Introduction
This article contains three sections with information related to the co-managed service:
- Definitions related to elements of the co-managed service.
- An overview of the co-managed service, in the context of the definitions provided.
- A breakdown of ITS and Customer Responsibilities.
Definitions
Platform – For purposes of this service, “platform”, in the context of responsibility for EI-TPS, refers to software or hardware systems that are used in the delivery of co-managed systems. This includes the following:
- Physical platform systems:
- KVM
- Power controls
- Server hardware
- Virtual platform systems
- Any hardware that is used to run hypervisor software
- VMware hypervisors and vCenter management software
- Hyper-V hypervisors and VMM management software
- Cloud platform systems
- The context of responsibility for cloud platform systems ends with the global security, identity, and configuration policies for AWS or Microsoft Azure that are put in place for every cloud account, regardless of function.
- Storage platform systems
- Any storage hardware that is used to provide storage services to virtual or physical systems
- Any management software that is used to manage storage hardware
- OS Management systems
- Any hardware used to run central OS patch management software
- Any software used to centrally manage OS patching functions
- Support systems
- Monitoring for any of the previously mentioned platform systems
- Backup and Disaster recovery for any of the previously mentioned platform systems
NOTE: Networking infrastructure is managed by the Network Engineering Services team.
Co-Managed Service – To help frame the context of this service, the co-managed service provides the following:
- For physical servers:
- We will work with the customer to determine hardware for their need, including ordering and purchasing.
- The customer owns the hardware, which must be purchased up front.
- We will coordinate the installation of the hardware in the datacenter and installation and initial configuration of the OS of your choice (Linux or Windows)
- We will maintain and monitor the hardware for failures
- We will work with the customer to determine hardware for their need, including ordering and purchasing.
- For virtual servers:
- We will deploy a virtual server conforming to the customer specifications in the request
- We will coordinate the installation and configuration of the virtual machine with the OS of your choice (Linux or Windows)
- For all servers:
- We will provide security patching services for the OS only (not the applications) on an approximately monthly basis (emergency security incidents may warrant out of band patching with very short notice)
- We will ensure that backups and disaster recovery processes are functional and in place
- We will respond to requests for resource changes, questions, and ticket escalations as necessary.
- Data Levels 1 and 2 are available. Levels 3 and 4 are not currently available to co-managed users.
- Additional information:
Overview for the co-managed service
Broadly, the co-managed service is similar to the customer-managed service (formerly known as co-lo), except that the co-managed service also provides OS installation and OS security patching. The co-managed service differs from the EI-Managed Application Services (Specialized and Core Application Services) in that co-managed is a hands-off service where the administration of the server and the application, outside of OS and Security updates, falls to the end customer. Customers who choose to run their services under the co-managed service should be aware of the following parameters for the service:
- There is NO dedicated systems administrator for your application. Responsibility for administration, installation, security updates and ongoing maintenance of any application or updates to any related tools or software (i.e. specialty browsers, software applications, etc...) will fall to the customer.
- Monitoring and alerting of co-managed servers is only done at the platform level. Customers who wish to monitor their application will need to contact TPS to configure monitoring and alerting.
- 24x7 support IS included and available for platform level issues (see definition above). Support for application issues is not included in the cost of this service. There are options to obtain a la carte Systems Administrator support from the Specialized Applications team at an hourly billable rate should the need arise.
- SSL Certificate management is the responsibility of the customer
ITS and Customer Responsibilities
ITS Responsibilities
- Provide shared root / administrator to customer.
- Install OS patches during predetermined maintenance windows.
- Monitoring and alerting for the platforms that support the system (Hypervisors, storage hardware, etc).
- Configuration of host firewall rules for Linux systems
- Drive size adjustments upon customer request.
- System backup and restore capabilities, including snapshots or other DR services as provided by EI-TPS.
- This does not explicitly include database backups in the default configuration.
- In some cases, backups and restores will be full-system / crash-consistent
- Additional detail can be found in the article on Backup and Recovery of Virtual Servers
- Contact its-ei-tps@iowa.uiowa.edu for additional discussion about backup and restore and how we can meet your needs.
Customer Responsibilities
- Create and maintain service accounts according to IAM policies
- Configuration of host firewall rules for Windows systems
- Coordination with ISPO for datacenter firewall changes (all OSes)
- All application related items, including installation, configuration, monitoring, troubleshooting, and security patching. Customers are responsible for adhering to and understanding the terms and obligations of any software licenses for applications they install
- TLS certificate installation and renewal
- Filesystem changes related to disk size changes
- Database backups, administration, configuration, and patching, if required
- Adherence to all applicable University IT policies
Please see the FAQ page for additional information about this service.