Purpose: Correct software defects and vulnerabilities
Impact: Medium
Affected: WiFi Clients
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: To address a patching issue possibly relating to ADFS issues with myMU
Impact: -----
Affected: -----
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: To address a patching issue possibly relating to ADFS issues with myMU
Impact: myMU will be unavailable at some point during the patching. Everything should be back up approximately by 1am.
Affected: -----
Purpose: Software upgrades needed to address memory leaks causing poor performance.
Impact: All internet services will be down for about 20 minutes while reloading.
Affected: All internet service in building.
Purpose: We moved to a new production database at OpenText's recommendation for additional stability.
Impact: All RightFax Services
Affected: All fax services provided by RightFax
Purpose: The current initial password for all accounts sourced through FIM is birthdate in MMDDYY format. We are going to change this to a random password based on their first name, a GUID representation of their displayname, and a special character. This should have no effect on any new accounts as everyone is directed to go through the first time logon web page to set their initial password.
Impact: LOW
Affected: MIM
Purpose: Switches are being replaced to reuse equipment at other locations.
Impact: Partial to Complete Outage
Affected: All network connectivity will be interrupted or down on the 4th floor Drinko.
Purpose: The WWW domain / environment will be migrated from Windows Server 2008 to Linux. There should be no down time for the majority of applications.
Impact: Most applications will not notice the change. Others may have small correctable issues. If any issues are noticed please reach our to IT Enterprise Applications for immediate resolution.
Affected: -----
Purpose: IT has automatically included members of the ‘IDM-All_Registered_Students’ and ‘IDM-EMPLOYEE’ groups into the Active Directory security group 'VPN_AuthorizedUsersMU' which controls access to VPN to temporarily suspending having to make individual support requests to be granted VPN access.
Impact: -----
Affected: Members of 'IDM-ALL_REGISTERED_STUDENTS' and 'IDM-EMPLOYEE' groups are automatically (nested) members of the group 'VPN_AuthorizedUsersMU'.
Purpose: To upgrade the Microsoft Identity Manager servers to modern operating systems and supported versions of software.
Impact: LOW
Affected: MIM
Purpose: Apply Oracle Patches to the Banner and Degree Works databases.
Impact: This will require a 15 - 20 min outage on the database while the patches are applied
Affected: All applications that use the Banner or Degree Works databases will experience an outage while patching takes place.
Purpose: This process will upgrade the infrastructure underlying the ADFS system to Windows Server 2019. This brings more efficient services as well has enhancements related to MFA.
Impact: This is a non-interruptive action. The new nodes will be added into the farm, taking over the same functionality. Once all nodes are replaced with the Server 2019 nodes, we can upgrade the ADFS farm function to 2019.
Affected: This will have minimal impact as the configuration of ADFS is shared among all nodes in the farm. There is also no outage during this process.
Purpose: To renew and replace the following expiring certs:
jemcsba.marshall.edu lyncedgepool13.marshall.edu lyncfepool13.marshall.edu lyncwac.marshall.edu mugcsba.marshall.edu
Impact: -----
Affected: -----
Purpose: To renew the InCommon wildcard cert for marshall.edu for our SfB environment and F5 load balancers.
Impact: -----
Affected: -----
Purpose: promote 3 win2019 RODC's into Marshall's domain to eventually replace our DNS slaves.
Impact: -----
Affected: -----
Purpose: To provide additional user licenses.
Impact: None
Affected: None
Purpose: The purpose of this maintenance is to move the Nexus Router (Byrd Machine Room Router) to the MUSOM core routers from the Byrd/Med Center building switchstacks.
Impact: All Servers located in the Byrd Server Room.
Affected: Because of the redundant links on the Nexus to Med Center and to Byrd, no outage was experienced.
Purpose: Complete Azure Express Route
Impact: None
Affected: None
Purpose: Tomcat was restarted on mumobileprod in order to proactively address a memory issue
Impact: Some MUMobile features, such as authentication, would have been unavailable for approximately one minute
Affected: MUMobile iOS and Android mobile apps
Purpose: Upgrade Ellucian Recruit to v5.2
Impact: Ellucian Recruit may be intermittently unavailable during this time.
Affected: Ellucian Recruit: recruitment.marshall.edu, apply.marshall.edu
Purpose: ITIC and ITIS have been engaged for two weeks with Microsoft support to fix an issue where a Teams user is unable to leave a VM for a on-prem Skype for Business user. Microsoft technicians yesterday discovered that a Lync/SFB component that Exchange uses was not updated. An issues was discovered with the Lync Unified Communications Managed API (UCMA) and a patch developed and deployed several years ago. That was never ported to Exchange. The fix was to install the Lync update on Exchange. It detects that the UCMA is running and out of date, and applies the update.
Impact: Modern clients maintain connection to Exchange as DBs move between servers. The only place this is noticeable is in PowerShell. If a server is in maintenance, some PowerShell cmdlets that IT use will fail.
Affected: Given the redundant nature of Exchange, neither end users nor mail delivery is affected.
Purpose: Move of the Titanium Schedule application to new app and database servers which run a supported OS.
Impact: Titanium Schedule will be unavailable from 9AM to approx. 9:30AM on Sunday 02/23.
Affected: -----
Purpose: Apply Financial Aid upgrades to Banner. We also plan to take the database down and reboot muinfo8 to apply kernel patches.
Impact: This will cause a brief Banner outage.
Affected: All Banner users will be affected
Purpose: Installation of kernel and OS patches requiring system reboot on affected systems. These patches are intended to patch/mitigate known security and/or functionality issues.
Impact: Patched systems will experience a brief downtime (approx. 1 to 5 minutes) while they are rebooted to apply new kernel versions
Affected: The following systems will be affected by these patches: mudworksdb03 mudworksapp02 muban9ssb01 muban9msg01 muban9api01 muban9adm01 muban9app01 muentapps03 muentapps04 bannerxe04
Purpose: Installation of OS updates to address known OS and/or kernel vulnerabilities.
Impact: Each of the servers will experience a brief downtime as they are rebooted to apply new OS kernels.
Affected: The following servers will be affected: mufilebox mutime01 mutime02 mutime03 mudnsa mudnsb mucups mucups-hp musas03 mucvgraph muweb-ux01 muweb-ux02 muwebdb-ux01 muapps-ux01 muapps-ux02 muappsdb-ux01 dev.marshall.edu
Purpose: Disable the PMF feature to correct some inter-ap roaming issues
Impact: None
Affected: None
Purpose: The recent firmware update on the FS8600 is stated to have patched the Windows 10 SMB3 issues encountered in 2019. The vendor reports we are able to enable SMB3
Impact: LOW
Affected: FS8600/MUNAS/Departmental Shares
Purpose: Applying routine Windows patches to the SfB environment and ID office servers.
Impact: SfB environment is redundant so there should not be any disruption to services. ID Office services will be unavailable during the reboot.
Affected: -----
Purpose: In order to maintain Microsoft's recommended hybrid environment of N-1 we need to upgrade our Exchange Servers to CU15
Impact: LOW
Affected: Exchange
Purpose: Temporarily correct a memory leak.
Impact: High
Affected: All networked services for 5-7 minutes.
Byrd BioTech Center 05:00 Twin Towers 05:00
South Charleston Campus 12:30
2/20 Henderson Center 5:00am Vetrans Memorial Soccer 5:00am Softball 5:00am Stadium Complex 5:00am
2/21 Biotech 5:00am Communications Building 5:00am Chris Cline Athletic Complex 5:00am
2/23 Drinko 5:00am SJK (Pharmacy) 5:00am RiverValley 5:00am
Purpose: Performing DB check on Kbox.
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE admins and KACE client computers. End users not directly affected.
Purpose: To enable SMBv3
Impact: HIGH
Affected: Departmental shares (MUNAS)
Purpose: To upgrade KACE clients to the latest version released - v10.1.43.
Impact: All main-campus KACE clients will upgrade silently within the next few days or the next time they check in with the KACE appliance. MUSOM clients will be upgraded at a later time.
Affected: No users directly affected.
Purpose: To patch the myMU environment.
Impact: -----
Affected: -----
Purpose: Installation of kernel and OS patches requiring system reboot on affected systems. These patches are intended to patch/mitigate known security and/or functionality issues.
Impact: Patched systems will experience a brief downtime (approx. 1 to 5 minutes) while they are rebooted to apply new kernel versions
Affected: The following systems will be affected by these patches: lists mudnsa mudnsb mudnsa2 mucups mucups-hp mugit04 mupxe musysapps shibboleth mudns3 muadobeusersync biomedbkup musas03 webwork
Purpose: Routine windows patches
Impact: server patches and reboots
Affected: all Windows based servers
Purpose: We will be migrating MU Bert to a new server for upgrades and stability.
Impact: Minimal to none
Affected: -----
Purpose: Windows Updates need to be installed on the Exchange servers.
Impact: Low
Affected: Email related functions
Purpose: We need to install Windows Updates on the Skype for Business servers.
Impact: Low
Affected: Skype for Business, VOIP telephony, and chat.
Purpose: We need to install Windows Updates on the Clarity Connect servers.
Impact: Low
Affected: Clarity Connect call center software.
Purpose: Windows Updates and patches will be applied to all Windows based servers.
Impact: Low
Affected: All Windows based servers
Purpose: The servers running the campus ID systems need to have Windows Updates installed.
Impact: Low
Affected: Campus ID related systems
Purpose: We previously set the Office365 policy to disable POP and IMAP on all newly created accounts. This will disable POP and IMAP on all already existing accounts. These protocols are already inaccessible through a conditional access policy so no major interruptions should occur. 77856 mailboxes are in scope for this change.
Impact: LOW
Affected: Office365,POP,IMAP
Purpose: We are performing our annual cleanup for all inactive user accounts.
Impact: LOW
Affected: Office365 On-Prem resources
Purpose: To upgrade the version of PHP used for apps.marshall.edu
Impact: Sites may be unavailable during parts of the upgrade, but should be back up within the hour.
Affected: -----
Purpose: We will be applying end of year upgrades which include most of the releases from September and any requires subsequent patches for all Banner Modules.
Impact: This will cause intermittent outages during some of the upgrades, and will require the re-deployment of Banner Admin Pages.
Affected: Users of Banner Admin Pages and Self service will have intermittent outages during the upgrade.
Purpose: Maintain OS service support and security updates. We are moving the Banner Database server to a new host on RHEL 7.
Impact: This server hosts the Banner Production Database, all services that rely on Banner will be impacted with the outage.
Affected: All users of services that rely on Banner will be impacted. This switchover is scheduled for 3 hours but we expect it to be less.
Purpose: Bug fix only, no feature upgrades
Impact: Low due to the redundancy of the system
Affected: WiFi services.
Purpose: To renew SSL certs for myMU and Gateway (Production CAS)
Impact: None
Affected: None
Purpose: To upgrade the production Quest KACE SMA server to the latest version - 10.1.99
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE admins and KACE client computers. End users not directly affected.
Purpose: Bug fix and move to vendor recommended software
Impact: Low due to the redundancy of the system.
Affected: I2 and commodity Internet services (Possible)
Purpose: Disable and decommission old Barracuda Spam Firewalls that have been replaced by Barracuda Email Security Services Cloud service.
Impact: This change will impact SOM encrypted email users ability to send encrypted emails via the old Barracuda system.
Affected: -----
Purpose: Update software to release 2.7. New guest and posture features.
Impact: None due to the redundancy of the system.
Affected: WiFi and VPN authentications (Possible)
Purpose: Upgrade software to support new access point models
Impact: Low due to the redundancy of the system.
Affected: WiFi services.
Purpose: General upgrade to the latest code base.
Impact: All main campus associated telephones will upgrade and reboot randomly within our upgrade window.
Affected: All telephones associated with Main Campus services. No MUSOM telephones will be affected.
Purpose: We intend on upgrading to the latest feature pack.
Impact: RightFax outage
Affected: All RightFax services will be down for approximately one hour.
Purpose: General upgrade to the latest firmware.
Impact: Telephony services may incur small outages during failover. We plan to stagger the upgrades to each of the 4 SBC's allowing for redundant paths to be in effect during individual upgrades.
Affected: All external telephony services.
Purpose: Upgrading SEPM to latest version - 14.2 RU2
Impact: Symantec Endpoint clients may have limited connectivity to the Protection Manager.
Affected: No end users or services are expected to be directly affected.
Purpose: To correct vulnerabilities and software defects.
Impact: None
Affected: No impact expected as this is a redundant system. If there are issues we will fall back to the standby NGFW with the current software loaded.
Purpose: Vendor provided update applied to Quest-KACE Systems Deployment Appliance (aka K2000) to v. 7.1.94 from 6.1.251 and 7.0.357. For fixes & enhancements, see the Quest-KACE Systems Deployment Appliance 7.1 - Release Notes at https://support.quest.com/technical-documents/kace-systems-deployment-appliance/7.1%20common%20documents/release-notes
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. K2000 SDA engineers should check their image workstations are running the latest version of the System Deployment Toolkit and have appropriate version of the 'Windows Assessment and Deployment Toolkit' (WADK) installed. https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Purpose: Maintain Commvault backup server software.
Impact: Minimal. Some daily server backups were delayed while the service pack was installed.
Affected: Server backups. No production systems or services were interrupted during this procedure.
Purpose: After experiencing a non-interruptive and non-planned controller reboot on early Sunday morning, it has been advised to make a minor update from 7.3.11 to 7.3.20. This update fixes the unplanned reboot.
Impact: This is a non-service affecting maintenance. No end user impact is expected.
Affected: This is the storage that underlies VMware and file storage on munas.
Purpose: Upgrade the F5 load balancers to current versions of supported code.
Impact: LOW
Affected: Exchange,WWW,ADFS,Skype, and other services routing through the F5
Purpose: To stay within Microsoft requirements of N-1
Impact: Low
Affected: Email related functions
Purpose: To upgrade KACE agents campus-wide.
Impact: Users not directly impacted. KACE agent upgraded on campus workstations (Windows & Mac) silently.
Affected: Marshall-owned workstations with KACE agent installed.
Purpose: In an effort to increase the security of our Office 365 tenant and our on-prem environment, we are going to remove the 555 users in the current conditional access policy for legacy protocols per CR-86. This will disable all legacy protocols on Office365 mailboxes excluding Skype for Business Exchange EWS dependencies.
Impact: MEDIUM
Affected: Office365 users leveraging SMTP, IMAP, and POP3 legacy protocols
Purpose: Patch myMU and on-prem SharePoint environments.
Impact: myMU and inside.marshall.edu will be unavailable for the duration of the patching, 3+ hours
Affected: -----
Purpose: Upgrades Banner Financial Aid 8.37/9.3.16 and 8.37.1/9.3.17
Impact: Financial Aid and Admin pages.
Affected: Possible interruption to Banner 9 users while Admin pages are being re-deployed.
Purpose: In order to facilitate the School of Medicine domain consolidation, the Systems group is promoting a Domain Controller on the Marshall Health network on Sunday morning.
Impact: This will have minimal impact due to the time of day and minimal users in Marshall Health on the MUNET domain.
Affected: This will only affect MUNET authenticated users on the Marshall Health networks.
Purpose: To upgrade the production Quest KACE SMA server to the latest version - 10.0
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE admins and KACE client computers. End users not directly affected.
Purpose: Upgrade Astra Schedule to the latest release.
Impact: Astra Schedule will be unavailable for up to two hours between 8am-10am EST 10/25
Affected: Astra Schedule environment
Purpose: This is in response to TIC-15191. On-prem devices are unable to perform a Azure AD Hybrid Join or initiate an automatic OneDrive for Business silent logon. After working with Microsoft it was determined that 2 endpoints were disabled on the WAPs. Microsoft recommends that we reconfigure internal DNS to point adfs.marshall.edu directly to the ADFS Federation Service nodes instead of the non-domain joined application proxies.
Impact: MEDIUM
Affected: ADFS, Hybrid Azure AD Join, Office365
Purpose: Routine windows and security patches for Exchange, Skype for Business, ID Office, and Clarity Connect.
Impact: Redundant environment for SfB, Exchange, and Clarity Connect so no impact. ID Office servers will have brief outage during reboot.
Affected: -----
Purpose: MUDSMS-VE was upgraded from v10.2.5.6 to v.10.2.7.9 for OS and app security updates.
Impact: Minor. Dell Data Security Encryption clients were unable to reach the server during the upgrade, but encryption services were not affected.
Affected: No end users were affected.
Purpose: In an effort to increase the security of our Office 365 tenant and our on-prem environment, we are going to modify the Azure AD conditional access policy restricting legacy protocol (SMTP,IMAP,POP3) access to Office365 mailboxes. The modification will block all access to these protocols with the exception of 555 users which were identified to be using IMAP or SMTP over the last 180 days.
Impact: MEDIUM
Affected: Office365 users leveraging SMTP, IMAP, and POP3 legacy protocols
Purpose: To install kernel and OS patches to protect against current security vulnerabilities.
Impact: The affected systems will be briefly unavailable during the reboot necessary to make the new kernels active.
Affected: he following server will be affected:
muinfo7 (banprod) mugrid02 mudworksdb-new mudworksdb03 mudworksapp01 mudworksapp02 muban9adm01a ban9ssb01 ban9msg01 muban9api01 muban9adm01 muban9app01 muentapps03 muentapps04 mueaapex02 muesm02 trinitydb bannerxe04 bannerxe00
Purpose: In order to additionally secure MUPFC (V: Drive servers), we shutdown FTP based access. This was initially done externally as we were receiving little legitimate traffic and large amounts of hacking attempts. The additional step was taken to totally deprecate the FTP services. With the external block, a VPN was required, which gives access to the standard file share.
Impact: Very little impact. Web services are still available, but owner access to update has changed to a share from FTP.
Affected: Minimal. Only the handful of FTP users will need to change workflow.
Purpose: ITI Systems will enable protocol logging in our Exchange environment. This change will require POP3 and IMAP service restarts, Impact will be minimal.
Impact: LOW
Affected: Exchange
Purpose: To block all access to on-prem exchange servers from external sources with the exception of Barracuda cloud and TimeClock Plus. This is to combat compromised accounts sending massive amounts of phishing emails.
Impact: MEDIUM
Affected: Exchange
Purpose: Restrict access to muremote to members of IDM Students Recent 24 months and IDM-Employee
Impact: LOW
Affected: muremote
Purpose: To enable a conditional access policy to disable legacy protocols for Exchange Online for users outside of the United States region.
Impact: Users outside of USA using legacy protocols for O365 Exchange Online
Affected: email clients using legacy protocols such as SMTP, IMAP, POP3
Purpose: To install kernel and OS patches to protect against current security vulnerabilities.
Impact: The affected systems will be briefly unavailable during the reboot necessary to make the new kernels active.
Affected: The following server will be affected: mugraylog01 mugraylog02 mugraylog03 lists mudnsa mudnsb mucups mucups-hp mufilebox mugit04 mupxe musysapps shibboleth mudns3 muadobeusersync webwork biomedbkup nagpra musas03 bhmaster bhslave01 bhslave02 bhslave03 bhslave04
Purpose: Azure has notified us that we have ADFS endpoints that respond to authentication request that will bypass the ADFS lockout policies. We will be disabling these endpoints.
Impact: None of these endpoints are currently in use. No anticipated impact.
Affected: ADFS has a large scope, but the use of the target change affects no known users.
Purpose: To install Skype for Business Server 2015 Aug 2019 CU. v6.0.9319.562 https://support.microsoft.com/en-us/help/3061064/updates-for-skype-for-business-server-2015
Impact: Minimal impact to phone and messaging due to redundant nature of environment
Affected: Phone system, SfB clients and polycom endpoints.
Purpose: Upgrading SEPM to latest version - 14.2.1 MP1
Impact: Symantec Endpoint clients may have limited connectivity to the Protection Manager.
Affected: No end users or services are expected to be directly affected.
Purpose: We will be moving the paths for these mailboxes in order to move these databases to new servers to address load balancing.
Impact: HIGH
Affected: Resource and phone mailboxes will be unavailable during this time.
Purpose: Apply latest Financial Aid releases and Patches, minor updates to General, Accounts Receivable, and Student. Upgrade to Admin Common, Banner 9 db components, and Application Navigator as well.
Impact: During upgrade process there should be little impact on the system but users may experience brief outages, Job submission will be unavailable until the upgrade is complete. Once upgrade is complete a redeployment of the Banner Admin web app and Application Navigator web app will be required, this will result in a brief outage.
Affected: All users of the Banner Admin Pages will be affected during the redeployment phase, estimated 5-10 min outage. Total time for upgrade is expected to be 4 hrs.
Purpose: In order to keep with the Microsoft recommendation and supported architecture of N-1 for Exchange, we need to upgrade the following servers to CU13 muexch01 muexch02 muexch06
Impact: LOW
Affected: Exchange
Purpose: With the Exchange 2013 to 2016 upgrade nearly complete, the temporary servers used to house mailboxes during upgrades are no longer used and can be uninstalled. The following servers will be removed: -muexch16-temp -muexch16-temp2 -muexch16lag
Impact: LOW
Affected: Exchange
Purpose: After the reboot of controller 1 from last night we need to rebalance the connections on both controllers for load balancing purposes.
Impact: LOW
Affected: Department shares. Some users will experience a disconnect as they are moved to the new controller.
Purpose: After working with Dell it was determined that the IPMI process was running at 100% CPU utilization on controller 1 of MUNAS (FS8600). Level 3 support at Dell was unable to kill or reset that process and their recommended course of action is to reboot node 1. This reboot is interruptive for 900 connections as of this request. These open connections will be closed. Dell does not anticipate any connections on node 0 will be interrupted or overall share access will be interrupted during this time. The process takes approximately 10-20 minutes. Dell does not recommend we operate in this state for any significant amount of time.
Impact: HIGH
Affected: Users connected to controller 1 will have their sessions closed
Purpose: Upgrading from WordPress 4.9.9 to 5.2.2. There will be changes to the WordPress Dashboard admin user interface, but we have added an additional plugin so admin users can continue using the traditional editor until everyone is properly trained on the changes.
Impact: None.
Affected: None.
Purpose: Maintenance updates.
Impact: None.
Affected: None.
Purpose: BRIM will be redeployed to leverage CAS authentication instead of a local Oracle account.
Impact: BRIM will be unavailable during the change. Downtime should be no longer than 10 minutes.
Affected: BRIM users - Admissions and Recruitment offices.
Purpose: OARnet Support Center 1-800-627-6420 support@oar.net
OARnet Planned Maintenance Notification Affected Service: OARnet Connectivity
Impacted Site: metak12-marion
Start Date & Time: 8/9/19 12am End Date & Time: 8/9/19 6am
Summary of Work to be performed: One of OARnet’s service partners, Spectrum is performing maintenance within their network resulting in an impact to OARnet clients. We have determined that one or more of your circuits will be impacted by this maintenance. You will see a loss of service on this circuit for the duration of the work. Spectrum expects the outage to last 180 minutes, and will occur during the maintenance window 8/9/19 from 12am to 8/9/19 at 6am.
Risk Assessment during OARnet maintenance window: 1 = Minimal traffic loss risk (up to one minute outage possible) 2 = Moderate traffic loss risk (2 to 5 minute outage possible) 3 = High traffic loss risk (6 to 15 minute outage possible) X 4 = Extreme high traffic loss risk (16 minutes or longer outage possible).
OARnet Case Number: OAR-CHG0030860
If you have any questions or concerns regarding this planned work, please contact the OARnet Support Center and reference the above case number.
Network Operations Center Ohio Academic Resources Network (OARnet) A member of the Ohio Technology Consortium 1224 Kinnear Road, Columbus, Ohio 43212 Service Desk: (800) 627-6420 support@oar.net
Impact: X 4 = Extreme high traffic loss risk (16 minutes or longer outage possible).
Affected: Due to the redundancy of the ISP we should not see an impact
Purpose: MU's Astra Schedule environment will be upgraded to the latest release.
Impact: Astra Schedule will be unavailable for up to two hours between 8am and 10am on 8/9/19.
Affected: -----
Purpose: Segra will be troubleshooting frame loss.
Impact: Medium
Affected: SoM and Marshall Health WAN services.
Purpose: Annual preventative maintenance and install recommended code.
Impact: High
Affected: All networked services; including Internet, telephony, etc...
Purpose: Routine maintenance updates for WordPress plugins.
Impact: None
Affected: None
Purpose: In an effort to reduce local mail loops, improve mail flow, and overall hygiene of the environment, we want to remove the Exchange MailUser object for every AD user that is disabled. 10,943 are in scope for this.
Impact: LOW
Affected: Exchange
Purpose: Upgrade Banprod and DW to Oracle 12cR2. Reboot application servers to apply kernel patches.
Impact: Banprod and DW will be down during upgrades.
Affected: All Banner and DW users.
Purpose: Change to logstash configuration to allow log file names to be timestamped with EST times instead of UTC
Impact: Minimal downtime while new configurations are applied.
Affected: System logs being sent to musysapps.
Purpose: This is mainly cosmetic from our understanding. Right now OWA's NAT is configured as such: 10.101.4.125 <-> 206.212.0.85. Exchange 2016's Office Online Server (WAC) is configured as such: 10.101.4.85 <-> 206.212.0.125. We wish to correct this NAT and adjust DNS
Impact: LOW
Affected: OWA, Attachment viewing/editing in OWA
Purpose: We will be flipping DNS over to the new Linux Webserver Stack. No downtime is expected.
Impact: -----
Affected: Any applications that have not been migrated over to the new server stack beforehand will be unavailable at the time of migration.
Purpose: Correct software vulnerabilities and software defects. See CR-65 for details
Impact: Low
Affected: No services should be impacted as we will just failover to the new code. If any services are affected we will fail back to the current code.
Purpose: This is the second part of our organizational upgrade from Exchange 2013 to Exchange 2016. We are nearly done clearing out all databases and users from these servers. We will be removing Exchange 2013 from these systems, upgrading the OS to Server 2016 and installing/configuring Exchange 2016 on them.
Impact: HIGH
Affected: Exchange Mail
Purpose: To install Skype for Business Server 2015 May 2019 CU. v6.0.9319.548 https://support.microsoft.com/en-us/help/4487981/may-2019-cumulative-update-6-0-9319-548-for-skype-for-business-server
Impact: The redundant nature of the SfB environment should minimize any potential service outage.
Affected: polycom sfb client response groups UM
Purpose: Update the WLC's to the latest software enhancements and fixes in our current software image. See CR-66 for details.
Impact: Low
Affected: WiFi services will be affected while the AP's are rebooted.
Purpose: We will be changing our on-premises email routing to send all exchange outbound email through our Barracuda Essentials service for filtering and protection at 3PM today (6/20/2019). The notable difference in this email routing is that there will be an outbound email rate limit of 150 emails per user per 30 minute period. Any group of emails sent that go over this limit will have the overflow of messages deferred for 30 minutes. After 30 minutes the remaining emails will start processing again, repeating this cycle until all messages are processed. Note that this will only apply to emails going outside the organization.
Impact: The notable difference in this email routing is that there will be an outbound email rate limit of 150 emails per user per 30 minute period. Any group of emails sent that go over this limit will have the overflow of messages deferred for 30 minutes. After 30 minutes the remaining emails will start processing again, repeating this cycle until all messages are processed. Note that this will only apply to emails going outside the organization.
Affected: This will affect outbound email from the Marshall University on-premises email system.
Purpose: Upgrading SEPM to latest version - 14.2.0RU1
Impact: Symantec Endpoint clients may have limited connectivity to the Protection Manager.
Affected: No end users or services are expected to be directly affected.
Purpose: To upgrade KACE clients to the latest version released.
Impact: All main-campus KACE clients will upgrade silently within the next few days or the next time they check in with the KACE appliance. MUSOM clients will be upgraded at a later time.
Affected: No users directly affected.
Purpose: To prepare the environment for hybrid deployment with SharePoint Online.
Impact: N/A
Affected: N/A
Purpose: Vendor provided update applied to Dell Security Management Server Virtual and Front-End Proxy host upgraded from v. 10.1.0.32 to v. 10.2.4.11. For fixes & enhancements, see the Technical Advisories at http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/manuals
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. Clients running DDPE Client Agents should upgrade to v. 10.x clients for latest version support.
Purpose: Disable SMB3 protocol due to Windows 10 1903 having connectivity issues to UNC paths served by the FS8600
Impact: LOW
Affected: Departmental Shares
Purpose: This change will enable additional lockout for external attacks that hit ADFS for authentication, providing for more protection on user accounts without affecting their AD account (not locking that out). We need 3-7 days of observation before enabling. Since many are on leave and minimal staffing over the weekend, we move to enable this early on Monday so we have full staff on hand.
Impact: This will lockout a user account from the ADFS perspective for 5 bad passwords in 5 minutes. Only when a user meets that threshold will they be locked out.
Affected: This is in scope for all users.
Purpose: This will enable us to evaluate moving our SharePoint environment to SharePoint Online.
Impact: This may trigger a reboot, but otherwise, no impact.
Affected: Minimal. Only a reboot with no changes.
Purpose: Apply bug fixes.
Impact: Low
Affected: WiFi services.
Purpose: Downtime for SaaS migration
Impact: Down for 3 days.
Affected: Everyone
Purpose: To update / patch inside.marshall.edu and others as well as MyMU
Impact: Services will be unavailable while patches are being applied.
Affected: -----
Purpose: Changing the underlying authentication process from straight CAS to include Azure with MFA requirements.
Impact: This will require a redeployment of the following applications, Banner Admin Pages, Application Navigator, Banner Work Flow and Banner Document Management.
Affected: During this multi-part re-deployment those services will be unavailable.
Purpose: We will be migrating from our on-premises Barracuda SPAM appliances to Barracuda Cloud ESS for email spam protection. Modification to our marshall.edu MX record will be done during our normal Sunday morning maintenance window (5/19/2019) starting at 6AM. We anticipate little to no impact from this change. The current Barracuda appliance will remain functional on-site to continue processing marshall.edu email until the MX record change fully propagates through the internet. This change will affect incoming email to the marshall.edu domain.
Impact: We anticipate little to no impact from this change. The current Barracuda appliance will remain functional on-site to continue processing marshall.edu email until the MX record change fully propagates through the internet.
Affected: This change will affect incoming email to the marshall.edu domain.
Purpose: We are upgrading the Compellent Firmware to version 7.3.11
Impact: This is described by the vendor as a non-intrusive update as there are no disk firmware updates in scope; disk firmware updates require full downtime.
Affected: With the redundant nature of the Compellent, there will only be service degradation notices from vMWare and the FS8600, but no outages.
Purpose: The Astra Schedule environment will be upgraded.
Impact: Astra Schedule will be unavailable between 8AM and 10AM on Friday, May 17th 2019.
Affected: This will only affect Astra Schedule (https://www.aaiscloud.com/MarshallU). Users will be unable to request events and admins will be unable to approve/view events. Calendars will also be unavailable.
Purpose: Fix the defect CR-000166519, After applying Banner Financial Aid 9.3.13, READI20 and REAOR20 are missing. Banner Financial Aid Patch 9.3.13.1.1
Impact: Will require Banner Admin Pages to be re-deployed.
Affected: Full outage of the Banner Admin pages during re-deployment process.
Purpose: Need to take inside.marshall.edu (MUSP13) offline to perform drive maintenance to repair some corruption to D drive.
Impact: Sharepoint access will be disrupted during maintenance.
Affected: -----
Purpose: Upgrade the production Quest KACE SMA server to the latest version - 9.1.317
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE administrators and KACE client communication. End users not directly affected. KACE client upgrades will occur on a future date after client tests completed.
Purpose: Apply the following upgrades to Banprod Banner Financial Aid 8.34.1.4 Banner Financial Aid 8.35 Banner Admin Common 9.3.15.4.1 Banner General 8.10.4 Banner Financial Aid 9.3.13.0.3
Impact: Limited Banner availability while upgrades are taking place
Affected: All Banner users
Purpose: The following servers will be rebooted to apply needed kernel patches.
muban9adm01 muban9app01 muban9api01 mugrid02 mueaapex01 muentapps04 mudworksdb-new bannerxe00 bannerxe04 muesm01 muesm02 mueis01
Impact: The affected systems will experience brief downtime during the reboot. None of them should take more than a few minutes to complete.
Affected: muban9adm01 muban9app01 muban9api01 mugrid02 mueaapex01 muentapps04 mudworksdb-new bannerxe00 bannerxe04 muesm01 muesm02 mueis01
Purpose: Routine maintenance plugin updates
Impact: None
Affected: None
Purpose: To replace our aging syslog software and accompanying OS with a current OS and more flexible log collection software.
Impact: During the transition from the old server to the new, there may be a brief loss of log entries as syslog traffic starts flowing to the new server. We anticipate a loss of no more than a few minutes worth of lost log data. We will be transferring the IP address for the current musysapps server to the new, so no configuration changes should be necessary on clients currently sending logs.
Affected: This will affect any systems that are currently configured to send log data to musysapps.
Purpose: Provide regular software and systems patches.
Impact: Regular patches and OS updates will be applied to the listed linux servers. These systems will experience a brief outage of a few minutes as reboots occur to apply new kernels.
The systems: mufilebox shibboleth mutime01 mutime02 mutime03 mudnsa mudnsb mudns3 mucups mucups-hp lists musas03 musas04 mugit04 mucvgraph webwork nagpra mubioinfo htseq
Affected: mufilebox shibboleth mutime01 mutime02 mutime03 mudnsa mudnsb mudns3 mucups mucups-hp lists musas03 musas04 mugit04 mucvgraph webwork nagpra mubioinfo htseq
Purpose: To resolve account lockout issues and NDMP backup issues
Impact: Shares may be disrupted for up to 30 seconds each occurrence
Affected: Departmental shares
Purpose: Correct high CPU due to software defect
Impact: High
Affected: All networked services in Drinko Library for < 10 mins.
Purpose: In response to TIC-11530 we will be updating our WAC configuration for Exchange 2013 and Exchange 2016. An Office Online Server (OOS) will be created and installed which is the successor to Office Web Apps Server (OWAS). The global configuration for Exchange governing the WAC server will be blanked out. Configuration will be set at the mailbox server level while we are in 2013/2016 coexistence. Exchange 2016 servers will be pointed at OOS while Exchange 2013 servers will be pointed at the already existing OWAS server. muexchwac will be moved to a new IP and a NAT will be created to address off-premise 2013-hosted users being unable to view attachments.
Impact: LOW
Affected: OWA
Purpose: Purpose: Disable the SSL offloading configuration for on-prem Exchange in order to prepare the environment to enable OAUTH/HMA between O365 and Exchange. This is a prerequisite for that. This is also an attempt to resolve a Free/Busy issue.
Impact: MEDIUM
Affected: OWA, MAPI
Impact: MAPI outage during implementation and troubleshooting. Momentary OWA outage when restarting services.
Affected: Outlook clients.
Purpose: The March 2019 Skype for Business Security CU contains a security fix for a spoofing vulnerability. This CU will be applied with routine updates to the SfB environment.
Impact: -----
Affected: Skype for Business servers.
Purpose: Disable the SSL offloading configuration for on-prem Exchange in order to prepare the environment to enable OAUTH/HMA between O365 and Exchange. This is a prerequisite for that. This is also an attempt to resolve a Free/Busy issue.
Impact: MEDIUM
Affected: OWA, MAPI
Purpose: The ITI Systems is enabling OAUTH2 authentication in our Exchange Online tenant. This will enable modern authentication for devices/applications that support it while still falling back to legacy protocols for older devices/apps.
Impact: Minimal impact is expected as this change is not a hard implementation but a advantageous setting; it will apply to only devices/apps that support it.
Affected: -----
Purpose: Visual Form Builder - Pro plugin update to 3.3.9.
Impact: None
Affected: None
Purpose: Disable the SSL offloading configuration for on-prem Exchange in order to prepare the environment to enable OAUTH/HMA between O365 and Exchange. This is a prerequisite for that. This is also an attempt to resolve a Free/Busy issue.
Impact: MEDIUM
Affected: OWA, MAPI
Purpose: This will allow self-service password resets to start working within Office365.
Impact: LOW
Affected: M365,AD
Purpose: Enable Azure AD Identity Protection configuration to require MFA Registration for the group 'IDM-STUDENT_RECENT_24MO' group.
Impact: Students in this AD group will be prompted to complete Azure MFA Registration during their next interaction with Microsoft O365 Cloud Services like Exchange Online, Office365 ProPlus, OneDrive for Business, etc.
Affected: MUNET user accounts who are members of the AD group 'IDM-STUDENT_RECENT_24MO' . http://www.marshall.edu/it/mfa/
Purpose: To apply the latest patch to the SharePoint environment
Impact: inside.marshall.edu and sister sites will be down for the duration of the update
Affected: -----
Purpose: Changing the other 400 level error pages so that they appear more "professional" and less whimsical in their context
Impact: gateway.marshall.edu (Gateway) has 2 other pages that need changed so the CAS service running on Gateway and the applications dependent thereon will be affected. mucas02.marshall.edu (Banner) has 3 pages that will need to be changed and updated.
Affected: Gateway, ADFS, Blackboard, Banner
Was without power from early morning yesterday till round 5pm.
Will reschedule changes to these pages to the next change window.
Purpose: Summary of Work to be performed: One of OARnet’s service partners, AEP is performing maintenance within their network resulting in an impact to OARnet clients. We have determined that one or more of your circuits will be impacted by this maintenance. You will see a loss of service on this circuit for the duration of the work. We expect the outage to last 7 hours and will occur during the maintenance window 11 PM to 6 AM.
Risk Assessment during OARnet maintenance window: 1 = Minimal traffic loss risk (up to one minute outage possible) 2 = Moderate traffic loss risk (2 to 5 minute outage possible) 3 = High traffic loss risk (6 to 15 minute outage possible) X 4 = Extreme high traffic loss risk (16 minutes or longer outage possible).
Impact: Low
Affected: Internet services (possible).
All services will fail over the backup OarNet connection.
Purpose: This change request is to upgrade MUAdminTS from Server 2012 to Server 2016.
Impact: Terminal services on MUAdminTS
Affected: IT employees, IT service providers, and ATI.
Purpose: Dell Copilot has identified an issue with ESXi 6.7 U1 and the Compellent. The issue is that during a controller failover on the Compellent, VMWare may encounter an APD (all paths down) scenario with virtual machines that have raw device mappings (RDM). As we have several VMs with RDMs, it is strongly advised that we implement the fix described here: https://kb.vmware.com/s/article/67006
This change will take effect upon reboot of the ESX host. Due to the redundant nature of the vSphere environment, no services should be impacted as each ESX host will be rebooted one at a time.
Impact: LOW
Affected: vSphere
Purpose: To sync user S/MIME certificate data with O365
Impact: LOW
Affected: Microsoft 365
Purpose: We are reviewing options for a replacement firewall and will be putting in place a Cisco 4120 FTD appliance in place of our existing ASA firewall.
Impact: Medium - High
Affected: Internet services, VPN, remote access.
Purpose: Update firmware and apply Microsoft Teams license to the SBC at the School of Medicine
Impact: None - Low
Affected: Voice routing. The redundancy of the system should reroute any calls if the system should fail. We are already running this firmware in Huntington and South Charleston without issue.
Purpose: To move the production database to a new Linux server.
Impact: Minimal, site should have virtually not downtime, but no updates will be preserved after 12am the night/morning before under migration is complete.
Affected: University Site
Purpose: Replace self-signed certificate on vCenter with an InCommon certificate
Impact: LOW
Affected: vSphere orchestration.
Purpose: Software update to give us enhanced threat analysis data from the router to Stealthwatch.
Impact: Low
Affected: Internet services.
No expected outage due to the redundancy of the system. We are currently running this software on our standby system in Prichard Hall without any issues.
Purpose: Microsoft has released CU22 for Exchange 2013 on February 12. In order to maintain the N-1 compliance, we need to upgrade the 2013 environment from CU 21 to CU 22.
Impact: Low
Affected: Exchange Mail
Purpose: Upgrade existing production servers to Exchange 2016 to continue the migration of user mailboxes from 2013 to 2016
Impact: Low
Affected: Exchange Mail and any services hardcoded to use MUEXCH01,MUEXCH02, or MUEXCH06 internally or externally.
Purpose: We need to modify the SPF record for marshall.edu to add spf.protection.outlook.com since we are starting the move of marshall email accounts to Office 365 and mail destined to external locations may fail SPF checks.
Impact: LOW
Affected: Mail
Purpose: gateway.marshall.edu will be undergoing maintenance in order to update the 404 error message that is displayed.
Impact: gateway is under go several restarts and services running on this server will experience downtime during this change.
Affected: Gateway, Blackboard.
Purpose: Apply Exchange 2016 CU 12 to all Exchange 2016 mailbox servers in the environment.
Impact: Low
Affected: Exchange mail
Purpose: Routine maintenance updates for WordPress and active plugins
Impact: None
Affected: None
Purpose: Changing a database parameter.
Impact: During restart database is unavailable.
Affected: Users and applications using Banner will not have access during this restart.
Purpose: To install Skype for Business Server 2015 January 2019 CU. v6.0.93193537 https://support.microsoft.com/en-us/help/4464355/january-2019-cumulative-update-6-0-9319-537-for-skype-for-business-ser
Impact: redundant nature of the SfB environment should minimize any potential service outage.
Affected: polycom sfb client response groups UM
Purpose: To update the firmware on the Nexsan storage array servicing Commvault and passive database copies of exchange 2016. This is to address an iSCSI bug detected last week.
Impact: Backups and restores for Commvault will be unavailable during this time. Additionally, the passive database copy being housed on this will be unavailable. Due the redundant nature of our Exchange environment, email should not be interrupted or adversely affected.
Affected: Commvault
Purpose: To upgrade and patch the SharePoint farm environment.
Impact: myMU will be up and down during the duration of the patching.
Affected: -----
Purpose: Apply latest Oracle Security Patches, and upgrade Banner components
Impact: There will be some downtime during the patching window and again during the deployment process for Banner Applications
Affected: Services and users of Banner Production
Purpose: Migrate SYSVOL from FRS to DFSR per MS documentation and recommendations. This will finalize the conversion.
Impact: AD Sysvol
Affected: All domain controllers
Purpose: Patch FirePower and FireSight manager.
Impact: None
Affected: None expected. Internet access if there are issues with the patch.
Purpose: To remove the PA evaluation unit.
Impact: None
Affected: None
Purpose: Remove a registry key to correct a security vulnerability defined as important by Microsoft. Details: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
Impact: Most likely Low
Affected: Exchange
Purpose: Configuration refresh for Azure Multi-Factor Authentication (MFA) to move from 'Account.ActiveDirectory.WindowsAzure.com' to new Azure AD Identity Protection admin interface.
Impact: Accountholder will receive a 'More information required' dialog during next O365 Cloud Service logon. New config provides a 'Skip for now' option (up to 14 days). Need to click 'Next' to review 'Additional security verification' data. Should not have to re-register a mobile device.
Affected: Approximately 85 Information Technology staff base user and elevated -A admin accounts plus an additional 26 user accounts who were part of the MFA-early-adopter sign-up.
Purpose: To Clone DWTEST db into DWPROD in order to copy the DW Test admin and scribe database to DW Production as per client requirement.
Impact: The Degreeworks Test and Prod DB and apps will be down during the cloning procedure and expected downtime is 6 hours.
Affected: The application services and client tools those rely on Degreeworks Prod database will be down and application services will require restart once cloning is completed and database is back to online.
Purpose: To upgrade the ESX hosts to match the vCenter version of 6.7 U1. This will be a multi-day project.
Impact: Low/Minimal
Affected: Virtual environment. The redundant architecture will prevent service outages
Purpose: MUMobile servers were upgraded from v5.2 to 5.3
Impact: Some MUMobile app features were unavailable for less than one minute while tomcat was restarted.
Affected: -----
Purpose: To apply the latest Oracle Database and OJVM security patches.
Impact: The Degreeworks Prod DB and apps will be down during the oracle patches and expected downtime is 1.5 hours.
Affected: The application services and client tools those rely on Degreeworks Prod database will be unable to connect and application services will require restart once database is back to online.
Purpose: Migrate current ESX hosts to a new vCenter server
Impact: Low. The migration of hosts into the new environment should not result in downtime
Affected: Virtual Environment
Purpose: Extend life of token certificate to avoid portal and dependent service outages
Impact: Medium
Affected: ADFS, CAS, Porta, Adobe Sign, and any service leveraging ADFS
Purpose: We will upgrade our existing 6.0U2 vSphere environment to vSphere 6.7U1. ESXi hosts will be migrated to the new vCenter instance followed by upgrading the individual hosts.
Impact: Low impact
Affected: Virtualization environment serving campus services.
Purpose: To provide browser support for Banner Admin Pages to all browsers. This will change the SSO login for Banner Admin Pages, Banner Document Manager, Banner Workflow and Application Navigator. Additionally, Application Navigator will be restricted to only administrative applications and no longer support Self-Service applications.
Impact: A change to the configuration is required, which in turn requires a redeployment of all of the affected applications.
Affected: Users will not have access to the applications during the redeployment process.
Purpose: Install required patches to address known vulnerabilities.
Impact: Systems will be down briefly while reboots occur to apply updated kernels.
Affected: muban9adm01 mugrid02 muban9app01 mudworksdb-new muban9api01 mudworksapp01 bannerxe04 mueaapex01 mudworksapp02 muesm01 muentapps04 mudworksapp02 biostat nagpra mucups mucups-hp mugit04
Purpose: Replace the aged and EOL syslog server for the ASA, ISE, Barracuda, and other log generators
Impact: Low
Affected: Logs for ASA, ISE, DHCP, Barracuda during the cutover time will be lost and unrecoverable.
Replacement failed. Server was not parsing logs correctly. Will attempt at a later date.
Purpose: To keep in line with Microsoft supported guidance of N-1 for Exchange CUs in a hybrid configuration with Microsoft 365
Impact: Minimal due to the redundant nature of Exchange.
Affected: OWA access and mail flow
Purpose: To disable inactive accounts in Active Directory
Impact: Minimal
Affected: Approximately 11,700 accounts. O365 resources will be delicensed and purged 30 days from disabling. V: drive will be disabled and removed pending deletion at a later date.
Purpose: To stay within best practice and compliance with Microsoft
Impact: Minimal
Affected: Office 365 user and attribute sync.
Purpose: 6 WordPress Plugins required maintenance updates available from developers.
Impact: None
Affected: None
Purpose: Restrict Banner 8 Forms access to only Marshall Custom Forms. Additionally, an issue with mail.marshall.edu and workflow email was identified and a change to outlookweb.marshall.edu needs to be made to ensure all email gets sent and received.
Impact: For forms, most of the delivered forms will no longer be available after the maintenance. For workflow emails should work with out interuption.
Affected: For forms users still using Banner 8 delivered forms will need to migrate to Banner 9. For workflow users will loose access briefly while the re-configured application is deployed.
Purpose: This is to correct a defect with PHAHOUR that is impacting processing times.
Impact: This will fix the defect and a few others as well. This will require a redeployment of Banner 9 Admin Pages.
Affected: Any Banner user actively using Banner 9 Admin Pages during the redeployment process.
Purpose: Apply HR Tax updates for State Income Taxes. Update 259 and 260.
Impact: Does not require downtime so all Banner Services and Applications should be available.
Affected: N/A
Purpose: MUDDPE-FE01 Front End Proxy was updated to version 10.1.0.32 on 1/7/2019.
MUDSMS-VE was upgraded to 10.1.0.32 on 12/21/2018.
Impact: Minor. Dell Data Security Encryption clients were unable to reach the server during the upgrade on 12/21/2018, but encryption services were not affected.
Affected: No end users affected.
Purpose: Upgrades to Banner HR, Position Control, Accounts Receivable, Admin Common and Application Navigator.
Impact: Banner will be unavailable during the upgrade
Affected: Banner users, and applications that rely on Banner.
Purpose: To upgrade the version of PHP on the main webserver
Impact: www.marshall.edu and other smaller sites will be down for the duration of the maintenance
Affected: www.marshall.edu and other smaller sites will be down for the duration of the maintenance
Purpose: To allow Blackboard to update our system to Q2 2018 CU4
Impact: System will be down
Affected: Everyone
Purpose: Move the Banner applications off of Oracle 11g Weblogic and onto Oracle 12c Weblogic. 11g is going to extended support at the end of the year.
Impact: Applications will be unavailable during this move.
Affected: Users of the Banner Event or Banner Recruit Integration Manager applications.
Purpose: Installed Banner Financial Aid Patch pcr-000162070_res8340003, Banner Financial Aid 8.34.1, Banner Financial Aid Patch pcr-000163676_res8340101, Banner Financial Aid 9.3.12.0.1 to keep the Banner Financial Aid module current.
Impact: Financial aid module unavailable during upgrades. Brief connectivity interruptions to Banner9 Admin users during re-deployment of Banner Admin Common between 6 and 6:30PM.
Affected: Users logged into Application Navigator in Banner 9 and Financial aid users.
Purpose: Apply Microsoft Windows Server 2019 license key to the campus key management service (KMS) server MUKMS.
Impact: No negative client impacts reported. MUNET Windows Server 2019 hosts can now activate their licensing against MUKMS.marshall.edu
Affected: IT Infrastructure and Distributed IT teams deploying hosts running Windows Server 2019 OS.
Purpose: Bug fixes. Most importantly AD authentication problems.
Impact: Minor. With redundancy in environment no outages should be experienced.
Affected: Wireless and VPN authentications.
Purpose: Software/vulnerability fixes. One major bug has caused switches to become unresponsive when created a vlan.
Impact: Major
Affected: All internet access will be offline during reload. This should take between 15-20 minutes.
Purpose: Bug and vulnerability fixes.
Impact: Major
Affected: All wireless will be offline while controllers reload.
Purpose: RightFax upgrade from 10.6 Feature Pack 3 Service Release 6 to Service Release 7
Impact: All inbound and outbound faxes on the RightFax platform.
Affected: All inbound and outbound faxes on the RightFax platform.
Purpose: I received a email on 3-Dec that Dixon will be rerouting the power to the Byrd building on 8-Dec beginning at 7:00. During this same time they will be repairing the fiber that was damaged during the excavation of the location of the new graduate housing for pharmacy.
Impact: High
Affected: Power:
Possibilities include all networked services if the generator and UPS's have issues.
Clinics: Douglas, Pediatrics 3rd Avenue.
We will update locations as we investigate fiber paths.
Purpose: To upgrade the PHP version of muwww03
Impact: All university websites under the www subdomain will be temporarily unavailable.
Affected: All university websites under the www subdomain.
Purpose: To apply the latest Oracle Database and OJVM security patches
Impact: The Degreeworks Test DB will be down during the oracle patches and expected downtime is 1.5 hours.
Affected: The application services and client tools those rely on Degreeworks test database will be unable to connect and application services will require restart once database is back to online.
Purpose: Added SFAREGN to the list of objects to ignore in the Application Navigator. This doesn't remove it from Banner Admin Pages just from the main search box.
Impact: Restart required of the application Navigator application.
Affected: Any user logged into application navigator
Purpose: Vendor provided update applied to Quest-KACE Systems Deployment Appliance (aka K2000) to v. 6.1.251 from 6.0.425. For fixes & enhancements, see the KACE Systems Deployment Appliance 6.1 - Release Notes at https://support.quest.com/technical-documents/kace-systems-deployment-appliance/6.1%20common%20documents/release-notes
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. K2000 SDA engineers should check their image workstations are running the latest version of the System Deployment Toolkit and have appropriate version of the 'Windows Assessment and Deployment Toolkit' (WADK) installed. https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Purpose: Change how users will login to these applications. This will allow for integration with Banner 9 Admin Pages. Changes the sign-on process from Oracle account Authentication to SSO via a users munet account.
Impact: This will create a brief outage expected to be less than 1 hour, to change the configuration and restart the services. During the changes and restart both services will be unavailable.
Affected: Any user of either system will not have access during the changes.
Purpose: In preparation for the bulk move of all users to Exchange 2016, migrate all resource mailboxes over to Exchange 2016. A resource mailbox is a mailbox representing a room or piece of equipment.
Impact: Low
Affected: Resource mailboxes and any Outlook client currently connected to them. Users will be prompted to restart Outlook
Purpose: We will be performing system maintenance on the cluster to install software on compute nodes and update configurations.
Impact: The cluster will be unavailable while the modifications are made and service restarts are performed on compute nodes.
Affected: This will affect the ability to run batch jobs on the cluster.
Outcome: Maintenance and configuration changes were completed without issue. Actual downtime during the procedure was 30 minutes. Services were restored at 6:30AM 11/18/2018.
Purpose: Software upgrades to the edge firewall and FIRESight modules to patch a security vulnerability
Impact: None, due to the nature of redundant firewalls
Affected: -----
Purpose: The purpose of this change is allow much more flexibility in our routing rules. We hope to be able to route based on source telephone number, destination telephone number, or a combo of each.
Impact: We are initially going to only apply this change to our Skype for Business outbound connection to the Drinko AudioCodes Session Border Controller. All calls from main campus to destinations external of the Skype for Business platform will be affected.
Affected: All main campus Skype for Business telephones calling to external telephone numbers.
Purpose: replace muRemote with Windows 2016 server. the current muremote has developed a corrupt disk and is in a failing state.
Impact: no users will have access to muRemote during the switch over.
Affected: users who access muremote.
Purpose: Security patches and bug fixes.
Impact: High
Affected: All wireless connectivity will be unavailable during reload.
Purpose: As to further evaluate a new firewall appliance, a physical network connection change has to be made to bring the device inline with our external data flow.
Impact: No direct impact, as to the nature of a secondary firewall. The external data flow will failover to the secondary as the change is made, then traffic will be brought back to the new configured data path at the Primary.
Affected: None
Purpose: This will disable all IMAP and POP protocols on new accounts created after the change. Existing users will not be affected. This will help reduce attack surface area for our accounts.
Impact: None
Affected: All new O365 accounts will no longer have IMAP or POP3 available to them.
Purpose: Restarted Banner Job Submission to change a custom copy process for Financial Aid Job. This restart took about 10 seconds. Additionally, added 200 more JDBC connections to Banner Admin Pages, total available is now 400 JDBC connections, this was a live change and required no restart.
Impact: Job Submission was out for 10 seconds
Affected: Anyone trying to use Job submission during the restart.
Purpose: We will be moving the workflow application during the maintenance window to a new server. This is in preparation for the SSO changes on the following weekend to support the new Banner 9 Admin Pages.
Impact: This move should be brief and consist of approximately 1hr of down time of the workflow application.
Affected: Users of the Banner Workflow application will lose access during this move.
Purpose: To prepare for the changes related to SSO and the new Banner 9 Admin Pages. We will be making configuration changes during the maintenance window to test the setup in Banstage. Because the systems share some components this will make Production unavailable during this time.
Impact: Document Management will be unavailable during this process.
Affected: All users of Banner Document Management will not have access during this downtime.
Purpose: Routine plugin updates by developers.
Impact: None
Affected: None
Purpose: Update the OWA pools on the F5 such that the Exchange 2016 servers are the first to respond to client requests. The Exchange 2013 servers will have their traffic proxied via the 2016 servers. This is for testing an issue with shared and resource mailboxes not loading via OWA for users on a 2016 database.
Impact: Low
Affected: OWA Access
Purpose: Security and bug fixes.
Impact: Low
Affected: Radius authentications for wireless/vpn and guest wireless access.
Purpose: To upgrade KACE agents campus-wide.
Impact: Users not directly impacted, however a new "K" icon will appear in the System Tray in Windows (or Menu bar on Macs) that gives the status of the agent's connection to the KACE Systems Management Appliance. Icon also allows users or IT service providers to force an inventory update or restart the KACE agent service (a.k.a. "konea").
Affected: Marshall-owned workstations with KACE agent installed.
Purpose: Because of increased utilization with Banner 9 and other resources, we need to tune some of the Database parameters to facilitate the increased usage.
Impact: Will cause a brief outage as the database will need to be restarted for the changes to take affect. Should take around 15 min.
Affected: All Banner users and any systems or applications reliant on Banner.
Purpose: To upgrade KACE agents on Drinko staff workstations before deploying campus-wide.
Impact: Users not directly impacted, however a new "K" icon will appear in the System Tray in Windows (or Menu bar on Mac) that gives the status of the agent's connection to the KACE Systems Management Appliance. Icon also allows users or info-tech service providers to force an inventory update or restart the KACE agent service.
Affected: Drinko staff workstations
Purpose: To upgrade the linux time servers to CentOS 7
Impact: Low
Affected: Any system relying upon mutime.marshall.edu for time. Impact should be minimal during the cutover as time is not updated every second on every device.
Purpose: Update the myMU Sharepoint environment security patches.
Impact: myMU will be periodically unavailable as servers come up and go down throughout the upgrade process.
Affected: Anyone who requires access to any mymu webpage.
Purpose: We will be migrating from the current Shibboleth 3.1.2 instance to a newer Shibboleth 3.2.1 to allow integration with the Marshall University ADFS SSO portal.
Impact: Any services that authenticate using the shibboleth service will be unavailable for approximately 5 to 10 minutes while the migration is taking place.
Affected: Tapingo services, Blackboard Transact for Eaccounts, Poll Everywhere services, WVAquavit access, eRezLife, and any other services that authenticate against the Marshall University Shibboleth instance.
Purpose: Installation of kernel and OS patches to update for critical vulnerabilities. Reference Footprints ticket TIC-8288. We will be working in conjunction with the Enterprise Applications group to perform controlled systems reboots to apply the new kernels.
Impact: Production Banner will be unavailable while systems are rebooted.
Affected: The following servers will be impacted: MUINFO7 MUENTAPPS03 MUENTAPPS04
Purpose: To test failover redundancy of the DHCP server
Impact: If the failover is successful no one will be affected due to the redundancy, If the failover is not successful user may experience a short interruption to their network connection as the failover server is manually enabled.
Affected: minimal devices may experience an interruption in network connection.
Purpose: To update the iApp to support ADFS v4
Impact: High
Affected: Office365 and ADFS-integrated sign-on services. These services will be unavailable during this time.
Purpose: Correct the Faculty Attendance tracking link and the Faculty Grade Entry link.
Impact: Short outage for Application Navigator and Banner Admin users.
Affected: Banner 9 Admin Page users.
Purpose: Upgrades to the Financial Aid Banner Administrative Module in Banner 8. Aditionally, applying a Banner Admin Common upgrade to support the new Financial Aid Updates in Banner 9.
Impact: Banner 9 Users will loose access to Admin Pages at some point during the upgrade process for about 15 - 30 minutes
Affected: Financial Aid Administrative Forms users, All Banner 9 Admin Page Users
Purpose: To upgrade the production Quest KACE SMA server to the latest version - 9.0
Impact: Low; KACE clients will not be able to connect/update inventory to the KBox during upgrade. KACE administrators will not have access to the Kbox to deploy software, scripts, or check device inventory.
Affected: KACE admins and KACE client computers. End users not directly affected.
Purpose: Restart required to apply kernel patches
Impact: Banner 8 Financial Aid 11gR2 production forms environment will be unavailable.
Affected: Financial Aid Banner 8 Forms users.
Purpose: Address Vulnerabilities
Impact: Low
Affected: Not Expected
Purpose: Vendor provided update applied to Quest-KACE Systems Deployment Appliance (aka K2000) to v. 6.0.425 from v. 5.1.84. For fixes & enhancements, see the KACE Systems Deployment Appliance 6.0 - Release Notes at https://support.quest.com/technical-documents/kace-systems-deployment-appliance/6.0%20common%20documents/release-notes#TOPIC-944129.
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. K2000 SDA engineers should check their their image workstations are running the latest version of the System Deployment Toolkit and have appropriate version of the 'Windows Assessment and Deployment Toolkit' (WADK) installed. https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Purpose: Move 911 services from static assigned to enhanced 911 services.
Impact: Low to none
Affected: Voice services - 911 dialing
Purpose: Several bug fixes included multiple that have caused an unexpected controller reload.
Impact: High - All wireless connectivity provided by access points joined to this controller pair will be unavailable during reload. This is expected to take no longer than 30 minutes.
Affected: All access points joined to controller pair. This includes all wireless access at Byrd clinical and several remote locations.
Purpose: Vendor provided update applied to Dell Security Management Server Virtual and Front-End Proxy host upgraded from v. 9.11.0.64 to v. 10.0.0.29. For fixes & enhancements, see the Technical Advisories at http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/manuals
Impact: Administrative Console offline while update was applied.
Affected: No end-user services affected. Clients running DDPE Client Agents should upgrade to v. 10.x clients for latest version support.
Purpose: ISE security patches and other resolved caveats.
Impact: Zero to Low
Affected: Possible authentication failures for wireless and VPN. No issues should be seen with redundancy of environment.
Completed with no issue.
Purpose: Reconfigure campus firewall to prevent direct SMTP delivery from EXTERNAL sources to campus Exchange servers. Unauthenticated SMTP delivery should be directed to the servers listed on the Marshall.edu DNS MX record (e.g. Barracuda Spam Firewalls). See IT Support SR-104
Impact: This change is enacted to prevent unsolicited or malicious e-mail from bypassing the Marshall.edu MX servers.
Affected: Unknown: any exceptional use cases or legacy configurations are asked to please contact the Marshall IT Service Desk and open a support request if they believe this configuration change may be affecting their e-mail processes. jbc
Purpose: To add one last temporary Exchange 2016 node to accommodate mass mailbox migrations from 2013 to 2016.
Impact: Mail routing and flow will not be affected. Users using or opening Microsoft Outlook on Marshall's network may see a certificate warning. This is expected behavior with a new Exchange installation. IT Service desk has a work around to resolve that issue should it persist for any affected users. This side-effect should be minimal.
Affected: Exchange/Office365 Hybrid Environment, Outlook clients
Purpose: IT Service Desk is working with several dozen individuals to convert their Adobe Creative Cloud application installs from 'per-device' to 'named-user' licensing mode. License expires 8/27/2018. There is a 30-day grace period until loss of service. See https://www.marshall.edu/it/adobe for details on requesting access for new/upgrade installs.
Impact: Creative Cloud Apps may prompt for reactivation or display in the Creative Cloud Desktop App as 'trial' mode.
Affected: Adobe Creative Cloud for Teams software deployed between Aug-2016 and July-2018 which was activated using 'per-device' licensing.
Purpose: Apply the latest Oracle Database and JVM security patches. Updates to Banner Financial Aid module, which also requires updates to the General and Banner 9 counterparts.
Impact: The Banner database will need to be down during the Oracle patches, as well as a couple of the Banner upgrades. Expectations is for 4 hours of downtime. Other minimal impact of services during other Banner upgrades which should only impact the Banner Web Admin Applications.
Affected: During the first part all services that rely on the Banner Database will be unable to connect. Some services will require a restart once Banner is brought back online. Anyone using Self Service Banner, Internet Native Banner, Banner Admin Pages, Workflow, Recruit, MUBert etc. will be unable to connect with Banner in the early hours of the morning.
Purpose: The ITI Systems Team will upgrade the ADFS Farm Behavior Level to the maximum supported by ADFS on current Windows Server Environment. This will allow further controls for security and additional features we can leverage in the future.
Impact: There is little impact as this process doesn't take ADFS offline and the DBs for ADFS are backed up and new ones are created for the new version of the farm, thus allowing for a roll back, should it be required.
Affected: No users have been negatively affected by this. This did change the PSSO lifetime from 60480 mins to 129600 mins. The device usage window was also increased from 7 to 14 days.
Purpose: 8 WordPress Plugins had required updates available.
Impact: None
Affected: None
Purpose: Returning Hardware to Vendor
Impact: None
Affected: Nothing
Purpose: To stay within Microsoft's mandate of N-1 in a Hybrid environment
Impact: Exchange mail flow may be delayed or disrupted during upgrades
Affected: All Exchange mailboxes and mail routing
Purpose: To ensure our SfB environment stays at current release.
Impact: Potential phone outage during server failover. (<1 minute)
Affected: Polycom phones and SfB clients
Purpose: This is to upgrade our DHCP services currently hosted on Windows Server 2012R2 to be migrated to Windows Server 2016. This is to fix a current bug we are experiencing that is not allowing some scopes to create reservations.
Impact: There is a chance that devices that receive their IP address dynamically will have to query the server to get a new IP address, this may cause brief disconnects to wireless clients.
Affected: Clients connected to the network.
Purpose: Upgrade existing 1G circuit to 10G with a 3G UNI
Impact: Remote campus WAN connectivity - voice, data and video.
Affected: Remote campuses on the Frontier network: South Charleston, Gilbert Harless Center, MOVC - Pt. Pleasant, RCBI-Bridgeport, Spring Valley Medical Education Building and MUSOM Family Med Lavalette, WV.
Purpose: To upgrade Nexsan firmware. Support believes this will provide a fix for the outage sustained on 26 August thru 27 August
Impact: Commvault will be unavailable during the upgrade as a precautionary measure
Affected: Commvault
Purpose: Correct some software defects and bring Twin Towers East up to the software standard.
Impact: High
Affected: All voice, video and data services.
Purpose: To correct a software defect in the data center switch software that is causing data loss in the redundant switch.
Impact: 0 - High
Affected: If all goes well no outages will occur. It the maintenance goes wrong it would impact all services coming out of the Drinko data center.
The standby switch has been completed. Scheduling the primary to complete the process.
Purpose: Resolve an issue with VLAN 11
Impact: High
Affected: All voice, video and data communications.
Completed. Everything is working as expected.
Purpose: To correct an issue with the switching hardware that services the 2nd and 3rd floors.
Impact: High
Affected: All voice, video and data services.
Purpose: To apply needed OS patches to linux systems.
Impact: There will be a brief outage on the listed systems as they are rebooted to apply updated kernels.
Affected: The following servers will be affected:
mudworksapp01 mudworksapp02 nagpra mubioinfo bannerxe04 muentapps04x muentapps03x muinfo7x mugrid02 mueaapex01 muban9adm01x muban9api01x muban9app01x muban9adm01 muban9api01 muban9app01 muesm01 mudworksdb-new
Purpose: WordPress update to Version 4.9.8
Impact: None
Affected: None
Purpose: BRIM will be upgraded to version 2.3 from version 2.2.0.2.
Impact: BRIM integration will be down for approximately five minutes.
Affected: Approx. 15 admissions users
Purpose: To complete the migration to 2016 native
Impact: -----
Affected: -----
Purpose: Annual maintenance, correct software defects, and move to a recommended software release.
Impact: All networked services.
Affected: Internet, voice, and video.
Purpose: At 8pm the ITI Systems team began controlled failover reboots of the Skype for Business front end servers in order to resync the Response Group services across the cluster. Due to the redundant nature of the environment services should not have been affected. The rolling reboots were completed by 8:30p and all services have been restored. If any issues are discovered, please report it to the IT Service desk.
Impact: -----
Affected: -----
Purpose: Cleanup and optimization of SharePoint enviroment
Impact: SharePoint services, (inside, sharepoint, etc) will be unavailable.
Affected: -----
Purpose: Preventative maintenance and software defects
Impact: Major
Affected: All data center services
Purpose: Preventative maintenance and encryption update.
Impact: Major
Affected: Network Wired Network WiFi Banner Services Data Center Telephones Marshall Health and SoM
Purpose: This maintenance will move MUDC04 and MUDC06 to Windows Server 2016.
Impact: Minimal impact will be seen during the process since AD is a redundant service.
Affected: -----
Purpose: Need to replace the expiring wildcard certificate.
Impact: Minimal
Affected: -----
Purpose: Preventative maintenance and software defects.
Impact: Due to the redundancy in the network design there will be minimal impact to internet traffic.
Affected: Internet services O365 Blackboard VPN
Purpose: The SSL/TLS certs on Skype for Business will expire soon. This will replace the certs with current ones and also introduces additional Subject Alternate Names for the SBAs.
Impact: Minimal impact; this will involve a rolling restart of services on Skype for Business.
Affected: -----
Purpose: This is to move MUDC01 from Server 2012 to Windows Server 2016.
Impact: This will have minimal impact during the time. The redundant nature of Active Directory and the timing of the update minimizes any issues that a user would encounter during the syncing of the new MUDC01.
Affected: This affects all users on the Marshall domain, but is invisible to them as well.
Purpose: This update was to get the Compellent to the next stable release of code. It enables additional features we could leverage as well. The update took the system from 6.7.40 to 7.2.31.
Impact: There was no systems impact during this update. The update utilizes the fail over capacity of the SAN to perform the update in a non-interruptive manner.
Affected: No other systems were affected by this update.
Purpose: UI update, standardization, and software defects
Impact: Minor
Affected: Polycom VVX 60x series phones.
*Rescheduled for April the 29th
Purpose: To provide security updates as recommended by Tenable via Systems.
Impact: Minor downtime while server is being patched.
Affected: All Inside.marshall.edu and SharePoint.marshall.edu sites will be unavailable during the updates.
The ITI Systems Team has successfully applied the March 2018 SfB Cumulative Update to the University Skype for Business Server 2015 environment. Due to the redundant design of the SfB environment, services should not have been impacted. The version changes were:
Description Updated Version Previous Version Core Components 6.0.9319.516 6.0.9319.510 Core Runtime 64-bit 6.0.9319.516 6.0.9319.510 Mediation Server 6.0.9319.514 6.0.9319.272 Skype for Business Server 2015 6.0.9319.516 6.0.9319.510 Conferencing Server 6.0.9319.514 6.0.9319.503 Web Components Server 6.0.9319.516 6.0.9319.510 XMPP Translating Gateway 6.0.9319.516 6.0.9319.0
Impact: -----
Affected: -----
The ITI Systems team has performed a reorganization of the LcsCDR and QoEMetrics database indexes on the primary Skype for Business database server. This reorganization was required due to exceptionally high index fragmentation. The reorg took approximately 15 minutes to complete and didn’t affect SfB services.
Impact: -----
Affected: -----
Purpose: At 10pm the ITI Systems Team performed a rolling restart of the “Skype for Business Server Response Group” service on each of the front end nodes in the University SfB environment. There was a 30 second outage of response group services on each server during the reboot. All services are fully restored.
Impact: 30 second outage of Response Group services.
Affected: Skype for Business Environment