From the KnowledgeBase

Title:
OIT Virtual and Server Hosting: Description of services offered
Synopsis:
Departmental servers, either physical or Virtual Machines (VMs), can be hosted in the University's data centers. These data center are secure, environmentally controlled, and have state-of-the-art main and backup power systems. Departments may have OIT administer the server's operating system, and provide monitoring for performance and uptime. Or, they may choose to manage the servers themselves. Departmental applications, databases, and web sites are always managed and administered by the department, not by OIT.


Solution:

Since few departments now require physical servers, this document outlines the choices a department needs to consider when deciding whether to manage their own virtual servers, or to have OIT do it. It then describes procedures for requesting a server.

If you need a physical server managed by OIT, there are a few more decisions involved; please contact Bob Stango (8-6216) for more information. If you are looking to manage your own physical server in an OIT data center contact Matt Petty (258-6323).


OIT Hosting and Administration Service for Virtual Servers (Windows and Linux)

Virtual Server hosting includes design, setup, and system administration of a virtual server installed on the University’s VMWare ESX infrastructure. There is no annual cost to a department for a virtual host on the ESX infrastructure. A basic virtual server (running either Windows or Linux) is provided with one 3GHz CPU, 2GB RAM and up to 100GB of disk space.

Virtual servers save a department the costs associated with hardware and hardware maintenance. Using virtual servers also allows a department to repurpose floor space for other uses. Virtual servers, however, may not be suitable for applications that continuously require all server resources allocated, have high disk IO, or have high network bandwidth requirements. If you are not certain, discuss your needs with OIT first.

System administration services (OS installation and configuration) can be provided by OIT, or a department's system administrator can manage the server OS.

With either option, department staff will be responsible for configuring and maintaining applications, to ensure their security, availability, and usability.

When the department chooses to have OIT manage their virtual server, OIT will be responsible for:

  • Setup and configuration of server operating system following security best practices
  • Maintenance and monitoring of server operating systems to ensure availability and operating system level security
  • Patching the operating system on a quarterly (linux) or monthly (Windows) basis
  • Server availability 24x7 except during scheduled server outages for maintenance and scheduled network outages
  • Notification via OIT's Change Management system about any scheduled maintenance of hardware, software or network
  • Troubleshooting and response for operating system level outages at any time
  • Quarterly vulnerability scan of the server and remediation of OS issues discovered

The department is responsible for:

  • Installation, maintenance, support and security of Applications and Data
  • Following the administrator/root guidelines [ExternalLink1], if this level of access is required
  • Remediation of application security vulnerabilities discovered by OIT’s security scans

New OIT virtual server requests:

When a new server is requested for the OIT Virtual Hosting Service, the expected turnaround time is two weeks from the date that OIT has all the necessary information needed to perform the setup.

If installation or management of an application requires root (linux) or administrator (Windows) access, OIT systems staff members work with the department to provide the appropriate level of access. Current policy requires a service account, not a personal NetID, to be used for secure privileged access. It is the responsibility of the department applications support staff to acquire the service account, and to properly install, configure and maintain the application(s) on the server.

See the University Security Policy http://www.princeton.edu/itsecurity/policies/ for further information.

Use this form to apply for a service account:

Please review the guidelines before submitting a request for a server. Copies of the local administrator/root guidelines can be found at:

The OPM system is used to track each request, and one form/one OPM ticket per server should be created using the appropriate form:

Please provide all information requested; if you are not certain, please contact Bob Stango (258-6216 or bstango@princeton.edu) and discuss it with him.


Department-managed Server Hosting

Departments can choose to administer their virtual servers on the OIT VMWare infrastructure. OIT will provide a "blank" virtual machine with no operating system. There is no annual cost to departments for a virtual host on the ESX infrastructure.

OIT security architecture requires that a department-managed server be placed on one of two special subnets reserved for departmentally managed servers: Butterflynet (world accessible) and Mosquitonet (campus access only).

The department is responsible for:

  • all operating system and application installation, maintenance, support and data security, including any antivirus and backup software
  • remediation of security vulnerabilities discovered by OIT’s periodic scans

OIT is responsible for:

  • Creation of a blank virtual machine, without operating system, for the department to set up and manage
  • Notification via OIT's Change Management system about any scheduled maintenance of hardware, software or network
  • Providing access to client software (Windows-based) to manage the virtual server
  • To request a blank virtual server use this form:
  • “Blank” VM

Processing of new server requests:

When a new server is requested for the Virtual Hosting Service, the expected turnaround time to get the operational server back to the customer for application setup is two weeks from the date that we have all of the necessary information needed to perform the setup. The OPM system is used to track each request, and one form/one OPM ticket per server should be created using the request forms. Please provide all information requested; if you are not certain, please contact Bob Stango (258-6216 or bstango@princeton.edu) and discuss it with him.


Operating Systems and Platforms Supported

OIT systems administrators have expertise in the following server platforms and operating systems:

  • Oracle Enterprise (Red hat), level 6 & 7
  • Windows Server 2008R2 (Mainstream EOL 1/13/15) & Windows Server 2012R2
  • Computing platforms: Dell PowerEdge servers, physical or virtual equivalent

Networking and Network Maintenance

  • By default, virtual servers will be attached to firewall subnets managed by OIT. If you have special networking needs (such as load balancing, multiple interfaces, etc.) please discuss your needs with OIT before placing a request.
  • From time to time, OIT is required to perform network maintenance for the core network infrastructure. These outages are scheduled during standardized outage times: 5:00 a.m. - 7:00 a.m. Tuesday / Thursday or 6:00 a.m. - 10:00 a.m. Saturday. Outages are announced with as much lead time as possible, but always with at least one week notice. In an emergency situation, one week of lead time may be impossible to achieve. (Such an outage requires OIT director-level approval.)

Disaster Recovery

  • If the main data center experiences a catastrophic outage, OIT's DR plans call for production virtual servers to be restored within six hours at a second data center location.

More Information

  • For further information or any questions, please contact Bob Stango at 258-6216 or email bstango@princeton.edu.

Last Updated:
August 13, 2015

Solution ID:
9656