- iSchool Tech Services will provision the virtual machine for you, and will be responsible for the infrastructure (networking, storage, patching, VM snapshot backup/restoration)
- Users are primarily responsible for the installation and maintenance of custom applications. Tech services will provide support on a "best-effort" basis.
- Security updates will be applied regularly, which may require a reboot of the server or services. If your server needs to maintain constant uptime, reach out to Tech Services for more options.
- Systems/services exposed on the public network are subject to routine vulnerability scans; users are expected to mitigate any detected vulnerabilities in their custom applications.
- If any security issue cannot be directly addressed (i.e. patched, vulnerable service disabled) the system must be moved onto an isolated network and accessed:
- On a university "device tunnel" VPN (staff/faculty university-managed devices)
- Remotely, through a two-factor-protected "jump server" (RDS)
- From a university research lab system (10.230.84.0/24)
- By default, VM's are hosted on an internal, private network. Services are exposed to the internet as needed via Nginx reverse proxy
- Custom domain names and SSL certificates can be provided by Tech Services upon request
- It should also be noted that the environment hosting the Virtual Machines is not highly-available. There will be occasional outages for maintenance and upgrades. Also, if there is an outage to the main SU environment, the research computing environment will be shut down and resources will be made available for the main SU environment. If your server or application requires constant uptime, please reach out to technology services to coordinate a plan.
|