CSU’s Hosted VM Service is designed to be a persistent IT service provided to the CSU community by ACNS. The Service will lease virtual machines (VMs) and file storage to any CSU entity on a cost recovery basis. The cost recovery includes amortization, replacement and possible expansion of the Service. The goal of the Service is to be self-sustaining in perpetuity.
Hosted VM Service allows the Lessee to amortize the initial capital investment in a physical server and storage hardware over time. The Lessee also avoids such server room investments as power, air conditioning, security, fire suppression, networking hardware and human resources to attend to all of the above for their continuing operation. Furthermore, the Lessee avoids the backup liability for that server, including the cost of backup hardware, licenses, human resources and consumables.
Governance and Decision Making
The Service is documented in this and Related Documents. IAC is responsible for approving all changes to this document and oversight of the related policy documents. ACNS is responsible for maintaining these documents. Changes to the Service will be communicated to the CSU IT community (through IAC at a minimum) by ACNS.
Hosted VM Service – Service Level Agreement
Hosted VM Service – Fees & Technical Description
Hosted VM Service – Business Plan
In the event that a circumstance or issue arises between or among Lessee(s) and ACNS about the use or implementation of the Hosted VM Service that is not adequately addressed in these Policies, or cannot satisfactorily be settled by mutual agreement among the interested parties, then the Vice President for IT will decide the issue or circumstance.
The effective date for any changes to the policy and its Related Documents will be applicable to all lessees unless otherwise stipulated.
General Description of Services Provided
- Physical compute, storage and networking resources hosted on enterprise-class hardware, with equipment lifecycle replacement built into the lease amount.
- Regular and timely backup of all VMs and data. Restoration from those backups is possible for explicit periods.
- Patching and upgrades of hardware, host OS and hypervisor will typically occur without service interruption of the guest VMs. If an interruption is required, it will be coordinated and scheduled with the affected Lessee(s).
- System administration, including:
- Proactive review of host system parameters, logs and performance counters to identify and correct existing and potential hardware problems, and host OS and resource problems
- Timely patches and upgrades necessary to maintain the host virtual environment
- System performance tuning to optimize Lessee workloads
- Assign disk space, manage permissions and security groups
- Coordinate vendor-provided maintenance and support
- Capacity planning
- Prioritize capacity and resource needs among leased production, development and test systems
- Manage and verify the integrity of backups of VMs
- Manage and support the physical and logical network infrastructure necessary to allow the leased VMs to act as part of Lessee’s departmental CSU subnet(s)
- ACNS will maintain strict, limited access to host systems, hypervisors, etc. Only authorized personnel will have administrative access to host systems.
- ACNS will not have administrative access to VM guest operating systems, and will strictly adhere to administrative boundaries set between the guest and host operating systems.
(Services may change from time to time by the action of the IAC.)
Services of the Hosted VM Service are leased under the policies of this document and its Related Documents. Particular reference herewith is made to the Hosted VM Service – Service Level Agreement as an important supporting document. Services are billed in accordance with institutional conventions. Lessee may request changes in VM configuration at any time. Services used during any part of a month are billed for the entire month. Lessee may cancel a service with 30 days’ advance notice.
Hosted VM Service is a persistent ACNS service, therefore it is not anticipated that the Service will be discontinued. But if CSU management decides to discontinue this Service, they will give the CSU community at least 1 year’s notice.
Fees associated with this Service are determined and published annually, prior to each fiscal year, based on the cost recovery model and the Business Plan. Fees are available in Fees & Technical Description.
A basic VM configuration is available, and is specified in the Fees and Technical Description document. Custom VM configurations are also available, and the cost is based upon three variable attributes of the VM:
Number and type of configured CPUs Fixed fee per CPU/year
Amount of configured RAM GB/year
Disk Storage GB/tier/year
Tiers of storage (High performance, normal performance) may be available at varying costs/GB/year, depending upon the cost of the storage.
Optional long-term storage: Charge for storing data beyond standard retention period GB/year
Costs for the month will be based on the maximum resources allocated to the VM, regardless of the point in the month at which they are allocated.
For detailed descriptions of hardware, storage and VM components of the Service, see Fees & Technical Description.
Disposition of Data
After Lessee has stopped using the Hosted VM Service, ACNS and Lessee will collaborate to ensure the Lessee can retrieve all its Content and Data in a complete and secure format, including schema, definitions, documentation, and attachments in their native formats, up to the normal backup retention period. There will be a fixed charge for this service, detailed in the document ‘Fees & Technical Description.’ After that period, ACNS will allow all copies of this VM and its data to expire and disappear.
General Description of Backup of VMs and Data, Data Recovery
Periodic data backups will be performed for each leased VM. Response times for VM snapshot and file restoration requests (if no lessee self-service restore capability exists) are detailed in the “Severity Level Response” section of the Hosted VM Service’s Service Level Agreement.
For detailed descriptions of backup operations of the Service, see Fees & Technical Description.
Security and Performance
Virtualization of information resources does not render existing security needs and policies obsolete; as such, the IT Security Policy is still in effect. For example, ACNS already has the authority to scan any (virtual) system, and to take appropriate action as required “to maintain the integrity and functionality of the University’s IT environment. This may include, but is not limited to, traffic analysis and disabling access to individual or multiple computers” (IT Security Policy, version 1.12, Section II.2, Network Security). Similarly, any virtual system containing sensitive information must be registered with ACNS and is subject to regular, active vulnerability scanning. The administrator of a virtual system should continue to observe the existing requirements regarding operating system updates, application patching, service isolation, logging, backup, data protection, etc. Finally, where appropriate, software firewalls and anti-virus software should be considered in the same way they might be deployed on a physical server.
In addition, however, virtualization introduces the possibility of other avenues of intentional or inadvertent damage. The virtualization host and its switching solution represent an additional system to protect, as well as a less-visible, less-controllable network environment than the physically wired infrastructure. ACNS will keep abreast of the evolution of virtualization technologies, and will diligently administer the VM hosts, with the following limitations. Applications involved in credit card transactions will not be permitted, due to the difficulty of ensuring adequate segmentation according to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS).
Finally, due to the multi-tenant nature of the VM Service, ACNS must also maintain the optimal performance of the Service for the tenant community as a whole. This means ACNS must retain the right to intervene in the operation of individual VMs, up to and including shutting it down, if that VM is materially affecting the ability of the Service to function.
For detailed descriptions of the security policies of the Service, see Fees & Technical Description.
- Lessee assumes all responsibilities and support for the guest OS, including but not limited to the installation, administration, patching, upgrades, configuration, programming, security, security scans, security compliance, firewalls, network addressing and management, and including any and all installations of software and related components to be used on the guest OS.
- Lessee is responsible for installing any host management tools as requested by ACNS.
- Lessee is responsible for the compliance of their VM with all applicable CSU security, privacy, IT and other policies and procedures, and with applicable state and federal laws and regulations.
- Lessee is responsible for all intrusion detection, AVAS, log inspection and other forms of system integrity tracking, performance monitoring and troubleshooting for the VM.
- Lessee assumes all responsibilities for the proper licensing of all software, including the OS installed on the VMs, except where this is expressly arranged otherwise with ACNS because of host OS licensing terms.
- Lessee must maintain a contact list with ACNS, consisting of Technical and Fiscal personnel contact information.
- Lessee decides which accounts have root or local admin access to the VMs.
- LESSEE IS RESPONSIBLE FOR VERY TIMELY PATCHING OF THEIR GUEST OS WITH VENDOR-SUPPLIED FIXES OF SECURITY VULNERABILITIES.
- Lessee will not be granted physical access to the hardware supporting their VM, or other on-site services not expressly included in these policies.
- ACNS cannot be responsible for, but will provide advice and guidance for the installation, configuration or management of guest operating systems, and a library of pre-configured operating systems to facilitate guest OS installation. See Fees & Technical Description.
- ACNS has no obligation to assist in the installation, configuration, or management, or the design or modification of software code or applications, or the support of any of the foregoing, hosted on the VM.
- VM guest operating systems are limited, in general, to Linux-based and Microsoft Windows-based, server-class operating systems (see Fees & Technical Description). Exceptions may be made for other types of operating systems, but ACNS has final discretion. Generally, all operating systems that have mainstream vendor support can be supported. Only in critical-need scenarios will ACNS support the installation of a guest OS that is past its vendor-published end of life. ACNS will maintain a list of operating systems that are officially supported by the vendor of the virtualization software. Although not required, ACNS recommends that the guest OS be chosen from this list when possible to maintain eligibility for vendor support.
- ACNS will not support products that do not meet the CSU Acceptable Use Policy and other applicable University policies.