I. Policy Statement
This document provides policies and guidelines for the responsible management and administration of the University of North Carolina Asheville’s servers and multi-user computers.
This is not a comprehensive document covering all aspects of responsible management. The provisions that follow are intended to establish a framework of principles, guidelines and operational procedures that ensure the effective and efficient management of the campus servers and multi-user computers consistent with the mission and goals of the university.
Information Technology Services (ITS) is charged with responsibility for the effective and efficient management of servers and multi-user computers that provide enterprise, mission critical services to the university community such as ERP, email, web, file and printer sharing, and a number of web-based and web-enabled applications supporting a host of academic and administrative services. The IT Security Team (ITST) within ITS is charged with establishing and administering baseline standards that decentralized servers and multi-user computers must follow concerning compatibility, security, interoperability, and data integrity.
II. Scope
Applies to UNC Asheville faculty and staff requiring access to electronic resources.
III. Policy
Campus servers and multi-user computers are mission critical resources that are utilized by all members of the campus community. It is essential, therefore, that these resources be managed effectively to ensure maximum availability, accessibility, and operational efficiency in support of academic offerings and administrative requirements. ITS works to ensure that the allocation of resources meets the needs of the faculty, staff, and students and aligns with university goals and standards and are utilized in the most effective manner possible.
A. Administrative Provisions
1. Operating System Software
a. Operating systems supported by ITS are based on university needs and, in many instances, determined by the application vendor.
b. The level of operating system support provided by ITS for decentralized servers varies based on the applications running on the server and the availability of support personnel.
c. ITS is responsible for determining the need and relevance of operating system updates, service releases, and emergency patches. ITS staff will take appropriate action depending on the urgency of the update.
d. ITS will endeavor to inform all affected individuals of operating system changes and possible issues which might arise from those changes well in advance. ITS staff will attempt to minimize the negative impact on users through flexibility in scheduling updates.
e. ITS will take all reasonable steps to ensure data integrity during system updates.
f. All operating system updates on production systems will be implemented in accordance with the Change Control Procedure.
g. ITS will maintain a current system software inventory.
2. Application Software
a. All software to be installed on the university’s production systems that are managed by ITS must be approved by the Director of Networking and Systems or the Director of Administrative Applications as appropriate.
b. Application owners must inform ITS staff of any significant changes in software.
c. All application changes will be implemented in accordance with the Change Control Procedure. Emergency updates, as determined by the director, will be given priority over previously scheduled events.
d. Applications may be disabled or removed from university systems at the discretion of ITS for specific reasons. Reasons would include, but not be limited to:
i. Malfunctions or functions in an unauthorized manner.
ii. Causes the operating system to be unstable.
iii. Causes other applications to malfunction.
iv. Causes or has strong potential of causing data loss.
v. Poses a credible security risk.
vi. Is not supported for the current version of the operating system.
e. Application owners are ultimately responsible for the accuracy and validity of application data.
f. Application owners are responsible for informing their constituent user population of changes or updates.
g. Applications software must be maintained to be compatible with the current operating system version.
3. Hardware
a. ITS will endeavor to implement “state of the art” computer equipment to support the campus mission. The department will work to ensure that all equipment meets university requirements for stability, reliability and security.
b. Support for applications and software that aligns with the university mission will be the determining factor in the decision to support a new hardware platform or remove an existing platform.
c. ITS will strive to minimize the number of hardware platforms to the minimum required in order to accomplish the University’s mission.
d. Depending on the critical nature of the supported applications, ITS may require external (vendor or contracted) support for hardware and operating system environments.
e. ITS will maintain a current hardware inventory.
4. Disaster Recovery
a. ITS is responsible for maintaining, testing, and continuously improving the plan for recovery of servers and multi-user computers in the event of a disaster. Details can be found in the UNC Asheville ITS Disaster Recovery Plan.
b. ITS will take all reasonable measures to ensure the safety, security, and recoverability of data stored on supported systems.
c. The order of restoration of services is dependant upon the scope and extent of the disaster, the number of failed systems, and the level of importance to the university of a system as defined in the UNC Asheville ITS Disaster Recovery Plan.
d. When possible, ITS will maintain a secondary computing site with computer hardware available to rapidly allow some level of restoration of service for the highest priority systems as defined in the UNC Asheville ITS Disaster Recovery Plan.
5. Departmental Servers
a. Departmental servers are not recommended without proper support personnel within the department and without prior consultation with ITS. The avoidance of duplication of effort is a priority to conserve financial and human resources.
b. Servers administered and maintained by departments will not be supported by ITS staff unless they are in compliance with UNC Asheville Server Protocols. All servers owned by UNC Asheville or residing on the UNC Asheville network must conform to the UNC Asheville Server Protocols and must have a disaster recovery plan referenced by the UNC Asheville ITS Disaster Recovery Plan.
6. Networking
a. ITS will only utilize network protocols defined under Network Standards and Management. (200.03)
b. ITS and decentralized system administrators must take all reasonable care to enable only services on a server that are required to fulfill the function of that server. For example, if web services are not needed on a server then port 80 should not be open on that server.
7. Streaming Video Services
a. Media files are to be served from the campus supported media content server(s) or services.
8. Mobile Computing Devices
a. Mobile computing devices that require access to servers and multi-user computers must adhere to the same standards as desktop and laptop computers. Users must authenticate with a username and password before access is allowed.
9. Security and Encryption
a. All password information must be stored in encrypted format on all electronic resources.
b. Encryption standards are recommended by ITS staff to the Director of Networks and Systems and approved by the Chief Information Officer.
IV. Violations of Policy
Intentional or knowing violations of this policy may constitute misconduct and accordingly employees are subject to disciplinary action, up to and including suspension without pay and dismissal, in accordance with the pertinent employment policies for SHRA, EHRA non-faculty, and faculty.