Infrastructure as a Service (IaaS) offers virtual hosting in University facilities, where UIS IT staff will maintain its underlying infrastructure. We can create a sub-tenancy (or ‘Project’) for an institution, within which local IT staff may create and manage virtual machines (VMs). Projects are sandboxed from one another, but we can arrange firewall rules to allow access between them, if required.
Features and benefits
The infrastructure provided by IaaS offers virtual hosting with built-in site resiliency and data protection through automated backups. We look after the hosting and infrastructure, allowing you to focus on your servers and services.
Local IT staff will have:
- access to their institution’s Projects (tenancies) via a customer portal protected by multi-factor authentication
- access for VM deployment and management with, optionally, secondary sign-off at the point of deployment
- reserved IP address ranges within each Project (names will be registered in IP Register automatically)
- the ability to deploy VMs through tested builds of Windows or Linux servers, with the ability to customise the specification of each VM
- remote console access to VMs
- the ability to carry out Day-2 operations, such as power control, snapshotting, and the resizing of CPU, memory or disks
- the ability to request external access to services via DNAT or traffic managers with a Web Application Firewall to protect against malicious HTTP/S requests
- the option to use institutional Active Directories for server provisioning (although we recommend the use of Blue AD where possible).
Technical specifications
Security
All VMs are protected by a distributed firewall (DFW), which protects VMs individually through a centralised ruleset – offering the micro-segmentation of machine-based firewalls, and the manageability of border firewalls.
We apply firewalling at the hypervisor level, so a firewall is applied to each VM.
We manage firewall rules centrally using NSX-T. We will work with you to troubleshoot any connectivity issues using the logs provided by the environment. Rule changes are available on request.
Resilience and disaster recovery
In the event of a site failure, resilient VMs will be brought up automatically at the secondary site. There will be a short uptime interruption while they boot up.
VMs do not have to be resilient in this way. Tenancy sys-admins may choose a single Availability Zone at deployment time, which allows for:
- applications or use cases that are not important enough to require site resiliency
- situations where resiliency is handled at the application level (for example, load-balanced web servers or database replication).
- All VMs are backed up nightly and stored offsite at a third location. The backups are crash-consistent. Restores are available on request.
Technology stack
IaaS is built upon VMware Cloud Foundation (VCF) running on Dell VxRails hardware. The hardware is clustered across 2 sites in Cambridge to offer resiliency. Technology stack upgrades will not impact running VMs, which are migrated between physical nodes without the need for a reboot.
We will advertise maintenance windows in advance if they will affect the customer portal.
Costs
Charges are applied differently according to the use case of a Deployment. You can apply for a one-month limited free trial to evaluate the service before committing.
- Departmental servers (not used for research): provided for free.
- Research servers: charged for monthly, with backup costs waived.
- All other University use cases: charged for monthly, with backup costs waived.
- Colleges and affiliates: charged for monthly, at the full cost.
How to get the service
You should complete an IaaS new project Service Request form in the Self-service portal. Each institution, for example, a department or college, can have one project for their virtual servers.
Get help
Read full user documentation on the University Developer Hub on GitLab.
You can complete an IaaS feedback/query Service Request in the Self-service portal for service queries.