Skip to Content

Server Administration Guidelines

As an Application Administrator of a virtual or physical server in the Texas State University data center, you and the Technology Resources Core Systems team have specific responsibilities and must work together to maintain a safe and secure environment for the university and its data. You are also responsible for ensuring that external vendors and contractors follow these guidelines.

State Laws and University Policies

All parties must adhere to applicable federal and state laws, university policies, and information technology best practices and procedures.

Core Systems Responsibilities

Responsibility Description
Audits

Periodically, Core Systems may contact you about software or configurations on a server you maintain. These are often in response to a security concern or some other unusual circumstance, so please respond in a timely manner.

Backups

Core Systems provides daily backup schedules for both physical and virtual servers.

Firewall

The host-based firewall is installed, configured, and enabled in an effective manner.

Hardware

Core Systems is responsible for the server up-time, proactive maintenance, and maintaining back-end infrastructure.

Local and Domain Authentication

Access to a server must be through a Super User (SU) account, and local accounts are not permitted. Where Active Directory groups are used to control access, the groups are maintained via the Role Management tool in the Online Toolkit.

Operating System Configuration

Core Systems performs changes that pertain to Operating System (OS) system configuration such as registry or system-level configuration.

Operating System Installation

Core Systems installs an approved OS and configures it to best practices.

Operating System Updates

Core Systems updates OS's on a scheduled basis and typically outside business hours.

Shares / Mounts

Core Systems Core Systems creates shares which must be restricted per best practices for the specific protocol used. (e.g., Windows SMB Shares must be controlled by a FileShare group, or NFS Mounts must be controlled via an Access List).


Application Administrator Responsibilities

Responsibility Description
Installation

Application Administrators may install software that is required for the primary application of the server to function. The software must be approved by the Information Security Office and Core Systems.

Upgrades Application Administrators must keep software up-to-date, and all security fixes must be applied to protect against the latest security vulnerabilities.
Support Application Administrators work with vendors to support issues with performance, installation, or configuration of the application. Note: Core Systems will work with the Application Administrator if changes need to be made at the OS level.
Configuration

Applications must use a supported centralized authentication source (e.g., LDAP, Windows Authentication, Active Directory, Shibboleth).

Encryption Any web services that make use of authentication must use an encrypted method for passing authentication credentials. SSL certifications can be requested here.
Logging

Event logging must be enabled on all applications/services that at minimum include access and configuration changes.

Audit

Access to servers must be audited periodically by the application administrator. If contacted by Core Systems about software or configurations on a server you maintain, application administrators are expected to respond in a timely manner.

Authorization

Applications and/or services are not authorized for use until a data security plan and a successful vulnerability scan is completed.

Authentication

All authentication to a server must be via a NetID or Super User account. Super User accounts are to be used when remotely administering systems (such as via Remote Desktop or SSH). Service accounts will not be used to remote desktop or remotely administer systems. Any exception to this must be authorized by ISO and TR.

Review

System needs must be reviewed on at least a yearly basis (i.e. If a system needs to be decommissioned or more resources are needed, IT must be informed).

 

Learn more about Virtual Server Management (Hosted Service) and Physical Server Management