Linux Server Hosting: Service Guide

The Linux Server Hosting service provides professionally-managed Linux servers for University academic, research and administrative units. The service is supported by the T3 Linux Server Support team. For help and support, contact Technology Help

For more advanced technical guidance, see the Linux Platform and Tools team public documentation at https://github.umn.edu/OIT-LPT/Public-Docs.

This Service Guide covers:

Roles and Responsibilities

IT Staff

Our Virtual Server Hosting team provides support to IT directors, business unit directors, or staff members that an IT director has approved.

The Virtual Server Hosting team will be expected to do the following:

  • Communicate and coordinate with IT staff in local units to minimize disruption to end users.
  • Notify customers about all scheduled maintenance.
  • Meet response and resolution times associated with service-related incidents.
  • Maintain and manage the infrastructure, operating system, storage, backups, security, and patching.

Customers

Customers will be expected to do the following:

 

  • Report problems using reporting procedures described in the service statement.
  • Provide input on the quality and timeliness of service.
  • Provide application administration and customer support for their users; this can be provided by the unit, a vendor, or another third party.
  • Provide audit compliance for application(s) and data, which includes making IT systems administrators aware of any private data or HIPAA regulated data.

Departmental Administrative Access

SSH Access

RHEL 7

  • SSH is open to the university campus network by default
  • Two factor authentication is required (Duo or ssh keys)

RHEL 6

Two SSH connection methods:

  • ale03.oit.umn.edu - dedicated ssh gateway server
  • Duo two factor authentication enforced VPN

User Authentication

  • All users must have a UMN Internet account.
  • Sponsored UMN Internet accounts are required for external collaborators.

RHEL 7

  • Users authenticate using Active Directory credentials

Escalated Privileges

  • Root access is reserved for OIT System Administrators.

RHEL 7

RHEL 6

  • Sudo based privileges are negotiated, allocated, and configured to address application requirements on a case-by-case basis.

Shared Application User

  • By default, a single shared user exists for the purpose of software administration. Appropriate UMN Departmental Internet accounts will have sudo access to this user.
  • Additional shared service users can be created, if necessary.

Server Administration and Configuration

This section describes operating system configuration defaults. Changes will be negotiated, allocated, and configured to address application requirements on a case-by-case basis.

Operating System Version and Updates

OS installation will consist of the latest stable version of 64-bit Red Hat Enterprise Linux at the time of VM deployment.

RHEL 7

The weekly set of system updates is created on Sunday evening at 11:00 PM. Please refer to the Red Hat 6 or Red Hat 7 erratas for a list of patches and their release date.

Environment

System Updates
(OS patching)

Chef Code Release
(does not have specific day for releases)

Chef Converge Schedule

Development

First Monday of the month, 6:00 AM

Tuesday, 10:00 AM

Every 30 minutes

Test/Staging/QAT

Second Monday of the month, 6:00 AM

Wednesday, 10:00 AM

Every 30 minutes

Prod

Second Monday of the month, 6:00 AM

Thursday, 10:00 AM

Every 30 minutes

RHEL 6

Operating System updates supplied from Red Hat will be automatically applied within 3 days of the corresponding Dev/Test/Prd release schedule
outlined above.

Monitoring

OIT provides monitoring for all servers.

Items Monitored

Check Method

Notification

Host

Ping

Page/email

Disk usage

% full

Page/email

Services

Service running/stopped

Page/email

Customer owned services

Service running/stopped

Page/email

File System Layout

Below are the default partitioning schemes for the virtual machines.

RHEL 7

FILE SYSTEM

SIZE

NOTES

/

2G

n/a

/boot

512M

n/a

/home

10G

n/a

/opt

5G

n/a

/swadm

10G

Owned by swadm user

/tmp

2G

Please limit use of /tmp

/usr

5G

n/a

/var

35G

n/a

Backups

  • Jointly Managed systems are not given the option for backups. The expectation is that the configuration of these systems is fully automated and recovery would happen through provisioning of a new system.
  • Fully Managed systems are given the option to be backed up or not.
  • The backup routine is scheduled with a weekly full and daily differentials.
  • The full backups are retained for one month. The differentials are retained for two weeks.
  • Restore requests are fulfilled by OIT systems administrators. Requests can be sent to [email protected].

Linux Documentation

For more advanced technical guidance, see the Linux Platform and Tools team public documentation at https://github.umn.edu/OIT-LPT/Public-Docs.