Guidelines for College File Servers
With the introduction of College File Servers a devolved administration model has been established. The server hardware and Operating System is facility managed by the EUCS Architecture Services Team, with the day to day administration of the users and data being managed by designated Administrators on behalf of the Colleges.
This paper sets out where the particular responsibilities of each group lie and provides good practice guidelines on system administration.
Microsoft Windows Operating System
All OS critical security patches, upgrades and general system patches are tested, scheduled and implemented by the Architecture Services Team. Critical security patches are scheduled via Software Update Services which is configured and maintained by the Architecture Services Team.
Microsoft and third party applications
No other Microsoft software or third party applications that run directly on the server operating system will be installed without prior discussion with the Architecture Services Team. The monthly service review meetings are the place to raise such issues, details of which can be found at
http://www.ucs.ed.ac.uk/isd/archpub/collegeservers.html
There should be no IIS services or FTP services running on the College File Servers.
Physical Location of College File Servers
The college file servers are physically located in the machine rooms of Kings Buildings and Appleton Tower. Access to these areas is controlled by EUCS. The Architecture Services Team has access. It is not envisaged that College Administrators would require physical access to the College file servers. Any requested change of location would have to be discussed first with the Architecture Services Team.
Server hardware
Requests for additions to the existing server hardware must be discussed in the first instance with the Architecture Services Team. In the event of
hardware failure the Architecture Services Team will handle the call out to Dell Engineers and liaise with the College Administrators over a suitable time for work to take place if required.
Anti-Virus
The anti-virus software is automatically updated from the Central update service running on Mavua which is provided by Architecture Services. The alerter service is configured to send alerts back to a central console. Configuration of the software will be determined by the requirements of the College and/or Schools stored data and the recommended defa ults should not be altered without notifying Architecture Services. College Administrators may wish to configure additional scans depending on server specific
circumstances.
Full scanning of disk volumes from workstation clients is not recommended other than client on-access scanning of network drives.
Software Update Services
This is configured by Architecture Services for automatic download of patches and restart if required.
Details of this service and guidelines for its implementation are held at http://www.ucs.ed.ac.uk/isd/archpub/patchguidelines.pdf
Creation of Accounts
Local accounts will not be created.
Associate account creation is the responsibility of the College Administrators. An up to date list of contacts is held at
http://www.ucs.ed.ac.uk/isd/archpub/collcontacts.html
Backup
Changes to the volume structure will be discussed beforehand with Architecture Services including the change of any share names.
It is the responsibility of the College Administrators to provide details of the paths/shares/volumes they require adding to the backup schedule.
Monitoring of server hardware
The monitoring of file server hardware is the responsibility of the Architecture Services Team. Dell Open Manage software is being utilised along with physical, visual checks in the machine rooms.
Terminal Services
This is generally not encouraged and should be kept to a minimum. However, both the College Administrators and the Architecture Services will have
requirements to use this facility so it is good practice to disconnect as soon as the task is completed and not remain connected when not actually carrying out administrative tasks. Note that only two concurrent administrative connections are allowed.
Printers
It is the responsibility of the College Administrators to create and manage print queues. Once the Windows print pre payment system comes into operation, Architecture Services hope to be able to devolve administration to the Colleges, while they maintain the backend service.
Checking and Analysis of Log Files
It is being proposed that Microsoft Operations Manger will be used for monitoring of servers and this will be the responsibility of the Architecture Services Team. Manual checking is being carried out at present.
Disk Volumes
It is the responsibility of the College Administrators to determine how they wish the available disk space to be assigned.
College Administrators must inform Architecture Services of all shares/disk volumes which require to be backed up by the central backup service.
College Administrators must set the appropriate permissions for the backup to access those shares/disk vo lumes to be able to carry out the task of backing the data up.
Disk Quotas
The setting and management of disk quotas is the responsibility of the College Administrators.
Restart of server
Both College Administrators and Architecture Services should consult with each other prior to taking the action of restarting a College file server.
Local Groups
Membership of local groups will be closely restricted. There is no requirement to create further local groups beyond the defaults supplied.
The Architecture Services Team must be notified of any membership changes to the Local Groups or major changes in access to the file system. It is
important that everyone is aware of who has administrative access to the server and indeed the file system itself.
College Administrators must maintain a list of those with Administrative access to the College file server and supply Architecture Services with an up to date list whenever the list changes.
Administrators Backup Operators Guests
Network Configuration Operators Performance Log Users
Performance Monitor Users Power Users
Print Operators
Remote Desktop Users Replicator
Users
HelpServicesGroup TelnetClients
Local Users
There is no requirement to create further local users beyond the defaults supplied. The guest account should remain disabled as should the Support_. Administrator
Guest keep disabled Support_ keep disabled
Permissions
Setting access permissions to the server volumes is the responsibility of the College Administrators. Recommendations and good practice guidelines are documented at
http://www.ucs.ed.ac.uk/isd/archpub/ntfspermissions.pdf
Volume Shadow Copying
The volume shadow copy will be set up and configured on the advice of the Architecture Services Team.
The monitoring and maintenance of the volume shadow copy facility is the responsibility of the College Administrators.
SoftTrack Application Metering Software
The SoftTrack product will be set up a nd configured on the advice of the Architecture Services Team.
The monitoring and maintenance of the software metering facility is the responsibility of the College Administrators.
DFS Roots and Links
The creation and maintenance of standalone DFS roots and links is the responsibility of the College Administrators. The Architecture Services Team will be able to request the number of these to be reduced if they result in a denial of service at server start up time. There is a limit of 50,000 links. No domain DFS roots will be created without consulting the Architecture Services Team.
Further guidelines
The file server will not be used for general browsing of the Internet. No other files, data or program, will be stored on the C: system volume.
