by Hanz Makmur – Sept 8, 2016.
LCSR can provide Computer Science Faculty members with virtual machines with full access needed for special projects. Since the person who requested access will have root access, you can install anything you want; as such, we need to ensure everything is secured. This VM generally will be limited in resources and is usually set at four cores, 16GB of memory, and 25GB of disk space.
For website purposes, we suggest you use a managed WordPress system instead of running your VM.
The University considers LCSR to be responsible for the security of all systems. OIT runs regular security scans. So we need to arrange appropriate protection for any visible services.
Requirement and Guidelines
- By default, only incoming access to HTTP (port 80) and HTTPS (port 443) are open to the Internet. SSH and other services are only accessible from inside Rutgers. You must use University VPN (Mac or Windows client) or access from other Rutgers machines.
- If you must run special services or daemons that must be exposed to the Internet, please let us know beforehand. It would be best to talk with the staff about the security impact of such a service.
- All machines must be kerberized, and accounts are controlled via the Account Management website.
- We don’t give out root passwords, but users can have ‘sudo’ by adding them to a specific group in the Account Management site.
- Important: Only users registered in the University can have an account on your machine. If you must add a guest as a collaborator, you must manage your guest accordingly.
- You MUST know how to administer the system, and you need to keep the Apps you installed secured
- We recommend all web servers run securely and be accessed via HTTPS. You can obtain your own SSL Certificate and automatically get renewed via Lets Encrypt
Maintenance:
- LCSR will set up the latest version of the basic Linux system with 4 Cores, 4GB of memory, and 25GB of backed-up disk space and keep security updates for that particular kernel. If a kernel upgrade is required for security reasons, we will do it, and a reboot may be required. We will notify you when this needs to be done.
- Major upgrade requires FULL reinstall. Historically, an in-place upgrade is not recommended, but this can be 3-4 years unless a significant security issue requires a major upgrade.
- LCSR will do regular security updates for the OS and any software installed using the standard package management system.
- If you install a unique code, ensure that all services you are responsible for are updated regularly. There must be a way to do at least security updates for all software, not via an installed standard package management system. As long as we know what software you’re running, staff will notify you if we receive notifications of security issues.
- LCSR will provide a disk2disk backup if requested, with data retention of up to 60 days. Your backups are stored in /rsync-backup/backups. Logs of backup are stored in /rsync-backup/logs.
- LCSR will monitor this machine via the Nagios System and will notify the responsible person for the VM when something goes wrong with this machine. See example in: http://report.cs.rutgers.edu
Requesting Full Access VM
Please provide the following info:
1. Machine name: your_machine_name.cs.rutgers.edu
if this does not exist, we will request one. A temporary name may be needed if one exists until the old service can be moved to this new VM.
2. Responsible person1: Email and Cell Phone.
Responsible person2: Email and Cell Phone.
Please allow at least 5-7 business days for this to be setup.
For help with our systems or immediate assistance, visit LCSR Operator at CoRE 235 or call 848-445-2443. Otherwise, see CS HelpDesk. Please make sure to include your NetID along with descriptions of your problem.