Managed Server Service Laurie Collinsworth 11/15/2016

Agenda Introductions Service Description Value Proposition Metrics Cost Security More information Q&A

Introductions Service owner: Laurie Collinsworth Service manager: Mike Hojnowski Other service delivery team members: Eng: Scott Sorrentino, Eric Johnson, Jason Stuart, Mark Sincock, Lillian Isacks Ops: Martin Berggren, Andrew Heath, Christina Seymour, Tom Walden, Ken Pendell IT Communications and Documentation

Service Description Service name: Managed Server Service Brief Description: The Managed Server Service provides fully-managed virtual and physical Linux and Windows servers in two high availability data centers. Provides secure environment for HIPAA, Policy 5.10, regulated and restricted with OS hardening and patching, firewalls, vulnerability scanning and 2-factor login. High availability and data protection is provided by best-practices management, backup/recovery, load balancing, and replicated file shares as requested. Support includes 7X24 monitoring and emergency on-call as well as consulting on troubleshooting, performance and security.

Service Description Product(s): Available to: For Fee Service: yes Linux (Red Hat, CentOS) Windows Server Security Tiers (firewall, scanning) HIPAA compliance On-Prem co-Hosting (VM appliance) CentOS & Windows in AWS Available to: Faculty, Staff For Fee Service: yes Service tier: Zero

Value Proposition Value proposition Customer impact Key benefits Redundant, hardened environment provides high availability during power outages and scheduled maintenance. Secure environment for confidential and regulated data. Central monitoring of servers, storage, performance, applications, and critical components such as firewalls and load balancers Customer impact Customers can deploy applications in a stable secure environment with operational support. Key benefits Cost savings by leveraging central staff expertise, virtualization and SAN storage Self-serve VM’s into a preconfigured environment Monitored, securely patched, redundant

Metrics FY17 Q1 FY 17 Q1 Metrics Count as of 9/30/16 Customers 330 Windows Servers 729 Linux Servers 1042 Co-hosted Servers 43 Total number of managed Servers 1,802

Metrics FY17 Q1 FY 17 Q1 Metrics Count as of 9/30/16 VMs on-prem 1681 VMs in AWS 33 Physical Servers 88 ESX hosts 76 ESX memory 13.5 TB ESX guest (VM) memory Range 1 – 48GB Average: 5GB ESX guest (VM) CPU Range: 25 – 12068 Mhz Average: 463 Mhz Bored:  100 Mhz Normal: 500 Mhz Active:  1000 Mhz Massive: 10000 Mhz

Metrics FY17 Q1 FY 17 Q1 Metrics Count as of 9/30/16 Data Center networks 287 Data Center connections 40Gbps to blade chassis 10Gbps or 1Gbps to servers Peak Data Center traffic 7.5Gbs in / 18.5Gbs out SAN network 8Gbps SAN storage 813.6 TB Averaged SAN usage 46,218 iops/sec 2.0 ms/iop response time

Metrics FY17 Q1 FY 17 Q1 Metrics Count as of 9/30/16 Opsview monitoring 3,767 devices 132 events/day Splunk central logging 4,058 hosts 174M logs/day securID two-factor authentication 336 users 16,696 authentications ExtraTier Servers 800 Load Balancer 876 services mapped to 359 servers extraTier servers = servers protected by firewall, web proxy, remote hoppers Load-balancer = servers protected by load balancer policy,  SSL off-load

Annual cost of Managed Server Service Cost to deliver the service: Fee for service: varies Cost of HW, SW, maintenance not listed here but included in fees FY 16 Annual Cost $1,345,598 Hardware & Software $0 Labor $1,233,271 Staff Support (5%) $61,164 Admin Overhead (5%) $705/year = $58/month FY 16 Unit cost/year per server $705

Service fees Virtual Server: Monthly Rates http://www.it.cornell.edu/services/managed_servers/fees.cfm Most of the VMs fit in these 6 buckets. Additional charges apply. $4 additional vCPU $4 additional GB/RAM $.09/GB for storage & backup over 1 terabyte RAM Group (GB) Up to 150 GB Up to 500 GB Up to 1000 GB Up to 2 GB $75 $109 $156 Up to 4 GB $83 $117 $164 Up to 8 GB $99 $133 $180

Sample breakdown of server costs https://sfinfo.cit.cornell.edu/my_servers.php Average Server (2 GB RAM, 2 vCPU, 150GB storage) $78.50 FTE $49.00 CPU $8.00 Memory Disk storage $9.00 Disk backup $4.50

Security What risks does use of the service mitigate? Loss of service due to loss of power, network or HW failure or lack of resources. Loss of data due to HW failure, lack of backups or insecure systems Compromise due to unsecured or unmonitored systems Inability to effectively troubleshoot system/storage/network issues Non-compliance with university policy

Security How does the service mitigate risks? Multiple data centers with UPS and generators Redundant network routers, switches and server connections. VMware virtualization and dynamic distribution Redundant storage infrastructure, replicated storage available Central capacity for additional servers and storage Hardened OS are protected, patched, and monitored Centralized account management and policies Sudo and Windows elevated privilege logging Central logging for troubleshooting & incident response

Security How does the service mitigate risks? Load balancers provide fail-over, redirection, SSL redirection and basic security policies. Firewalls provide advanced security options including ACL’s, NATs, web filtering, and policy enforcement 7x24x365 Monitoring and Alerting for infrastructure components or applications Vulnerability scanning and security consulting 2-factor authentication Hopper servers provide an auditable access point for administrative access to protect servers from local workstations. Major Incident and DR plans and communication procedures.

More information Service web pages: http://www.it.cornell.edu/services/managed_servers/ Service level expectations: https://www.it.cornell.edu/services/sle.cfm?doc=38 Service catalog entry: https://catalog.it.cornell.edu/admin/37 Service quarterly report: http://cio.cornell.edu/resources/it-reports-documents-and-presentations/itcornell-quarterly-metrics/managed-servers

Questions? Email questions to: Laurie Collinsworth ljc1@cornell.edu Mike Hojnowski mqh1@cornell.edu