Virtual Servers

Category: Business Tools
Audience: Faculty, Staff, IT

Overview 

Virtual Machine (VM) is a guest server hosted on a VM host. The ACCC VM service includes maintenance of the physical environment such as power, cooling, physical security and networking, system monitoring, patches and upgrades, backups, business continuity and disaster recovery, and performance tuning.

Features 

Common uses of virtual servers include web servers, file servers, database servers and custom or commercial application servers. ACCC provides the following for each virtual server:

  • Environment. Physically secure, air-conditioned server room, with an uninterruptible power supply (UPS) and generator backup.
  • Reliable disk. Virtual servers are hosted on a RAID 5 storage area network (SAN), and mirrored across campus.
  • Backups. We use our Backups (ADSM) service and Commvault to do an image backup of the virtual server. The mirrored RAID is extremely reliable, but if you delete or corrupt some files, they are also damaged on the disk copy, and you need alternate backup.
  • Business continuity. We can move the virtual server to spare hardware, across campus if needed, if either the server or networking has trouble.
  • Network Operations Center. Available 24x7 for reporting emergency issues.
  • Monitoring. Basic uptime monitoring.
  • Operating system updates. We'll upgrade the operating system, and some of the common applications, as needed.
  • Security patches​. Patches for basic software.
  • Networking and local networking. High bandwidth connection to campus backbone for peak loads. We can make the virtual server appear to be on departmental local area network (LAN), behind a firewall. 
  • Secure connection API. Windows uses the Windows/Kerberos authentication scheme, in conjunction with Active Directory, so you use your ACCC Common Password. Linux can also use Kerberos and Active Directory, and can make files appear as a Windows file share. Or you can use SSH/SCP for login and file transfer. Your passwords never actually pass to the virtual server itself, for extra security.
  • Bluestem or Shibboleth. We'll add mod_bluestem or mod_shibboleth to Apache. Many applications can use REMOTE_USER, as populated by Bluestem, for authentication. So this may well be useful beyond just protecting static files. Certainly useful for any CGI scripts you write. Bluestem requires SSL, so you will need an SSL certificate.

Requirements 

Applicability 

Departmental Responsibilities

  • Application support and maintenance. We're providing the (virtual) server, and some support depending on the support level. You must handle the rest of the application take of application configuration, upgrades, content, and all the non-routine things we provide.
  • Support of any application users. If any user has trouble with your applications, you must be the go-to person. ACCC cannot maintain expertise on every application.
  • Backup arrangements. ACCC provides network backup service automatically, but the department must make arrangements for anything more complicated, such any local database backups. We'll help set this up, but some backups or log file rotations can require a small amount of custom scripting. If you are backing up anything other than static files, ask us. Let's make sure it works before you need a real restore.
  • Interaction with ACCC to make requirements known, agree on upgrade schedules, etc. We're reasonably flexible, but we need to work together for some maintenance aspects.
  • Interaction with any third-party vendors, including installation and maintenance of third-party apps. If you are installing a third-party application, that part is up to you. But do ask us first, there might be some aspects of the system configuration or networking that we can do really easily for you, and help out in this process.

Limitations

  • Appropriate Use. The virtual servers are for use by the UIC community. They are not for use by outside parties, except where UIC has legitimate collaborations with outside parties. They are not for personal commercial use.
  • Appropriate Network Use. Just like with a server physically in a department, you can't abuse the network, you must keep appropriate logs, and so on.
  • Appropriate Hardware Use.  Please do not setup a MSSQL database server on your VM, it will adversely affect the SAN by consuming an abnormal amount of IOPS.  We have database services available for use.
  • Shell accounts for UIC netIDs only. If an outsider really needs shell access (common for outside vendors during and install, or for outside web designers), we'll give them a UIC netID, as we do now.

Security

  • Linux virtual servers: Root access with sudo, maintain security patches for your applications, good practices with security configurations, logs, firewalls, and so on. We'll help with some of this initially (and we'll apply any OS security patches for you), but you are still responsible for the security aspects of your applications. In particular, if your VM is compromised, we have to take it down. Of course, fixing it will be a lot easier with the disk snapshot and tape backup we provide, but you will have to be involved in fixing any application issues. No root or administrator privileges or access for Tier 1 virtual servers.
  • Windows virtual servers: You'll have administrator access and a managed Symantec Endpoint Protection client installed on your VM.  Your virtual server will be joined to Active Directory and placed in our Hosted Servers OU (which you will be delegated full control).

Support tiers

Tier 1 - Minimal Support

This is appropriate if you don't plan to tinker with your virtual server. ACCC will monitor the virtual server itself, but any changes or scripts you provide are not supported by ACCC.

  • File Server -- just drop in files, for departmental sharing.
  • Web Server -- static files, CGI scripts. No support for web configuration beyond initial setup. You may install a content management system (Drupal, WordPress, etc.), or change configuration via .htaccess at your own risk.

Tier 2 - Basic Support

If you need more advanced programs than a basic web or file server, but don't want to do the install or configuring, you need Tier 2. We can accommodate for many programs, e.g. WordPress, tomcat, etc. The intent is to provide a few hours/year of programmer time, as needed, to install and configure, and sometimes troubleshoot, more advanced programs. And to provide more advanced custom monitoring. If you need more support than Tier 2, contact us.

Cost 

New pricing for the Virtual Servers service is under development and will be available soon.  If you have any questions regarding pricing please send an email to the address in the support section below.

Support 

Email vmrequest@uic.edu
Phone 312-413-8080 option 2

Further Information