The information below focuses on the Research Server Centralization effort that has been mandated by university leaders. This information has been divided into three sections. In the first section, General Information, you can learn about the history and purpose of the centralization efforts and find information about whether the physical or virtual servers in your lab or office might be candidates for colocation. The second section, Current Servers, provides information about centralization of servers already in use. The third section, New Servers, offers suggestions on how to introduce new physical servers or request new virtual machines in the university's centralized infrastructure.
Please note that this is a living document. If you find there are questions not answered here or you have suggestions for information to add, please submit a ticket to help@case.edu, attention Research Server Centralization resolver group, detailing your suggestions.
Q: What prompted the Research Server Centralization effort?
A: In early 2016, the university’s leaders directed that all technology be centralized under the CIO. This decision came after university-based assessments regarding cyber security, business continuity, and disaster recovery. As a research institution we have risk exposure related to the possible loss or exposure of data used in research, teaching, and other university-related faculty activities. This includes cybercrime and other malicious activities. The process began in 2016 with the centralization of all administrative servers. As of 2019, the administrative servers have been collocated and the effort has proceeded to faculty research servers.
More information and context can be found at the following sites:
Q: How do I know if my machine is considered a candidate for centralization?
A: As described in the Faculty Guide to Server Centralization, the university defines a server as any computer system on campus that is accessible from off-campus via the Internet, or any storage system on campus that is connected to the campus network. However, there are a number of options available to faculty, and some exceptions to the process are possible.
-
If your machine is used only as an instrument control, an exception may be requested.
- If you have not done so already, you will need to work with the Information Security Office (ISO) by emailing help@case.edu requesting an instrument exception.
- Based on ISO investigation into the exception request and in adherence with University IT policy, there may be a need to have additional security controls applied, such as isolating the machine on a local network.
- If you or your lab has a machine intended to be accessible to the Internet for research purposes, or your machine has services (web server, license server, etc.) that can be moved to a secure VM or to MyApps, those services can be moved and the machine (with those services terminated) can be left as a workstation.
- Please note that University Marketing and Communications should be consulted before deciding the best location for your web site(s). Information on moving static sites to Drupal, the University's supported content management system, can be found below.
Q: What documentation is in place for University IT Policy with regard to research servers?
A: The Information Security Office provides extensive documentation around university security policies, training requirements, and best practices.
- University IT Policy documentation
- I-1 Acceptable Use of Information Technology Policy (AUP)
- II-3 Network Protocols and Use Policy
- II-6 Network Defense Policy
- Information Systems Controls (III-1c, d, and e), as applicable.
-
To better inform the community, foster best practices in protecting data and confidential information and safeguard the interests of the university and its constituents, the Information Security Office presents the following materials—courtesy of the SANS Institute—intended to be reviewed by all community members on a quarterly basis.
Q: What can I do to secure a research server?
A: The following recommendations can help ensure your research server is secure.
- Keep your operating system up to date. Update your system frequently through automatic security updates.
- Do not share passwords or accounts.
- Use a limited user account. Only use root or administrator accounts when necessary. Routinely remove accounts that are no longer needed.
- Do not allow root or administrator to remotely connect.
- Harden network access. Do not run unnecessary network services.
- Configure a host-based firewall to limit who can access the system on campus.
- Run antivirus and setup automatic updates.
- Keep servers behind the campus edge firewall.
- Separate server functions from desktop functions in order to lower the attack surface.
- Understand phishing and how clicking a link or accessing a website could cause malware to be installed on the server.
Q: How can I ensure I'm in compliance with University IT Policies?
A: The following recommendation can help to ensure you are in compliance with University IT Policies:
- Close ports 22 and 25 to all traffic and access your machine via VPN; or contact CWRU's Information Security Office and apply for a firewall default deny exception.
- Route Mail server traffic through university SMTP.
- This request can be made through the UTech Service Desk ticketing at help@case.edu or 368-HELP; request that the ticket be assigned to Email Support.
- Move data to Research Virtual Machine (RVM).
- Move web sites to Drupal. This service is provided either through your School/College or University Marketing and Communications.
- University Marketing and Communication - case.edu/umc/about-us/contact-our-team
- Case School of Engineering - Tom Seeber, tms118@case.edu
- College of Arts and Sciences - Tron Compton-Engle, tron.compton-engle@case.edu
- Frances Payne Bolton School of Nursing - David Pilasky, david.pilasky@case.edu
- Jack, Joseph and Morton Mandel School of Applied Social Sciences - Eileen Connell, eileen.connell@case.edu
- School of Dental Medicine - Andrew Rukovena, andrew.rukovena@case.edu
- School of Law - Eileen Connell, eileen.connell@case.edu
- School of Medicine - David Pilasky, david.pilasky@case.edu
- Weatherhead School of Management - Eileen Connell, eileen.connell@case.edu
- Utilize Citrix MyApps and terminate those services currently on your local machine. If the software you need is not currently available on MyApps, please contact the Case HelpDesk. Create a ticket assigned to the VDI resolver group indicating what application(s) you would like added to the suite of options.
- Work with the Research Server Centralization project team to relocate your machine physically to the KSL Data Center.
Q: What do I need to do if I currently have a Default Deny Exception through the Information Security Office (ISO)?
A: If you have server(s) with a current default deny exception, those machines are not candidates for server colocation at this time. In the future, as ISO engages in their exception review process, the status of the server may change with regard to colocation requirements. If you have questions about the exception review process or requirements for maintaining a current exception, please contact the Information Security Office (ISO) by emailing help@case.edu.
Q: What options are available for ensuring off-campus access to machines/data for myself and my collaborators?
A: There are several options available to ensure off-campus access.
- Sponsor an affiliate account and utilize VPN access
- Affiliate Account
- VPN/DUO
- SSH is permitted on a case-by-case basis. You will need to work with ISO by emailing help@case.edu and requesting a SSH exception to determine an acceptable method for managing the remote connection. This may include limiting access to only collaborating institutions.
- Data Transfer and Sharing with Globus
Additional information on other available services can be found on the Centralization Services page.
Q: What can I expect once my machine is centralized?
A: Regardless of whether your machine was virtualized, collocated, or exempted, the Case HelpDesk should be considered the first step in any problem resolution. Documentation for physical colocation and for virtualization can be found below.
- Physical Server Centralization Service Level Expectations
- Usage Policies for Research Virtual Machine (RVM) Service
Q: How do I best prepare my machine(s) for a move?
A: The following steps are strongly encouraged in advance of physical colocation or transfer of data:
- Have a full backup of your data.
- Review the service expectations for physical colocation or the RVM, depending on the activity.
- Make sure your operating system is currently supported and up to date with all security patches.
- Ensure the application(s) your server hosts will be compatible with the supported operating system.
- If you are participating in a physical move, please ensure that you have remote access hardware (such as Dell DRAC or ALOM/ILOM) and the necessary licenses for that hardware.
- Make sure you have administrative account access.
- If you require specific functionality or machine status reporting, you may need to install SNMP prior to the move.
Most of the Q&A offered here are hypotheticals that suggest procedures for common, if generalized, reasons a new server might be needed. Given the bespoke nature of university research, teaching, and scholarship, we understand that most new machines will have particular needs. To assist in translating your particular needs into an available resource, UTech has a number of options for beginning the request process.
- Case School of Engineering - Tom Seeber, tms118@case.edu
- College of Arts and Sciences - Tron Compton-Engle, tron.compton-engle@case.edu
- Frances Payne Bolton School of Nursing - David Pilasky, david.pilasky@case.edu
- Jack, Joseph and Morton Mandel School of Applied Social Sciences - Eileen Connell, eileen.connell@case.edu
- School of Dental Medicine - Andrew Rukovena, andrew.rukovena@case.edu
- School of Law - Eileen Connell, eileen.connell@case.edu
- School of Medicine - David Pilasky, david.pilasky@case.edu
- Weatherhead School of Management - Eileen Connell, eileen.connell@case.edu
- UTech Research Computing and Cyberinfrastructure - Mike Warfe, mike.warfe@case.edu
These UTech team members will be able to determine the best path and provide options to fit for your needs. For general requests, Research Computing Consultation Services are available to assist in determining the best option for your particular needs.