Server Service Level Agreement

Transcription

1 Server Service Level Agreement Information Technology Services Department: Service Type: Date:

2 1.0 Introduction: Information Technology Services (ITS) provides technology resources and services for legitimate instruction, research, and administrative computing needs of Eastern Illinois University (EIU). This agreement will identify the services and responsibilities necessary to administer a reliable and secure information technology environment. 2.0 Acceptable Use The complete policy for the acceptable use of EIU s technology resources is stated in the University Internal Governing Policy (IGP) #129 Use of Technology Resources by Employees. Any use of EIU s technology resources unrelated to legitimate administrative, instructional, or research computing is improper. 3.0 ITS Statement of Ethics and Professional Conduct While performing normal duties, ITS personnel may view confidential and/or sensitive information. It is the policy of ITS not to actively monitor or disclose the contents of the information. Additionally, it is the policy of ITS to use the security principle of least privilege. This principle is that a user is provided with the minimum set of rights and privileges needed to perform required functions. Disclosure within the University will be to only those University officials who have a legitimate organizational need to know. When necessary, ITS personnel, in consultation with general counsel, will take appropriate action to protect the University from damage to its name or legal liability. ITS personnel will not install unauthorized or unlicensed applications onto a system. ITS personnel will not search out unauthorized or unlicensed applications, but if discovered, they are obligated to inform the department and the appropriate vice president of this violation. If the unauthorized or unlicensed application is causing a loss of services to the University community, ITS will take the necessary action to restore proper level of service. ITS will solely operate and support all infrastructure servers and server support equipment to include - but not limited to - border, core, distribution, and wireless layers of the University s networks. Additionally, ITS is responsible for allocating all resources and directing recovery of network operations in the event of a disaster. Re-establishing core services will be the priority and ITS may utilize all functional equipment in recovery which includes managed and co-located servers. 2

3 4.0 Services Provided Departments may choose between two types of server services: Managed Servers: Provide service operations for departments that need system administration and management for their servers in an environmentally secure location. ITS will evaluate your server management needs and offer a comprehensive management package for your server environment. Co-located Servers: Provide an environmentally secure location for the housing of a departmental server and the supporting equipment. Your server will be provided with rack space, power, cooling, and network connectivity. 5.0 Managed Servers ITS will provide the following for managed server services: Hardware: Initials ITS s current standard is to deploy new systems in a virtualized environment barring application-specific reasons why this may not be feasible. ITS will work with you to determine the appropriate CPU, OS, memory, and storage requirements to best fit your needs. Initials ITS must be notified in advance of any equipment purchases that will not be acquired by ITS but will be managed by ITS. This will ensure the appropriate resources are available to install and maintain the equipment, plus ensure interoperability between ITS s systems and the purchased equipment. Software: Maintain the operating system on the machine, including initial installation, any interim security patching involved and major upgrades. Maintain our standard environment on the system. 3

4 Manage login access to the system, including the granting and revocation of permissions. Coordinate any changes to the system with the client to address and alleviate any integration issues or client service interruptions that may arise. Provide monitoring of the system for network connectivity, CPU, memory, and disk space utilization. Backups: Conduct differential backups nightly and full backups weekly of the system. Differential backups are retained for a period of 14 days, and full backups are retained for a period of 30 days. We the undersigned acknowledge and understand the above list of responsibilities with our signature. Department: Date: The department will assign a technical contact and if possible an alternate technical contact. Technical Contact: Phone: Alternate Technical Contact: Phone: Initials Department Responsibilities: Gather appropriate documentation before the server is installed. This documentation list includes but is not limited to: - General description of the server Found in Appendix A - Applications housed on the server - List of pre-authorized staff that will need access - Signed Service Agreement Assure that applications used are properly licensed. This applies to all applications except applications that are supplied and licensed by ITS. Provide information about applications that are purchased. ITS will not provide technical support for applications that are not supplied and licensed by ITS. It is ITS s recommendation that client acquire vendor support with the purchase of unsupported ITS applications. 4

5 Ensure that federal and state regulations are complied with to include but not limited to Family Education Right to Privacy Act (FERPA), Payment Card Industry (PCI), and Identity Protection Act (IPA). Notification and information is to be provided to ITS upon the decommission of the server. We the undersigned acknowledge and understand the above list of responsibilities with our signature. Department: Date: ITS: Date: 5

6 6.0 Co-Located Server ITS must be notified in advance of the purchase of any server equipment that will be delivered to ITS for co-located services. This will ensure the appropriate resources are available to install the equipment, plus ensure interoperability between ITS - owned systems and the purchased equipment. ITS personnel will coordinate physical access requirements to the Data Center. ITS will monitor environmental conditions for hardware installed in the Data Center. ITS will provide monitoring of the system for network connectivity and space utilization of the CPU, memory, and disk space. All Windows - based servers will be required to be connected to the University s Windows Active Directory, unless it is determined that security best practices would prevent domain memebership. The department will assign a technical contact and if possible an alternate technical contact. Technical Contact: Phone: Alternate Technical Contact: Phone: Initials Department Responsibilities: Gather appropriate documentation before the server is installed. This documentation list includes but is not limited to: - General description of the server Found in Appendix A - List of pre-authorized staff that needs physical access - Reboot and system status checking procedures - Equipment list with appropriate property tags, s/n, make, and model - Hardware field service contact and hardware maintenance contract information - Signed Service Agreement Assure that applications used are properly licensed. This applies to all applications except applications that are supplied and licensed by ITS. Provide information about applications that are purchased. ITS will not provide technical support for applications that are not supplied and licensed by ITS. It is ITS s recommendation that clients acquire vendor support with the purchase of unsupported ITS applications. 6

7 Maintain and keep current the operating system on the machine, including initial installation, any interim security patching involved and major upgrades. Develop a backup plan that is approved by ITS to ensure compatibility with ITS systems and procedures. Manage login access to the system, including the granting and revocation of permissions. This responsibility may require coordination with ITS System Administration for certain levels of access and/or facilities to do so. Ensure that federal and state regulations are complied with to include but not limited to Family Education Right to Privacy Act (FERPA), Payment Card Industry (PCI), and Identity Protection Act (IPA). Notification and information is to be provided to ITS upon the decommission of the server. We the undersigned acknowledge and understand the above list of responsibilities with our signature. Department: Date: ITS: Date: 7

8 Appendix A: Server General Description Information about the server: Technical Contact: Department: Date: FQDN: Virtual or Physical: VM Name (if applicable): DNS Entries (if applicable): Databases on Server (if applicable): Location: Estimated Decommission Date: 8