shared infrastructure service definition...shared infrastructure service definition 7/13 date: april...
Post on 17-Mar-2020
2 Views
Preview:
TRANSCRIPT
Shared Infrastructure Service Definition 1/13 Date: April 7, 2016
Shared Infrastructure Service Definition
April 7, 2016
Shared Infrastructure Service Definition 2/13 Date: April 7, 2016
Change Summary Sheet
Date of last update: April 7, 2016
Version Control: v1.0
Date Author Version Reason /
Purpose
April 7, 2016 Troy Igney 1.0 Approved Version 1.0.
Shared Infrastructure Service Definition 3/13 Date: April 7, 2016
Table of Contents
Purpose: ........................................................................................................................................................ 4
Implementation Process: .............................................................................................................................. 4
Current Workloads .................................................................................................................................... 4
New Workloads ......................................................................................................................................... 4
Description of Services .................................................................................................................................. 5
Fully Supported ......................................................................................................................................... 5
Independent .............................................................................................................................................. 5
Shared Infrastructure Service List ................................................................................................................. 5
Service Features ............................................................................................................................................ 6
Fully Supported - Cloud Premier ................................................................................................................... 6
Definition................................................................................................................................................... 6
Feature Inclusions ..................................................................................................................................... 6
Fully Supported - University Credential Management ................................................................................. 7
Definition................................................................................................................................................... 7
Feature Inclusions ..................................................................................................................................... 7
Fully Supported - Managed Database ........................................................................................................... 8
Definition................................................................................................................................................... 8
Feature Inclusions ..................................................................................................................................... 9
Database Support.................................................................................................................................... 10
Optional Feature Inclusions .................................................................................................................... 10
Independent - Cloud Essentials................................................................................................................... 11
Definition................................................................................................................................................. 11
Feature Inclusions ................................................................................................................................... 11
Independent - Public Cloud Enablement .................................................................................................... 11
Definition................................................................................................................................................. 11
Feature Inclusions ................................................................................................................................... 11
Independent - Active Directory ................................................................................................................... 12
Definition................................................................................................................................................. 12
Feature Inclusions ................................................................................................................................... 12
Independent - Data Center Hosting ............................................................................................................ 13
Definition................................................................................................................................................. 13
Feature Inclusions ................................................................................................................................... 13
Independent - Raw Storage ........................................................................................................................ 13
Definition................................................................................................................................................. 13
Feature Inclusions ................................................................................................................................... 13
Shared Infrastructure Service Definition 4/13 Date: April 7, 2016
Purpose: This document presents an overview of services developed through the Integrated Infrastructure Project
and delivered by the Washington University Information Technology (WashU IT) Shared Infrastructure
team.
These services are available to schools, departments, centers and individuals with an enabled university
billing capability. Service Level Expectations will be made available to define standard operating
procedures to include hours of operations, response times, and escalation protocols.
Implementation Process: Adoption of these services is available through two paths: Current Workload Migration and New
Workload.
The new services will be available in the Fall of 2016 and accessible via two different paths:
Current Workloads Current workloads can potentially be migrated to the new service with migrations beginning in the Fall
of 2016. Migrations will occur in waves, and each wave will consist of similar schools and departments.
The first wave will include Clinical departments in the Medical School. The migration schedule is
anticipated to continue through the end of 2018.
Transition assistance for current workloads will be available for organizations identified in the active
migration wave. The transition assistance team will engage with each school, department, and center to
perform deep technical and process discovery to assure the service implementation is as seamless and
as non-impactful to the users as possible.
New Workloads Current migrating wave workloads will be the early priority, but organizations can begin utilizing the
service for new workloads following launch in the Fall of 2016.
Shared Infrastructure Service Definition 5/13 Date: April 7, 2016
Description of Services Shared Infrastructure provides a number of services tailored to providing commodity infrastructure
capabilities covering a wide range of needs from a single IT organization. These services are divided into
two different categories: Fully Supported and Independent.
Fully Supported A managed solution of servers, storage, operating systems and databases to units wanting to
shift their commodity computing support to WashU IT thus freeing resource focus to managing
their applications and performing data analysis to support the school or department mission.
Independent A collection of solutions designed for units that need to retain some of their systems
management at a local level and wish to leverage infrastructure technology investments made
by Washington University. School or department resources will be required for systems support.
These two categories are not mutually exclusive and adoption by a school, department or center could
be any blend of these categories. Hypothetically, in order to meet its mission specific operating
requirements, any school, department or center (unit) might use Fully Supported services for clinical
and administrative applications and Independent services for research applications.
Shared Infrastructure Service List
Shared Infrastructure Service Definition 6/13 Date: April 7, 2016
Service Features The following sections provide a definition of each service and outline what is included and excluded.
Fully Supported - Cloud Premier
Definition This service provides turnkey server and storage environments with optional disaster recovery. WashU
IT staff are responsible for Operating System installation, support and configuration, including the
installation of security patches, and antivirus software. This fully managed service allows unit IT and
research staff to focus on mission specific services such as application management and performing data
analysis.
Feature Inclusions Included in Service Excluded from Service Core
Virtual server
OS and Patch Management for servers utilizing:
Windows, RHEL, Ubuntu
Remote console access (RDP, SSH)
Local administrative privileges
Controlled Access via Multiple Network Options
High Availability – Infrastructure
VM Image Backup (Tiered retention and opt out possible)
Server Disaster Recovery (Opt out possible)
Optional
Load Balancing
Basic Application Service Monitoring
Physical servers available for exception workloads that
do not support virtualization
Application installation,
configuration, management and
support
Custom Application Service
Monitoring
In-place OS upgrades
Application Disaster Recovery
planning
Hypervisor console access
Shared Infrastructure Service Definition 7/13 Date: April 7, 2016
Fully Supported - University Credential Management
Definition This service provides a managed single source of authentication for Washington University desktops,
servers, and applications. Additionally, this service design provides a high level of integration with BJC
authentication.
Feature Inclusions Included in Service Excluded from Service
Authentication of customers and authorization to grant
access to resources
Support for common platforms (Windows, Mac OS,
Linux/Unix)
Support for common authentication protocols (LDAPS,
NTLM, Kerberos)
High availability of services
Access to development and test environments
Providing AD trusts for interoperability during directory
migrations and for collaboration with key business
partners such as BJC
Immediate disabling of user accounts if needed (e.g.
during a staff departure from the University)
Recovery of AD objects
With approval from governance structure:
o Applying AD Schema extensions as needed
o Expanding the AD site model as needed
o Addition of new password policies as needed
(requires additional approval from Information
Security Office)
Creation of customer managed OUs as needed
Creation of service accounts as needed
Reporting/auditing of directory activity
Syncing users/passwords from
shared directory to department-level
directories
Adding additional domain controllers
to specific physical or network
locations
Support for contact objects in the
shared directory
Support for local directory
authentication mechanisms
(applications must point directly to
shared AD and/or load balanced
hostnames)
Support for non-standard application
integrations (those that would
involve adding additional services to
the shared directory servers)
Automated provisioning/de-
provisioning of users and groups is
not included in the cloud hosting
service. It is provided by the Identity
and Access Management service.
That service is connected to the
shared directory.
Shared Infrastructure Service Definition 8/13 Date: April 7, 2016
Fully Supported - Managed Database
Definition This service offers managed database hosting in shared or dedicated environments to meet unique
customer needs. This results in increased reliability and agility through reduced environment complexity.
The Managed Database service has three features: Managed Database as a Service, Shared Database,
and Dedicated Database. These three features have core attributes common to all features and specific
attributes differentiated based on required capabilities and platform functionality. Consulting is available
to assist customers in selecting database solutions that meet their requirements.
Managed Database as a Service (DBaaS) This feature allows customers to utilize database capabilities from public cloud providers. The
Managed DBaaS feature allows customers to scale based on both performance and storage
utilization; shifting the burden of platform maintenance to the cloud providers.
Shared Database This feature allows customers to utilize enterprise-class database capabilities hosted by
Washington University IT. The Shared Database feature allows customers to utilize common
database platforms without the need to manage the database platform itself
Dedicated Database This feature provides managed databases while offering the greatest level of customer control.
Washington University IT will manage the database platform in consultation with the customer.
Shared Infrastructure Service Definition 9/13 Date: April 7, 2016
Feature Inclusions Included in Service Excluded from Service Common Attributes – these attributes provided by WashU IT
Database Owner access
Nightly database backups
Point-in-time database restores
Selected platform administration tasks (e.g., alert configuration,
firewall configuration, service configuration) via support tickets
Service uptime monitoring
Service outage alerting
Database health and uptime monitoring
Key database performance metrics and notification
Backup and maintenance plan setup, scheduling, and monitoring
External database linking available on a case-by-case basis and
when supported by the platform
Database design
Performance tuning
System administrator (sa)
access
Detailed application or
service monitoring
Custom scorecard/metrics
reporting
Custom backup retention
Vendor management for
non-hardware, non-
operating system
components
Managed DBaaS – these attributes provided by Public Vendor
Azure SQL databases
24/7 Availability
Platform patching and upgrades
High Availability (Optional)
System administrator (sa)
access
Shared Database – these attributes provided by WashU IT
Microsoft SQL Server or MySQL (via MariaDB) databases hosted
on shared instances
Additional non-production database instance for testing
Off-site retention of backups
Platform patching and upgrades
24/7 availability (excluding scheduled maintenance)
Import existing database (Optional)
High Availability
Non - Microsoft SQL Server
or MySQL databases
Specialized platform (e.g.,
Dynamics CRM, Exchange,
SharePoint) databases
System administrator (sa)
access
Dedicated Database – these attributes provided by WashU IT
WashU IT Cloud Premier workload instance
Microsoft SQL Server or MySQL databases
System administrator (“sa”) access
Off-site retention of backups
Platform lifecycle, patching, upgrades with schedule
management
Platform resource specifications via support tickets (may incur
additional fees)
24/7 availability (excluding scheduled maintenance)
High Availability (Optional)
Enterprise Database Features (Optional)
Database platforms other
than Microsoft SQL Server or
MySQL
Shared Infrastructure Service Definition 10/13 Date: April 7, 2016
Database Support Additional a la carte database support activities are available both in conjunction with and separately from
database hosting offerings and include:
DBA Services
Database Consulting and Integration Services
Reporting Services
Optional Feature Inclusions Included in Service Excluded from Service DBA Services
Change management
User and privilege management
Index maintenance
Performance tuning guidance
Database Consulting and Integration Services
Database design
Query development
Data validation
Custom monitoring, notifications, and alerts
Replication configuration
Replication monitoring and alert notification
Report design assistance
Report development and deployment assistance
Report scheduling administration
Reporting Services
Microsoft SQL Server Reporting Services (SSRS)
Reporting service configuration
Reporting service permissions configuration
Self-service report development and deployment
Self-service report scheduling
Reporting service platforms
other than Microsoft SSRS.
Additional reporting service
platforms may be available
through other WashU IT
service offerings
Shared Infrastructure Service Definition 11/13 Date: April 7, 2016
Independent - Cloud Essentials
Definition This service provides server and storage environments with optional disaster recovery. Customers
manage, configure, and support operating systems in each virtual server instance.
Feature Inclusions Included in Service Excluded from Service Core
Virtual server
Remote console access (Hypervisor, RDP, SSH)
Local administrative privileges
Controlled Access via Multiple Network Options
High Availability – Infrastructure
Optional
VM Image Backup (tiered retention)
Ad-hoc requests for VM Snapshots
Server Disaster Recovery
OS and Patch Management
Application installation,
configuration, management and
support
Custom Application Service
Monitoring
In-place OS upgrades
Application Disaster Recovery
planning
Independent - Public Cloud Enablement
Definition This service provides access to University negotiated, policy-compliant contracts with key public cloud
vendors.
Feature Inclusions Included in Service Excluded from Service
Core
University negotiated, policy compliant contracts with
select public cloud vendors
Account Management
University Billing
Optional
BAA (select vendors)
OS Management
Shared Infrastructure Service Definition 12/13 Date: April 7, 2016
Independent - Active Directory
Definition This service supports integration of customer-managed environments within the same University-wide
consolidated Active Directory environment utilized by the University Credential Management service.
Integration is accomplished by delegating management of a portion of the Active Directory environment
allowing customers to implement a single source of authentication.
Feature Inclusions Included in Service Excluded from Service
Authentication of customers and authorization to grant
access to resources
Support for common platforms (Windows, Mac OS,
Linux/Unix)
Support for common authentication protocols (LDAPS,
NTLM, Kerberos)
High availability of services
Access to development and test environments
Providing AD trusts for interoperability during directory
migrations and for collaboration with key business
partners such as BJC
Immediate disabling of user accounts if needed during a
staff departure from the University
Recovery of AD objects
With approval from governance structure:
o Applying AD Schema extensions as needed
o Expanding the AD site model as needed
o Addition of new password policies as needed
(requires additional approval from Information
Security Office)
Creation of customer managed OUs as needed and based
on AD architecture standards
Creation of service accounts as needed
Reporting/auditing of directory activity
Syncing users/passwords from
shared directory to department-level
directories
Adding additional domain controllers
to specific physical or network
locations
Support for contact objects in the
shared directory
Support for local directory
authentication mechanisms
(applications must point directly to
shared AD and/or load balanced
hostnames)
Support for non-standard application
integrations (those that would
involve adding additional services to
the shared directory servers)
Automated provisioning/de-
provisioning of users or groups
(provided by IAM services that are
connected to the shared directory)
Trust with other Active Directories
for long-term integration.
Creation of new child domains
Shared Infrastructure Service Definition 13/13 Date: April 7, 2016
Independent - Data Center Hosting
Definition This service provides secure, reliable, and monitored data center facilities to house customer managed
servers and storage environments in WashU IT data centers.
Feature Inclusions Included in Service Excluded from Service
Core
Rack Space in secure data center
Environmentally Controlled Space
Access Controlled Facility
Uninterruptable Power Supply
Generator
Redundant Power Distribution Units
Whole Rack - Secure/Lockable
Dual Power Feeds Each Rack
Network Connectivity (I1 and I2)
Fire Suppression
24x7 Monitored Physical Facility
24x7 Recorded CCTV
Rack/Stack/Cable Server Hardware
Optional
Rack – Quarter
Remote PDU Management (full rack customers only)
OS Management
Caged areas
Independent - Raw Storage
Definition This service provides general-purpose storage available for use by data center hosting customers.
Feature Inclusions Included in Service Excluded from Service
Core
LUN(s) on general purpose storage array
Connectivity - Fibre Channel
Optional
Replication to second data center
Merging FC fabrics
top related