Linux Server Hosting: Service Guide

The Linux Server Hosting service provides professionally-managed Linux servers for University academic, research, and administrative units. The service is supported by the Hosting Engineering and Automation Team. For help and support, contact Technology Help or email [email protected].

This Service Guide covers:

Roles and Responsibilities

IT Staff

Our Hosting team provides support to IT directors, business unit directors, or staff members that an IT director has approved.

The Hosting team will be expected to do the following:

  • Communicate and coordinate with IT staff in local units to minimize disruption to end users.
  • Notify customers about all scheduled maintenance.
  • Maintain and manage the infrastructure, operating system, storage, backups, security, and patching.
  • Provide documentation delineating responsibilities of customers and the hosting team.
  • Provide advice and documentation for basic administrative tasks.

Customers

Customers will be expected to do the following:

  • Report problems using reporting procedures described in the service statement.
  • Provide input on the quality and timeliness of service.
  • Provide application administration and customer support for their users; this can be provided by the unit, a vendor, or another third party.
  • Provide audit compliance for application(s) and data, which includes making IT systems administrators aware of any private data or HIPAA regulated data.

Departmental Administrative Access

SSH Access

Red Hat Enterprise Linux 9 (RHEL 9)

Red Hat Enterprise Linux 7 (RHEL 7)

User Authentication

  • All users must have a UMN Internet account.
  • Sponsored UMN Internet accounts are required for external collaborators.
  • By default, only CESI Linux administrators for the unit have access to Linux hosts.

RHEL 9

  • Users authenticate using Active Directory credentials
  • Additional users and groups in Active Directory can be granted access to a server with the following command, executed by a CESI Linux administrator of the unit:
    $ sudo realm permit $USERNAME

RHEL 7

  • Users authenticate using Active Directory credentials

Escalated Privileges

RHEL 9

  • CESI Linux administrators for a unit may log in with their Internet ID to their host, and run any elevated commands as follows: $ sudo $COMMAND

RHEL 7

Shared Application User

  • By default, a single shared user exists for the purpose of software administration. Appropriate UMN Departmental Internet accounts will have sudo access to this user.
  • Additional shared service users can be created, if necessary.

Server Administration and Configuration

This section describes operating system configuration defaults. Changes will be negotiated, allocated, and configured to address application requirements on a case-by-case basis.

Operating System Version and Updates

OS installation will consist of the latest stable version of 64-bit Red Hat Enterprise Linux at the time of VM deployment.

RHEL 7/9

The weekly set of system updates is created on Sunday evening at 11:00 PM. Please refer to the Red Hat Product Erratas for a list of patches and their release dates.

Environment

System Updates
(OS patching)

Chef Code Release
(does not have specific day for releases)

Chef Converge Schedule (RHEL 7 only)

Development

First Monday of the month, 6:00 AM

Tuesday, 10:00 AM

Every 30 minutes

Test/Staging/QAT

Second Monday of the month, 6:00 AM

Wednesday, 10:00 AM

Every 30 minutes

Prod

Fourth Monday of the month, 6:00 AM

Thursday, 10:00 AM

Every 30 minutes

Operating System updates supplied from Red Hat will be automatically applied within three days of the corresponding Dev/Test/Prd release schedule outlined above.

Monitoring

OIT provides monitoring for all servers. Administrators may request access to Zabbix 6 by emailing [email protected] in order to deploy their own application-specific monitoring.

Items Monitored

Check Method

Notification

Host

Ping

Page/email

Disk usage

% full

Page/email

Services

Service running/stopped

Page/email

Customer owned services

Service running/stopped

Page/email

File System Layout

Below are the default partitioning schemes for the virtual machines. We partition /var and /var/lib separately to prevent log runaway from impacting other components of RHEL systems. Our default deployments provide around 30 GB of unallocated physical space. If, for instance, an administrator wishes to run containers, it may be helpful to expand /var/lib by executing the following commands:

$ sudo lvextend -L +10G /dev/vg00/lib

$ sudo xfs_growfs /var/lib

RHEL 7/9

FILE SYSTEM

SIZE

NOTES

/

2G

n/a

/boot

512M

n/a

/home

10G

n/a

/opt

5G

n/a

/swadm

10G

Owned by swadm user (RHEL 7 only)

/tmp

2G

Please limit use of /tmp

/usr

5G

n/a

/var

35G

n/a

/var/lib 8G n/a

Backups

  • Newly deployed systems are given the option to be backed up or not.
  • The backup routine is scheduled with weekly full and daily differentials.
  • The full backups are retained for one month. The differentials are retained for two weeks.
  • Restore requests are fulfilled by OIT systems administrators. Requests can be sent to [email protected].

Linux Documentation

For more advanced technical guidance, please refer to the Linux Platform and Tools team public documentation:

  1. Documentation for Red Hat Enterprise Linux 7: GitHub LPT documentation
  2. Documentation for Red Hat Enterprise Linux 9: Hosting Manual public documentation site

Last modified

Changed

TDX ID

TDX ID
3736