azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-06-24 13:59:29

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-24 13:59:29
This commit is contained in:
Howard Enos
2026-06-24 13:59:58 -07:00
parent be2ae8b07e
commit 855a67d612
4 changed files with 369 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
clients/cascades-tucson/docs/proposals/2026-technology-plan-review.md
View File

@@ -1,5 +1,12 @@
# Cascades of Tucson - Technology Plan Review
> **[SUPERSEDED 2026-06-24]** This first-pass draft predates the 2026-06-24 wiki recompile and
> contains stale facts (CS-SERVER "RAID critical" -> actually HEALTHY; 48.75 hrs/0 tickets ->
> 48.25 hrs/6 tickets; no Helpany sensors). **Use instead:**
> - Client deliverable: `cascades-technology-plan-2026-06-24.pdf` (+ `.html` source) - polished, current.
> - Internal execution plan: `../REMAINING-WORK-PLAN.md` (canonical 7-workstream plan).
> Kept for history only.
> Prepared for the planning meeting requested by Ashley Jensen (week of 2026-06-23 / 2026-06-30).
> Organized to Ashley's exact agenda: for each area we cover **Current state -> Gaps -> Action steps -> Timeline -> Priority**.
> Prepared by ACG (Az Computer Guru). Source of truth: `wiki/clients/cascades-tucson.md` (compiled 2026-06-23) + live systems.

360
clients/cascades-tucson/docs/proposals/cascades-technology-plan-2026-06-24.html Normal file
View File

@@ -0,0 +1,360 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Cascades of Tucson — Technology Plan Review</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@500;600;700&family=Lexend:wght@300;400;500;600&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
<style>
:root{
--paper:#F7F3EB; --surface:#EDE6D9; --surface-2:#E4DACA;
--ink:#2A2521; --ink-2:#5A5148; --ink-3:#6D6456;
--accent:#F2922E; --accent-ink:#BD5A00; --on-accent:#2A2521;
--good:#4F7A3F; --good-ink:#3C6230;
--rule:rgba(90,81,72,0.18); --rule-strong:rgba(90,81,72,0.34);
--f-display:"Barlow Condensed","Arial Narrow",system-ui,sans-serif;
--f-body:"Lexend",system-ui,-apple-system,"Segoe UI",Roboto,sans-serif;
--f-mono:"JetBrains Mono",ui-monospace,"Cascadia Mono",Consolas,monospace;
}
*{box-sizing:border-box;}
html,body{margin:0;padding:0;}
body{
font-family:var(--f-body); font-weight:400; color:var(--ink);
background:var(--paper); font-size:10.2px; line-height:1.5;
-webkit-font-smoothing:antialiased; text-rendering:optimizeLegibility;
-webkit-print-color-adjust:exact; print-color-adjust:exact;
}
.sheet{ max-width:760px; margin:0 auto; padding:22px 30px 26px; }
/* ---- Masthead ---- */
.mast{ display:flex; justify-content:space-between; align-items:flex-end;
padding-bottom:10px; border-bottom:2px solid var(--ink); }
.brand__name{ font-family:var(--f-display); font-weight:700; font-size:20px;
letter-spacing:.02em; line-height:1; color:var(--ink); }
.brand__name b{ color:var(--accent-ink); font-weight:700; }
.brand__tag{ font-family:var(--f-mono); font-size:7.6px; letter-spacing:.26em;
text-transform:uppercase; color:var(--ink-3); margin-top:6px; }
.mast__meta{ font-family:var(--f-mono); font-size:7.6px; letter-spacing:.06em;
color:var(--ink-3); text-align:right; line-height:1.7; }
.mast__meta b{ color:var(--ink); font-weight:600; }
/* ---- Title block ---- */
.titleblock{ margin:15px 0 4px; }
.titleblock .eyebrow{ font-family:var(--f-mono); font-size:8px; letter-spacing:.24em;
text-transform:uppercase; color:var(--accent-ink); }
h1{ font-family:var(--f-display); font-weight:600; font-size:31px; line-height:1.0;
margin:6px 0 0; letter-spacing:.005em; }
.lede{ max-width:64ch; color:var(--ink-2); font-size:10.2px; margin:8px 0 0; }
/* ---- Priorities ---- */
.band-label{ font-family:var(--f-mono); font-size:8px; letter-spacing:.22em;
text-transform:uppercase; color:var(--ink-3); margin:16px 0 6px;
padding-bottom:5px; border-bottom:1px solid var(--rule-strong); }
.prio{ display:grid; grid-template-columns:auto 1fr; column-gap:14px; }
.prio__row{ display:contents; }
.prio__n{ font-family:var(--f-mono); font-weight:600; font-size:11px;
color:var(--accent-ink); padding:7px 0; }
.prio__txt{ padding:7px 0; border-bottom:1px solid var(--rule); }
.prio__row:last-child .prio__txt{ border-bottom:0; }
.prio__txt b{ font-family:var(--f-display); font-weight:600; font-size:13px;
letter-spacing:.01em; color:var(--ink); display:block; line-height:1.1; }
.prio__txt span{ color:var(--ink-2); }
/* ---- Areas ---- */
.areas{ margin-top:8px; }
.area{ padding:10px 0 9px; border-top:1px solid var(--rule);
break-inside:avoid; page-break-inside:avoid; }
.area__head{ display:flex; align-items:baseline; gap:11px; }
.area__no{ font-family:var(--f-mono); font-weight:600; font-size:9.5px;
color:var(--ink-3); width:18px; flex:none; }
.area__title{ font-family:var(--f-display); font-weight:600; font-size:17px;
line-height:1; letter-spacing:.01em; margin:0; flex:1 1 auto; }
.pill{ font-family:var(--f-mono); font-size:7.2px; font-weight:600; letter-spacing:.12em;
text-transform:uppercase; padding:3px 8px; border-radius:2px; white-space:nowrap;
border:1px solid var(--rule-strong); color:var(--ink-2); background:var(--surface); }
.pill--good{ color:var(--good-ink); border-color:rgba(79,122,63,.4); background:rgba(79,122,63,.10); }
.pill--warn{ color:var(--accent-ink); border-color:rgba(189,90,0,.38); background:rgba(242,146,46,.12); }
.pill--plain{ color:var(--ink-2); }
.grid{ display:grid; grid-template-columns:1fr 1fr; gap:2px 26px; margin:7px 0 0 29px; }
.field{ padding:2px 0; }
.field--wide{ grid-column:1 / -1; }
.field__label{ font-family:var(--f-mono); font-size:7.2px; letter-spacing:.16em;
text-transform:uppercase; color:var(--ink-3); display:block; margin-bottom:2px; }
.field--gaps .field__label{ color:var(--accent-ink); }
.field p{ margin:0; color:var(--ink-2); font-size:9.6px; line-height:1.46; }
.field p b{ color:var(--ink); font-weight:600; }
.when{ font-family:var(--f-mono); font-size:8.6px; color:var(--ink); font-weight:500; }
/* ---- Footer ---- */
.foot{ margin-top:15px; padding-top:10px; border-top:2px solid var(--ink);
display:flex; justify-content:space-between; align-items:flex-end; gap:20px; }
.foot__note{ font-size:8.6px; color:var(--ink-3); max-width:54ch; line-height:1.5; }
.foot__balance{ text-align:right; font-family:var(--f-mono); flex:none; }
.foot__balance .k{ font-size:7.4px; letter-spacing:.18em; text-transform:uppercase; color:var(--ink-3); }
.foot__balance .v{ font-size:15px; font-weight:600; color:var(--accent-ink);
font-variant-numeric:tabular-nums; margin-top:2px; }
@page{ size:Letter; margin:13mm 14mm; }
@media print{ .sheet{ padding:0; max-width:none; } body{ font-size:10px; } }
</style>
</head>
<body>
<div class="sheet">
<header class="mast">
<div>
<div class="brand__name">Az Computer <b>Guru</b></div>
<div class="brand__tag">Managed IT &amp; Security · Tucson · Since 2001</div>
</div>
<div class="mast__meta">
Prepared for &nbsp;<b>Ashley Jensen</b><br>
Cascades of Tucson · Business Office<br>
Review date &nbsp;<b>June 24, 2026</b>
</div>
</header>
<div class="titleblock">
<div class="eyebrow">Technology Plan Review</div>
<h1>Where Cascades stands, and what comes next</h1>
<p class="lede">A plain-language summary across the eight areas you asked to review: where each
stands today, the open gaps, the action we will take, and when. The headline: the core
systems are stable and backups are now verified, so the focus shifts from fixing risk to
finishing the modernization already underway.</p>
</div>
<div class="band-label">Priorities, in order</div>
<div class="prio">
<div class="prio__row"><div class="prio__n">P1</div><div class="prio__txt">
<b>Protect resident data (HIPAA)</b>
<span>Finish the caregiver sign-in lockdown and switch on file-access audit logging on the resident-data share.</span>
</div></div>
<div class="prio__row"><div class="prio__n">P2</div><div class="prio__txt">
<b>Complete security coverage</b>
<span>Bring every device, including the main server, under managed antivirus and remove the previous provider's leftover software.</span>
</div></div>
<div class="prio__row"><div class="prio__n">P3</div><div class="prio__txt">
<b>Server reliability &amp; backup</b>
<span>Backups are verified running. Restore the server's redundant power, install the SSDs already purchased, and plan the eventual server replacement.</span>
</div></div>
<div class="prio__row"><div class="prio__n">P4</div><div class="prio__txt">
<b>Microsoft 365 licensing</b>
<span>Move 31 users onto the correct, current license before the suspended one lapses. Time sensitive.</span>
</div></div>
<div class="prio__row"><div class="prio__n">P5</div><div class="prio__txt">
<b>Phones &amp; Wi-Fi</b>
<span>Put the phones and the new resident-safety sensors on a dedicated, clean 5&nbsp;GHz network for reliable calls.</span>
</div></div>
<div class="prio__row"><div class="prio__n">P6</div><div class="prio__txt">
<b>Looking ahead</b>
<span>Set a practical AI use policy and build the reporting dashboard you requested.</span>
</div></div>
</div>
<div class="band-label">The eight areas</div>
<div class="areas">
<section class="area">
<div class="area__head">
<span class="area__no">01</span>
<h2 class="area__title">Hardware &amp; Software</h2>
<span class="pill pill--plain">Stable · planned upgrades</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Core systems are stable. A live hardware check on June 24 confirmed the main server is
<b>healthy with all drives online and backups running</b> (an earlier alarm turned out to be a
self-corrected glitch). Microsoft 365 and the managed network are in place, and 12 staff PCs
are already migrated onto the managed domain.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>The server is aging and currently running on <b>one working power supply</b> (its backup
supply needs service). Several PCs run Windows Home and cannot join the managed domain until
upgraded to Pro; a few are end-of-life. <b>31 users sit on a Microsoft license that has been
suspended.</b></p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Restore the second power supply; install the enterprise SSDs already on hand during a
planned window; upgrade Home PCs to Pro and finish the migration; replace end-of-life PCs.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Licensing now · upgrades near-term · server replacement a future project to scope together.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">02</span>
<h2 class="area__title">Communication Technology</h2>
<span class="pill pill--good">On track</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Email runs on Microsoft 365 with full sender authentication protecting your domain from
spoofing. All 37 phone devices are consolidated onto a dedicated, isolated voice network, and
a June Wi-Fi tune-up <b>roughly halved wireless retransmissions</b> building-wide.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>Some wireless handsets still attach to the congested 2.4&nbsp;GHz band, causing occasional
dropped calls. The phone vendor confirmed the handsets cannot be pinned to a band one by one.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Stand up a clean, dedicated 5&nbsp;GHz "device" network for the phones and safety sensors,
which both vendors move their equipment onto remotely.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Per-room coverage check next on-site visit · vendor switch-over shortly after.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">03</span>
<h2 class="area__title">Security for Sensitive Data</h2>
<span class="pill pill--warn">Strong · gaps closing</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>A modern, identity-based protection system is largely live. Caregiver accounts work
<b>only on-site and only on approved devices</b>, so a stolen caregiver password is useless
elsewhere. Office and clinical staff use multi-factor sign-in off-site, the clinical system
(ALIS) uses single sign-on, and shared caregiver PCs auto-lock and sign out for privacy.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>File-access audit logging on the resident-data share is not yet switched on, and the
long-term audit-retention storage is approved but not built. Emergency "break-glass" admin
accounts and the signed agreement (BAA) with the clinical vendor still need finalizing.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Enable audit logging and stand up retention storage (90 days live, 6 years archived);
create break-glass accounts with security keys; confirm the ALIS agreement; complete the
caregiver lockdown one device at a time.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Audit logging and caregiver go-live are the immediate priority (P1).</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">04</span>
<h2 class="area__title">Services Purchased or Contracted</h2>
<span class="pill pill--plain">Inventoried</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Your technology vendors are inventoried: Microsoft 365, ALIS (clinical records), Vertical
(phones), Cox (internet, fiber plus a backup line), MSP360 (cloud backup), Bitdefender
(security), and your business applications (QuickBooks, Bill.com, Relias, You've Got Leads,
TELS, Focus HR, Helpany, POS).</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>The clinical-vendor business-associate agreement needs verifying, and there is no single
calendar tracking renewals and agreements.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Verify the ALIS agreement and build a one-page renewal and agreement tracker so nothing
lapses unnoticed.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Near-term, low effort.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">05</span>
<h2 class="area__title">Assistive Technology</h2>
<span class="pill pill--good">In rollout</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Cascades is rolling out Helpany "Paul" resident-safety sensors: ceiling-mounted radar
devices that detect falls and motion. They use <b>radar only, with no camera and no
microphone</b>, so resident privacy is fully preserved. Roll-out is floor by floor (floors 1
and 2 first). The clinical system and caregiver app round out the resident-facing technology.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>The sensors currently share Wi-Fi with other equipment; they belong on the dedicated,
isolated device network described under Communication Technology.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Move the sensors onto the new 5&nbsp;GHz device network (the vendor transitions them
remotely) and continue the floor-by-floor roll-out. If "assistive technology" should also cover
nurse-call or accessibility systems, we will fold those in.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Folded into the Wi-Fi device-network work above.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">06</span>
<h2 class="area__title">Disaster Recovery &amp; Continuity</h2>
<span class="pill pill--plain">Improved</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Cloud backup is now running and <b>verified on June 24</b>: the last backup succeeded, about
576&nbsp;GB is protected off-site, and daily changes are captured. This closed a long-standing
gap. June's planned power outage was handled with a clean, scripted shutdown and a verified
recovery, proving the procedure works.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>We need to confirm the backup is a full <b>system image</b> (not files alone) so the server
could be rebuilt quickly after a total failure. The facility still relies on a single primary
server, so there is no automatic failover yet.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Confirm or extend backups to full-image, run a test restore, document a written recovery
plan with target recovery times, and add server redundancy with the modernization project.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Backup confirmation and test restore near-term · redundancy with the server project.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">07</span>
<h2 class="area__title">Malware Prevention &amp; Virus Protection</h2>
<span class="pill pill--warn">Needs consolidation</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>Managed antivirus (Bitdefender) protects endpoints, with Microsoft Defender and email
filtering guarding inboxes.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>Coverage is not yet universal. Notably the <b>main server is not under managed antivirus</b>,
and leftover software from the previous IT provider is still installed and should be removed.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Enroll the main server and all remaining PCs into managed antivirus, remove the previous
provider's leftover agents, and run a coverage audit so every device reports in.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Near-term · exact coverage numbers confirmed before the meeting.</span></p></div>
</div>
</section>
<section class="area">
<div class="area__head">
<span class="area__no">08</span>
<h2 class="area__title">Use of AI</h2>
<span class="pill pill--plain">Opportunity · policy first</span>
</div>
<div class="grid">
<div class="field field--wide"><span class="field__label">Where it stands</span>
<p>No AI system is in production at Cascades today. The nearest active item is the reporting
(KPI) dashboard you requested, which will pull key numbers from ALIS, QuickBooks, Bill.com and
others into a single view.</p></div>
<div class="field field--gaps"><span class="field__label">Gaps</span>
<p>There is no staff policy yet for using public AI tools, which is a data-privacy risk in a
healthcare setting.</p></div>
<div class="field"><span class="field__label">Our plan</span>
<p>Draft a short, practical AI acceptable-use policy first; then evaluate Microsoft 365 Copilot
with healthcare safeguards; and advance the reporting dashboard as the sanctioned path.</p></div>
<div class="field"><span class="field__label">Timeline</span>
<p><span class="when">Policy is quick · dashboard proceeds once you confirm the first key metrics.</span></p></div>
</div>
</section>
</div>
<footer class="foot">
<div class="foot__note">
Prepared by Az Computer Guru for the Cascades of Tucson technology planning review.
This document summarizes current state and planned work and is confidential to Cascades of Tucson.
</div>
<div class="foot__balance">
<div class="k">Prepaid support balance</div>
<div class="v">48.25 hrs</div>
<div class="k" style="margin-top:4px;letter-spacing:.1em;">as of Jun 24, 2026</div>
</div>
</footer>
</div>
</body>
</html>

BIN
clients/cascades-tucson/docs/proposals/cascades-technology-plan-2026-06-24.pdf Normal file
View File

Binary file not shown.

3
wiki/clients/cascades-tucson.md
View File

@@ -351,8 +351,9 @@ Cascades' line-of-business / reporting SaaS (the systems they pull data OUT of,
- **`svc-scan`** = dedicated AD service account (CN=Users, PasswordNeverExpires, CannotChangePassword) for the Brother's SMB auth. Vault: `clients/cascades-tucson/svc-scan.sops.yaml`.
- **REUSE `svc-scan` for EVERY future scanner->network-folder setup at Cascades** (Howard, 2026-06-09) -- do NOT create a per-printer/per-folder scan account.
- **Brother MFC-L8900CDW "Business Office" printer (10.0.20.220) -- Scan-to-Network profile (working 2026-06-09):** Network Folder Path `\\192.168.2.254\AcctDept\Scans`; **Auth Method NTLMv2** (not Auto/Kerberos -- printer can't KDC across VLAN); Username `cascades\svc-scan`; PDF Multi-Page.
- **[NETWORK] CS-SERVER cannot reach the VLAN-20 printers** -- main-LAN `192.168.2.x` -> VLAN 20 `10.0.20.x` is blocked at pfSense. Use a VLAN-20 PC's browser or go onsite. The reverse (printer -> CS-SERVER:445) **is** open.
- **[CORRECTED 2026-06-24, live] CS-SERVER CAN reach VLAN 20 -- server-hosted printing to VLAN-20 printers works.** CS-SERVER routes to `10.0.20.0/24` via the default gateway (pfSense `192.168.0.1`) and **pings the VLAN-20 gateway `10.0.20.1` fine**. The VLAN-20 print queues already on the server (Business Office/AcctDept Brother L8900CDW `10.0.20.220`, Memory Care Reception Epson `10.0.20.78`, Life Enrichment Canon `10.0.20.94`) print through it. **Caveat:** the printers often **don't answer ICMP ping when asleep** (and 9100 may show closed while idle) -- that is NOT a firewall block; a real print job wakes them. (Supersedes the earlier "main-LAN -> VLAN 20 blocked at pfSense" note, which was a stale/over-broad reading -- likely the printer being asleep or a since-changed rule. The printer's web-UI config from CS-SERVER may still be hit-or-miss when the device is idle; use a VLAN-20 PC if the GUI won't load.)
- **Persistent drive maps to `\\cs-server\AcctDept`:** Chris (DESKTOP-N5G1ROO) Y:, Zachary (ACCT2-PC) Y:, Lauren (DESKTOP-H6QHRR7) X:.
- **`\\CS-SERVER\BusinessOffice` (Business Office - Brother L8900CDW, `10.0.20.220`) = the "Accounting Assistant" printer in room 101** -- one physical L8900CDW, already a shared print queue on CS-SERVER. Attached to Chris Knight's PC (DESKTOP-N5G1ROO) 2026-06-24. Do NOT create a duplicate "Accounting Assistant Printer" queue -- it's this one.
- **Executive restricted share (built 2026-06-24, ticket #32193):** `D:\Shares\Executive` on CS-SERVER, shared as **`\\cs-server\Executive`**; inheritance broken; SYSTEM / BUILTIN\Administrators = Full; `CASCADES\Ashley.Jensen` + `CASCADES\Meredith.Kuhn` = Modify (no Everyone); share-access limited to the same two + Admins. Mapped persistent `E:` on DESKTOP-U2DHAP0 (Ashley) and ASSISTMAN-PC (Meredith), RW-verified. NOTE: clients reach CS-SERVER SMB at **192.168.2.248** (registered DNS / Ethernet idx16), NOT the .254 Hyper-V vEthernet NIC -- the `phase3-pre-join-verify.ps1` hardcodes .254 and should be updated. RMM dispatch gotcha: build UNC from `[char]92` (heredoc+jq eats `\\`->`\`); surface a remotely-mapped drive in the user's running Explorer with `SHChangeNotify(SHCNE_DRIVEADD)` in their session.
### Synology NAS (cascadesDS) / Shared File Access