Availability
The Data Center network infrastructure is supported as a 24×7 service through the CoreTech Networking Operations team. Escalation is provided through Data Center Operations and the NOPS team’s on-call rotation.
ITS reserves a maintenance window on Tuesdays and Thursdays, from 5-7am, and Thursdays from 7pm-12M. At least two weeks’ notice will be provided in the unlikely event that maintenance is expected to result in a service outage. The standardized maintenance windows will be used for repairs, installations, upgrades, testing, and other processes and procedures which may cause limited or no access to IT system resources. For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar.
Standard networking
The UCSC Data Center provides standardized 1Gbps networks, both firewalled and non-firewalled. The Data Center VPN provides administrators with a secure method to access servers behind the firewall. More information about standard Data Center networks (Google Doc).
The Data Center has physical cabling standards to ensure consistency between cabinets; to simplify troubleshooting for networking, operations, and server-administration teams; and to ensure good air flow in the cabinets.
Custom networks
The Data Center can also provide custom networks for clients who require higher-speed networking, and can provide custom firewalled networks for customers with specific security requirements.
Server IP addresses
Servers in the Data Center must be configured for static IP addresses. The Data Center does not typically use DHCP for servers.
For a static IP address, use the Request a DNS (CNAME), IP, or DHCP Service Service Request. Select the service for “New DNS record and fixed IP.”
Enter your desired hostname and the target network from the link above (place all zeroes in the field for MAC address). Indicate in the “Reason for this request” field that this is for a host in the Data Center. The same ITR Service Request can be used to request a DNS alias (CNAME) for your host.
Server Configuration: DNS, NTP, and log management
DNS
Systems housed in the UCSC Data Center should be configured to use the campus DNS servers. The campus DNS servers are built with infrastructure-security protections, customized for the UCSC environment, that are not available through other DNS providers.
The campus DNS servers are:
- ns1.ucsc.edu: 128.114.142.6
- ns2.ucsc.edu: 128.114.129.33
NTP
Systems housed in the UCSC Data Center should be configured to use the campus NTP servers. This ensures that the timestamps in your logs are synchronized for event correlation and troubleshooting.
The campus NTP servers are:
- ntp1.ucsc.edu: 128.114.129.77
- ntp2.ucsc.edu: 128.114.1.77
- ntp3.ucsc.edu: 128.114.103.81
Log Management
Systems housed in the UCSC Data Center should be set to send system logs to the campus Information Security team’s server for monitoring and correlation.
The Information Security team can process a variety of system log types, as well as web server logs from Apache, IIS, and other platforms.
Please review the Log Management Service guide for specifics and configuration information beyond the basic information provided below:
Configure syslog-ng, rsyslog, or Windows agent software to forward to
- IP: 128.114.111.196
- PORT: 514 UDP/TCP
Additional info
- ENCRYPTED PORT: 6514 TCP
- Format: syslog/CEF
- Accepts logs from any campus address in 128.114.0.0/16
Port standards
Servers in the Data Center should be configured to use standard ports for services such as HTTP (port 80), HTTPS (port 443), and SSH (port 22). This improves our ability to effectively troubleshoot, monitor, report on network activity, and to maintain standard server configurations.
For firewalled hosts, all administrators’ access (RDP, SSH, VNC) should go through the Data Center VPN.
Registered Standard Port References
Exception Process
Exceptions to using standards ports require approval from the Data Center Manager and Security Manager. To request an exception, follow the Data Center Firewall Rule Request Process (log in required).
Related