- Co-location service availability: 24 hours a day, 365 days a year
- Defined infrastructure days windows
- Events outside the control of ITS
- Data Center availability: 99.98%
- Network availability at present: 99.9%
This document defines the service level agreement for the Information Technology Facility (ITF) managed by ITS.
The ITF provides state-of-the-art co-location facilities for campus departments and researchers at the University of Iowa. It also houses systems running enterprise services critical to students, faculty, and staff. This secure facility provides:
- Server co-location space: Raised floor room equipped with server cabinets, network switches, network connections, and power distribution equipment.
- Campus and Internet connectivity.
- IT facilities to support system administrators in setting up and supporting systems.
- Systems monitoring and notification at the customer's request.
- Physical security and restricted access.
- Information security in accordance with university standard (see link to ISPO site)
- Electrical and mechanical infrastructure designed and built to be concurrently maintainable: engineered for zero downtime.
- Management of climate control, fire suppression, and power systems.
- Consultation and assessment for academic and administrative units that want to move equipment into the ITF.
The raised floor space in the ITF provides an environmentally controlled facility for housing servers and related IT equipment including:
- Server cabinets.
- Top-of-rack switches for redundant connections to the campus network.
- Power strips and power distribution equipment for redundant connections to power supply.
- Patch cables for connecting servers to top-of-rack switches.
All IT equipment located in the ITF must be 19-inch, four-post rack mountable (as outlined in the "Supported Computer Environment" section of this document). ITS staff determine server locations based on power and cooling management and customer business needs.
Power and Backup Power
ITF provides power for an A and B feed to every server for redundancy. Each server is required to be equipped with dual power supplies that are connected redundantly to the power source. The redundant power connections allow servers to retain power even during maintenance and unplanned events. Maintenance will be performed on only one side of the electrical system at a time.
Primary power is provided by the Alliant Energy power plant, which is backed up by University of Iowa power plant. The ITF is equipped with uninterruptible power supplies (UPSs) that take over in the event of a loss of power while the backup generators come online. Backup generators are connected to the A and B feeds and have at least 24-hour fuel supplies.
The network equipment connects co-located servers to the campus network, providing out-of-campus bandwidth and Internet connectivity. Connections are available at two speeds:
- Standard connection: 1 gigabit per second (Gbps) Ethernet connection
- Redundant Connection: 2 gigabit per second (Gbps) Ethernet connections (extra cost)
- Premium connection: 10 gigabit per second (Gbps) Ethernet connection. (extra cost)
Network connectivity is provided from A and B sources to every server for redundancy. Top of rack switches will be connect via A and B sides. The redundant network connection allows properly configured servers to retain network connectivity during most regularly scheduled maintenance and unplanned events. Maintenance will be performed on only one side of the network at a time when possible.
Under the following conditions, servers can go down during scheduled maintenance and unplanned events on the side to which they are connected:
- Standard Connection
- If the top of rack switch fails
- If the top of rack switch has scheduled maintenance.
- Redundant Connection
- If they do not have dual NICs connected redundantly to the network
- If they are redundantly connected but not properly configured to use the network equipment using link aggregation control protocol (LACP) bonding.
ITS will provide IPv4 and/or IPv6 addresses based on the need of the systems. .
The ITF is equipped with facilities for system administrators:
- A visitor work area and break room outside of the raised floor space, equipped network ports, wireless access, and power outlets.
- A server build room equipped with server cabinets, an A/B network, and a UPS, where staff can install, build, and configure systems prior to their installation in cabinets in the raised floor space. The server build room has only a single power source. Systems are not considered "in production" when they are in the server build room. Systems that are staged in the server build room must be installed in the raised floor space within 14 calendar days from staging. Space in the server build area is subject to availability and should be scheduled in advance with ITF staff.
The data center has a state-of-the-art security system and stringent security processes. Physical security for the ITF is governed by the Computer Security Protections Checklist.
For equipment not owned by the University of Iowa, the business owner needs to provide firewall service.
Intrusion detection and data exfiltration detection services are provided by the Information Security & Policy Office (ISPO). After-hours and weekend coverage are included. "In computer terminology, Exfiltration refers to the unauthorized release of data from within a computer system. This includes copying the data out through covert network channels or the copying of data to unauthorized media."
Remote Server Access
The ITF has been designed with an "out of band" management that provides system console access to system administrators from remote locations. The access to this service provides console access, remote media and the ability to cycle the power on the power distribution units for the system. See the Remote Access Section for more details. (Note: Add Link)
ITS is responsible for creating a Disaster Facilities Plan consisting of a customer list, customer contacts, power and rack requirements, key facility related contacts, and escalation and communication paths related to the equipment in its facilities. Customers will be responsible for developing their own disaster recovery plans for servers and services.
Ownership of Data/Data Management
- Authorized User – Individuals who have been granted access to specific information assets in the performance of their assigned duties.
- Business Owner – Senior official within the department accountable for managing (business function) information assets.
- Data Custodian - Technical contact(s) that have operational-level responsibility for managing data collections.
- Data Steward - The top-level executive having policy-level responsibility for a particular set of information assets.
- Classification Levels
- Level 1 – Low sensitivity (public data)
- Level 2 – Moderate sensitivity (non-public/internal data)
- Level 3 – Highly sensitive (confidential/ restricted data)
- Institutional data - Information that supports the mission and operation of The University of Iowa.
- IT Asset Inventory - list of all computing and networking device owned, managed, or otherwise used by the departments.
Supported computing environment
The ITF maintains minimum standards for equipment that can be accommodated in its facility. These minimum system standards preserve power and cooling requirements for use by all departments and allow the most efficient use of campus resources. ITF server cabinets can accommodate systems that conform to the following specifications:
- Rack Support: 19-inch, four-post rack-mountable equipment
- Rails: Order rails with NO cable management
- Power Supply: Dual 208/220 volt power supplies for redundant power connectivity
- Power Cords: C13 connections provided requiring a C14 plug
- Dual Network Interface Cards (NICs) specifically for redundant network connectivity
Systems that are rack mountable and meet Computer Security Protections Checklist but do not have dual NICs, dual power supplies, or remote management capabilities can be installed with a corresponding effect on redundancy and remote management capabilities (refer to "Power and Backup Power," "Network," and "Remote Server Access" in this document for an explanation of the impacts). These configurations will be discussed on a case-by-case basis and documented. It may also be possible to modify existing systems to add power supplies, NICs and remote management ports.
Depending on the configuration of the system, all ancillary equipment will be proximate to service equipment and ideally will be located within the same rack. Examples of ancillary equipment include:
- Load balancers
- Tape backup systems (internal or external)
- External storage/fibre channel connections
- IP-based KVM (keyboard, video, mouse) switches
- IP-based serial console servers
- Network switches
Ancillary equipment will be discussed on a case-by-case basis and documented.
- Maintenance of the data center chilled water and environmental systems.
- Monitoring and control of climate conditions in the data center.
- Responding to climate-related alerts resulting from variations from climate conditions that exceed system thresholds (for example, excessive temperatures, hot spots, etc.).
Fire Detection and Suppression
- Early warning detection system.
- Individually zoned, double-interlocked, pre-action fire suppression system.
- Dry pipe with water suppression in the event of a fire.
- Maintenance of all sensors and alarms.
- Maintenance of the fire suppression system.
- Monitoring of, and response to, all related alerts and alarms.
- Compliance with relevant certification and fire code requirements.
- Maintenance of the uninterruptible power supply system.
- Maintenance of the back-up generators and related systems.
- Connection to the electrical source.
Grounds and building maintenance.
The University of Iowa maintains building insurance to cover the cost of facilities. Insurance of equipment is the responsibility Business Owner.
All requests for technical support will be logged using the ITS centralized ticketing system.
All requests for technical support will be logged using the ITS centralized ticketing system to enable us to appropriately assign and track the progress of your request. Staff will coordinate with customers to complete all tasks. Customers will be informed by e-mail from the ticketing system when requests have been completed.
- For service requests that do not require immediate attention, send an e-mail message to firstname.lastname@example.org. This will create a ticket and will follow the standard ITS SLA initial response time of 4 hours.
- Emergency Technical Support for any issue requiring immediate attention (less than 4 hours), such as the reboot of a server or other troubleshooting activity, call 319-384-4357. The operators are on duty 24/7 to support you and will respond within 20 minutes. Customers must provide a contact method when they contact the ITF.
Monitoring and Notification
ITS will monitor systems in the Co-Managed, ITS-Hosted and ITS-Secure environments.
Moving to the Data Center
ITF staff will provide a process, consulting, and move assistance for customers who wish to move equipment into the data center. If the equipment is too much for ITS staff to move with existing vehicles, the customer may be asked to bear the cost of moving equipment to the facility. ITS can provide recommendations for vendors to perform this work.
ITS will notify customers about both scheduled and unscheduled maintenance using the ITS Alerts and Outages site of service availability and service delivery issues. Services may not be available during the maintenance periods.
ITS maintains a number of data center infrastructure days. Data Center infrastructure work can require extended outages for all services in the data center. Examples of such work include changes to our electrical, mechanical, network or firewall infrastructure. The most visible example of such work was the electrical work in June 2007 which required that we shut down the entire data center for several hours.
ITS strongly recommends that all systems have a scheduled maintenance window. This would allow the system to be updated for security patches, changing of failed hardware and updating of systems software. It is strongly recommended that all maintenance work be done during scheduled maintenance windows.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the ITS Services Status page.
ITS will maintain a mailing list of customer contacts who will be notified of planned maintenance and unplanned events. Customers must notify ITS of any changes to contact information as part of providing escalation path information. Contact lists will be reviewed periodically.
Access to Facilities
- Remote Access - Systems Administration
- Preferred method of systems access, however, this access could be paired with Level 1, 2 or 3 access.
- Limited to assigned systems using AD access groups.
- Can include serial console access, KVM console access, remote power (toggle PDU ports), VM console access and remote media capabilities
- Escorted Access - Secondary/Vendor Support
- Closely monitored access given to people who have a legitimate business need for infrequent access to the Data Center, where “Infrequent access” access is defined as less than 15 days per year.
- A person given Escorted Access to an ITS Core Facility must have assigned supervision by a person with Controlling Access
- A person with Escorted Access must not allow any other person to enter or leave the area.
- Unescorted Access - Primary Support Staff
- Granted to a person who has a legitimate business reason for unsupervised access - An example of this would be a faculty member (or his/her Systems Administrator designee) who requires physical access to work on their system(s).
- Unescorted access personnel must seek approval by personnel with Controlling Access authority to grant escorted access to visitors.
- The grantor (Unescorted Access person seeking approval) is responsible for the visitor(s) and must escort them in the Core Facility at all times.
- Controlling Access - Infrastructure Owner
- Controlling Access is generally granted to staff whose job responsibilities include managing and supporting the facility's core infrastructure.
- These individuals also have the authority to grant temporary access to IT Facilities and to authorize others.
- Any individual receiving Controlling Access must successfully complete a criminal and credential background check.
All parties agree to be aware of and adhere to the university's Acceptable Use Policy.
Customers agrees to:
- Provide vendor name, model number, and specifications for equipment to be co-located.
- Follow documented communications and ticketing process.
- Order systems that are consistent with the supported system standards defined in the Supported Computing Environment section. When considering systems that may not conform to the standard, customer agrees to consult with ITS prior to purchasing.
- Properly configure systems to use the redundant network equipment provided in the facility.
- Develop disaster recovery plans for servers and services.
- Identify staff authorized for remote and on-site (escorted) access to the facility and systems co-located therein.
- Define an escalation path outlining who should be contacted and when in the event of problems with systems that are monitored by ITF staff.
- Abide by security procedures that control access to the facility.
- Manage the hardware lifecycle of systems co-located in the ITF.