Fully-Managed Server Hosting: Quick Start Guide for Windows Fully-Managed Servers
The Managed Windows Server offering is supported by the Microsoft Platform and Tools team (MPT).
Administrative Users & Service Accounts
All managed servers will be bound to central active directory in the OIT server Organizational Unit (OU). Departments maintain an Active directory group that controls access to the server. MPT also needs administrative access through the group ad\oit-server-ouadmins. The usage of local accounts are discouraged, but exceptions can be reviewed with the systems administrators. Customers are expected to create and manage any service or vendor accounts.
Operating System (OS) Support
OIT staff will install, configure, and maintain the operating system. New installations must still be in the microsoft mainstream support phase. MPT also owns server administration applications such as backup agents, monitoring agents, patching agents, anti-virus, etc. OIT provides and maintains the Microsoft Operating System license.
Accessing Virtual Host
To access the server through Remote desktop, customers must connect to the main university VPN pool when on campus and off campus. More restrictive access can be employed by customers, but MPT will still need access through our administrative vpn pool. Contact email@example.com for details. MPT also needs WinRM access from our utility server oit-mpt-tools.ad.umn.edu.
By default, all systems are on publicly available networks and come with a world addressable IPv6 address. There is an option to get an IP in the RFC 1918 space (scoped to UMN only) which requires a business case review.
File System configuration
C: drive is dedicated to the OS and maintained by IT. No customer data or applications should be installed or stored on the C: drive. If necessary, a data drive will be added for storing customer data up to 256GB depending on the capacity needed.
There is weekly regular scanning of all systems to ensure systems have current patches installed. IT will review and remediate any outstanding issues for the OS based on the result of the security scans. Customers are responsible for remediation of application issues.
Software firewall will be enabled on all hosts via group policy. Exceptions will be in place to allow defined or required data to pass by allowing certain IP, port, or other data flow.
MPT uses System Center Operations Manager to monitor the OS according to Microsoft best practices. Notifications are sent to MPT for these specific items.
|Items Monitored||Check Method||Notification|
|Disk usage||Less than 1GB on system drive||Service-Now Ticket|
|CPU usage||>95% for extended period of time||Service-Now Ticket|
Customers are encouraged to set up application layer monitoring through Zabbix as needed.
Events are forwarded to the University enterprise log management solution in accordance with University policy.
OIT staff performs backups of server data and will facilitate restores upon request. The standard schedule is set for weekly full backups performed over weekends and daily differentials. The typical backup retention is 30 days.
The customers own all support and responsibility of specific application software. These include but are not limited to SQL, MSSQL, Oracle, IIS, etc.
The first Saturday and Sunday of the month between the hours of 6 a.m.– 12 p.m. Holidays may impact the routine maintenance cycle.Notifications will be available via the Integrated Change Calendar and theSystem Status page. Patching is done using System Center Configuration Manager.
Note: Critical patches may be applied sooner if the patch is deemed necessary to ensure the security of the system. Given that circumstance, customers will be allowed to control reboot times to as much as possible.