It’s that time of year again, when we all give thanks. Me? I’m thankful for a number of things, including having such a wonderful group of coworkers to work with and support, that I get to spend these holidays with my family, and that my Airpods survived a trip through the washing machine. I’ll let you all decide on if that’s an honest sorting. But enough with that, on with the ever-so-important announcements.
Legacy Computing Environment Retirement Timeline
As mentioned last month, with the addition of a GCE Jenkins server, we now enter the final stages of retiring the old legacy MCS environment, which has been supplanted by the General Computing Environment (GCE). You can find more about GCE in our documentation, including links to past talks and presentations. We’ve also got documentation on migrating from Legacy to GCE. When we close for the holiday break on Dec 23 we will be turning off all remaining legacy compute nodes. Specifically, compute001.mcs.anl.gov, compute002.mcs.anl.gov, and compute004.mcs.anl.gov. We have already turned off the very old stomp, thwomp, and octopus after this past weekend’s power work. Later in January, these compute nodes will be brought online as new compute servers in GCE.
After December 23, there will be no compute nodes left in Legacy. The “login” nodes will remain active to allow people to migrate their data from Legacy to GCE. However, we plan to turn off the Legacy login nodes by March 1, 2022. Prior to that date, we will also reach out to anyone using a desktop linux workstation in Legacy and schedule a migration to GCE.
By April 30, 2022, we intend to have no user-facing elements of Legacy active. This includes workstations, compute nodes, xgitlab.mcs.anl.gov, press3.mcs.anl.gov, Trac/SVN servers (including repocafe). By the end of April, we plan to retire the existing Legacy authentication servers. This is approximately 1.5 years later than intended, but apparently this whole global pandemic thing threw a real wrench into the works. Go figure.
If you haven’t already, you really need to start using the GCE and make sure you’re able to do your work there. If there are software packages missing, or things not working as you’d expect, reach out to us at [email protected] and we’ll work with you to get it right. If you find documentation that doesn’t seem right, please let us know and we’ll get that fixed up as well.
I’ll have more reminders on this timeline, as well as address any necessary changes, but as it stands now the important dates are
- Dec 23, 2021: Legacy compute nodes retired
- March 1, 2022: Legacy login nodes retired (no more access to Legacy home filesystems)
- April 30, 2022: Legacy computing environment retired. Completely.
Due to a security fix on the lab’s Windows-based print servers, the way macOS computers print to it has changed. For the machines we manage or jointly manage, we’ve fixed this for you already. There’s also a “Convert SMB Print Queues to LPD” package available in Self Service, in case for some reason our proactive fix didn’t address this for you. For those of you without self service, we’ve updated our Printing from macOS docs with the new instructions.
For Linux users, the old Legacy print server (treekiller/treeslaughterer) has been retired. The new print server is printers-240.cels.anl.gov, and updated instructions on printing from linux are in our documentation collection.
Changing or adding a phone to your MFA profile
It’s the time of year when people tend to upgrade phones. And that’s when they discover that their old phone was their key to logging in via MFA using the many multifactor authentication apps at our disposal. So here are some tips on how to make this go more smoothly for you.
If you have both phones at once, that’s the easiest and best. You can add a new device to your Microsoft 365 account at https://aka.ms/mfasetup. You can (and should) have multiple options for that MFA. I have my phone, two tablets, SMS and voice options set up on mine, which means I can lose a device and not be out of luck. If you use another authenticator for your Microsoft 365 account, please bear in mind many of these do not back up your Time-based One Time Password (TOTP) codes and you’ll need to generate new ones. Some apps which do backup and sync the codes include Authy, LastPass, and 1Password. In any case, if you have multiple methods for MFA configured, you stand a much better chance of not getting locked out of your account. I highly recommend it.
If you use Duo Authenticator for JLSE or CELS account access, you can similarly add new devices. Duo does not support an SMS backup option, however. But if you’ve got a tablet or a second smart phone (or even an iPod touch – yes, you can still buy them) it can be a nice backup option.
If you are now in the future instead of being stuck in the past like us, and have already ditched your phone in favor of the new fancy shmancy one, you may be wondering what your options are if you didn’t have a backup method to get in. Well, fear not, we’ve got you covered. It’s not a self service option, but we can certainly help. For help with MFA for Microsoft 365 (aka Office 365, aka Outlook), you’ll need to contact the BIS Service Desk (630-252-9999). For a lost Duo authenticator, CELS Systems has got you covered, just let us know at [email protected] or 630-252-6813.