by Hanz Makmur – Sept 8, 2016.
LCSR can provide Computer Science Faculty members virtual machines with full access needed for special projects. Since the person who requested access will have root access, you can potentially install anything you want, as such, we need to to make sure everything is secured. This VM generally will be limited in resources and is normally set at 4 cores, 16GB of memory and 25GB of disk space.
For websites purpose, we suggest you utilize LCSR managed WordPress system instead of running your own VM.
The University considers LCSR to be responsible for the security of all systems. OIT runs regular security scans. So we need to arrange appropriate protection for any visible services.
Requirement and Guidelines
- By default, only incoming access to HTTP (port 80) and HTTPS (port 443) are open to the Internet. SSH and other services are only accessible from inside Rutgers. You need to use University VPN (Mac or Windows client) or access from other Rutgers machine.
- If you must run special services or daemons that need to be exposed to the Internet, please let us know ahead of time. You need to have a conversation with the staff about the security impact of such service.
- All machines must be kerberized and accounts are controlled via Account Management website.
- We don’t give out root passwords, but user can have ‘sudo’ by adding them to a specific group in the Account Management site.
- Important: Only user registered in the University can have account on your machine. If you must add a guest as a collaborator, you must manage your guest accordingly.
- You MUST know how to administer the system and you need to keep Apps you installed secured
- We recommend all webserver to run securely and accessed via HTTPS. You can obtain your own SSL Certificate and automatically get renewed via Lets Encrypt
- LCSR will setup the latest version of basic Linux system with 4 Cores, 4GB of memory, 25GB of backed up disk space and keep security updates for that particular kernel. If a kernel upgrade is required for security reasons, we will do it and a reboot may be required. We will notify you when this needs to be done.
- Major upgrade requires FULL reinstall. Historically, an in place upgrade is not recommended but this can be 3-4 years down the road unless a big security issue happens requiring major upgrade.
- LCSR will do regular and security updates for the OS and any software that’s installed using the normal package management system.
- If you install special code, make sure that all services for which you are responsible are updated regularly. There needs to be a way to do at least security updates for all software not via installed standard package management system. As long as we know what software you’re running, staff will notify you if we receive notifications of security issues.
- LCSR will provide a disk2disk backup if requested with data retention of up to 60 days. Your backups are stored in /rsync-backup/backups. Logs of backup are stored in /rsync-backup/logs.
- LCSR will monitor this machine via Nagios System and will notify responsible person for the VM when something goes wrong with this machine. See example in: http://report.cs.rutgers.edu
Requesting Full Access VM
Please provide the following info to firstname.lastname@example.org
1. Machine name: your_machine_name.cs.rutgers.edu
if this does not exist, we will request one. if one exist, a temporary name may be needed until the old service can be moved to this new VM.
2. Responsible person1: Email and Cell Phone.
Responsible person2: Email and Cell Phone.
Please allow at least 5-7 business day for this to be setup.