With most of the physical moves of offices and servers behind us, it is time to do some virtual moves (and upgrades) of servers.
As many of you may not know, many of our important services run on virtual machines (mail, web servers, home disk, login servers etc), and these virtual machines run on a cluster of old computers that are still in the Oort building.
A set of new host computers has been installed in the new server room, and we will one by one create new virtual machines on these servers, and switch over the services. This inevitably will result in some downtime, especially in cases where the virtual machine serves a lot of data that has to be copied.
Here is a brief summary of the virtual moves that we have scheduled so far:
We have a setup in place that will switch over all computers to using the new disks. Most running software will not get disrupted, but we haven't tested this with all software, so it might be possible that some programs running from one of these disks will be disrupted.
This migration will be quick, probably just a few minutes downtime, but existing ssh sessions (and tunnels) will be interrupted.
For logging in, two sets of servers are in use: LDAP, which holds the database of user accounts, and the IDP servers that handle the logins and two-factor authentication on local websites (such as webmail and intranet). Switching the LDAP servers should be quick, just a few minutes. There are two LDAP servers so we will make sure that one is running at all times. To be sure the database is in a consistent state, password changes will not be possible around this time. Switching the IDP servers may affect existing login sessions on websites, so it might be that users get logged out from webmail or intranet during this switch. Existing login sessions on desktops or through ssh will not be affected, and logging in on desktops will work normally.
Unfortunately, ssh logins were not working properly with the new servers; this is being debugged and a new migration date will be planned.
This day we will switch over our websites, including project sites hosted here. These websites may be down for ~ 15 minutes. Nothing else will be affected by this change.
Open connections to the VPN will be disrupted. Downtime will be short, and reconnecting your VPN afterwards will be easy, without changes required on clients.
For logging in, two sets of servers are in use: LDAP, which holds the database of user accounts, and the IDP servers that handle the logins and two-factor authentication on local websites (such as webmail and intranet). Switching the LDAP servers should be quick, just a few minutes. There are two LDAP servers so we will make sure that one is running at all times. To be sure the database is in a consistent state, password changes will not be possible around this time.
This is the most disruptive change. Logging in will not work without the home disk, and existing sessions may give errors or get stuck. So it is recommended to close applications and save your open files before this migration. It will probably be prudent to log out as well.
A new IL mail server has been prepared. During this switch, e-mail will temporarily not be available, estimated time ~ 30 minutes. Incoming mail will be delayed but will arrive once the new server is operational.
During this change, connections for reserved licenses will be disrupted (eg IDL, Mathematica)
We will send reminders the day before we are moving one of the services.
If you have any questions, do not hesitate to contact us at helpdesk@strw.leidenuniv.nl.
—