell.com/documentation/gw7/gw7_userfaq/index.html?page=/documentation/
gw7/gw7_userfaq/data/bwx48zs.html
GW 8 (upgrade plans not yet determined)
http://www.novell.com/products/groupwise/compare.html
NOTE: GW clients are forward compatible but not backward compatible with server
versions. You can’t use a GW8 client on our current GW7 servers.
Clients…continued
Native GW Clients
Fat clients include IMAP client capability. This allows connection to Cyrus shared mailbox
service. Some customers configure to connect to gwspam.ncsu.edu (M+Guardian spam
quarantine).
Install and Setup:
http://www.ncsu.edu/wolfwise/software.php
Customized “setupip.exe” installation package for Win32 preconfigured for NCSU.
Server: gwmail.ncsu.edu Port: leave blank
Updates for Win32 client may be prompted server-side; will need to coordinate with
managed desktop environments.
NOTE: VPN not required for migrated users (new servers). Old users/servers still require
VPN for now and change may be deferred until after migration or Oracle Calendar users.
Clients…continued
IMAP Clients
Testing results show various glitches. Clients tested were Thunderbird for
Windows/Mac/Linux, Outlook 2003 and 2007, Windows Mail, Mac Mail, Opera Mail,
Eudora for Windows/Mac, Entourage for Mac, iPhone native mail client.
Results posted here:
http://www.ncsu.edu/wolfwise/IMAP_client_testing.pdf
Set up
Server: gwimap.ncsu.edu or unityid.mail.ncsu.edu with SSL on Port 993
NOTE: WolfWise requires IMAP over SSL. Cyrus supports SSL but does not require it.
Clients…continued
Web client
http://gwweb.ncsu.edu
Note: after migration, NCSU SquirrelMail at http://webmail.ncsu.edu will point to WW IMAP
servers due to change in DNS entry for unityid.mail.ncsu.edu. SquirrelMail address books
will remain populated as they were with Cyrus however.
Evolution client (Linux)
Includes support for GroupWise protocol implemented over SOAP API.
http://www.novell.com/documentation/gw7/gw7_interop/index.html?page=/documentation/
gw7/gw7_interop/data/bx3csus.html#bx3csus
https://secure.linux.ncsu.edu/moin/GroupWiseAndEvolutionHowTo
Server: for PO11-PO22 gwpo[#].fis.ncsu.edu Port: 7191 (WolfWise environment)
for PO1-PO10 po[#].fis.ncsu.edu Port: 7191 (old GW environment)
SPAM handling
M+ Guardian
http://gwspam.ncsu.edu – login with Unity credentials
M+ Guardian is a 3rd party spam/malware filtering system implemented as a quarantine. A
daily spam report is sent to all WolfWise users at 6 a.m. Future implementations may allow
more control over spam quarantine rules. At present, users can specify
domains/addresses in a Trusted List and Block List.
Known issue: links to release, etc., in daily spam report do not work when clicked within
the GW Web Client. False positives can and do occur.
Puremessage is still working for now. OIT will evaluate the possibility of discontinuing one
of these spam filtering systems in the future.
Users can connect directly to their M+ Guardian spam quarantine via IMAP to
gwspam.ncsu.edu over SSL, port 993 (this works in the GW client as well).
Rules
GW Rules
Sieve filtering rules from Cyrus will not import. Rules need to be recreated, but spam rules
are not required.
Detailed instructions on the WolfWise website:
http://www.ncsu.edu/wolfwise/users/rules.php
Common rules:
•
•
•
Vacation / Out of Office Reply
Auto-accept appointments you create
Resouces can be set up with rules to accept/decline based on conflicts
NOTE: Be careful not to select “Run” button when creating rules since this initiates a batch
process of the rule against your email store.
Directories and Address Books
Novell GroupWise Directory
• Native directory includes all WolfWise account holders. Email addresses will be shown
as with internal WW email domain “@gw.ncsu.edu.” Autocomplete on by default.
• Mail sent to external recipients will have “FROM” and “REPLY-TO” addresses set with
“Primary Email Address” as set in online campus directory.
• Changes are synced from the online directory daily at 2:30 a.m.
NCSO = Name Completion Search Order (in Address Book’s file menu)
• Determines which Address Books are searched for “autocompleting” addresses.
NOTE: NCSU LDAP directory (i.e., the online directory data) can’t be added to NCSO due
to performance concerns, but may be added as a separate directory under Novell Address
Book (use ldap.ncsu.edu and search base = ou=people,dc=ncsu,dc=edu).
GW Extranet: publishing calendars on the Web
GW Extranet
http://gwcal.ncsu.edu
• Similar to Oracle Calendar’s “Global Viewing” feature.
• Requires “gwextranet web calendar” account be granted proxy read access to published
account.
• Offers multiple publishing templates, including one that displays an ICAL download link.
Instructions and template URLs here:
http://www.ncsu.edu/wolfwise/users/m_plus_extranet.php
NOTE: You can add basic http authentication using a vendor hack. In the GW client click
on "Calendar" and select "File" > "Properties". On the "General" tab enter AUTHSIMPLE[<password_here>] in the "Description" field.
GW Instant Messenger
GW Instant Messenger
https://gwim.ncsu.edu:8300/ -- includes client downloads
• Offers an integrated directory and encryption.
• All WolfWise users have access automatically.
• Pidgin also supports the GroupWise Instant Messenger protocol.
• Chat rooms are possible – OIT would like to gauge interest to determine whether to
support his feature.
Server: gwim.ncsu.edu Port: 8300
NOTE: Pidgin does not support the chat room feature.
Looking ahead…
Post-migration priorities
• Request forms for new user accounts and new resources will go live after the migration.
• GW8 deployment planning for Mac users will begin after the migration to take
advantage of the improvements in the GW8 Mac client (and possibly web client). A small
group of testers were involved in evaluating a GW8 test server hosted by the College of
Education earlier this year.
• An enterprise archive solution will be researched for possible deployment later in the
year
Thank you…
Please send feedback to [email protected] or [email protected].