Skip to main content

Managed Servers Articles

back
Show titles with any search term.
  • Administrative Tasks

    Disaster Recovery and High Availability

    • Take advantage of the these options to keep your managed server available during routine maintenance, unexpected outages, or for recovery after a disaster. 
    • Request a load balancer for your managed server to distribute the workload among servers, provide redundancy, or allow for a sorry page.
    • The Server Farm's collection of networks spans both Rhodes Hall and the CCC data center annex and uses one router. Each Server Farm network uses the Rhodes Hall router to connect to...

    File Transfer

    • Transferring data (files) to and from servers in the Server Farm opens the possibility of a security issue for both the data and the systems. The Systems Administration group recommends the use of encrypted protocols during file transfer. Using an encrypted protocol reduces the chance of a security issue.
    • Transferring data (files) to and from servers in the Server Farm opens the possibility of a security issue for both the data and the systems. The Systems Administration group supports the use of encrypted protocols during file transfer. Using an encrypted protocol reduces the chance of a security issue.
    • Transfer files between a Macintosh client and a Unix server.
    • Transfer Files Between a Macintosh Client and a Windows Server.
    • Mapping (sometimes called "mounting") a drive means you assign a drive letter on your computer to the server path. You can then connect to the server without having to remember and type the path...
    • Fetch may be used for secure file transfer using SFTP or FTPS between Macintosh clients and Windows or Unix servers. A license key is available through CU Software Licensing by contacting the IT...
    • FileZilla may be used for secure file transfer using SFTP or FTPS between Windows clients and Windows or Unix servers.
    • Note: This page outlines secure methods for transferring files to or from a host external to Cornell that requires FTPS as the protocol. If you are transferring files between other systems, please...
    • Microsoft File Sharing (using the underlying SMB/CIFS protocol) is a software application that allows Windows or Macintosh and Unix computers to interact with each other. It creates a connection from the Win/Mac client to the Unix server, allowing you to see directories on the server as if they were on the client computer.
    • How to install the PuTTy Secure Copy client and use it to transfer files
    • WebDav is a method to transfer files to a server. It allows you to log onto the server in an area that contains your web content. When you request a new hosted site, you'll receive an email with information about the server, including the WebDav address.
    • To transfer files, you can use this sample JCL: // EXEC FTPSECUR targethost.wherever.com userid password cd some-directory put mvs.file.name target.file.name quit...
    • Use SSH (Secure Shell) keys and SCP (Secure Copy) to perform secure, unattended, server to server file transfers between Unix servers. Setting Up ID Accounts If necessary...
    • Transfer files between a Win/Unix Client and a Unix Server.
    • Transfer files between a Win/Unix Client and a Windows Server.

    Get Started with a New Server

    • You can see and change the patch times for servers assigned to each Area Manager. Only the Area Manager and technical contacts can change the patch time.  If you are not the area...
    • Console access is possible for virtual servers in the Server Farm.
    • Every time a Unix (Linux or Solaris) server is started (rebooted or restarted), the area manager, technical contacts, and watchers for that server are notified by email. See sample notification...
    • Every time a Windows server is started (rebooted or restarted), the area manager, technical contacts, and watchers for that server are notified by email. See sample below. Need Help Before...

    Managed Windows Server

    • Default settings for a managed Windows server.
    • All customer applications should be installed on alternate drives (E:, F:, etc).  Systems Support currently uses the C: drive for our applications and logging. Separating customer...
    • See the documentation at How to Set Firewall Rules on Windows Managed Servers. Note: If you have an older server, it may not let you specify firewall rules yourself. Email systems-support@...
    • Add additional local administrators to a managed Windows server. 
    • By default, all individuals with administrative access to a Windows server will have Remote Desktop Protocol (RDP) access. However, there are instances when you may wish to enable users with non-...
    • There are several applications that are not appropriate for customers to run on a managed server in the Server Farm. These applications might reproduce existing central functions, be a security...
    • In Windows Server 2008 and Windows Server 2008 R2, even admin users don't run with full privileges all of the time. Microsoft implemented a procedure called "User Access Control" (UAC) which will...
    • Determine which administrators and remote users have access to a Windows server. 
    • Applying Windows policy group settings to a managed Windows server.

    Monitoring, Alerting, and Communication

    • The IT Service Desk monitors servers and services. If there is an issue with your server or a service on that server, the service desk will contact the people on the On-Call list for that server or service.
    • If you need assistance with contact information for on-call lists, send email to systems-support@cornell.edu. Who should do this? If you are a new contact for a server or service in the...
    • Important: If there is an issue with your server or services on it, On-Call contact information is essential. The IT Service Desk can't contact you without this. If you need assistance...
    • CIT uses Opsview to monitor all servers and attached services. The following conditions are monitored by default: It's possible to request additional monitoring, for example, web traffic...
    • Two systems are important for monitoring and receiving information about your servers. SF Info (Server Farm Information): Stores information about servers including technical...
    • In order to receive reboot notification email messages for your Unix and/or Windows servers, you need to be listed as an Area Manager, Technical Contact or Watcher for each server.  ...

    Passwords

    • Change Linux Password Linux servers are part of the Server Farm Account Management (SFAM) system. Your password will be the same on all of the Linux servers. Note: Your Linux...
    • Complex passwords for use with a Managed Server.
    • The password policy is set at the domain level by CIT. The policy has been implemented based on discussion among the IT Security Office, the ID Management Group and Systems Support Group. The...

    Remote Connections

    Security and Confidential Data

    • Standard, plus, and extra tier access control explained for managed servers. Specifics about Confidential Data and related policies. 
    • Four classifications for servers in the server farm describe the way they handle electronic mail. The document describes those four tiers, and lists the requirements for configuration of mail handling on the server for each.
    • Use marshaling IDs with your managed server to administer a group of servers as unit. Generally used for scripted operations. 
    • Microsoft releases Windows security updates on the second Tuesday of every month. An automated patch schedule for the managed Windows servers applies these patches in a timely fashion.
    • There are several applications that are not appropriate for customers to run on a managed server in the Server Farm. These applications might reproduce existing central functions, be a security...
    • Server Farm Account Management (SFAM) centrally manages Unix users and access rights across the CIT server farm.
    • Hardware or software key fobs are available for people who need to log into servers in the Extra Tier and for some high-security applications.
    • Hardware or software key fobs are available for people who need to log into servers in the Extra Tier and for some high-security applications.
    • Users with root or administrator access rights can perform certain tasks that regular users can not. The sudo (superuser do) command is used on Unix and Linux systems to give root or administrator access rights to regular users.
    • Description of two-factor authentication. How to request a software or hardware key fob. 

    Virtual Machine Self-Service