JCU has a limited capability to provision virtual platforms to it's researchers. Virtual machines are only provided for requirements that cannot be fulfilled by Software as a Service (SaaS) options or HPC cluster infrastructure. SaaS options outside JCU will always be considered first. Examples of requirements that have been provided by virtual platforms:
Such provisioning will be handled by as a Technology Solutions (TS) project with possible assistance from eResearch centre staff. Requests for virtual machines will trigger a requirements gathering exercise.
In addition to JCU's acceptable usage policy, you need to be aware of the fact that JCU's Chief Digital Officer (CDO) has ultimate authority when it comes to anything IT related at/for JCU.
- Operating System (OS) choices are: Microsoft Windows Server or RedHat Enterprise Linux. Latest JCU supported OS versions will be used, unless there is a specific requirement to choose another version.
- Fully managed (by TS staff) virtual desktop environments may be provisioned. Such environments are considered non-production at this time.
- The servers hosting non-production systems may be running with single points of failure (e.g., may not connected to resilient, shared storage). Hardware failures may/will result in loss of systems that were running on the affected servers.
- Scheduled system updates/patching/reboots will be configured on all systems (by TS staff). Timings for scheduled work (e.g., day of week/month and time window) are negotiable.
- Principle of Least Privilege is mandatory for production environments. For non-production systems, a more open privilege escalation may be configured on the system.
- Backup of non-production systems is possible through negotiation with TS leadership team members.
- Systems that look to have been compromised will be be immediately disconnected from the network. Subsequent, detailed investigations will determine further actions.
Additionally, the following conditions need to be understood and followed:
- Modification of the baseline OS configuration provided without CAB approval is not permitted.
- Creation of local user accounts is not permitted.
- Service accounts are not to be used by users (people).
- Use of the administrator/root account is not permitted without prior approval (per workflow/task).
- A service owner (active JCU staff member) must be provided as part of documentation. See below for service owner specific information.
- Actions taken that aren't in line with TS security/risk practices could result in system isolation or decommissioning.
Exemptions from the above conditions may be approved by JCU's Technology Solutions leadership team There are many conditions that apply to service owners.
- Services provided on JCU HPC infrastructure come with best effort availability.
- Service provided on JCU HPC infrastructure come with internal resiliency only.
- JCU corporate infrastructure may be used to provide production services in support of JCU research.
- Availability and resiliency for JCU corporate infrastructure is much better than HPC can offer, but far less than what public cloud providers can offer.
Documented service owners are accountable and responsible for the VM and services running on it. Examples of responsibilities on service owners: