Managed Servers Articles
-
Administrative Tasks
-
Manage domain names for a server in the server farm.
-
Firewall rules for managed Linux servers, best practices, and how to get assistance.
-
Firewall rules for managed windows servers, defaults, best practices, IP ranges, and how to get assistance.
-
Installing IIS Note: This application is not installed by default on managed servers. You can install it yourself using the following instructions. If you need support or more information,...
-
You can grant the same access and permission to many different users by adding user accounts to groups. Members of a group can make the same types of changes to settings and have the same access...
-
Patches are applied to managed Unix servers on a regular schedule.
-
Use IPsec to fulfill security requirements or enhance the security of your application. Add IP restrictions and TCP/UDP level encryption to applications which may not otherwise support it.
-
Scripts provide a consistent method to start up and shut down services on Linux.
Disaster Recovery and High Availability
-
Take advantage of the these options to keep your managed server available during routine maintenance, unexpected outages, or for recovery after a disaster.
-
Request a load balancer for your managed server to distribute the workload among servers, provide redundancy, or allow for a sorry page.
-
The Server Farm's collection of networks spans both Rhodes Hall and the CCC data center annex and uses one router. Each Server Farm network uses the Rhodes Hall router to connect to...
File Transfer
-
Transferring data (files) to and from servers in the Server Farm opens the possibility of a security issue for both the data and the systems. The Systems Administration group recommends the use of encrypted protocols during file transfer. Using an encrypted protocol reduces the chance of a security issue.
-
Transferring data (files) to and from servers in the Server Farm opens the possibility of a security issue for both the data and the systems. The Systems Administration group supports the use of encrypted protocols during file transfer. Using an encrypted protocol reduces the chance of a security issue.
-
Transfer files between a Macintosh client and a Unix server.
-
Transfer Files Between a Macintosh Client and a Windows Server.
-
Mapping (sometimes called "mounting") a drive means you assign a drive letter on your computer to the server path. You can then connect to the server without having to remember and type the path...
-
FileZilla may be used for secure file transfer using SFTP between Windows or Mac Computers and Academic Web Hosting servers. The following are instructions for Windows computers. The instructions for Mac computers are similar. For Academic Web Hosting in addition to Filezilla you must connect with CU VPN using the @cit-acadhosting Departmental Group Name credentials. (See Upload Files to Academic Web Hosting for detailed instructions.)
-
Note: This page outlines secure methods for transferring files to or from a host external to Cornell that requires FTPS as the protocol. If you are transferring files between other systems, please...
-
Microsoft File Sharing (using the underlying SMB/CIFS protocol) is a software application that allows Windows or Macintosh and Unix computers to interact with each other. It creates a connection from the Win/Mac client to the Unix server, allowing you to see directories on the server as if they were on the client computer.
-
How to install the PuTTy Secure Copy client and use it to transfer files
-
To transfer files, you can use this sample JCL: // EXEC FTPSECUR targethost.wherever.com userid password cd some-directory put mvs.file.name target.file.name quit...
-
Use SSH (Secure Shell) keys and SCP (Secure Copy) to perform secure, unattended, server to server file transfers between Unix servers. Setting Up ID Accounts If necessary,...
-
Transfer files between a Win/Unix Client and a Unix Server.
-
Transfer files between a Win/Unix Client and a Windows Server.
Get Started with a New Server
-
You can see and change the patch times for servers assigned to each Area Manager. Only the Area Manager and technical contacts can change the patch time. If you are not the area...
-
Console access is possible for virtual servers in the Server Farm.
-
How to request a virtual server. Basic information about cost, maintenance, and high availability.
-
Request forms for new servers, server options, decommissioning, and shared file services
-
Every time a Unix (Linux or Solaris) server is started (rebooted or restarted), the area manager, technical contacts, and watchers for that server are notified by email. See sample notification...
-
Every time a Windows server is started (rebooted or restarted), the area manager, technical contacts, and watchers for that server are notified by email. See sample below. Need Help Before...
Managed Windows Server
-
Default settings for a managed Windows server.
-
All customer applications should be installed on alternate drives (E:, F:, etc). Systems Support currently uses the C: drive for our applications and logging. Separating customer...
-
See the documentation at How to Set Firewall Rules on Windows Managed Servers. Note: If you have an older server, it may not let you specify firewall rules yourself. Email systems-support@...
-
Add additional local administrators to a managed Windows server.
-
By default, all individuals with administrative access to a Windows server will have Remote Desktop Protocol (RDP) access. However, there are instances when you may wish to enable users with non-...
-
There are several applications that are not appropriate for customers to run on a managed server in the Server Farm. These applications might reproduce existing central functions, be a security...
-
In Windows Server 2008 and Windows Server 2008 R2, even admin users don't run with full privileges all of the time. Microsoft implemented a procedure called "User Access Control" (UAC) which will...
-
Determine which administrators and remote users have access to a Windows server.
-
Applying Windows policy group settings to a managed Windows server.
Monitoring, Alerting, and Communication
-
The IT Service Desk monitors servers and services. If there is an issue with your server or a service on that server, the service desk will contact the people on the On-Call list for that server or service.
-
If you need assistance with contact information for on-call lists, send email to systems-support@cornell.edu. Who should do this? If you are a new contact for a server or service in the...
-
Important: If there is an issue with your server or services on it, On-Call contact information is essential. The IT Service Desk can't contact you without this. If you need assistance with...
-
CIT uses Opsview to monitor all servers and attached services. The following conditions are monitored by default: It's possible to request additional monitoring, for example, web traffic for...
-
Two systems are important for monitoring and receiving information about your servers. SF Info (Server Farm Information): Stores information about servers including technical...
-
In order to receive reboot notification email messages for your Unix and/or Windows servers, you need to be listed as an Area Manager, Technical Contact or Watcher for each server. To...
Passwords
-
Change Linux Password Linux servers are part of the Server Farm Account Management (SFAM) system. Your password will be the same on all of the Linux servers. Note: Your Linux password...
-
Complex passwords for use with a Managed Server.
-
The password policy is set at the domain level by CIT. The policy has been implemented based on discussion among the IT Security Office, the ID Management Group and Systems Support Group. The...
Remote Connections
-
For remote connections to machines in the Extra tier, see the documentation in SysDocs (restricted to CIT staff and customers of the CIT Server Farm).
-
The SSH hopper machine accepts SSH connections from anywhere on the Internet. Once successfully logged in to the hopper machine, you can establish secure connections to other CIT Unix systems via...
-
Connect to server farm machines via the Cornell Virtual Private Network (CU VPN) using Cisco software.
-
Click Start, and then in the Search box enter remote desktop connection. In the Computer box, enter the name of the server to which you want to connect, and then click Connect....
Security and Confidential Data
-
Standard, plus, and extra tier access control explained for managed servers. Specifics about Confidential Data and related policies.
-
Four classifications for servers in the server farm describe the way they handle electronic mail. The document describes those four tiers, and lists the requirements for configuration of mail handling on the server for each.
-
Use marshaling IDs with your managed server to administer a group of servers as unit. Generally used for scripted operations.
-
Microsoft releases Windows security updates on the second Tuesday of every month. An automated patch schedule for the managed Windows servers applies these patches in a timely fashion.
-
There are several applications that are not appropriate for customers to run on a managed server in the Server Farm. These applications might reproduce existing central functions, be a security...
-
Server Farm Account Management (SFAM) centrally manages Unix users and access rights across the CIT server farm.
-
Hardware or software key fobs are available for people who need to log into servers in the Extra Tier and for some high-security applications.
-
Hardware or software key fobs are available for people who need to log into servers in the Extra Tier and for some high-security applications.
-
Users with root or administrator access rights can perform certain tasks that regular users can not. The sudo (superuser do) command is used on Unix and Linux systems to give root or administrator access rights to regular users.
-
Description of two-factor authentication. How to request a software or hardware key fob.
Support and Maintenance
-
Support request procedures and after hours support details for Managed Servers.
-
Request forms for new servers, server options, decommissioning, and shared file services
-
Response Time CIT's goal is to respond to non-urgent support requests within two business days. Urgent requests are handled as quickly as possible. Please see how to make an urgent...
-
Current Installs Operating System End of New Installs End of S&O Support Oracle Linux 8 5/31/2027...
Virtual Machine Self-Service
-
The VM Self-Service app has been retired.
-