Introduction

This article contains three sections with information related to the co-managed service:

 

Definitions

Platform – For purposes of this service, “platform”, in the context of responsibility for EI-TPS, refers to software or hardware systems that are used in the delivery of co-managed systems.  This includes the following:

  • Physical platform systems:
    • KVM
    • Power controls
    • Server hardware
  • Virtual platform systems
    • Any hardware that is used to run hypervisor software
    • VMware hypervisors and vCenter management software
    • Hyper-V hypervisors and VMM management software
  • Cloud platform systems
    • The context of responsibility for cloud platform systems ends with the global security, identity, and configuration policies for AWS or Microsoft Azure that are put in place for every cloud account, regardless of function.
  • Storage platform systems
    • Any storage hardware that is used to provide storage services to virtual or physical systems
    • Any management software that is used to manage storage hardware
  • OS Management systems
    • Any hardware used to run central OS patch management software
    • Any software used to centrally manage OS patching functions
  • Support systems
    • Monitoring for any of the previously mentioned platform systems
    • Backup and Disaster recovery for any of the previously mentioned platform systems

NOTE:  Networking infrastructure is managed by the Network Engineering Services team.

 

Co-Managed Service – To help frame the context of this service, the co-managed service provides the following:

  • For physical servers:
    • We will work with the customer to determine hardware for their need, including ordering and purchasing.
      • The customer owns the hardware, which must be purchased up front.
    • We will coordinate the installation of the hardware in the datacenter and installation and initial configuration of the OS of your choice (Linux or Windows)
    • We will maintain and monitor the hardware for failures
  • For virtual servers:
    • We will deploy a virtual server conforming to the customer specifications in the request
    • We will coordinate the installation and configuration of the virtual machine with the OS of your choice (Linux or Windows)
  • For all servers:
    • We will provide security patching services for the OS only (not the applications) on an approximately monthly basis (emergency security incidents may warrant out of band patching with very short notice)
    • We will ensure that backups and disaster recovery processes are functional and in place
    • We will respond to requests for resource changes, questions, and ticket escalations as necessary.
    • Data Levels 1 and 2 are available.  Levels 3 and 4 are not currently available to co-managed users.
  • Additional information:

Overview for the co-managed service

Broadly, the co-managed service is similar to the customer-managed service (formerly known as co-lo), except that the co-managed service also provides OS installation and OS security patching.  The co-managed service differs from the EI-Managed Application Services (Specialized and Core Application Services) in that co-managed is a hands-off service where the administration of the server and the application, outside of OS and Security updates, falls to the end customer.  Customers who choose to run their services under the co-managed service should be aware of the following parameters for the service:

  • There is NO dedicated systems administrator for your application.  Responsibility for administration, installation, security updates and ongoing maintenance of any application or updates to any related tools or software (i.e. specialty browsers, software applications, etc...) will fall to the customer.
  • As of this writing, monitoring and alerting of co-managed servers is only done at the platform level, meaning customers will need to provide their own monitoring and alerting/paging of the server and application if they so desire.  There are plans to offer a monitoring service to fill this gap by Spring of 2021.
  • 24x7 support IS included and available for platform level issues (see definition above).  Support for application issues is not included in the cost of this service.  There are options to obtain a la carte Systems Administrator support from the Specialized Applications team at an hourly billable rate should the need arise.
  • SSL Certificate management is the responsibility of the customer

 

ITS and Customer Responsibilities

ITS Responsibilities

  • Provide shared root / administrator to customer.
  • Install OS patches during predetermined maintenance windows.
  • Monitoring and alerting for the platforms that support the system (Hypervisors, storage hardware, etc).
  • Configuration of host firewall rules for Linux systems
  • Drive / Filesystem size adjustments upon customer request.
  • System backup and restore capabilities, including snapshots or other DR services as provided by EI-TPS.
    • This does not explicitly include database backups in the default configuration.
    • In some cases, backups and restores will be full-system / crash-consistent
    • Additional detail can be found in the article on Backup and Recovery of Virtual Servers
    • Contact its-ei-tps@iowa.uiowa.edu for additional discussion about backup and restore and how we can meet your needs.

Customer Responsibilities

  • Create and maintain service accounts according to IAM policies.
  • Configuration of host firewall rules for Windows systems
  • Coordination with ISPO for datacenter firewall changes (all OSes)
  • All application related items, including installation, configuration, troubleshooting, and security patching.  Customers are responsible for adhering and understanding the terms and obligations of any software licenses for applications they install.
  • TLS certificate installation and renewal.
  • Application monitoring if desired*.
  • Database backups, administration, configuration, and patching, if required.
  • Adherence to all applicable University IT policies.

* EI-TPS is working on offering a platform from which customers can build out monitoring and alerting capabilities specific to their needs, estimated to be available in Q3-Q4 2021.

 

Please see the FAQ page for additional information about this service.

 


 
Article number: 
120636
Last updated: 
May 25, 2021