Microsoft Windows Server Support

An offering from ITS, is Microsoft server support and consultation. This service includes 2nd tier assistance for servers including troubleshooting, operating system installs and upgrades, security and hot fix application. In addition server analysis, resource planning and recommendations can be provided.

What we support
Operating Systems
Hardware Requirements
Backups
Applications
Power Protection
Firewall
Requests for support or consultation
ITS Policy for working with 3rd party vendors on stakeholder equipment
Windows Server Administration Checklists
Windows Virtual Servers
Security Options for Windows based servers


Microsoft Windows Server Support - What we support
A number of academic departments in Arts, Sciences and Engineering have instituted the use of Microsoft Windows servers. Due to the complexity and variety of these systems, ITS must restrict the hardware and operating system software versions that it can support. The supported server vendor, hardware and operating system requirements are listed below. All departments operating Microsoft Windows servers are required to have operators and/or system administrators, 1st tier support, with a working knowledge of their operating system as well as familiarity with installed hardware and applications. In addition, local operators or administrators are expected to be familiar with the security implications of operating a multi-user, multitasking operating system.

PLEASE NOTE: Microsoft Windows Servers are general-purpose operating systems and therefore are often used to provide a range of network services to other systems. Examples include file and print services, web, application and email. ITS strongly suggests that wherever and whenever possible departments should avoid providing these services and to instead rely upon either ITS or UIT to provide them. Any one of the aforementioned services can greatly increase the administrative tasks and security implications associated with system maintenance, taking valuable machine and human resources away from the systems primary function.

Operating Systems
The Windows 2008 Server product is supported in its current release and service PAK revision. Future server products will be supported after sufficient time has been given for ITS to evaluate them upon their release. Additionally the hardware must be running on ITS approved Wintel hardware see requirements below. It is intended that the Microsoft Windows server product be used as a platform for distributed multi-user functions and not as a substitute for Windows XP or Vista running standard productivity and office applications. Since web, file and print services are provided centrally or by ITS, it is strongly suggested that departments avoid using their systems to replicate these services.

All Media/CD's and licenses for the operating system must be readily available. In addition it would be prudent to have all 3rd party application media and licenses available. These should be kept together in a secure location that is known by the local administrator and will be known by ITS. Additionally 3rd party installation guides and notes on specific installations should be kept and readily available if needed.

Hardware Requirements
Minimum Requirements for existing servers:

  • Intel Xeon 3.0 GHz CPU
  • at least 2 gigabytes of memory
  • For new hardware it is recommended that you contact ITS and we will work with you on configuring a server for your individual needs and budgetary considerations. Based on an analysis of the requirements of the server, ITS can configure a recommended solution and provide a quote from the hardware vendor.

    Additionally, for new hardware to be supported, we are requiring that the vendor used be DELL. For supportability and dependability reasons we are standardizing servers on one hardware vendor's platforms. DELL has proved itself a cost effective and more importantly stable and reliable enterprise server manufacturer and one that we have standardized our own servers on.

    Backups
    In order for an existing server to be supported a backup schedule must be in place and the tapes readily available. New servers will be configured with a tape drive to be used for backup purposes.

    Applications
    Assistance will be provided in regards to 3rd party applications where possible. However application support is to come from a content knowledgeable application person within the department as well as the 3rd party.

    Power Protection
    Servers must be properly power protected. At a minimum the server must be attached to a surge protector. More ideal would be that the server be attached to a UPS, Uninterrupted Power Supply. This mitigates exposure to the server's hardware in the event of unintended power hits.

    Firewall
    It is required that any server on the Tufts network be placed behind an appliance level firewall. UIT and ITS both offer this service. New servers should have a firewall included as a part of the purchase. Owners of existing servers should seriously consider taking advantage of one of the service offerings and placing a firewall between the server and the network.

    Requests for support or consultation
    Requests for initial support or consultation are to be made by contacting the AS&E helpdesk at helpdesk@ase.tufts.edu. Information in the request should include the name of the person making the request, the name of the 1st tier server administrator, the type of assistance requested and any other pertinent information. ITS reserves the right not to provide support to a server based on its not meeting one or more ITS standards.

    ITS Policy for working with 3rd party vendors on stakeholder equipment
    The following is the high level policy in regards to how ITS works with 3rd party hardware and software vendors in concert with the stakeholder.

    Generally this covers the installation, set up, troubleshooting, etc. of 3rd party vendor products, hardware and software, and working with the technical support representatives of the specific vendor.

    Scheduling time with vendors and ITS
    All work that will need to be performed in conjunction with a 3rd party vendor and ITS will need to be scheduled beforehand with the appropriate FSP and the vendor and within a timeframe that is agreeable to all parties.

    Scheduling that does not include the appropriate FSP is not acceptable and could cause delays in the work to be scheduled; time the vendor may not be able to perform work on the system, etc. due to previously scheduled work by the FSP elsewhere on campus.
    Hardware
    It is preferable that clients purchase ITS supported hardware and only after first consulting with an ITS representative, your FSP, based on the requirements of the hardware and or software and the usage in terms of the goals of the project.
    • University Purchased/Owned Hardware
      • Preferred Vendor Hardware and Model
        • Dell
        • Apple
        • Lenovo
      • A list of supported hardware can be found here:
        http://ase.tufts.edu/its/supportStandards.htm#hwStandards
      • Warranty Status
        It is imperative that new hardware is purchased with adequate support agreements and that existing hardware is under a support agreement with the hardware vendor. The lack of such an agreement could cause delays in support as well as additional cost to the stakeholder in regards to replacement costs of parts or with an entire system.
      • Built by ITS FSP
        • All OS security patches applied
        • All Software patches
        • Joined to Tufts Domain
        • LanDesk installed
        • OfficeScan installed and up-to-date
    • 3rd Party supplied Hardware
      • Manufacturer or Vendor Supplied Hardware Support
      • ITS will attempt to install 3rd party vendor hardware but will defer to the 3rd party in the event the hardware is outside of our realm of support, i.e. scientific devices attached to a system.
      • ITS will assist with configuration of the hardware and as above may defer to the vendor for configuring the hardware.
      • ITS will provide a best effort in regards to support of said hardware but the onus will be on the stakeholder and the vendor for support be it hardware or software.
      • When it comes to scientific or other devices that are connected to ITS supported hardware ITS’s responsibility ends at the card within the system that connects to the device and not the device itself.
      • ITS will work with the vendor towards the resolution of a problem that is diagnosed to be with the device and not the system but is not responsible for the repair of the device and its operation.
    Software
    • ITS cannot guarantee software installations done by non-ITS personnel.
    • ITS will attempt to properly install 3rd party software products that are not on our supported software list.
    • In the event of improper documentation, installation errors or issues that cannot be diagnosed in a timely manner by ITS personnel it will be necessary to escalate to the 3rd party vendor.
    • In this scenario ITS will work with the 3rd party vendor in providing access to the system and in assisting with troubleshooting the issue but the onus will be on the 3rd party to successfully come to a proper resolution.
    Network Access

    Windows Server Administration Checklists
    The following lists are not all inclusive nor may they be ideal for your environment. However they are a good start to ensure that your servers are kept up to date and properly maintained.

    Daily:

    • Check event log of every server, fix/try to fix as needed.
    • Creating new directories, shares, and security groups, new accounts, disabling/deleting old accounts, managing account policies.
    • Make sure backup runs and verify the files.
    • Check for free space on all servers, for file pollution and quotas.
    • Ensure that all server services are running.
    • Ensure that anti-virus definitions are up-to-date.
    • Keep Service Pack and Hot fixes current.
    • Check Print Queues.
    • Keep a log of everything you have fixed or performed maintenance on.
    • Permissions and files system management where appropriate.

    Nightly:
    Backups - ensure that backups are being performed nightly and verify their successful completion. The top 10 rules of system administration on any operating system are

    • backups
    • backups
    • backups...

    Weekly:

    • Clean Servers, check for .tmp files, jetdb files, etc.
    • Implement any new policy, permission, logon script, or scheduled server modification.
    • Reboot Servers if needed.
    • Keep up-to-date on IT news regarding networks and security.
    • Evaluate software for System Admin purposes.
    • Performance Monitoring/Capacity Planning- Budgeting for the future.
    • Uptime/Downtime reports.
    • Audit network for unauthorized changes.
    Monthly:

    • Change Service Account Passwords, this could be done quarterly.
    • Extended testing backups with restores.
    • Maintaining applicable Service Level Agreements.
    • Managing off-site storage of backup tapes, whether you take them home or a service picks them up.
    • Periodically reviewing all of the above, is documentation up to date?
    • Has the Disaster Recovery Plan been updated to reflect changes in the environment?
    • Periodically reviewing workload.
    • Periodically review company technical environment. How can it be improved?
    • Run defrag and chkdsk on all drives. Review audit policies, audit user rights and privileged local and global groups.

    Initial or Occasionally:

    • Test disaster recovery process to an alternate site, in case of emergency.
    • Test the backup restore procedure.
    • Get a performance baseline for things like %Processor Time, Pagefiling, Disk Queues.

    Windows Virtual Servers
    ITS provides Windows based server virtualization as part of our Windows server service offerings. A partial listing of this offering is listed below:

    • We provide server virtualization for new server requirements where a physical server is not appropriate.
    • We can collapse existing physical servers and migrate them to a virtual server.
    • We can migrate desktop PC’s that perform server functions to a physical or virtual server.
    • There are many benefits to running your server needs on a virtual server and ITS would be glad to discuss those benefits and how they may help your departmental Windows based server needs.

    Please see the appended site for more details on the Windows server support offering. If you would like to look into this service please contact James Crouch at james.crouch@tufts.edu for more information and to set up time to discuss this subject.

    Security Options for Microsoft Windows based server operating systems:
    There is no panacea in regards to security in a Microsoft Windows environment. However, taking some prudent steps can help mitigate your exposure. Note that Microsoft, among others, changes their links periodically. At the time of writing these were up to date and viable.

    Windows Server Support Resources
    http://www.microsoft.com/security
    Microsoft has a plethora of security information here.
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp
    Microsoft has recently added baseline security checklists for the various Windows server operating systems and environments
    http://www.microsoft.com/technet
    TechNet itself is a great resource for security
    http://www.sans.org
    The SANS, Systems Administration, Networking and Security, organization is a good source for security information.
    http://www.ntbugtraq.com
    Ntbugtraq is one a highly recommended source of independent security information in the Windows world.
    http://www.cert.org
    CERT is another site to keep abreast of.
    http://www.antivirus.com
    The various virus protection vendors have good sites and applicable information. A couple of them are listed here.
    http://www.mcafee.com


    There are numerous list servers that can provide you with up to date information on security issues. Each of the sites listed above have list services. It is recommended to join at least the Microsoft one and possibly one other. SANS and ntbugtraq are 2 that are highly informative.

    Periodically run http://windowsupdate.microsoft.com. From within this area your server can be checked for the absence of hot fixes, service PAK's, etc. and make recommendations for addressing any discrepancy found. Be aware though that at this time windows update will not check on IIS hot fixes.

    Virus Protection
    This is mentioned in the System Administrators Checklist document but it is important to note it here. Ensure that you are running an enterprise server virus protection product as well as scheduling it to update and deploy pattern files on a daily basis. The University has a contract with Trend Micro and their Server Protect product. For assistance on installing and configuring this product please send a request to the ITS helpdesk at helpdesk@ase.tufts.edu.

    There are many 3rd party products that can assist in proactively monitoring and managing security issues. Many can be found through the above mentioned sites and list servers.

    There are also numerous courses and seminars offered outside of the University on the administration and securing of Windows Server 2003.
     


    Computer Support
     ITSearch   Go
      © 2013 Tufts University. All rights reserved.