Terms and Conditions (2016)
The Clinical School Computing Service (CSCS) provides managed and unmanaged server hosting, whereby a virtual or physical private server is hosted in CSCS’s server room on behalf of the customer. This hosting ensures that a server has both resilient power and cooling and is located in a secure, controlled environment. We will advise whether a virtual or physical server will best suit and there is a choice between either an unmanaged service (the customer is responsible for all system maintenance and backup) or a managed service (CSCS will perform all routine operating system maintenance, as well as backup to an offsite location).
With both unmanaged and managed hosting of both physical and virtual servers the customer is responsible for installing, configuring and maintaining additional applications; although assistance with set-up can be arranged for an hourly charge.
1. Virtual Server Hosting
Virtual servers are a popular choice. A virtual machine (VM) is a software implementation of a server that emulates a real server. Since servers tend not to be busy 100% of the time, many virtual servers can run on a single physical server, which saves on space, power and cooling requirements. Virtual Servers are suitable for the majority of non-intensive workloads, e.g. web server, file server and small to medium databases that do not perform extensive computational work.
Using a virtual server is often preferable to physical servers due to:
- Improved reliability – virtual servers don’t suffer hardware failures, and in the event of host hardware failure, a virtual server can be easily moved to another physical server, minimising downtime.
- Lower cost as the infrastructure is shared amongst many virtual machines
- Improved disaster recovery – a virtual sever can easily be restored from backup.
- Simplified licensing – all virtual servers running on CSCS hardware are automatically licensed to run Windows Server (although you may still run an alternative OS if you wish).
A standard virtual machine comes with the following hardware configuration:
- 2 x CPU cores (Intel Xeon)
- 4 GB RAM
- 50GB Virtual Hard Disk for the Operating System (OS) (offsite mirrored)
- Single network connection
CSCS can customise the virtual hardware to meet your requirements, including adding additional CPU, RAM or storage. These options will be available in the application form on our website. Changes to virtual hardware can usually be applied quickly and in many cases without disrupting the operation of the virtual machine.
Virtual servers are provided with the operating system (OS) installed, patched and configured to communicate on the network. During the creation of the virtual server you will be able to choose from a selection of OS that CSCS currently recommend. Alternative OS may be used assuming compatibility with the underlying hypervisor. CSCS can offer advice on a suitable OS for your intended use.
CSCS require that all operating systems installed are currently under vendor support for security patches.
If you choose to have a Microsoft Windows Server operating system, then the license for the operating system is included.
CSCS recommends the use of virtual servers in all cases except:
- Where processor or I/O (input/output operations on a physical disk) intensive applications are used e.g. High Performance Compute Clusters (HPCs).
- Where large quantities of RAM are required
- In rare occasions where third party software manufacturers do not support their application on a VM
- When the machine requires a connection to a physical device, such as a USB license key
If you are unsure whether a virtual server is suitable for your needs, then CSCS can discuss your intended use with you and offer advice on solutions.
2. Physical Server Hosting (Rack Rental)
In Physical Hosting (sometimes called “rack rental”), space is offered in our racks for you to locate and operate your own equipment. Physical Hosting space is sold in Rack Units, a standard measurement for server, storage and networking equipment. All available racks are 42U in height and they are provided with power distribution and blanking panels. For users with larger volumes of equipment we also offer discounted rates for the rental of whole or half racks.
CSCS maintain a list of all equipment that is hosted in the server room. Details of equipment that is installed under this agreement must be supplied to CSCS and CSCS must be notified in writing of any changes to the hosted equipment. The following information is required:
- Make and Model
- Serial Number
- Equipment height in U
We will also record the rack number and position of the equipment. If you are renting either a half or whole rack you will need to inform us what equipment is in each rack position.
These costs are designed for devices with medium power requirements such as file storage, webservers and backup devices. There will be a supplement for devices with a high power draw such as HPC nodes or large disk arrays. We will discuss the power requirements of your equipment with you before any hosting agreement starts and we will inform you if there will be an extra charge.
CSCS can offer in addition to the physical hosting service a number of supplementary services, including:
- Quoting, ordering and physical installation of equipment
- Single or twin Gigabit network connection including cables (additional network connections can be added charged at the standard network rate, please discuss this with CSCS during ordering of your server).
- Installation and configuration of the operating system
- 10GbE network connectivity. The customer would need to cover the cost of all components required to connect to the CSCS network
3. Managed or Unmanaged Servers
Both physical and virtual server hosting can be provided with either a managed or unmanaged option:
A low cost, basic service for customers who want to manage their own server. This service provides a customer with a new virtual server with the operating system installed and network connectivity. Named users will be given full administrative rights or root access and a method of accessing the server for administration. All other configuration, administration and securing of the server will be the responsibility of the administrators.
This service is for customers that have a suitably technically capable person to administer, manage and secure the server. CSCS will require there to be a nominated administrator for all unmanaged machines. Should CSCS determine that the server is not being suitably managed, for example but not limited to, the timely application of security updates, mitigation of vulnerabilities, or sufficient access controls being applied, then they will contact the nominated administrators to try and resolve the issues. As a last resort if suitable remedial actions are not taken, then CSCS reserve the right to assume management of the server and levy charges accordingly.
CSCS take a nightly snapshot of all virtual servers and retain the last 7 snapshots. These snapshots can be restored on request, however CSCS cannot guarantee the consistency of any snapshots. In all cases we would recommend that the customer implement a suitable backup regime for the critical data held on the server. Snapshots are replicated to an offsite location.
CSCS can offer advice and work with you should problems occur but CSCS cannot offer day to day management on the server OS or any application. Additional help or support will be charged at CSCS standard hourly rate
This service only applies to virtual servers, however we do offer a rack rental service for hosting physical servers that do not require management by CSCS.
A more comprehensive service where CSCS is responsible for configuration, support and maintenance of your server. It is suitable for customers who want to pass the day to day running and configuration of the server to CSCS staff.
CSCS will ensure that the operating system is running, correctly configured and that security patches are applied in a timely manner.
Although we can work with you to install applications and configure the server to meet your needs, CSCS are unable to provide support for applications that are installed on the server. We can however work with you and software vendors to resolve issues if required.
CSCS will provide a full system backup of your server. This is defined as your operating system and boot volumes where applicable (i.e. C:\ drive for Windows, / and /boot for Linux, but not including other mounted file systems). We will provide 7 days of backups of your system, with these backups stored in an offsite location for redundancy purposes. Please note that this backup policy does not include secondary data drives or application drives if they are present, which should be backed up separately by you if needed. CSCS can offer more flexible backups including longer retention periods, inclusion of additional volumes or more frequent backups if required, however these customisations may incur additional charges. Please contact CSCS to discuss your requirements. If you are unsure if your data is being protected, please contact CSCS to discuss the backup configuration applied to your system.
4. CSCS Server Quoting and Setup Charges
CSCS can offer you advice on the types of server that will meet your requirements. These initial discussions to identify whether a virtual of physical server is the most appropriate solution are provided free of charge.
If a virtual server is required then it will be deployed and a basic configuration including the operating system, updates and network connection applied. There is no charge for the deployment of a virtual server.
If you require a physical server then CSCS can work with you to create a custom quote to match your service hardware and cost requirements. The process of determining the specification and providing you with a quote is charged at our standard hourly rate, and typically we find that 1 hour is sufficient. Once the equipment has arrived, if you are going to use our physical hosting service we will install the hardware into the racks for you.
If you are going to be using our Managed Service on the new hardware, then we will install and configure the operating system, updates and network connections as per your requirements.
If your server requires advanced configuration, or you require us to install applications beyond the basic operating system then an additional hourly charge may be applied. CSCS will always advise you of any charges that are likely to be incurred before starting any work.
5. Secure Data Hosting Service (SDHS)
CSCS offers a Secure Data Hosting Service (SDHS) providing a Safe Haven for members of the School to store sensitive data, including Patient Identifiable Data (PID). It is managed by CSCS in collaboration with the School Research Governance Officer.
Customers who require the ability to process data within the Safe Haven can apply for physical or virtual servers to be contained within this area. In order to meet the requirements of our data security policy all servers and systems contained within the Safe Haven must be managed by CSCS.
Access to the SDHS is provided using two factor authentication through a Citrix environment and is subject to the SDHS Security Policy. For more information and access to these policy documents please refer to the Information Governance page on the School’s website.
6. Network Connections, External Access and Firewall Configuration
The purpose of a server is to provide a service or resource to a selection of users. In order to make those resources available to the right people network access will be required.
CSCS have a number of different networks in operation, many with specific purposes. Servers can be configured on most of our networks depending on what is required. Most servers and equipment will be connected to our standard internal network which allows access for all internal users, but is not directly accessible from the internet. Other options include a DMZ, the SDHS or a specific departmental network. We will discuss with you the options before commencing configuration of your server.
CSCS can allow servers hosted in our standard network to be accessed via the internet if required. For standard web access using HTTP (TCP 80) or HTTPS (TCP 443) we are able to publish the website through our web proxy appliances which offer a level of protection by scanning incoming web traffic.
Other external access may be able to be configured in special circumstances. Each request will be evaluated by the CSCS team on a case by case basis. Our default position is that we will not open ports on the firewall to allow direct access to a server. A variety of remote access solutions, including a VPN service, are provided by CSCS which you can use to access your system from outside of the CSCS network if required.
All requests for access both in to and out from the SDHS will be evaluated by the CSCS team on a case by case basis. By default there is no direct access to any systems held within the SDHS. All exceptions will require justification and will need to be reviewed by the CSCS team in conjunction with the School Research Governance Officer to assess the risks.
7. CSCS Server Hosting – Service Level Agreement (SLA)
This section of this document details the Service Level Agreement that CSCS sets for hosting physical or virtual server/hardware within the Clinical School Server Rooms. It is not intended as a guarantee and it should not be taken as such. However, CSCS will always endeavour to abide by this where possible.
- CSCS Server rooms will be physically secured at all times
- Will provide a temperature controlled environment
- Will provide suitable power supply, backed up by a UPS
- Will provide an effective fire suppression system
7.2 Physical Equipment Hosting
- CSCS will provide suitable equipment racks, power distribution, network patch leads and blanking panels.
- Rack rails/brackets for equipment are to be provided by the customer. If rails are not available, then equipment is to be located on a rack shelf. Any costs for supply of rack rails or shelves shall be covered by the customer.
- Blanking panels must be installed in all empty rack spaces to facilitate correct air flow.
- Customers are to provide CSCS with details of the equipment to be hosted and must notify CSCS of any changes in the equipment to be hosted.
- Charges will be levied for each full or partial rack unit (U) space occupied by the customer equipment and any rack accessories required to support the customer equipment.
- Access into CSCS Server Rooms will be provided during normal working hours (8:30am - 5:00pm, Mon – Fri). We request 24 hours’ notice for access, although we appreciate that in some circumstances this is not always possible. Access must be requested by means of a form on our website (https://cscs.medschl.cam.ac.uk/server-services/main-server-room-msr/)
- Access into CSCS Server Rooms outside of working hours can be arranged with CSCS. An extra charge will be applicable to cover staff charges calculated at 1.5 x the current hourly rate for each hour or part thereof.
- CSCS recommends that all physical equipment be covered by an active hardware maintenance agreement with the hardware vendor.
- Customers must not attempt to adjust or alter server room infrastructure, including air-conditioning, power and fire systems
- Customers should only ever work on their own equipment, and must not interfere with any other equipment or control systems in the server room
- Customers are to provide CSCS with a list of users authorised to access the hosted equipment. This same list of users will be used for communications regarding the hosting. A minimum of 2 contacts should be supplied.
- Where possible a CSCS will provide a minimum of 48 hours notice to customers where the power or networking is to be disrupted.
- All physical equipment remains the property of the customer.
7.3 Virtual Server Hosting
- CSCS will maintain a highly resilient virtual hosting platform which can allow for multiple hardware failures and still allow the customers virtual server to operate.
- CSCS will provide the customer with the ability to access and manage the server, either through a console connection to the virtual server or through RDP, SSH or similar protocols.
- CSCS will take a snapshot backup of all virtual servers every night and retain the 7 most recent snapshots. This backup is a server level backup, and is not application specific. Application level backups and verification are the responsibility of the customer.
- All virtual server backups will be replicated to an offsite disaster recovery location after the backup has completed
7.4 Operating Systems, Software
- All operating systems that are installed and connected to the CSCS network must have active vendor support for security vulnerabilities
- All operating systems and software packages should be regularly patched to mitigate vulnerabilities. If the customer has chosen a Managed service, then CSCS will manage this patch process
- Customers are responsible for ensuring that all operating systems and software running on systems are correctly licensed. CSCS may request proof of license compliance.
7.5 Managed Server Service
- CSCS will manage and monitor the configuration of the operating system.
- Configuration and maintenance of applications, optional features or components installed on the server is the responsibility of the customer.
- CSCS can liaise between customers and software vendors, including providing external access to a server for the purposes of software installation, configuration or troubleshooting.
- CSCS will have a full administrative rights or root access (as appropriate) on any managed server or storage, whether physical or virtual.
- The customer must agree with CSCS a routine maintenance schedule to allow the timely installation of patches. Wherever possible, CSCS will endeavour to patch systems automatically outside of working hours.
- If manual out-of-hours patching is required, the customer will cover all costs associated with providing this service.
- CSCS retains the right to install critical security patches and restart services or servers if required to mitigate severe vulnerabilities outside of the agreed maintenance schedules.
- CSCS will provide and monitor a backup solution for the server and all data. The exact backup regime will be discussed with the customer and agreed at the time of installation. By default, CSCS will take a backup every night and retain the last 7 backups. Backup schedules can be customised to meet the customer needs, but customisations may incur additional costs if further storage is required.
7.6 CSCS Rights
With respect to all of the services outlined above, CSCS reserves the right to:
- Shut down any equipment in the event of an environmental disaster.
- Shut down any equipment in the event of low UPS power or high environmental temperature.
- Disconnect and if necessary remove from the network, any server which has an adverse effect of the operation of any other service or system.
- Refuse or defer requests for any services.
- Discontinue an existing contract on any service if the server or equipment becomes a potential security threat.
- Use vulnerability detection tools to detect potential issues on any network connected device.
- Assume management duties of any unmanaged physical or virtual server that we determine is not being suitably managed where attempts to work with the nominated administrators to resolve the issues have not been successful.
7.7 Charges and Termination
- Any charges incurred for these services must be paid in a timely manner.
- Termination of supplied services requires a minimum of 1 months’ notice in writing from either the customer or CSCS.
If you have any questions about this document or terms of this SLA then please contact the service desk via email@example.com