(a.k.a. HIIT IT service migration and shutdown of IT services team)
Starting 2018-03-09 15:20 HIIT IT services team no longer maintains this page. Any further edits, excluding this one, will be made by Somebody Else(TM).
From me (Pekka T) and Sami: Thanks to you all! It was fun!
What do I need to do?
Other important stuff that might have an effect is listed below.
UPDATE at 2017-12-20: Authentication systems will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.
All HIIT services' authentication is done using HIIT authentication services (HIIT-AS for short). HIIT-AS provides authentication using HIIT's own ActiveDirectory, LDAP and Radius service. This service works with HIIT credentials. During the migration authentication of all servers and services will be changed to be done against either HAKA or authentication systems of Aalto university or University of Helsinki. HAKA authentication is preferred on web services and Active Directory authentication on the rest of the services. Both CS departments and HIIT ITS will help in making the changes to servers and services.
UH CS department and UH IT for Science are now responsible for backups.
Backups will continue to run as usual. Only the personnel responsible for the service will change.
HIIT and the Department of Computer Science in University of Helsinki have similar backup environments, at least by the parts used to build them (backup software and hardware). We have a shared tape library, storage area network, to name few. Due to this we're handing over our backup system in whole to them. We'll do some tidying up first so that the migration would be as easy as possible. Some support will be provided after that also, but (hopefully) nothing major.
The planned date for handover was 2017-06-12 but it won't happen due to delays. Handover will happen at 2017-06-26.
HIIT ITS has had a direct access to DigiCert's portal via the deal FUNET has done. This will now change. After the migration certificates to HIIT administered domains are to be acquired via University of Helsinki.
More information about the change and time schedule will be provided later.
All domains will continue as they are.
- Non-FI- domains are being handled by HIIT ITS and by Department of Computer Science in University of Helsinki in the future.
- With FI- domains Aalto university is currently our registrar. Note: The registrar will change and in the future University of Helsinki will be our registrar with .FI domains.
Domain registrations and all related things are still being handled by HIIT ITS. For more information, please see Registering DNS domains.
Domain name service (DNS)
HIIT's domain name service will continue to run.
Administrative task will be handled by Department of Computer Science in University of Helsinki, quite likely in collaboration with University of Helsinki's Centre of IT's networking team. Management, a.k.a changes in zones, are planned to be handled by both CS departments of both Aalto university and University of Helsinki.
Data centre administration and services
UH CS department and UH IT for Science are now responsible for data cente(s).
HIIT IT services is responsible for a bunch of roles and services related to the data centre we share with Department of Computer Science in University of Helsnki. These responsibilities need to be transferred before HIIT ITS can really be shut down.
Approximated date for finishing all this is 2017-09. Urgent responsibilities will, hopefully, be transferred before holidays (during 2017-06).
Aalto ITS is now responsible for HIIT e-mails.
HIIT's e-mail provider will change at the end of June (2017-06-30) from Otaverkko Oy to Aalto university IT services.
Should you not have Aalto university's e-mail address, please see Accounts and passwords page, Aalto visitor account section.
Have you forgotten the password to HIIT's e-mail service? Ask for help from support at otaverkko dot FI.
Policy change in HIIT.FI- e-mail addresses
To accompany all other changes two changes in policy regarding hiiters' HIIT.FI- e-mail addresses were issued by HIIT management:
- Hiiters will no longer automatically get an e-mail address from HIIT.FI- domain. @HIIT.FI- e-mail addresses will be provided for a small group of personnel, e.g. director of HIIT. Hiiters will, by default, use the e-mail address provided to them by their employing university.
- All HIIT.FI- e-mail addresses are temporary. The currently existing addresses will expire at 2019-06-30.
E-mail service for non-HIIT.FI- domains
For all other domains HIIT uses in its research Aalto university provides e-mail services.
About mailing lists
Mailing lists have already been transferred to Aalto ITS. Should you wish to get a mailing list, please contact Aalto ITS. Please remember to mention the possible need for HIIT.FI-alias for the list.
Entry server shell.hiit.fi
UPDATE at 2017-12-20: shell.hiit.fi will be shut down at 2018-02-08.
Entry server shell.hiit.fi is scheduled to be shut down at 2017-09.
HIIT networks are currently accessible using methods described on Remote access to HIIT network and resources page. One of the methods is using entry server shell.hiit.fi either directly (SSH, MOSH) or by tunneling via shell.hiit.fi (SSH, SOCKS). Due to migration and the changes in the role of HIIT networks and their administration HIIT's own entry server will no longer be neccessary, instead we will open an access to HIIT's networks from CS deparments' networks of both universities.
In more detail the following will happen:
- Creation of new tickets by unauthenticated users will be prohibited.
- Old tickets will continue to be handled via HIIT's ticketing system.
HIIT ITS currently provides syslog-service. Current implementation is a bit simple and thus HIIT ITS will build a new using Graylog. All clients will migrate to log to this new service.
HIIT ITS is currently building new, more informative and more easily administered monitoring services using Zabbix and Grafana. After migration, all hosts will be monitored using these services.
HIIT has two networks; production network and testbed network. Both contain services and servers, so nothing drasic is going to happen due to migration. However:
Due to continued state of lack of responsible personnel, HIIT is shutting down ex. InfraHIP testbed network slice (
2001:708:140:220::/61) at 2017-06-30.
Currently there are the following open questions that we need to have an answer to:
- Can HIIT still keep its IPv4 and IPv6 addresses or is the end of HIIT ITS the end of HIIT's own network. Testbed, which was originally made for University of Helsinki in ICT SHOK FI WP3, really doesn't have any alternatives. Production nework could migrate to using IP-addresses (both IPv4 and IPv6) of each university.
- Who will administer both networks? Networking group in Centre of IT in University of Helsinki or UH's IT for Science (IT4Sci) group are current alternatives. Operative rights are probably going to be given to broader set of organisational units on both universities.
About others' networks?
HIIT ITS has been quite involved with networking in Kumpula campus, especially in Exactum building. These responstibilities will continue to exist until the proper way of handing responsibilities over has been discussed. Remaining tasks include firewall reconfiguration and router renowation.
End of involvment will be during the fall. More information will follow.
Management access to services?
Management access to services will be simplified. No dedicated access from user's workstation will be provided. Instead an appropriate access wil be granted to virtual workstation that the user is able to log in.
HIIT currently has two PlanetLab nodes in PlanetLab Europe. We're planning to upgrade them and thus to continue to participate in the PlanetLab project.
CS departments are now responsible for project servers.
A questionnaire about project servers was sent to servers' responsible persons on May. The questionnaire contained questions about
- authentication base; whether the server is to be authenticated from Aalto university or University of Helsinki?
- how long the server is needed?
Deadline to answering to the questionnaire was 2017-05-31. Now (2017-06-21) only seven (7) questionaires are still unfulfilled, so on that regard things are looking good.
CS departments' ITs will gain an access to project servers during week 25. This also means that all support requests regarding project servers should be handled as described in Helpdesk section.
About access to the project servers from the Internet
The project server questionnaire contained a light version of needed firewall ports. A more detailed questionnaire about them will be sent later. Until then, the current port configuration will remain.
What's going to happen to project servers, in more detail?
Project servers will go through the following steps during the migration:
- IT staff of the CS departments will be given access to project servers. Which IT staff will gain access to which server is determined by the authentication source the server will be connected to as follows. If the server is connected to authentication system of
- Aalto university; Aalto university's Department of Computer Science's IT will get root access and the server will be administered by them.
- University of Helsinki; University of Helsinki's Department of Computer Science's IT will get root access and the server will be administered by them.
- Project servers will be reconfigured to authenticate from Aalto university or University of Helsinki and ownership of the files and directories (etc.) on the project server will be changed to match the new User and Group IDs
- Access control on the project server will be reconfigured to match the new User and Group IDs
During the migration the project servers may have to be rebooted, but the duration of downtime will be minimised.
Remote Windows server
UPDATE at 2017-12-20: HIIT's remote Windows server will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-01-31.
HIIT's terminal service server will be shut down. The replacement will be a virtual workstation provided by UH Centre of IT.
Security related stuff
All issues related to information security in any way will be handled by HIIT ITS until migration of each service is done. Migration of responsibilities of a certain services have already started and more will follow during the summer.
Should there be a need for e.g. document about how data is processed and stored in HIIT's IT infrastructure, please continue to contact us via an e-mail address security at HIIT dot FI. More information about the change of responsibilities will be provided on this page A.S.A.P.
Version control system (vcs.hiit.fi)
UPDATE at 2017-12-20: HIIT-VCS will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.
Both Aalto university and University of Helsinki have a version control systems, both GitLab installations, on addresses
to which users can relocate their data.
Wiki service (wiki.hiit.fi)
UPDATE at 2017-12-20: wiki.hiit.fi will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.
Instructions on how to migrate a space to Aalto university's or University of Helsinki's wiki service, please see links to instructions below.
- Instructions to migrate a space to wiki.aalto.fi.
- To migrate a space to wiki.helsinki.fi, contact email@example.com.
HIIT-VPN was shut down at 2017-06-30.
All users are instructed to migrate to using the VPN service of their employing university.
HIIT networks are currently accessible using methods described on Remote access to HIIT network and resources page. One of the methods is using HIIT-VPN. Due to migration and the changes in the role of HIIT networks and their administration HIIT's own entry server will no longer be neccessary, instead we will open an access to HIIT's networks from CS deparments' networks of both universities and their VPN services, as needed.
UH CS department and UH IT for Science are now responsible for www-services.
UPDATE at 2017-12-22: Administrative responsibilities of www-services have been migrated to UH CS department and UH IT for science- group.
HIIT has several web sites, some built using Drupal CMS and some using static HTML pages. More information about migrating these will follow shortly.
- Drupal sites currently do not have anywhere to go to.
- Static sites can be migrated to either university's services.