Use of (Central) Load Balancers Code of Practice



Similar documents
Use of EASE Code of Practice. This code of practice is also qualified by The University of Edinburgh computing regulations, found at:

Use of UniDesk Code of Practice

Use of Exchange Mail and Diary Service Code of Practice

Use of The Information Services Active Directory Service (AD) Code of Practice

Virtual Appliance Setup Guide

CNS-200-1I Basic Administration for Citrix NetScaler 9.0

NOS for Network Support (903)

CNS-208 Citrix NetScaler 10 Essentials for ACE Migration

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Citrix NetScaler 10 Essentials and Networking

Command Center :29:23 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Disaster Recovery White Paper

HIGH AVAILABILITY DISASTER RECOVERY SOLUTION

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services

F-Secure Messaging Security Gateway. Deployment Guide

MANAGED SECURITY SERVICES RESPONSIBILITIES GUIDE July 2013

CNS Implementing NetScaler 11.0 For App and Desktop Solutions

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Virtual Appliance Setup Guide

Basic Administration for Citrix NetScaler 9.0

ISO COMPLIANCE WITH OBSERVEIT

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

CNS-205-1: Citrix NetScaler 10 Essentials and Networking

Newcastle University Information Security Procedures Version 3

ExamPDF. Higher Quality,Better service!

SCHEDULE 1 SERVICE DESCRIPTION

Security Provider Integration Kerberos Authentication

Deploying Microsoft SharePoint Services with Stingray Traffic Manager DEPLOYMENT GUIDE

Device Log Export ENGLISH

Citrix XenApp 6.5 Advanced Administration (CXA-301)

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Information Security Policies. Version 6.1

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Technical White Paper

Cloud Management. Overview. Cloud Managed Networks

Savvius Insight Initial Configuration

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

FortiBalancer: Global Server Load Balancing WHITE PAPER

Citrix NetScaler 10 Essentials and Networking

Business process efficiency is improved with task management, alerts, notifications and automated process workflows.

H.I.P.A.A. Compliance Made Easy Products and Services

Going Hybrid. The first step to your! Enterprise Cloud journey! Eric Sansonny General Manager!

Network Management System (NMS) FAQ

Mobile Device Management Version 8. Last updated:

PRODUCT CATEGORY BROCHURE

Supplier Security Assessment Questionnaire

ENTERPRISE DATA CENTER CSS HARDWARE LOAD BALANCING POLICY

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

InHand Device Cloud Service DN 4.0 Quick Start Guide

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

Cisco Application Networking for IBM WebSphere

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

App Orchestration Setup Checklist

NVIRON SUPPORT SERVICES OVERVIEW

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Securing Virtualization with Check Point and Consolidation with Virtualized Security

SKU Services Citrix Consulting

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

SonicWALL SRA Virtual Appliance Getting Started Guide

Configuring and Implementing A10

Barracuda Link Balancer Administrator s Guide

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

IBM Security Access Manager, Version 8.0 Distributed Session Cache Architectural Overview and Migration Guide

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Virtual Appliance Setup Guide

Security Policy JUNE 1, SalesNOW. Security Policy v v

F-SECURE MESSAGING SECURITY GATEWAY

Single Sign On for ShareFile with NetScaler. Deployment Guide

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

Unlimited Server 24/7/365 Support

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

INFORMATION TECHNOLOGY SECURITY STANDARDS

ArcGIS for Server in the Amazon Cloud. Michele Lundeen Esri

Information security controls. Briefing for clients on Experian information security controls

Copyright 2013, 3CX Ltd.

RSA SecurID Ready Implementation Guide

U06 IT Infrastructure Policy

my.airproducts.com Windows Vista Client Configuration

extranet.airproducts.com Windows XP Client Configuration

ARCHITECTURAL OVERVIEW Availability Service (EAS) with Activ box

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability

Customer Hosted Service Description and Service Level

Canopy Software Applications

G-Cloud Managed Exchange SaaS. Service Description

Transcription:

Use of (Central) Load Balancers Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be read in conjunction with this document. This code of practice is also qualified by The University of Edinburgh computing regulations, found at: http://www.ed.ac.uk/schools-departments/informationservices/about/policies-andregulations/security-policies/security-policy http://www.ed.ac.uk/schools-departments/informationservices/about/policies-and-regulations 1. Code of Practice Version Revision Date CoP Template Author Notes Version Version 04/09/12 1.0 1.4 Tony Weir Initial version 04/09/12 1.1 1.4 Apollon Koutlidis Update detail and review QA Date QA Process Notes 14 Nov 2012 Accepted by the IT Security WP Suggested date for Revision of the CoP Author 01/09/14 Tony Weir Load Balancer CoP, Version 1.1, September 2012 1

2. System description Revision Date System Version NS9.3: Build 52.3.nc Author Apollon Koutlidis Notes Current revision of load balancer software 2.1 System name (Central) Load Balancers. 2.2 Description of system The (Central) Load Balancers provide services with the ability to present multiple instances of an application deployment as a single service. This provides resiliency, scalability and acceleration. 2.3 Data The Load Balancers route the application data associated with any services which they load balance. Examples of current load balanced services are University VLE, MyED, EUCLID. They also store SSL certificates for the services for which they route data, as well as the corresponding private keys. Beyond limited caching, they do not store any end application data. 2.4 Components The (Central) Load Balancer service is currently provided by a redundant pair of Citrix NetScaler 10500's appliances. These are hardware devices which run supplier provided firmware with configuration tailored by appropriate I.S. technical administrators. 2.5 System owner This service is provided by the Unix Section in the IT Infrastructure division of Information Services. 2.6 User base The Load Balancers do not provide any end-user access they route the network traffic for appropriate applications. 2.7 Criticality High 2.8 Disaster recovery status There are administrative accounts on the Load Balancers which are used by Unix Section technical staff to control the load balancers. A view of the load balancer configuration is exported to a separate web service, which allows EASE protected read-only access to the configuration. This is used by I.S. technical staff who administer the end services which the load balancers routes traffic for. The (central) load balancers operate as a redundant pair, with separate physical devices installed on two distinct sites. These operate as a fail-over pair, with services automatically failing over to the partner as required. This process is well-documented and thoroughly tested. Load Balancer CoP, Version 1.1, September 2012 2

Load Balancer CoP, Version 1.1, September 2012 3

3. User responsibilities 3.1 Data There is no end-user access to the Load Balancers. A view of the load balancer configuration is exported through a separately built web service, which allows EASE read-only protected access to the configuration as well as limited control over specific aspects of the system. This is used by a small number of I.S. technical staff who administer the end services which the load balancers routes traffic for. 3.2 Usernames and passwords There are administrative accounts for a small number of technical staff. The limited administrative view of the configuration is EASE protected and made available to a small number of I.S. technical staff. There is no end-user access to the Load Balancers. 3.3 Physical security The load balancers are sited within I.S. managed data centres. The data centres are appropriately secured. 3.4 Remote/mobile working Administrator access to the load balancers is limited to a subset of the local University of Edinburgh networks. Any remote access to the load balancers must be through these local networks. The limited administrative view of the configuration is EASE protected and only available to a small number of I.S. technical staff. 3.5 Downloads and removal of data from premises 3.6 Authorisation and access control There is no end user access to the Load Balancers. The only data which the load balancers store is the systems configuration. Only a small number of technical staff in the ITI Unix Section have access to the load balancer logins. Access is only permitted to administrators. There is no end user access to the Load Balancers. 3.7 Competencies There is no end user access to the system. 4. System Owner Responsibilities 4.1 Competencies The ITI Unix Section has members of staff with many years of experience in administering Load Balancers and with specific training and experience of managing the current implementation. Load Balancer CoP, Version 1.1, September 2012 4

4.2 Operations The Load Balancers are updated with appropriate firmware upgrades to ensure the security of the devices and of end services which they route network traffic for. Access to the configuration is restricted to administrator logins which are password protected to which only a small number of ITI Unix staff have access. 4.3 System documentation 4.4 Segregation of Duties Operational information is held within the devices themselves and procedural documentation is held within the ITI Unix Section wiki. Operational documentation is provided by the supplier and augmented by local procedural documentation stored on the ITI Unix Section wiki. Administrator users have access to the configuration of the Load Balancers. The limited administrative view of the configuration is EASE protected and made available to a small number of I.S. technical staff. 4.5 Security incidents Any security incidents related to the Load Balancers would be referred to the IS IRT team, who would log the issue and aid with investigation. 4.6 Fault/problem reporting 4.7 Systems development Any security incident related to the Load Balancers would be reported to the ITI Unix Section head who would appropriately report to ITI Director. There is no end user fault reporting of this service. Any faults would be raised by owners of end user services or by ITI Unix section staff. If necessary support calls are logged to end suppliers via maintenance contract. There is no local development of the Load Balancer software. Firmware upgrades are provided by the supplier and obtained as part of the systems maintenance contract. Load Balancer CoP, Version 1.1, September 2012 5

5. System Management [Ongoing management of the system has implications for the ongoing security of the system. While some of these matters are dealt with under administrative users above, there are additional responsibilities in managing the system at a lower level.] 5.1 User account management A small number of local systems logins are provided for Load Balancer administration. These are only granted to members of the ITI Unix Section with the appropriate training. A web based EASE protected limited administrative view is available from a separate web service. 5.2 Access control Only ITI Unix section staff have access to the Load Balancer administrative logins. 5.3 Access monitoring Only a small number of I.S. users who provide the end user services have access to this web based limited administrative view. All logins and each separate administrative operation is automatically logged on a remote, independent system. 5.4 Change control Change management is organised through ITI Unix Section service management procedures. Any major change e.g. major firmware revision or change in platform would be discussed and scheduled with end service providers and communicated through I.S. alerting process. 5.5 Systems clock synchronisation Minor configuration changes are requested and recorded via I.S. service management tool (unidesk) and conforms to agreed templates. All servers synchronise their clocks to UTC using the NTP protocol. 5.6 Network management The load balancers implement their own IP access controls to limit access to the administrative function and for end service applications to augment existing firewalls to control end user access. 5.7 Business continuity The load balancers operate as a fully redundant fail-over pair this function has been rigorously tested during acceptance. 5.8 Security Control As above, the Load Balancers also provide network ACLs to control end user access to services which they route traffic for these ACLs augment the firewalls which also protect these services. 6. Third Party [Third parties may be involved as the source provider of the system, or other external organisations and may also be involved in activities related to data held by the system and owned by the System Owner. This section is to draw attention to aspects of managing the system related to involvement by third parties.] Load Balancer CoP, Version 1.1, September 2012 6

6.1 Outsourcing A maintenance contract is supplied by Citrix, the manufacturer of the Load Balancers. This provides hardware maintenance of the devices, access to firmware upgrades and a support mechanism to investigate faults and discuss functionality. Citrix have no access to the University's Load Balancers. 6.2 Contracts and Maintenance agreement with Citrix. Agreements 6.3 Compliance with the university security policy N/A 6.4 Personal data N/A Load Balancer CoP, Version 1.1, September 2012 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information