This article details Frequently Asked Questions (FAQ) related to the co-managed service. These questions and answers are categorized under the following headers:
- Systems Administration
- OS Patching
- Load Balancing
- Disaster Recovery
- Platform Management Expectations
- Physical Co-Managed Systems
Have a suggestion for a Frequently Asked Question that we should add to this page? Please let us know!
What items are monitored by Technology Platform Services?
EI-TPS will monitor and alert their on-call staff for any issues related to the platforms providing the service. This includes back-end storage, virtualization hypervisor hardware, and disaster recovery services. Additionally, EI-TPS will monitor availability of a co-managed server as it relates to the ability to maintain OS security patching on the system. As of this writing, EI-TPS does NOT monitor or alert on co-managed servers in any way that will be escalated to end customers. For more information on available monitoring services that may be able to address this gap, please see the Support Articles for the System Monitoring and Alerting section of the ITS Service Catalog.
What if a disk is full or getting full due to an application level issue?
Currently, EI-TPS does not monitor or alert for this condition. If a customer notes that a disk is full, or getting close to full, they should open a help desk ticket to request additional disk space for the system in question. If a full disk impacts the capability of EI-TPS to perform normal security and OS patching operations, the issue may be resolved, at the discretion of EI-TPS, by either growing the disk and completing the patching, or working with the customer to resolve the item.
What is monitored and alerted 24x7 for the platform, and when does alert information get sent to the customer?
EI-TPS monitors and alerts within the team for many aspects of the platforms that provide this service, including metrics for availability, performance and throughput, capacity, and other benchmarks that could have an impact on the delivery of the service. Currently, EI-TPS does not share these platform level alerts outside of the operations team. However, when platform impacting issues arise, information detailing the issue is typically shared via the Help Desk outage page from the first notice of the issue through issue resolution.
What is monitored and alerted 24x7 for the server, and when does alert information get sent to the customer?
At this time, EI-TPS does not monitor or alert for a co-managed server, outside of availability for OS Patching services. Because of this dynamic, no alert information for an individual server is currently available to be shared with the customer. There are plans to offer a monitoring service to customers to fill this gap by Spring of 2021.
Will customers be able to add application level monitoring to the Prometheus monitoring service?
Yes, when that service is available to customers. It is currently on track for availability in the Spring of 2021. For immediate needs, customers can implement their own monitoring, but are strongly encouraged to reach out to the TPS Monitoring team for additional discussion first.
Are there things a co-managed customer cannot do from a systems administration perspective?
Generally speaking, the following actions require opening a help desk request, or further discussion with EI-TPS:
- Hardware (or virtual hardware) console access, unless granted in vCenter
- Access to modify hardware (disk, memory, CPU, network connectivity, subnet changes)
- Creation, deletion, and rollback of virtualization snapshots
- Rollback to disk image snapshots
- Inventory changes and updates
- Host firewall modifications
- Management via puppet
- Changing root or admin passwords
- Uninstalling agents or other management tools
How is the decision made whether an issue is an application or platform issue?
We will rely on the customer to know their application and make this distinction. If the customer feels there is an issue that is impacted by something at the platform level, they are encouraged to open a support ticket and engage with EI-TPS operations staff to investigate it and work towards resolution. Customers are encouraged to pay attention to Help Desk Alert notices and maintenance pages to ensure they are aware of any maintenance or other items going on that may affect the service or a platform.
Who provides application support for co-managed systems and how does the customer engage with the support group?
All application support for co-managed systems is expected to be done by the customer. Customers who need to escalate to platform services for additional support or troubleshooting should follow the process of opening a help desk ticket detailing their issue. The Help Desk ticketing system provides EI-TPS with valuable metrics including how often certain issues are happening, how much time is being taken to respond to tickets, and how long problem resolutions are taking. These metrics will help us improve our services over time. Because direct email, phone calls, or instant messages bypass the mechanisms that collect and report these valuable metrics, emailing or directly contacting the EI-TPS staff regarding a system issue without first opening a support ticket is highly discouraged.
If there is a need for a systems administrator to assist with configuration of an application, that service can be obtained a la carte from the Specialized Application Services team. The recommended method of engagement for this is to open a help desk ticket detailing your need, and it will be routed to an admin for follow up.
Is 24x7 support available for a co-managed system?
For the platforms that host the system, yes. In this case, that means things like storage systems, hypervisors, network gear, etc. EI-TPS does not provide support for the individual server on a 24x7 basis. If you have servers that need application coverage at this level, you are encouraged to consider the Core Application Service, which is designed to provide this level of coverage.
What happens if an OS patch causes an issue with an application?
First and foremost, customers with this concern are strongly encouraged to request a "testing" server for your application to test out upgrades prior to production deployment. EI-TPS is happy to modify patch windows such that testing servers get patched early in the rotation, giving time to verify that upgrades have not caused any issues with the software prior to deployment to production. In the case where an OS patch has caused an issue with an application, customers should open a ticket with the Help Desk detailing the issue. This will be escalated to an EI-TPS team member who will investigate and work to resolve the issue. In the event that there is an emergency situation, the ticket should be marked critical, and the Help Desk can be instructed to page the on-call staff for Technology Platform Services for expedited attention to the issue.
What if I have OS-provided software that I do not want patched as part of the OS patching process?
Examples might include java or apache on Linux, or specific OS-provided optional components or software for Windows.
In most cases, we can accommodate these requests. We would ask that you reach out to firstname.lastname@example.org to discuss your request further.
How are host level firewall rules managed for co-managed servers?
On Windows, these rules are managed using Active Directory GPOs. On Linux, these rules are managed using Puppet. In both cases, we are looking into ways to make this feature available to customers to manage on their own, but as of this writing, we do not yet have an implementation in place. As such, requests for modifications to host firewall rules can be made via a help desk ticket, and the request will be resolved by an EI-TPS staff member.
As a reminder, rules modifications for Datacenter Firewalls operated by ISPO can be made by customers, using this form: https://workflow.uiowa.edu/form/firewall-request.
What if a security concern is identified by ISPO?
If ISPO identifies a security concern of a nature that EI-TPS can resolve, we will do so. However, since EI-TPS does not have administration responsibility for applications, it is possible that resolution may warrant ISPO working first directly with the customer, and potentially calling in SAS systems administrators to help resolve the issue. In either case, we will cooperate to the fullest extent with ISPO staff to ensure the security of the system.
Are F5 load balancing services available to co-managed customers?
Not at this time. A Service Review of the F5 Load Balancing service is planned for Spring 2021, at which time customers can provide feedback on this service and its availability.
What does backup and disaster recovery look like for a co-managed system?
The Backup and Disaster Recovery implementation consists of several systems that work together to provide effective protection against unforeseen issues with systems. They are briefly detailed below. Additional detail is available the article detailing Backup and Restore information.
Disk snapshots – Most Virtual Machines rely on storage that is provided via the NetApp storage system. This system provides a full snapshot of the entire disk image every twelve hours. Restores of this level of DR will restore the entire disk, not just a file. The cost of this feature is included in the service.
File level backups – Upon request, systems can take advantage of file level backups, where individual files on a drive are backed up to tape. In this case, restores can restore one or more individual files, rather than an entire disk. It is important to note that this feature is not enabled by default, and must be requested either at the time of request for the server, or it can be requested at a later time via a help desk ticket. There are limitations with this feature such that data is not retained longer than 60 days, and file level restores beyond this timeline are not possible.
Process – Customers who need a restore of any of the DR services should open a help desk ticket indicating their need, and it will be routed to the EI-TPS team for assistance.
What are the response time expectations for system management items that need to be requested, such as snapshot creation or rollback, addition of resources to a server, or some other item?
Our response goal is to have an initial response to issues received during business hours within 60 minutes. Users who need services during non-business hours are encouraged to proactively open a support ticket whenever possible. In emergency situations, the Help Desk can be notified to page the on-call operations staff.
What support is available for HA architecture (i.e., Windows Server clustering or some other type of HA solution) for co-managed customers?
At the time of this writing, due to the complexities of managing a clustered system architecture, HA architectures require the 24x7 systems administration services provided by Core Application Services. As such, there is currently not an offering for co-managed systems that require a clustered architecture.
Can I use puppet with a co-managed server?
As of this writing, the answer is no. However, EI staff are considering models where this can be an option in the future.
Can I put in any hardware I like?
No, all hardware for the co-managed service must be from a manufacturer that is supported by EI-TPS. We currently support only HPE hardware, and will work with customers to specify and quote hardware that meets their needs. From there, EI-TPS will take care of the ordering, installation, and initial setup of the hardware, and then grant access to the customer to install their applications. As part of this process, we require that all hardware be covered by a manufacturer's warranty, as well as licensure for iLO/OneView connectivity that we use to monitor and manage the hardware itself.
If this does not fit your needs, you may be more interested in the Customer-Managed hosting service instead.
Who owns the hardware?
The hardware is wholly owned by the customer for the life of the device. Costs for the hardware are charged up-front to a customer-provided MFK at the time of purchase.
Can I run my system without a warranty?
No, all hardware must be covered by a manufacturer's warranty. Typically, a 3-year warranty will be provided as part of the hardware quote, and this warranty can be renewed one time for extended coverage if needed.
Who determines disposal at the time of decommission?
The customer has full rights to determine what happens to the hardware after it is decommissioned. EI-TPS can assist with sending hardware to UI Surplus if it will no longer be used, or we can coordinate the return of the hardware directly to the customer after it has been removed from our datacenters.
Is Admin time for RMA's and hardware replacement covered or is it an extra charge?
There is no additional charge for this. It is covered as part of the base charge for the service.