The Linux Server Hosting service provides professionally-managed Linux servers for University academic, research and administrative units. The service is supported by the T3 Linux Server Support team. For help and support, contact Technology Help.
For more advanced technical guidance, see the Linux Platform and Tools team public documentation at GitHub's LPT documentation.
This Service Guide covers:
- Roles and Responsibilities
- Departmental Administrative Access
- Server Administration and Configuration
- Linux Documentation
Roles and Responsibilities
IT Staff
Our Virtual Server Hosting team provides support to IT directors, business unit directors, or staff members that an IT director has approved.
The Virtual Server Hosting team will be expected to do the following:
- Communicate and coordinate with IT staff in local units to minimize disruption to end users.
- Notify customers about all scheduled maintenance.
- Meet response and resolution times associated with service-related incidents.
- Maintain and manage the infrastructure, operating system, storage, backups, security, and patching.
Customers
Customers will be expected to do the following:
-
- Adhere to any related policies, processes, and procedures including:
- Complying with the Acceptable Use of Information Technology Resources policy.
- Refraining from hosting PCI regulated applications or PCI regulated data.
- Adhere to any related policies, processes, and procedures including:
- Report problems using reporting procedures described in the service statement.
- Provide input on the quality and timeliness of service.
- Provide application administration and customer support for their users; this can be provided by the unit, a vendor, or another third party.
- Provide audit compliance for application(s) and data, which includes making IT systems administrators aware of any private data or HIPAA regulated data.
Departmental Administrative Access
SSH Access
RHEL 7
- SSH is open to the university campus network by default
- Multi factor authentication is required (Duo or ssh keys)
RHEL 6
Two SSH connection methods:
- ale03.oit.umn.edu - dedicated ssh gateway server
- Duo multi factor authentication enforced VPN
User Authentication
- All users must have a UMN Internet account.
- Sponsored UMN Internet accounts are required for external collaborators.
RHEL 7
- Users authenticate using Active Directory credentials
Escalated Privileges
- Root access is reserved for OIT System Administrators.
RHEL 7
- A specific set of sudo privileges has been predefined for common use cases. For details, see: Overview of the Sudo's Allowed by Default in RHEL 7.
RHEL 6
- Sudo based privileges are negotiated, allocated, and configured to address application requirements on a case-by-case basis.
Shared Application User
- By default, a single shared user exists for the purpose of software administration. Appropriate UMN Departmental Internet accounts will have sudo access to this user.
- Additional shared service users can be created, if necessary.
Server Administration and Configuration
This section describes operating system configuration defaults. Changes will be negotiated, allocated, and configured to address application requirements on a case-by-case basis.
Operating System Version and Updates
OS installation will consist of the latest stable version of 64-bit Red Hat Enterprise Linux at the time of VM deployment.
RHEL 7
The weekly set of system updates is created on Sunday evening at 11:00 PM. Please refer to the Red Hat 6 or Red Hat 7 erratas for a list of patches and their release date.
Environment |
System Updates |
Chef Code Release |
Chef Converge Schedule |
---|---|---|---|
Development |
First Monday of the month, 6:00 AM |
Tuesday, 10:00 AM |
Every 30 minutes |
Test/Staging/QAT |
Second Monday of the month, 6:00 AM |
Wednesday, 10:00 AM |
Every 30 minutes |
Prod |
Fourth Monday of the month, 6:00 AM |
Thursday, 10:00 AM |
Every 30 minutes |
RHEL 6
Operating System updates supplied from Red Hat will be automatically applied within 3 days of the corresponding Dev/Test/Prd release schedule outlined above.
Monitoring
OIT provides monitoring for all servers.
Items Monitored |
Check Method |
Notification |
---|---|---|
Host |
Ping |
Page/email |
Disk usage |
% full |
Page/email |
Services |
Service running/stopped |
Page/email |
Customer owned services |
Service running/stopped |
Page/email |
File System Layout
Below are the default partitioning schemes for the virtual machines.
RHEL 7
FILE SYSTEM |
SIZE |
NOTES |
---|---|---|
/ |
2G |
n/a |
/boot |
512M |
n/a |
/home |
10G |
n/a |
/opt |
5G |
n/a |
/swadm |
10G |
Owned by swadm user |
/tmp |
2G |
Please limit use of /tmp |
/usr |
5G |
n/a |
/var |
35G |
n/a |
Backups
- Jointly Managed systems are not given the option for backups. The expectation is that the configuration of these systems is fully automated and recovery would happen through provisioning of a new system.
- Fully Managed systems are given the option to be backed up or not.
- The backup routine is scheduled with a weekly full and daily differentials.
- The full backups are retained for one month. The differentials are retained for two weeks.
- Restore requests are fulfilled by OIT systems administrators. Requests can be sent to [email protected].
Linux Documentation
For more advanced technical guidance, see the Linux Platform and Tools team public documentation at GitHub LPT documentation.