About this requirement
Date of last update:
04/15/2024Requirement Statement
- The Cyber Risk Mitigation Responsibilities Policy (IT-28) requires the use central UITS facilities (eg. the Intelligent Infrastructure, web hosting facilities like Webserve, UITS Research Technologies systems) "to the greatest extent practicable". To remain in compliance with this policy, the College of Arts + Sciences is committed to fully utilizing these facilities. Central College servers that are serving a broad user base, are hosting any sensitive institutional data, are critical to the operations of the unit, or are hosting public-facing services will be hosted on central UITS servers, if possible.
In many cases, these UITS facilities are available at no cost to the users so there are few impediments to adoption. In the case of virtual machines (VMs) hosted in the Intelligent Infrastructure (II), the cost is a significant factor. Funding for VMs providing school-wide services will come from the general College IT budget. In many cases the cost for research project VMs in II will be paid from the researcher funding (eg. grants and startup funds). However, the College recognizes the need to augment grant funds for research projects that may not have direct grant funding.
Exceptions to Requirement
Due to the unique computing requirements within the College of Arts + Sciences, there are a number of use cases where the Intelligent Infrastructure (II) or other central UITS services are not well suited. Examples of such cases include:
- Projects with specific hardware requirements (eg.specific CPU instruction set support)
- Resource needs exceeding the capacity of II (large memory, high CPU core counts, large storage needs)
- Grants specifically requiring the purchase of physical hardware
In such cases, services may be hosted on physical servers or on CITRIS-managed virtual machine services can be established per Cyber Risk Mitigation Responsibilities Policy (IT-28) Policy Statement, Section 2b, with the approval of the Leader for College IT Research, Infrastructure, and Support (CITRIS).
Procedures
- In cases where physical servers are required, these servers will be located either at the UITS Data Center or in the secure College server room facility. The College facility must restricted access, have UPS power backup, and temperature monitoring. However, all servers hosting any sensitive institutional data will be housed either in II or the UITS Data Center and not in a College IT facility or any insecure College location.
- Physical servers will be purchased with a 5 year manufacturer warranty with a response time of either 4 hours for critical path systems or Next Business Day (NBD) for less critical research systems. At the end of the original 5 year warranty, the option to extend the warranty will be offered to the system owner. Systems that go out of warranty will be serviced either by College staff or 3rd party vendors with parts and service costs to be paid by the system owner.
- The setup and configuration of new VMs or physical servers will be tracked via the Server Setup Procedure and Checklists (Pending Content).