Data Center Server Use Policy

Policy for servers hosted in the Discovery data center

Server Requirements

  • To maximize space in the data center all servers purchased should be rack mount and no more than 4 rack units tall.
  • Servers should generally be Dell or Super Micro to maximize the efficiency of DiscoverIT staff managing the machines.

Access Control

  • Only authorized personnel are allowed into the data center. Physical work on the machines will be performed by DiscoverIT, Research Computing, or CHTC staff only. If a user must have physical access, they will require an escort from authorized personnel.

Server Security

  • All servers on the DiscoverIT and CHTC networks will only be managed at the root level by authorized personnel. In special cases, researchers may be allowed root access to boxes if the server resides on a workstation network, and not a server network.
  • All servers must be managed using an endpoint management tool (e.g., Microsoft SCCM, puppet).
    • All servers must run a supported operating system.
    • All server operating systems must have critical and security patches applied within 60 calendar days of release.
  • All servers must run an approved antivirus protection tool (e.g., Cisco AMP or Microsoft Defender) that can:
    • Receive updates daily
    • Perform daily lightweight scans
    • Perform a full weekly scan
    • Report results centrally
    • Notify IT staff if malware is found.
  • Disable all unnecessary services before server goes online.
  • Servers hosting email services must not provide open relay services.
  • Host-based firewalls must be installed on all servers.
    • Host-based firewalls must restrict inbound connections to ports of interest.
  • Configure access logs, security logs, DHCP logs, DNS logs, and firewall logs to report to the DiscoverIT security log server.

 



Keywords:
data center server policy rack 
Doc ID:
124834
Owned by:
Drew G. in DiscoverIT
Created:
2023-03-14
Updated:
2023-03-14
Sites:
Discovery Building IT