Shared Infrastructure Service Definition...Shared Infrastructure Service Definition 7/13 Date: April 7, 2016 Fully Supported - University Credential Management Definition This service

Shared Infrastructure Service Definition 1/13 Date: April 7, 2016

Shared Infrastructure Service Definition

April 7, 2016


Change Summary Sheet

Date of last update: April 7, 2016

Version Control: v1.0

Date Author Version Reason /

Purpose

April 7, 2016 Troy Igney 1.0 Approved Version 1.0.


Table of Contents

Purpose: ........................................................................................................................................................ 4

Implementation Process: .............................................................................................................................. 4

Current Workloads .................................................................................................................................... 4

New Workloads ......................................................................................................................................... 4

Description of Services .................................................................................................................................. 5

Fully Supported ......................................................................................................................................... 5

Independent .............................................................................................................................................. 5

Shared Infrastructure Service List ................................................................................................................. 5

Service Features ............................................................................................................................................ 6

Fully Supported - Cloud Premier ................................................................................................................... 6

Definition................................................................................................................................................... 6

Feature Inclusions ..................................................................................................................................... 6

Fully Supported - University Credential Management ................................................................................. 7

Definition................................................................................................................................................... 7


Fully Supported - Managed Database ........................................................................................................... 8

Definition................................................................................................................................................... 8


Database Support.................................................................................................................................... 10

Optional Feature Inclusions .................................................................................................................... 10

Independent - Cloud Essentials................................................................................................................... 11

Definition................................................................................................................................................. 11

Feature Inclusions ................................................................................................................................... 11

Independent - Public Cloud Enablement .................................................................................................... 11

Definition................................................................................................................................................. 11


Independent - Active Directory ................................................................................................................... 12

Definition................................................................................................................................................. 12


Independent - Data Center Hosting ............................................................................................................ 13

Definition................................................................................................................................................. 13


Independent - Raw Storage ........................................................................................................................ 13

Definition................................................................................................................................................. 13



Purpose: This document presents an overview of services developed through the Integrated Infrastructure Project

and delivered by the Washington University Information Technology (WashU IT) Shared Infrastructure

team.

These services are available to schools, departments, centers and individuals with an enabled university

billing capability. Service Level Expectations will be made available to define standard operating

procedures to include hours of operations, response times, and escalation protocols.

Implementation Process: Adoption of these services is available through two paths: Current Workload Migration and New

Workload.

The new services will be available in the Fall of 2016 and accessible via two different paths:

Current Workloads Current workloads can potentially be migrated to the new service with migrations beginning in the Fall

of 2016. Migrations will occur in waves, and each wave will consist of similar schools and departments.

The first wave will include Clinical departments in the Medical School. The migration schedule is

anticipated to continue through the end of 2018.

Transition assistance for current workloads will be available for organizations identified in the active

migration wave. The transition assistance team will engage with each school, department, and center to

perform deep technical and process discovery to assure the service implementation is as seamless and

as non-impactful to the users as possible.

New Workloads Current migrating wave workloads will be the early priority, but organizations can begin utilizing the

service for new workloads following launch in the Fall of 2016.


Description of Services Shared Infrastructure provides a number of services tailored to providing commodity infrastructure

capabilities covering a wide range of needs from a single IT organization. These services are divided into

two different categories: Fully Supported and Independent.

Fully Supported A managed solution of servers, storage, operating systems and databases to units wanting to

shift their commodity computing support to WashU IT thus freeing resource focus to managing

their applications and performing data analysis to support the school or department mission.

Independent A collection of solutions designed for units that need to retain some of their systems

management at a local level and wish to leverage infrastructure technology investments made

by Washington University. School or department resources will be required for systems support.

These two categories are not mutually exclusive and adoption by a school, department or center could

be any blend of these categories. Hypothetically, in order to meet its mission specific operating

requirements, any school, department or center (unit) might use Fully Supported services for clinical

and administrative applications and Independent services for research applications.

Shared Infrastructure Service List


Service Features The following sections provide a definition of each service and outline what is included and excluded.

Fully Supported - Cloud Premier

Definition This service provides turnkey server and storage environments with optional disaster recovery. WashU

IT staff are responsible for Operating System installation, support and configuration, including the

installation of security patches, and antivirus software. This fully managed service allows unit IT and

research staff to focus on mission specific services such as application management and performing data

analysis.

Feature Inclusions Included in Service Excluded from Service Core

Virtual server

OS and Patch Management for servers utilizing:

Windows, RHEL, Ubuntu

Remote console access (RDP, SSH)

Local administrative privileges

Controlled Access via Multiple Network Options

High Availability – Infrastructure

VM Image Backup (Tiered retention and opt out possible)

Server Disaster Recovery (Opt out possible)

Optional

Load Balancing

Basic Application Service Monitoring

Physical servers available for exception workloads that

do not support virtualization

Application installation,

configuration, management and

support

Custom Application Service

Monitoring

In-place OS upgrades

Application Disaster Recovery

planning

Hypervisor console access


Fully Supported - University Credential Management

Definition This service provides a managed single source of authentication for Washington University desktops,

servers, and applications. Additionally, this service design provides a high level of integration with BJC

authentication.

Feature Inclusions Included in Service Excluded from Service

Authentication of customers and authorization to grant

access to resources

Support for common platforms (Windows, Mac OS,

Linux/Unix)

Support for common authentication protocols (LDAPS,

NTLM, Kerberos)

High availability of services

Access to development and test environments

Providing AD trusts for interoperability during directory

migrations and for collaboration with key business

partners such as BJC

Immediate disabling of user accounts if needed (e.g.

during a staff departure from the University)

Recovery of AD objects

With approval from governance structure:

o Applying AD Schema extensions as needed

o Expanding the AD site model as needed

o Addition of new password policies as needed

(requires additional approval from Information

Security Office)

Creation of customer managed OUs as needed

Creation of service accounts as needed

Reporting/auditing of directory activity

Syncing users/passwords from

shared directory to department-level

directories

Adding additional domain controllers

to specific physical or network

locations

Support for contact objects in the

shared directory

Support for local directory

authentication mechanisms

(applications must point directly to

shared AD and/or load balanced

hostnames)

Support for non-standard application

integrations (those that would

involve adding additional services to

the shared directory servers)

Automated provisioning/de-

provisioning of users and groups is

not included in the cloud hosting

service. It is provided by the Identity

and Access Management service.

That service is connected to the

shared directory.


Fully Supported - Managed Database

Definition This service offers managed database hosting in shared or dedicated environments to meet unique

customer needs. This results in increased reliability and agility through reduced environment complexity.

The Managed Database service has three features: Managed Database as a Service, Shared Database,

and Dedicated Database. These three features have core attributes common to all features and specific

attributes differentiated based on required capabilities and platform functionality. Consulting is available

to assist customers in selecting database solutions that meet their requirements.

Managed Database as a Service (DBaaS) This feature allows customers to utilize database capabilities from public cloud providers. The

Managed DBaaS feature allows customers to scale based on both performance and storage

utilization; shifting the burden of platform maintenance to the cloud providers.

Shared Database This feature allows customers to utilize enterprise-class database capabilities hosted by

Washington University IT. The Shared Database feature allows customers to utilize common

database platforms without the need to manage the database platform itself

Dedicated Database This feature provides managed databases while offering the greatest level of customer control.

Washington University IT will manage the database platform in consultation with the customer.


Feature Inclusions Included in Service Excluded from Service Common Attributes – these attributes provided by WashU IT

Database Owner access

Nightly database backups

Point-in-time database restores

Selected platform administration tasks (e.g., alert configuration,

firewall configuration, service configuration) via support tickets

Service uptime monitoring

Service outage alerting

Database health and uptime monitoring

Key database performance metrics and notification

Backup and maintenance plan setup, scheduling, and monitoring

External database linking available on a case-by-case basis and

when supported by the platform

Database design

Performance tuning

System administrator (sa)

access

Detailed application or

service monitoring

Custom scorecard/metrics

reporting

Custom backup retention

Vendor management for

non-hardware, non-

operating system

components

Managed DBaaS – these attributes provided by Public Vendor

Azure SQL databases

24/7 Availability

Platform patching and upgrades

High Availability (Optional)


access

Shared Database – these attributes provided by WashU IT

Microsoft SQL Server or MySQL (via MariaDB) databases hosted

on shared instances

Additional non-production database instance for testing

Off-site retention of backups

Platform patching and upgrades

24/7 availability (excluding scheduled maintenance)

Import existing database (Optional)

High Availability

Non - Microsoft SQL Server

or MySQL databases

Specialized platform (e.g.,

Dynamics CRM, Exchange,

SharePoint) databases


access

Dedicated Database – these attributes provided by WashU IT

WashU IT Cloud Premier workload instance

Microsoft SQL Server or MySQL databases

System administrator (“sa”) access

Off-site retention of backups

Platform lifecycle, patching, upgrades with schedule

management

Platform resource specifications via support tickets (may incur

additional fees)

24/7 availability (excluding scheduled maintenance)

High Availability (Optional)

Enterprise Database Features (Optional)

Database platforms other

than Microsoft SQL Server or

MySQL


Database Support Additional a la carte database support activities are available both in conjunction with and separately from

database hosting offerings and include:

DBA Services

Database Consulting and Integration Services

Reporting Services

Optional Feature Inclusions Included in Service Excluded from Service DBA Services

Change management

User and privilege management

Index maintenance

Performance tuning guidance

Database Consulting and Integration Services

Database design

Query development

Data validation

Custom monitoring, notifications, and alerts

Replication configuration

Replication monitoring and alert notification

Report design assistance

Report development and deployment assistance

Report scheduling administration

Reporting Services

Microsoft SQL Server Reporting Services (SSRS)

Reporting service configuration

Reporting service permissions configuration

Self-service report development and deployment

Self-service report scheduling

Reporting service platforms

other than Microsoft SSRS.

Additional reporting service

platforms may be available

through other WashU IT

service offerings


Independent - Cloud Essentials

Definition This service provides server and storage environments with optional disaster recovery. Customers

manage, configure, and support operating systems in each virtual server instance.

Feature Inclusions Included in Service Excluded from Service Core

Virtual server

Remote console access (Hypervisor, RDP, SSH)

Local administrative privileges

Controlled Access via Multiple Network Options

High Availability – Infrastructure

Optional

VM Image Backup (tiered retention)

Ad-hoc requests for VM Snapshots

Server Disaster Recovery

OS and Patch Management

Application installation,

configuration, management and

support

Custom Application Service

Monitoring

In-place OS upgrades

Application Disaster Recovery

planning

Independent - Public Cloud Enablement

Definition This service provides access to University negotiated, policy-compliant contracts with key public cloud

vendors.


Core

University negotiated, policy compliant contracts with

select public cloud vendors

Account Management

University Billing

Optional

BAA (select vendors)

OS Management


Independent - Active Directory

Definition This service supports integration of customer-managed environments within the same University-wide

consolidated Active Directory environment utilized by the University Credential Management service.

Integration is accomplished by delegating management of a portion of the Active Directory environment

allowing customers to implement a single source of authentication.


Authentication of customers and authorization to grant

access to resources

Support for common platforms (Windows, Mac OS,

Linux/Unix)

Support for common authentication protocols (LDAPS,

NTLM, Kerberos)

High availability of services

Access to development and test environments

Providing AD trusts for interoperability during directory

migrations and for collaboration with key business

partners such as BJC

Immediate disabling of user accounts if needed during a

staff departure from the University

Recovery of AD objects

With approval from governance structure:

o Applying AD Schema extensions as needed

o Expanding the AD site model as needed

o Addition of new password policies as needed

(requires additional approval from Information

Security Office)

Creation of customer managed OUs as needed and based

on AD architecture standards

Creation of service accounts as needed

Reporting/auditing of directory activity

Syncing users/passwords from

shared directory to department-level

directories

Adding additional domain controllers

to specific physical or network

locations

Support for contact objects in the

shared directory

Support for local directory

authentication mechanisms

(applications must point directly to

shared AD and/or load balanced

hostnames)

Support for non-standard application

integrations (those that would

involve adding additional services to

the shared directory servers)

Automated provisioning/de-

provisioning of users or groups

(provided by IAM services that are

connected to the shared directory)

Trust with other Active Directories

for long-term integration.

Creation of new child domains


Independent - Data Center Hosting

Definition This service provides secure, reliable, and monitored data center facilities to house customer managed

servers and storage environments in WashU IT data centers.


Core

Rack Space in secure data center

Environmentally Controlled Space

Access Controlled Facility

Uninterruptable Power Supply

Generator

Redundant Power Distribution Units

Whole Rack - Secure/Lockable

Dual Power Feeds Each Rack

Network Connectivity (I1 and I2)

Fire Suppression

24x7 Monitored Physical Facility

24x7 Recorded CCTV

Rack/Stack/Cable Server Hardware

Optional

Rack – Quarter

Remote PDU Management (full rack customers only)

OS Management

Caged areas

Independent - Raw Storage

Definition This service provides general-purpose storage available for use by data center hosting customers.


Core

LUN(s) on general purpose storage array

Connectivity - Fibre Channel

Optional

Replication to second data center

Merging FC fabrics

Documents

Shared Infrastructure Service Definition...Shared Infrastructure Service Definition 7/13 Date: April 7, 2016 Fully Supported - University Credential Management Definition This service