Unix Managed Server Policies

Overview

Congratulations on your purchase of a Unix Managed Server. Here is a brief overview of what you've purchased:

Server(s) with CPU, memory and disk configuration of your choice.
Managed operating system (OS) and OS-supplied packages, including timely updates of vulnerabilities and testing of updates before deployment.
Managed Apache, database and supporting web technologies for web and non-web based applications.
Managed integrations with UW identity services such as UWNetID, Groups Service and two-factor authentication.

Updates and configuration management changes are applied every Wednesday morning starting at 02:00 PST.
Unix Managed Servers are rebooted quarterly on a regular schedule to apply security updates.
High severity issues may arise that require more immediate action. We reserve the right to apply changes or perform reboots outside of our normal cycle if required.
Customer initiated reboots are allowed but must be performed in coordination with the Linux managed server team.

How we manage your server:

All systems are patched and maintained with security updates and enhancements supplied by our operating system vendors: Canonical (Ubuntu), CentOS.org (CentOS), and Red Hat (Red Hat Enterprise Linux.)
All managed software is fully configured and maintained. We will work with you to customize managed software to suit.
The server and managed services are monitored 24x7 for availability and staff are on-call to resolve any incidents.
Systems running Ubuntu or Red Hat Enterprise Linux 8
- Newer managed servers are managed with Ansible.
- Ansible is a widely used and open source configuration management system that is line with industry standards.
Systems running CentOS/RHEL 7
- Older managed servers are managed with the Ref management system.
- Ref is a "strongly managed" system that maintains strict control over files it manages. This means that almost all changes made outside of /data, e.g. files in /etc or /opt will be automatically reverted. Therefore it is important to coordinate any changes to the operating system or managed applications with UW-IT staff.

Upon request we will install any Ubuntu/RHEL provided package that is regularly maintained and updated.
Packages will not be installed which:
- are no longer maintained
- have well known vulnerabilities
- conflict with other packages or configurations we use to manage your server.
We do not install and maintain third-party software.

You may install software and server daemons which implement a service you require.
Custom systemd service unit files can be supplied by customers to be installed by Managed Server engineers.
Schedule jobs (cron jobs) can be customer created as needed. Coordinate with us for jobs which run as root.

Managed servers are managed, so we discourage customers from using root on the servers as it can interfere with our management and operations. In most situations, we can arrange the system to allow you to do your work without needing root access.
We will give root to customers upon request but we advise customers to proceed with extreme caution. We cannot guarantee the security or stability of a system where changes are being made outside our standard processes. There is also a risk that customer modifications may render a system unresponsive or misconfigured and result in significant downtime to diagnose and repair.

System backups of a server to tape or other offsite storage are an additional cost item and are enabled on a per-server basis by customer request
What is backed up:
- On RHEL 8+ and Ubuntu systems backups will include the entire system by default.
- On RHEL/Centos 7 systems backups include only /data file system as the remainder of the system is managed in a way which is recoverable.
We can customize (include/exclude) directories which are backed-up.