Server Provisioning, Hosting and Remote Access Policy
- Duguay, Gerard
- Guo, Chiyao (Deactivated)
- Former user (Deleted)
- Meier, Josh
Introduction
Server Provisioning and Hosting Policy
Computer and Information Systems offers campus departments a secure and managed hosted-server environment for essential business and academic services. CIS's Infrastructure Systems Team is tasked with provisioning and managing servers on behalf of the University. While many of the hosted servers are fully funded as part of normal campus operations, campus departments will occasionally have additional server/application needs above and beyond baseline operations. In such instances, departments may choose to work with CIS and take advantage of our managed server offerings. CIS's hosting services include design requirements consultation, server platform (OS) administration and support, network routing and firewall segmentation, alerting and performance monitoring and local server-image backups. This Server Provisioning Policy sets forth the procedures, guidelines, rates and responsibilities involve in this managed service platform. Â
Table of Contents
Effective Date: May 1, 2019
Overview
The Infrastructure Systems Team presently manages over 280 servers within a secure, on-premises virtual environment. Server hosting is provided to University schools and departments on an as-needed, fee-for-services basis. The following describes the responsibilities and considerations associated with CIS hosting servers for individual campus schools and departments.
Hosting Options and Tiers
On Premises, Virtual Hosting: CIS provides IaaS hosting services in our virtual environment. The following annual fee schedule applies to virtual environments. These fees involve rates for competitively priced resources, plus a standard $200 service charge for CIS management, plus $80 for CyberReason EDR licensing (required).
- Small Linux or Windows Server: $350+$200+$80 (1-2CPU, 4GB RAM, 500GB Storage, on-premises backups)
- Medium Linux or Windows Server: $500+$200 +$80 (2-4CPU, 8GB RAM, 1TB Storage, on-premises backups)
- Large Linux or Windows: $850(+) +$200 +$80Â (>4CPU, >8GB RAM, >1TB Storage, on-premises backups)
Additional expenses:
- Storage per 50 GB: $25
- Database management and administration: Requirements, licensing and rates to be determined on a case-by-case basis.
On-Premises, Dedicated Server Hosting:Â CIS may also provide/host servers on physical, dedicated hardware, depending on the department's needs. This service requires that the sponsoring department pay for the actual cost of server hardware, maintenance, licensing and life cycle upgrades. CIS will provide operating system installation, patch management, upgrades and support, and machine performance monitoring. Our default lifecycle expectation for dedicated server hardware is 4 years, after which time the server will need to be replaced by the sponsoring department.
- CIS charges $200/server/year to manage dedicated physical servers over four year lifecycle. The CyberReason EDR ($80) is also required for dedicated servers.
Managed Cloud Hosting: CIS also offers managed, cloud-hosted services through either Microsoft Azure or Amazon Web Services. Managed services include storage and compute provisioning, operating system installation, patch management, upgrades and support, performance monitoring and secure VPN connectivity. The sponsoring department is responsible for application installation and support unless alternative support agreements are arranged with CIS. Monthly charge back to the department/school for cloud-hosted, CIS-managed services will be 120% of the actual hosting expenses. (CIS adds a 20% markup for our managed services offering.)
Additional Service and Fees:Â
- Application or database management and administration: Requirements and rates to be determined on a case-by-case basis.
- Systems integration: Programming and interface programming services are also offered by CIS;Â rates to be determined on a case-by-case basis.
Additional Considerations
Backup and Retention Requirements
The default option for hosted-server backups of virtual instances includes the replication and storage of local image/VMs per our normal backup cycle. Presently, server backups are taken nightly with a limited retention period. Our default backup option for hosted servers does not include off-premises archiving for disaster recovery or business continuity (DR/BC). Â
- Off-premises backups are provided on a case-by-case basis, with CIS rates being 120% of then current cloud-storage rates.
Identity and Accounts Management, Directory Synchronization
By default, servers hosted and managed by CIS will be part of the campus Active Directory domain. CIS maintains responsibility for the server and operating system; the department or school (or third party) is responsible for applications running on the hosted server.Â
Servers that need to be managed apart from the campus Active Directory domain require additional layers of identify and access management. Specific provisions for non-domain machines will be handled on a case-by-case basis.Â
Network Segmentation, Firewalling and Options for DNS, DCHP
Requirements for isolation of hosted servers, either at the network or firewall layer, as well as options for DNS and DHCP will be based on server/application requirements and agreed to in design prior to server provisioning. Presently there are no additional charges for network infrastructure services and firewall configurations for on-campus hosted services.Â
Third-Party Managed Applications and Vendor Remote Access
Third Parties may manage the applications hosted on local servers on an as-needed basis as arranged by the sponsoring department and CIS. Third parties may also attain permission to manage campus-hosted devices from off campus if necessary to maintain the proper functionality of the resource. In such instances, CIS manages the OS and the third-party provider manages the application. Access to the server by third party will require VPN connectivity which will be enabled for specific intervals as arranged in advance: CIS does not permit always-on, off-campus initiated connections to servers, network appliances, or other devices and resources not managed by CIS. Additional requirements may be at play with third-party managed applications. Whenever possible, such arrangements should be specified and addressed prior to product procurement.
Logging and Alerting
Performance monitoring, alerting and log retention are provided by CIS in accordance to our standard systems-monitoring service expectations.Â
Duration and Periodic Review
Hosted servers are not considered perpetual resources: they are subject to annual review and re-commitment, preferably within the normal university budget cycle.
- Fees quoted here are subject to change; please inquire for the most up-to-date hosting rates and information.
Servers Covered and Not Covered:
Please note: This policy does not cover major server/applications such as Banner and Tableau; it only focuses on server resources requested by individual departments and schools. Major server/application initiatives are managed via CIS's formal Project Intake process. Specific aspects of server hosting and management for each of these major resources are discussed and detailed as part of the formal project intake charter.Â