Terms and Conditions (2023)
The Clinical School Computing Service (CSCS) provides managed server hosting, whereby a virtual or physical private server is hosted in CSCS’s server room(s) on behalf of the customer. This hosting ensures that a server has both resilient power and cooling and is located in a secure, controlled environment. We will advise whether a virtual or physical server will best suit then end use case after consultation with the user(s).
In the context of customer hosting we offer:
- Rack rental (see 2. below, where the customer is responsible for all system maintenance and backup)
- A managed virtual server
- A managed physical server service
- Managed servers, CSCS will perform all routine operating system maintenance, as well as backup to an offsite location.
- We are phasing out unmnaged physical and virtual servers and no longer offer this as a service
In all hosting options the customer is responsible for installing, configuring and maintaining additional applications; although assistance with set-up can be arranged for an hourly charge.
1. Virtual Server Hosting
Virtual servers are a popular choice. A virtual machine (VM) is a software implementation of a server that emulates a real server. Since servers tend not to be busy 100% of the time, many virtual servers can run on a single physical server, which saves on space, power and cooling requirements. Virtual Servers are suitable for the majority of non-intensive workloads, e.g. web server, file server and small to medium databases that do not perform extensive computational work.
Using a virtual server is often preferable to physical servers due to:
- Improved reliability – virtual servers don’t suffer hardware failures, and in the event of host hardware failure, a virtual server can be easily moved to another physical server, minimising downtime.
- Lower cost as the infrastructure is shared amongst many virtual machines
- Improved disaster recovery – a virtual sever can easily be restored from backup.
- Simplified licensing – all virtual servers running on CSCS hardware are automatically licensed to run Windows Server (although you may still run an alternative OS if you wish).
A standard virtual machine comes with the following hardware configuration:
- 2 x CPU cores (Intel Xeon)
- 4 GB RAM
- 50GB Virtual Hard Disk for the Operating System (OS) (offsite mirrored)
- Single network connection
CSCS can customise the virtual hardware to meet your requirements, including adding additional CPU, RAM or storage. These options will be available in the application form on our website. Changes to virtual hardware can usually be applied quickly and in many cases without disrupting the operation of the virtual machine.
Virtual servers are provided with the operating system (OS) installed, patched and configured to communicate on the network. During the creation of the virtual server you will be able to choose from a selection of OS that CSCS currently recommend. Alternative OS may be used assuming compatibility with the underlying hypervisor. CSCS can offer advice on a suitable OS for your intended use.
CSCS require that all operating systems installed are currently under vendor support for security patches.
If you choose to have a Microsoft Windows Server operating system, then the license for the operating system is included.
CSCS recommends the use of virtual servers in all cases except:
- Where processor or I/O (input/output operations on a physical disk) intensive applications are used e.g. High Performance Compute Clusters (HPCs).
- Where large quantities of RAM are required
- In rare occasions where third party software manufacturers do not support their application on a VM
- When the machine requires a connection to a physical device, such as a USB licence key
If you are unsure whether a virtual server is suitable for your needs, then CSCS can discuss your intended use with you and offer advice on solutions.
2. Physical Server Hosting (Rack Rental)
In Physical Hosting (sometimes called “rack rental”), space is offered in our racks for you to locate and operate your own equipment. Physical Hosting space is sold in Rack Units, a standard measurement for server, storage and networking equipment. All available racks are 42U in height and they are provided with power distribution and blanking panels. For users with larger volumes of equipment we also offer discounted rates for the rental of whole or half racks.
CSCS maintain a list of all equipment that is hosted in the server room. Details of equipment that is installed under this agreement must be supplied to CSCS and CSCS must be notified in writing of any changes to the hosted equipment. The following information is required:
- Make and Model
- Serial Number
- Equipment height in U
We will also record the rack number and position of the equipment. If you are renting either a half or whole rack you will need to inform us what equipment is in each rack position.
These costs are designed for devices with medium power requirements such as file storage, webservers and backup devices. There will be a supplement for devices with a high power draw such as HPC nodes or large disk arrays. We will discuss the power requirements of your equipment with you before any hosting agreement starts and we will inform you if there will be an extra charge.
CSCS can offer in addition to the physical hosting service a number of supplementary services, including:
- Quoting, ordering and physical installation of equipment
- Single or twin Gigabit network connection including cables (additional network connections can be added charged at the standard network rate, please discuss this with CSCS during ordering of your server).
- Installation and configuration of the operating system
- 10GbE network connectivity. The customer would need to cover the cost of all components required to connect to the CSCS network
3. Managed Servers
A comprehensive service where CSCS is responsible for configuration, support and maintenance of your server. It is suitable for customers who want to pass the day to day running and configuration of the server to CSCS staff.
CSCS will ensure that the operating system is running, correctly configured and that security patches are applied in a timely manner.
Although we can work with you to install applications and configure the server to meet your needs, CSCS are unable to provide support for applications that are installed on the server. We can however work with you and software vendors to resolve issues if required.
CSCS will provide a full system backup of your server. This is defined as your operating system and boot volumes where applicable (i.e. C:\ drive for Windows, / and /boot for Linux, but not including other mounted file systems). We will provide 7 days of backups of your system, with these backups stored in an offsite location for redundancy purposes. Please note that this backup policy does not include secondary data drives or application drives if they are present, which should be backed up separately by you if needed. CSCS can offer more flexible backups including longer retention periods, inclusion of additional volumes or more frequent backups if required, however these customisations may incur additional charges. Please contact CSCS to discuss your requirements. If you are unsure if your data is being protected, please contact CSCS to discuss the backup configuration applied to your system.
4. CSCS Server Quoting and Setup Charges
CSCS can offer you advice on the types of server that will meet your requirements. These initial discussions to identify whether a virtual of physical server is the most appropriate solution are provided free of charge.
If a virtual server is required then it will be deployed and a basic configuration including the operating system, updates and network connection applied. There is no charge for the deployment of a virtual server.
If you require a physical server then CSCS can work with you to create a custom quote to match your service hardware and cost requirements. The process of determining the specification and providing you with a quote is charged at our standard hourly rate, and typically we find that 1 hour is sufficient. Once the equipment has arrived, if you are going to use our physical hosting service we will install the hardware into the racks for you.
If you are going to be using our Managed Service on the new hardware, then we will install and configure the operating system, updates and network connections as per your requirements.
If your server requires advanced configuration, or you require us to install applications beyond the basic operating system then an additional hourly charge may be applied. CSCS will always advise you of any charges that are likely to be incurred before starting any work.
5. Secure Data Hosting Service (SDHS)
CSCS offers a Secure Data Hosting Service (SDHS) providing a Safe Haven for members of the School to store sensitive data, including Patient Identifiable Data (PID). It is managed by CSCS in collaboration with the School Research Governance Officer.
Customers who require the ability to process data within the Safe Haven can apply for physical or virtual servers to be contained within this area. In order to meet the requirements of our data security policy all servers and systems contained within the Safe Haven must be managed by CSCS.
Access to the SDHS is provided using two factor authentication through a Citrix environment and is subject to the SDHS Security Policy. For more information and access to these policy documents please refer to the Information Governance page on the School’s website.
6. Network Connections, External Access and Firewall Configuration
The purpose of a server is to provide a service or resource to a selection of users. In order to make those resources available to the right people network access will be required.
CSCS have a number of different networks in operation, many with specific purposes. Servers can be configured on most of our networks depending on what is required. Most servers and equipment will be connected to our standard internal network which allows access for all internal users, but is not directly accessible from the internet. Other options include a DMZ, the SDHS or a specific departmental network. We will discuss with you the options before commencing configuration of your server.
Servers within the DMZ will require firewall rules for Egress and Ingress.
CSCS can allow servers hosted in our standard network to be accessed via the internet if required. For standard web access using HTTP (TCP 80) or HTTPS (TCP 443) we are able to publish the website through our web proxy appliances which offer a level of protection by scanning incoming web traffic.
Other external access may be able to be configured in special circumstances. Each request will be evaluated by the CSCS team on a case by case basis. Our default position is that we will not open ports on the firewall to allow direct access to a server. A variety of remote access solutions, including a VPN service, are provided by CSCS which you can use to access your system from outside of the CSCS network if required.
All requests for access both in to and out from the SDHS will be evaluated by the CSCS team on a case by case basis. By default there is no direct access to any systems held within the SDHS. All exceptions will require justification and will need to be reviewed by the CSCS team in conjunction with the School Research Governance Officer to assess the risks.
7. CSCS Server Hosting – Service Level Agreement (SLA)
This section of this document details the Service Level Agreement that CSCS sets for hosting physical or virtual server/hardware within the Clinical School Server Rooms. It is not intended as a guarantee and it should not be taken as such. However, CSCS will always endeavour to abide by this where possible.
- CSCS Server rooms will be physically secured at all times
- Will provide a temperature controlled environment
- Will provide suitable power supply, backed up by a UPS
- Will provide an effective fire suppression system
7.2 Physical Equipment Hosting
- CSCS will provide suitable equipment racks, power distribution, network patch leads and blanking panels.
- Rack rails/brackets for equipment are to be provided by the customer. If rails are not available, then equipment is to be located on a rack shelf. Any costs for supply of rack rails or shelves shall be covered by the customer.
- Blanking panels must be installed in all empty rack spaces to facilitate correct air flow.
- Customers are to provide CSCS with details of the equipment to be hosted and must notify CSCS of any changes in the equipment to be hosted (or change in named primary contact).
- Charges will be levied for each full or partial rack unit (U) space occupied by the customer equipment and any rack accessories required to support the customer equipment.
- Access into CSCS Server Rooms will be provided during normal working hours (8:30am - 5:00pm, Mon – Fri). We request 24 hours’ notice for access, although we appreciate that in some circumstances this is not always possible. Access must be requested by means of a form on our website (https://cscs.medschl.cam.ac.uk/server-services/main-server-room-msr/).
- Access into CSCS Server Rooms outside of working hours can be arranged with CSCS. An extra charge will be applicable to cover staff charges calculated at 1.5 x the current hourly rate for each hour or part thereof.
- CSCS require that all physical equipment be covered by an active hardware maintenance agreement with the hardware vendor.
- Customers must not attempt to adjust or alter server room infrastructure, including air-conditioning, power and fire systems.
- Customers should only ever work on their own equipment, and must not interfere with any other equipment or control systems in the server room.
- Customers are to provide CSCS with a list of users authorised to access the hosted equipment. This same list of users will be used for communications regarding the hosting. A minimum of 2 contacts should be supplied.
- Where possible a CSCS will provide a minimum of 48 hours notice to customers where the power or networking is to be disrupted.
- All physical equipment remains the property of the customer.
- The backup of physical servers shall remain the customers responsibility. It is recommended that data sets are stored on central storage servers and then these shares are mounted from the server, large internal storage should only be used as am ephmerial scratch space.
7.3 Virtual Server Hosting
- CSCS will maintain a highly resilient virtual hosting platform which can allow for multiple hardware failures and still allow the customer's virtual server to operate.
- CSCS will provide the customer with the ability to access and manage the server, either through a console connection to the virtual server or through RDP, SSH or similar protocols.
- CSCS will take a snapshot backup of all virtual servers every night and retain the 7 most recent snapshots. This backup is a server level backup, and is not application specific. Application level backups and verification are the responsibility of the customer.
- All virtual server backups will be replicated to an offsite disaster recovery location after the backup has completed
7.4 Operating Systems, Software
- All operating systems that are installed and connected to the CSCS network must have active vendor support for security vulnerabilities
- All operating systems and software packages should be regularly patched to mitigate vulnerabilities. If the customer has chosen a Managed service, then CSCS will manage this patch process
- Customers are responsible for ensuring that all operating systems and software running on systems are correctly licensed. CSCS may request proof of licence compliance.
7.5 Managed Server Service
- CSCS will manage and monitor the configuration of the operating system.
- Configuration and maintenance of applications, optional features or components installed on the server is the responsibility of the customer.
- CSCS can liaise between customers and software vendors, including providing external access to a server for the purposes of software installation, configuration or troubleshooting.
- CSCS will have a full administrative rights or root access (as appropriate) on any managed server or storage, whether physical or virtual.
- The customer must agree with CSCS a routine maintenance schedule to allow the timely installation of patches. Wherever possible, CSCS will endeavour to patch systems automatically outside of working hours.
- If manual out-of-hours patching is required, the customer will cover all costs associated with providing this service.
- CSCS retains the right to install critical security patches and restart services or servers if required to mitigate severe vulnerabilities outside of the agreed maintenance schedules.
- CSCS will provide and monitor a backup solution for the server and all data. The exact backup regime will be discussed with the customer and agreed at the time of installation. By default, CSCS will take a backup every night and retain the last 7 backups. Backup schedules can be customised to meet the customer needs, but customisations may incur additional costs if further storage is required.
7.6 CSCS Rights
With respect to all of the services outlined above, CSCS reserves the right to:
- Shut down any equipment in the event of an environmental disaster.
- Shut down any equipment in the event of low UPS power or high environmental temperature.
- Disconnect and if necessary remove from the network, any server which has an adverse effect on the operation of any other service or system.
- Refuse or defer requests for any services.
- Discontinue an existing contract on any service if the server or equipment becomes a potential security threat.
- Use vulnerability detection tools to detect potential issues on any network connected device.
7.7 Charges and Termination
- Any charges incurred for these services must be paid in a timely manner.
- Termination of supplied services requires a minimum of 1 month’s notice in writing from either the customer or CSCS.
7.8 Software or applications (non research)
- Gaming or other non research software is not permitted
- Hosting resource intense peer to peer applications (video confercing / torrents etc) is not permitted
If you have any questions about this document or terms of this SLA then please contact the service desk via email@example.com