Page tree

Get started by adding some pages to this space. Create page.

Skip to end of metadata
Go to start of metadata

 (a.k.a. HIIT IT service migration and shutdown of IT services team)

Starting 2018-03-09 15:20 HIIT IT services team no longer maintains this page. Any further edits, excluding this one, will be made by Somebody Else(TM).

From me (Pekka T) and Sami: Thanks to you all! It was fun! (smile)



HIIT management decided to shut down HIIT's own administrative services.

HIIT IT services (HIIT ITS for short) is also an administrative service and thus will be shut down at the end of 2017 at the latest. For general, financial and human resources management shut down procedure has already been done by relocating HIIT as a sub cost centre of each computer science department in both Aalto university and University of Helsinki and by relocating employees from HIIT's cost centre to department's.

HIIT ITS has had a project going on to migrate bulk services off from HIIT to centralised IT. The goal of this project changed at 2016 when administration started to ask, how long would it take to change the budget of HIIT ITS to 0€.  The timeframe was set until the end of 2017 and thus during this year, hopefully by fall, this previously migration, now shutdown project of which migration is just a part of, will be finished and all services have been migrated elsewhere. After the migration project finishes, HIIT ITS staff will working 100% for Aalto IT services.

The main goal of HIIT ITS has been to lessen the impact of all this fuzz to researchers. It should, however, be said that service levels may change. At times to the better and at times to the worse. "The service is as it is" has been said, meaning that quite likely none of the recipients of the migrated services will modify their already existing service just for the needs of HIIT, instead, hiiters need to accommodate.

During the H2 of 2017 our current services will either be shut down or migrated to at least the following parties:

  • Computer science departments in Aalto university and University of Helsinki
  • Centralised IT in Aalto university and University of Helsinki
  • IT center for science (CSC)

CS departments will be getting the most of the stuff and centralised ITs will quite likely provide bulk services.

What do I need to do?

If you have data in either

or your service(s) authenticate using HIIT credentials you need to relocate your data preferably before 2018-01-24 and at 2018-02-08 at the latest!

To get instructions, help and assistance, please contact the centralised IT helpdesk:

All other stuff will keep running even after that time, except our helpdesk;

HIIT ITS helpdesk stopped accepting new requests at 2017-06-19 12:00.

Old tickets will be handled via old support addresses but new tickets can not be created after that time. For more information about helpdesk migration, please see the helpdesk section.


Other important stuff that might have an effect is listed below.

 


Authentication

UPDATE at 2017-12-20: Authentication systems will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.

To make migration possible we need to freeze HIIT's authentication systems. After that existing HIIT accounts work as before but no new accounts, neither normal accounts nor lightweight accounts, will be created any more.

HIIT authentication system will be frozen at 2017-06-12. No new HIIT accounts will be created after that.

After that time the only way to get access to additional personnel is to first migrate the service to e.g. Aalto university or University of Helsinki and then get the accounts as needed from corresponding university after migration of the service. For information about getting user accounts, please see Accounts and passwords page.

All HIIT services' authentication is done using HIIT authentication services (HIIT-AS for short). HIIT-AS provides authentication using HIIT's own ActiveDirectory, LDAP and Radius service. This service works with HIIT credentials. During the migration authentication of all servers and services will be changed to be done against either HAKA or authentication systems of Aalto university or University of Helsinki. HAKA authentication is preferred on web services and Active Directory authentication on the rest of the services. Both CS departments and HIIT ITS will help in making the changes to servers and services.

 


Backups

UH CS department and UH IT for Science are now responsible for backups.

Backups will continue to run as usual. Only the personnel responsible for the service will change.

HIIT and the Department of Computer Science in University of Helsinki have similar backup environments, at least by the parts used to build them (backup software and hardware). We have a shared tape library, storage area network, to name few. Due to this we're handing over our backup system in whole to them. We'll do some tidying up first so that the migration would be as easy as possible. Some support will be provided after that also, but (hopefully) nothing major.

The planned date for handover was 2017-06-12 but it won't happen due to delays. Handover will happen at 2017-06-26.

 


Certificates

HIIT ITS has had a direct access to DigiCert's portal via the deal FUNET has done. This will now change. After the migration certificates to HIIT administered domains are to be acquired via University of Helsinki.

More information about the change and time schedule will be provided later.

 


Domains

All domains will continue as they are.

  • Non-FI- domains are being handled by HIIT ITS and by Department of Computer Science in University of Helsinki in the future.
  • With FI- domains Aalto university is currently our registrar. Note: The registrar will change and in the future University of Helsinki will be our registrar with .FI domains.

Domain registrations and all related things are still being handled by HIIT ITS. For more information, please see Registering DNS domains.

 


Domain name service (DNS)

HIIT's domain name service will continue to run.

Administrative task will be handled by Department of Computer Science in University of Helsinki, quite likely in collaboration with University of Helsinki's Centre of IT's networking team. Management, a.k.a changes in zones, are planned to be handled by both CS departments of both Aalto university and University of Helsinki.

 


Data centre administration and services

UH CS department and UH IT for Science are now responsible for data cente(s).

HIIT IT services is responsible for a bunch of roles and services related to the data centre we share with Department of Computer Science in University of Helsnki. These responsibilities need to be transferred before HIIT ITS can really be shut down.

Approximated date for finishing all this is 2017-09. Urgent responsibilities will, hopefully, be transferred before holidays (during 2017-06).

 


E-mails

Aalto ITS is now responsible for HIIT e-mails.

HIIT's e-mail provider will change at the end of June (2017-06-30) from Otaverkko Oy to Aalto university IT services.

In order to keep your @HIIT.FI- e-mail address:

 From Otaverkko's e-mail service's management page, redirect your @HIIT.FI- e-mails to your Aalto university's e-mail address (@aalto.FI).

The above process is the only way to keep your @HIIT.FI- e-mail address! There is no other way!

If you forward your mails to any other than @aalto.FI- e-mail address, your @HIIT.FI- e-mail address will be lost.

(info) The use of Aalto university as a endpoint of forwarding is because after the migration your @HIIT.FI- e-mails will be delivered there anyhow.

Should you not have Aalto university's e-mail address, please see Accounts and passwords page, Aalto visitor account section.

In order to keep your @HIIT.FI- e-mails:

Relocate your e-mails off from Otaverkko's systems by 2017-06-30.

 HIIT's contract with Otaverkko Oy ends at the end of June. At that time

  • All hiiters' mailboxes will be permanently erased from Otaverkko Oy's systems.
  • @HIIT.FI- e-mail transport will no longer happen by Otaverkko Oy.

Have you forgotten the password to HIIT's e-mail service? Ask for help from support at otaverkko dot FI.

Policy change in HIIT.FI- e-mail addresses

To accompany all other changes two changes in policy regarding hiiters' HIIT.FI- e-mail addresses were issued by HIIT management:

  1. Hiiters will no longer automatically get an e-mail address from HIIT.FI- domain. @HIIT.FI- e-mail addresses will be provided for a small group of personnel, e.g. director of HIIT. Hiiters will, by default, use the e-mail address provided to them by their employing university.
  2. All HIIT.FI- e-mail addresses are temporary. The currently existing addresses will expire at 2019-06-30.

E-mail service for non-HIIT.FI- domains

For all other domains HIIT uses in its research Aalto university provides e-mail services.

About mailing lists

Mailing lists have already been transferred to Aalto ITS. Should you wish to get a mailing list, please contact Aalto ITS. Please remember to mention the possible need for HIIT.FI-alias for the list.

 


Entry server shell.hiit.fi

UPDATE at 2017-12-20: shell.hiit.fi will be shut down at 2018-02-08.

Entry server shell.hiit.fi is scheduled to be shut down at 2017-09.

HIIT networks are currently accessible using methods described on Remote access to HIIT network and resources page. One of the methods is using entry server shell.hiit.fi either directly (SSH, MOSH) or by tunneling via shell.hiit.fi (SSH, SOCKS). Due to migration and the changes in the role of HIIT networks and their administration HIIT's own entry server will no longer be neccessary, instead we will open an access to HIIT's networks from CS deparments' networks of both universities.

 


Helpdesk

HIIT's helpdesk was shut down at 2017-06-19.

After that time the helpdesk service practice will be identical with the department a person is employed by. This means that the default contact e-mail addresses in IT related problems will be

  • In Aalto university: esupport (a) aalto dot FI
  • In University of Helsinki: helpdesk (a) Helsinki dot FI

In more detail the following will happen:

  • Creation of new tickets by unauthenticated users will be prohibited.
  • Old tickets will continue to be handled via HIIT's ticketing system.

 


Logging service

HIIT ITS currently provides syslog-service. Current implementation is a bit simple and thus HIIT ITS will build a new using Graylog. All clients will migrate to log to this new service.

 


Monitoring services

HIIT ITS is currently building new, more informative and more easily administered monitoring services using Zabbix and Grafana. After migration, all hosts will be monitored using these services.

 


Network

HIIT has two networks; production network and testbed network. Both contain services and servers, so nothing drasic is going to happen due to migration. However:

Due to continued state of lack of responsible personnel, HIIT is shutting down ex. InfraHIP testbed network slice (193.167.187.0/24, 2001:708:140:220::/61) at 2017-06-30.

Currently there are the following open questions that we need to have an answer to:

  1. Can HIIT still keep its IPv4 and IPv6 addresses or is the end of HIIT ITS the end of HIIT's own network. Testbed, which was originally made for University of Helsinki in ICT SHOK FI WP3, really doesn't have any alternatives. Production nework could migrate to using IP-addresses (both IPv4 and IPv6) of each university.
  2. Who will administer both networks? Networking group in Centre of IT in University of Helsinki or UH's IT for Science (IT4Sci) group are current alternatives. Operative rights are probably going to be given to broader set of organisational units on both universities.

About others' networks?

HIIT ITS has been quite involved with networking in Kumpula campus, especially in Exactum building. These responstibilities will continue to exist until the proper way of handing responsibilities over has been discussed. Remaining tasks include firewall reconfiguration and router renowation.

End of involvment will be during the fall. More information will follow.

Management access to services?

Management access to services will be simplified. No dedicated access from user's workstation will be provided. Instead an appropriate access wil be granted to virtual workstation that the user is able to log in.

 


PlanetLab

HIIT currently has two PlanetLab nodes in PlanetLab Europe. We're planning to upgrade them and thus to continue to participate in the PlanetLab project.

 


Project servers

CS departments are now responsible for project servers.

A questionnaire about project servers was sent to servers' responsible persons on May. The questionnaire contained questions about

  • authentication base; whether the server is to be authenticated from Aalto university or University of Helsinki?
  • how long the server is needed?

Deadline to answering to the questionnaire was 2017-05-31. Now (2017-06-21) only seven (7) questionaires are still unfulfilled, so on that regard things are looking good.(smile)

CS departments' ITs will gain an access to project servers during week 25. This also means that all support requests regarding project servers should be handled as described in Helpdesk section.

About access to the project servers from the Internet

The project server questionnaire contained a light version of needed firewall ports. A more detailed questionnaire about them will be sent later. Until then, the current port configuration will remain.

What's going to happen to project servers, in more detail?

Project servers will go through the following steps during the migration:

  1. IT staff of the CS departments will be given access to project servers. Which IT staff will gain access to which server is determined by the authentication source the server will be connected to as follows. If the server is connected to authentication system of
    • Aalto university; Aalto university's Department of Computer Science's IT will get root access and the server will be administered by them.
    • University of Helsinki; University of Helsinki's Department of Computer Science's IT will get root access and the server will be administered by them.
    At this point the administrative responsibility will be removed from HIIT ITS. HIIT ITS will assist CS departments' ITs as needed.
  2. Project servers will be reconfigured to authenticate from Aalto university or University of Helsinki and ownership of the files and directories (etc.) on the project server will be changed to match the new User and Group IDs
  3. Access control on the project server will be reconfigured to match the new User and Group IDs

During the migration the project servers may have to be rebooted, but the duration of downtime will be minimised.

 


Remote Windows server

UPDATE at 2017-12-20: HIIT's remote Windows server will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-01-31.

HIIT's terminal service server will be shut down. The replacement will be a virtual workstation provided by UH Centre of IT.

 


Security related stuff

All issues related to information security in any way will be handled by HIIT ITS until migration of each service is done. Migration of responsibilities of a certain services have already started and more will follow during the summer.

The normal security e-mail address on all our domains

security at domain dot TLD

will continue to function, as usual.

(info) Should there be a need for e.g. document about how data is processed and stored in HIIT's IT infrastructure, please continue to contact us via an e-mail address security at HIIT dot FI. More information about the change of responsibilities will be provided on this page A.S.A.P.

 


Version control system (vcs.hiit.fi)

UPDATE at 2017-12-20: HIIT-VCS will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.

HIIT VCS users are required to migrate their repositories off from HIIT's version control service.

Updata at 2018-01-25: URL http[s]://vcs.hiit.fi is available from a subset of networks of Aalto university and University of Helsinki.

Both Aalto university and University of Helsinki have a version control systems, both GitLab installations, on addresses

to which users can relocate their data.

 


Wiki service (wiki.hiit.fi)

UPDATE at 2017-12-20: wiki.hiit.fi will be inaccessible from the Internet at 2018-01-24 and shut down at 2018-02-08.

Space admins are required to migrate their spaces off from HIIT's wiki service.

Updata at 2018-01-25: URL http[s]://wiki.hiit.fi is now configured to redirect to this migration page on wiki.helsinki.fi.

The old wiki is available on address

https://wiki-int.hiit.fi/

from a subset of networks of Aalto university and University of Helsinki.

Instructions on how to migrate a space to Aalto university's or University of Helsinki's wiki service, please see links to instructions below.

 


HIIT-VPN service

HIIT-VPN was shut down at 2017-06-30.

All users are instructed to migrate to using the VPN service of their employing university.

HIIT networks are currently accessible using methods described on Remote access to HIIT network and resources page. One of the methods is using HIIT-VPN. Due to migration and the changes in the role of HIIT networks and their administration HIIT's own entry server will no longer be neccessary, instead we will open an access to HIIT's networks from CS deparments' networks of both universities and their VPN services, as needed.

 


Www services

UH CS department and UH IT for Science are now responsible for www-services.

UPDATE at 2017-12-22: Administrative responsibilities of www-services have been migrated to UH CS department and UH IT for science- group.

HIIT has several web sites, some built using Drupal CMS and some using static HTML pages. More information about migrating these will follow shortly.

  • Drupal sites currently do not have anywhere to go to.
  • Static sites can be migrated to either university's services.


  • No labels