WolfWise Migration Support Training for IT Staff Office of Information Technology May 12, 2009 May 20, 2009
Why? Chancellor's charge to consolidate two incompatible calendar systems in alignment with business needs of the university. Oracle Calendar service is being decommissioned on June 26, 2009.
Training objectives IT staff training In addition to this class, we’re holding two WolfWise Mobile Support sessions. Objective: Provide IT staff with knowledge to support the migration process for their end-users. End-user training Several open sessions are scheduled. See the ClassMate website for dates and locations. Custom sessions can be scheduled for your department upon request to email@example.com. Objective Train end-users how to accomplish tasks in GroupWise.
Migration challenges include… • Calendar data must be migrated within a narrow window to maintain integrity of the multi-user scheduling functionality • Technical complexity, including integrated authentication and the new linux-based Novell platform, variations in RFC implementations across vendors. • Diversity and size of the University’s colleges and departments, including widely varying business requirements and usage patterns • Email usage is traditionally highly personalized, creating additional requirements when deploying an integrated calendar-email system (e.g., custom “from” addresses for external email)
Technical architecture See PDF on WolfWise website at:
Migration process overview Over about a week…not yet set but likely first week of June, 2009. SysNews will be updated accordingly. • Resource Owners specify which resources are to be migrated or deleted from Oracle Calendar – almost completed. Some stragglers will be contacted. • Oracle Calendar account creation freeze – approx. 1 week before migration. • Oracle Calendar user opt-in deadline. – 1 week before migration. Default is “opt out;” so users not taking action will not be migrated. Email sent to all OC users with instructions and link to opt-in web page (see SysNews post). • Oracle Calendar data snapshot exported. – Monday of migration week. Estimated to take approx. 24 hours to run. All data changes made after this point will be users’ responsibility to re-create in WolfWise. This step creates for each OC user an exported ical (ics) file. • Migration import processes will start Friday of designated weekend… Continued…
Migration process overview Continued… 5. Starting Friday of migration weekend and continuing until completed Monday a.m. (or sooner) : • WolfWise account creation (synced with Portal eDirectory credentials) and provisioning with online campus directory info, including Primary Email address as “from” address, preferred names and titles. • Calendar data import begins using OC-exported ical files (from step 3). Estimated at 26 hours. Imported events prefixed with “[OC]”. Files are processed through an API gateway to import into WW user accounts. • Email import begins from Cyrus email store. Estimated at 24 hours. Users are sent email at beginning and end of process and may access email throughout so there is no actual outage (though old email may not be copied over yet). Changes include batch editing of DNS records so unityid.mail.ncsu.edu points to WolfWise IMAP servers and forwards of Unity email addresses to WolfWise. NOTE: Calendar and Email migration processes will run concurrently and SysNews will be updated periodically through the migration weekend.
Migration process overview Continued… 6. Post-migration actions taken by users , IT staff and resource owners, including: • Resource owners recreate permissions. • Proxy rights are granted by end-users to mirror “delegates” in Oracle Calendar. • Global Calendar URLs in Oracle are republished as GW Extranet calendars (very few of these) • Optional: local mail stores and address books are migrated by local IT staff or end-users.
Key migration facts • Migrated Oracle Calendar (OC) events will be prefixed with the string [OC] • Delegated permissions (called Proxy access in GroupWise) will have to be recreated for all resources and for user accounts as needed. • DNS changes will redirect UNITYID.MAIL.NCSU.EDU to WW Post Office servers (1-22). This causes SquirrelMail to point to WolfWise rather than Cyrus when a WolfWise user logs in. • WolfWise IMAP services require SSL and over port 993 (vs 143 in Cyrus). IMAP clients will break unless already set up accordingly. • WolfWise directory services, including the “From” address, will be synced daily from the online directory preferences for faculty/staff. Continued…
Key migration facts…continued 6. Authentication credentials will be synced to Unity via the Portal eDirectory. However, password changes will not be forced within WolfWise itself. • Sieve filtering rules will not be imported. Rules will have to be recreated in WolfWise. • Spam is automatically quarantined in WolfWise without a rule, but can be released for viewing. Antivirus filters at the campus mail relays are still applicable. • Quotas will not be immediately enforced in WolfWise pending an archive solution. “Trash” folder contents older than 7 days are automatically deleted. • Cyrus “Trash” and “Junk Mail” folders will not be migrated to WolfWise. 11. Only users who opt-in via the webpage will be migrated. If no action is taken, a user will not be migrated, but they still bear responsibility for saving his/her Oracle Calendar data (via manual export from OC) as needed before the service is decommissioned on 6/26/2009.
Local mail…and archiving Storage considerations when moving local mail to the WolfWise servers OIT is asking that before moving large amounts of local mail up to the WolfWise servers, which we’re defining a over 1.5GB,/account that you send a ticket in to the Help Desk to coordinate with us to be sure there is room on users’ Post Office’s. We hope to accommodate all requests, but there are limits to how much storage we have allocated on each new PO. See http://www.ncsu.edu/wolfwise/faq/faq-general.php#local_mail Local Mail within GroupWise OIT is enabling a user-configurable native GW local mail store (called an “archive”) in the WolfWise environment. The old GroupWise environment will continue to operate with the fixed native archive location of “W:”. GW archives are password protected and encrypted. Archiving An new enterprise email archive solution will be studied this summer for possible deployment later in the year.
Pre-migration considerations • You should attend an end-user training session and encourage your users to do the same. Both lecture style and hands-on sessions will be are being scheduled. • For a list of Oracle Calendar Users, check SysNews->Other Tools->Oracle Calendar Users by OUC. Opt-in results are available via “Oracle WolfWise Migration Status.” • Have users check/update their online campus directory information. This is also a good time to check aliases for your users. • Let users dependent on Cyrus Sieve filtering rules know they will have to be recreated in WolfWise (except for spam filtering rules). Ditto for proxy permissions. • If you are a designated resource owner you should already have been contacted via email to specify whether they should be migrated. Please respond accordingly if you have not already done so. The naming convention for resources in WolfWise is almost identical (space replaces “_”). Keep a list of which resources will need to have permissions recreated after the migration. Continued…
Pre-migration considerations…continued • Consider whether you want to advise users to switch to the GW client for both email and calendar access and advise them to opt-in accordingly. • Consider easing the crunch after the migration by reconfiguring email clients in advance to use IMAP over SSL on port 993 (Cyrus supports this configuration) so things keep working after mail servers are redirected to the WolfWise IMAP servers. This is a good idea for security reasons for users not migrating anyhow. • If you have users who will be switching to the GW client, decide how you’re going to handle their local mail folders (if any). Local mail can be moved with the Transend tool or through an IMAP drag-and-drop action. Consider pre-installing the GW client. • Some groups are moving local address books as well. Consider how you will handle this when users ask. The GroupWise Windows client can import addresses in VCARD format and there are tools available which can convert CSV and LDIF formats to VCARD.
Tools available Transend Transend is a Windows-only tool which can handle importing to local mail (via IMAP copy), address books and local calendar data to GroupWise. To request, send email to firstname.lastname@example.org with an estimate of how many accounts you will migrate. We are investigating setting up a VCL image with Transend to facilitate use on Macs. Usage tips Install GroupWise (required). Install Transend and reboot (required). • Address books: When moving address books into GroupWise, create the new address book in the GroupWise client first. In Transend you have to change the name that of the target address book you created in GroupWise. Names are case sensitive. • Mail (local): Choose from the dropdowns to specify the source client/format and select GroupWise in the destination drop down. You will need to get the correct path to the mail files; it autofills but may not be correct.
Tools Other tools… Local Mail -- IMAP client drag-and-drop Connect to WolfWise IMAP servers from the mail client and drag-and-drop folders. For very large local mail folders, you may have to move them in parts. YMMV. Address Books GW Windows Client allows importing of address books in VCARD (vcf) format. Sadly, the GW Mac client does not allow importing address books. Transend will also handle address books but might be overkill in most situations. Web-based conversion tools: CSV (Webmail, Outlook) to VCARD: http://homepage.mac.com/phrogz/CSV2vCard_2.html LDIF (Thunderbird export) to VCARD: http://oit.ncsu.edu/oit-dl-resources/convert-mozilla-ldif-address-book-file-vcard-format NCSU Webmail address book export (choose VCARD): https://sysnews.ncsu.edu/tools-bin/webmail-addressbook
Tools SysNews tools Other Tools->Oracle Calendar Users By OUC https://sysnews.ncsu.edu/docs/corptime/data/dss/dss.csv Provides a list of Oracle Calendar users in CSV format that can be opened in Excel and includes a flag for Global Viewing. Handy to see how your Oracle Calendar users are. You can check a user’s OUC in Remedy (user lookup). Students have null OUCs. Other Tools->Oracle to WolfWise Migration Status https://sysnews.ncsu.edu/docs/corptime/data/dss/ww_migration.csv Provides a CSV file showing migration opt-in choices for responding customers Unity IDs. User Lookups->User Lookup Tool https://sysnews.ncsu.edu/user-lookup/ Shows lots of useful information for a user, including mail aliases and forwards, and which mail server unityid.mail.ncsu.edu points to.
Support structure in OIT Tiered support • Tier 1 - NC State Help Desk. Call logging and triage. • Tier 2 - Local IT support in collaboration with new WolfWise support position • Tier 3 - Campus Messaging
Clients Native GW Clients • Windows 32-bit client • Mac and Linux -- Cross-Platform (Java) client – Novell recommends JRE 1.6+ • Web client • Outlook Connector discontinued for GW8 (not recommended) Client comparison charts: GW 7 (current Wolfwise version) http://www.novell.com/documentation/gw7/gw7_userfaq/index.html?page=/documentation/gw7/gw7_userfaq/data/bwx48zs.html GW 8 (upgrade plans not yet determined) http://www.novell.com/products/groupwise/compare.html NOTE: GW clients are forward compatible but not backward compatible with server versions. You can’t use a GW8 client on our current GW7 servers.
Clients…continued Native GW Clients Fat clients include IMAP client capability. This allows connection to Cyrus shared mailbox service. Some customers configure to connect to gwspam.ncsu.edu (M+Guardian spam quarantine). Install and Setup: http://www.ncsu.edu/wolfwise/software.php Customized “setupip.exe” installation package for Win32 preconfigured for NCSU. Server: gwmail.ncsu.edu Port: leave blank Updates for Win32 client may be prompted server-side; will need to coordinate with managed desktop environments. NOTE: VPN not required for migrated users (new servers). Old users/servers still require VPN for now and change may be deferred until after migration or Oracle Calendar users.
Clients…continued IMAP Clients Testing results show various glitches. Clients tested were Thunderbird for Windows/Mac/Linux, Outlook 2003 and 2007, Windows Mail, Mac Mail, Opera Mail, Eudora for Windows/Mac, Entourage for Mac, iPhone native mail client. Results posted here: http://www.ncsu.edu/wolfwise/IMAP_client_testing.pdf Set up Server: gwimap.ncsu.edu or unityid.mail.ncsu.edu with SSL on Port 993 NOTE: WolfWise requires IMAP over SSL. Cyrus supports SSL but does not require it.
Clients…continued Web client http://gwweb.ncsu.edu Note: after migration, NCSU SquirrelMail at http://webmail.ncsu.edu will point to WW IMAP servers due to change in DNS entry for unityid.mail.ncsu.edu. SquirrelMail address books will remain populated as they were with Cyrus however. Evolution client (Linux) Includes support for GroupWise protocol implemented over SOAP API. http://www.novell.com/documentation/gw7/gw7_interop/index.html?page=/documentation/gw7/gw7_interop/data/bx3csus.html#bx3csus https://secure.linux.ncsu.edu/moin/GroupWiseAndEvolutionHowTo Server: for PO11-PO22 gwpo[#].fis.ncsu.edu Port: 7191 (WolfWise environment) for PO1-PO10 po[#].fis.ncsu.edu Port: 7191 (old GW environment)
SPAM handling M+ Guardian http://gwspam.ncsu.edu – login with Unity credentials M+ Guardian is a 3rd party spam/malware filtering system implemented as a quarantine. A daily spam report is sent to all WolfWise users at 6 a.m. Future implementations may allow more control over spam quarantine rules. At present, users can specify domains/addresses in a Trusted List and Block List. Known issue: links to release, etc., in daily spam report do not work when clicked within the GW Web Client. False positives can and do occur. Puremessage is still working for now. OIT will evaluate the possibility of discontinuing one of these spam filtering systems in the future. Users can connect directly to their M+ Guardian spam quarantine via IMAP to gwspam.ncsu.edu over SSL, port 993 (this works in the GW client as well).
Rules GW Rules Sieve filtering rules from Cyrus will not import. Rules need to be recreated, but spam rules are not required. Detailed instructions on the WolfWise website: http://www.ncsu.edu/wolfwise/users/rules.php Common rules: • Vacation / Out of Office Reply • Auto-accept appointments you create • Resouces can be set up with rules to accept/decline based on conflicts NOTE: Be careful not to select “Run” button when creating rules since this initiates a batch process of the rule against your email store.
Directories and Address Books Novell GroupWise Directory • Native directory includes all WolfWise account holders. Email addresses will be shown as with internal WW email domain “@gw.ncsu.edu.” Autocomplete on by default. • Mail sent to external recipients will have “FROM” and “REPLY-TO” addresses set with “Primary Email Address” as set in online campus directory. • Changes are synced from the online directory daily at 2:30 a.m. NCSO = Name Completion Search Order (in Address Book’s file menu) • Determines which Address Books are searched for “autocompleting” addresses. NOTE: NCSU LDAP directory (i.e., the online directory data) can’t be added to NCSO due to performance concerns, but may be added as a separate directory under Novell Address Book (use ldap.ncsu.edu and search base = ou=people,dc=ncsu,dc=edu).
GW Extranet: publishing calendars on the Web GW Extranet http://gwcal.ncsu.edu • Similar to Oracle Calendar’s “Global Viewing” feature. • Requires “gwextranet web calendar” account be granted proxy read access to published account. • Offers multiple publishing templates, including one that displays an ICAL download link. Instructions and template URLs here: http://www.ncsu.edu/wolfwise/users/m_plus_extranet.php NOTE: You can add basic http authentication using a vendor hack. In the GW client click on "Calendar" and select "File" > "Properties". On the "General" tab enter AUTH-SIMPLE[<password_here>] in the "Description" field.
GW Instant Messenger GW Instant Messenger https://gwim.ncsu.edu:8300/ -- includes client downloads • Offers an integrated directory and encryption. • All WolfWise users have access automatically. • Pidgin also supports the GroupWise Instant Messenger protocol. • Chat rooms are possible – OIT would like to gauge interest to determine whether to support his feature. Server: gwim.ncsu.edu Port: 8300 NOTE: Pidgin does not support the chat room feature.
Looking ahead… Post-migration priorities • Request forms for new user accounts and new resources will go live after the migration. • GW8 deployment planning for Mac users will begin after the migration to take advantage of the improvements in the GW8 Mac client (and possibly web client). A small group of testers were involved in evaluating a GW8 test server hosted by the College of Education earlier this year. • An enterprise archive solution will be researched for possible deployment later in the year
Thank you…Please send feedback to email@example.com or firstname.lastname@example.org.