Virtual Server Hosting Service - Terms & Conditions Service Level Agreement (SLA)

The Virtual Server Hosting Service provides the UH community with access to virtual servers running a Red Hat Enterprise Linux (RHEL) or a Microsoft Windows Server operating system. ITS utilizes a VMware cluster for the provisioning of the virtual servers. The size and configuration of the virtual servers can change over time as needs change.

Show Stoppers

There are some scenarios where this service will not be appropriate. Below are some examples:

This service may not be used where PCI compliance is required.
Hardware requirements for peripherals such as sound cards. A physical hardware colocation request may have to be considered instead.
Operating systems that are not ITS-supported (i.e. Ubuntu, CentOS, etc.)
Firewall rules that are deemed to be a security risk by the ITS Security Team. I.e. Open MySQL to the world.

Cloud offerings on UH-managed AWS or Azure may be available if the Virtual Server Hosting Service is not suitable for your needs. Please inquire for additional information.

Benefits

Infrastructure Benefits

The environmentally-hardened IT Center Data Center can reduce the risk of your equipment being damaged or unavailable due to natural disasters.
Efficient power and cooling reduces use of natural resources and overall expenses.
Highly redundant components; reliable power and cooling will increase the uptime of your hosted applications.
Continue to have full control to your system without worries about buying, installing, supporting, or replacing hardware.
All virtual servers are protected behind the ITS Data Center's enterprise firewall.

Virtual Server Benefits

New servers can be set-up within a few days so you no longer have to manage phyical hardware or go through long procurement processes to get your equipment.
Ability to grow or shrink virtual server(s) over time; ensures you don’t spend too much money by over-configuring your systems.
- Caveats include:
  - Disks cannot be shrunk down due to risk of corrupting data.
  - Increasing resources do not require a reboot but decreasing resources will require a reboot.
OS upgrade support for major releases
- A new virtual server of similar configuration will be provided at no additional cost for a period of 1 month to facilitate migration.
- Where possible IP addresses will be preserved upon request.
- CNAME(s) will be updated as needed for cutover to the new virtual server.
Multifactor authentication (MFA) integration with Duo is supported at no additional cost
- Only UH Usernames are supported since the Duo namespace is integrated with the UH Login username space.
- MFA may be required depending on your data classification, though it is highly recommended for securing remote access, such as RDP and SSH.
Free SSL certificates available per the ITS Certificate Program.
Optional backups available at an additional cost. Backups are done by Veeam and stored in a separate phyiscal storage array in the ITC Data Center.

Operating Systems

The latest Microsoft Windows Server and Red Hat Enterprise Linux (RHEL) operating systems are available virtual server options. Operating systems are no longer available once they reach end-of-life. New operating systems are added as they are fully tested within our environment.

OS Support Resources

OS support is not included in this service, nor is there support for the applications you plan to install. Any technical support out of the scope of the agreement is considered best effort. There are resources available online and the UH App Dev community via their LISTSERV list may be able to help. Here are some resources to consider:

��Ӱҵ App Dev community: . You will need to sign up.
Red Hat Services:

ITS Responsibilities

Initial

Review the submitted Virtual Server (VS) Intake Form
Perform initial installation of the new virtual server's OS
Note: ITS will not have access to the operating system (OS) once it is handed over to the owner.
Provide vCenter console access to the new virtual server
Provide for virtual server reboot, shutdown, and the viewing of resource utilization statistics.
Register the virtual server in the InfoSec Device Registration database.
Pre-configure backups if backups are included with the request. .
Pre-configure automated OS updates and patching on for Windows and yum update via cronjob for RHEL.
- Updates by default will be scheduled on the 4th Sunday at 6am of each month. Please contact us if you would like to change the schedule. An automated reboot of the OS will also be included to complete the updates.

Ongoing Support

Provide firewall changes as needed, upon request and pending vetting from the ITS Security Team.
Respond to support requests for using this service via support email itscs@hawaii.edu.
Adjust virtual server resource utilization as needed, upon request.
Provide annual billing. Billing inquires can be made to itsdc@hawaii.edu.
Provide backups and restores if the optional service is purchased.
Provide consultaion assistance to help you plan for your use of the service.
Provide best effort support during business hours, subject to availability of staff resources.
Provide power, cooling, and network services in the ITS Data Center.
ITS will physically monitor the Data Center to ensure only approved personnel enter the facility.
ITS will monitor the Data Center network to ensure it is available and operating as expected.

End-of-Life

Upon request, ITS will securely decommission the virtual server and cease billing.

Virtual Server Owner Responsibilities

Initial

Fill out the Virtual Server (VS) Intake Form.
Design and secure server for compliance with UH Executive Policies such as EP 2.210, EP 2.214, and EP 2.215. Links to policies can be found at Policies & Compliance
Ensure that the appropriate firewall rules are specified.
Ensure that a backup strategy for institutional data protection is planned from the outset.

Administrative

Identify at least one full-time staff as the virtual server's system administrator. Ensure that at least one full-time staff member is assigned system and application administration responsibilities. Students cannot be the primary system administrator.
Let ITS know in a timely fashion when changes to personnel are necessary, for example, when a designated system administrator leaves your department. It is highly recommended that you have a secondary technical contact/system administrator assigned to your virtual server.
When requesting additional resources, ensure that any associated increases in application licensing costs are appropriately addressed, i.e., an increase in CPU resources might required additional Microsoft SQL Server licensing costs.
If requesting backups, review and be familiar with the ITS Virtual Server Backup Policy
Annually confirm the virtual server registration in the (you will receive an email reminder).
Make the requested annual payment to ITS for resources purchased.
Notify us in a timely fashion when you no longer need the service. Billing will continue until we receive an official request to decommission/retire server(s).

Application Support

Install, support, and maintain application(s) installed on your server.
Ensure ongoing compliance with UH Executive Policies such as EP 2.210, EP 2.214, and EP 2.215.
Patch and upgrade your applications.

Data Protection

Please ensure your familiarity with and comprehension of the following:

The ��Ӱҵ Information Security Program
Protecting Sensitive Information at ��Ӱҵ
applicable to the data being stored and accessed on your virtual server
Inform ITS in advance when planning to host protected information (HIPAA, FERPA, PCI, PII, etc) on the virtual server.
Properly manage information by assigning at least one full-time staff member as a protected data compliance officer.
Implement a backup strategy to protect institutional data.

Security

Maintaining the security of your virtual servers is your responsibility. While hosted virtual servers are protected by our enterprise firewall, you must continue to protect your server at the operation system level. Ensure software is patched, malware is blocked, passwords are secured, and access lists are managed.

If a virtual server becomes compromised and/or it becomes a threat to the greater UH community, ITS reserves the right to block network traffic and/or shut down the server. If this occurs, ITS will notify you immediately.

Guidelines and general best practices for securing the hosted virtual servers according to established policies are available here: http://www.hawaii.edu/askus/1266.

Ensure least privilege access.
Ensure the latest OS and application patches have been installed.
Mitigate critical application vulnerabilities in a timely fashion.
Ensure continued compliance with Minimum Security Standards for Virtual Server and all Desktops and devices that may connect to the Server.
Proactively upgrade your Operating System before it is End of Service Life (EOSL).ITS will contact the server administrator on record when systems are becoming EOSL. It is the administrator's reponsiblity to respond in a timely manner and work on upgrading to server. Failure to upgrade will leave your OS vulnerable. ITS reserves the right to shut down or block the server.

Outage Communication

Unplanned Outages

An unplanned outage is a service interruption of hardware, software, or network components supporting the Data Center infrastructure. ITS will post information about any unexpected outages on the ITS Alerts web site.

Planned Outages

A planned outage is defined as a service interruption that has been scheduled in advance by ITS. Outages will be scheduled during non-business hours when possible. ITS will give customers as much advanced notice as possible for scheduled outages.

Security vulnerability outages will follow the ITS Patching Principles. The following table can be used to determine when patches should be applied.

Grouping	Description	Time to Patch Within
Emergency	A very rare high profile security exposure that is specially designated by the CISO (e.g. Heartbleed).	ASAP (ideally within 24-48 hours)
Critical	A vendor (or patch provider) has denoted its highest rating for the patch. Generally this means that vulnerability that could be exploited by a remote unauthenticated attacker and could lead to system compromise without requiring user interaction.	14 days
Monthly	Operating System patches, such as RHEL and Windows.	30 days
Other	All other patches.	90 day

Policies

ITS will continue to ensure that security remains a priority, and will verify ongoing compliance to executive policies. Examples of such policies regarding security and data handling would be EP 2.210 (Information Technology Resources Policy), EP 2.214 (Institutional Data Classification & Information Security Guidelines) & EP 2.215 (Protected Data).

Excerpt from EP 2.214

"3. As stated in Executive Policy EP2.215, Information Technology Services (ITS) has the full authority to enforce technical measures to ensure the security and confidentiality of protected data that are stored or transmitted, whether intentionally or unintentionally, on University systems and networks, including but not limited to immediate disconnection of compromised systems and devices from the University network.
4. ITS has the authority to conduct network and device scanning to identify security weaknesses in any University information system, device, or network that may compromise sensitive information or the operations and availability of institutional services.
ITS also has the authority to require all servers operating on the University network be regularly scanned for sensitive information, vulnerabilities and be protected in accordance with appropriate data security guidelines based on data classification categories.
5. To better protect the University’s Institutional Data, ITS may require departments/units/programs to periodically report on the data element/records that they manage. Reporting requirements administered by ITS include PII and Health Insurance Portability and Accountability Act (HIPAA) surveys and server registrations.
The PII survey is part of an HRS §487N-7 requirement where UH must annually prepare a report describing the information systems that contain personal information. ITS is responsible for submitting this report and maintains a secure online system for units to report such systems. Chancellors and Vice Presidents are responsible to ensure that units under their purview report systems containing Protected Data and update the information at least annually. "

References

��Ӱҵ Policies Related to Information Security: /infosec/policies/

EP 2.210:

EP 2.214:

EP 2.215:

Virtual Server Ownership Costs

The Virtual Server intake form will give standard configuration options in line with industry standard options, as described below.

Option	CPU	RAM	Disk	Cost
A	1	4 GB	100 GB	$300.00
B	2	8 GB	100 GB	$514.00
C	4	16 GB	100 GB	$898.00
D	8	32 GB	100 GB	$1,498.00

To purchase a virtual server, select one of the baseline configurations in the intake form. Determine if any of the optional cost items are to be included.

Baseline Configurations	Cost	Notes
High Performance virtual server base cost	$300.00	Select an option based on your server needs.
Optional Cost Items	Annual Cost	Notes
Off-site Backup, per GB	$0.30	The quantity is calculated once annually based on the size of the server. Backup retention is 7 days.
Additional High Performance Storage per GB (min. 25GB increments)	$0.80	SAS HPE Hybrid Flash Array

Additional Costs May Apply

Additional costs such as CALs (Client Access Licenses) for Microsoft products may also apply. See the Microsoft software price list from ITS Site License for more information on purchasing CALs.

Subject to Availability of Resources

ITS strives to ensure that we maintain ample infrastructure capacity for all requests. If we are unable to fulfill your request due to a lack of infrastructure capacity, we will work with you to accommodate your request as soon as possible. Such options would include partial fulfillment until more resources become available, or directing to utilize the UH-managed AWS or Azure cloud options.

Costs Subject to Change

These costs are subject to periodic reevaluation and changes.

Deliverable Configurations

RHEL (all versions)	/boot - 1GB / (root) - 100GB	Placing the OS on /boot allows for storage expansion without the need to performing partitioning or rebooting the OS. Swap space is 4GB, which leaves 96GB of remaining storage. This partition includes the OS.
Windows (all versions)	C: - 100GB	Place the OS on C: allowing for storage expansion of the system disk without affecting the data Place data on next available drive (E:) for separation from system disk.

Availability & Response Times

Virtual Server Requests

Requests are usually processed during normal business hours.
Most new virtual server requests should receive a reply within 2 business days.
Most support requests should receive a reply within 1 business day.

Storage Requests

RHEL
- By default all storage is allocated to "/".
- By default, additional storage purchased will be allocated as the next available drive, unless requested to extend to "/".
Windows
- By default, the system disk is allocated to "C:".
- By default, additional storage purchased will be allocated as the next available drive, unless requested to extend the C: drive.
Storage can be removed only if the entire disk is deleted. Decreasing disk allocation is not supported, e.g., decrease 100GB to 75GB.

Firewall Requests

Firewall requests are subject to review and approval by the ITS Security Team.

Requests are usually processed during normal business hours.
Most firewall configuration requests should receive a reply within 2 business days.
By default all incoming traffic to a virtual server is blocked (except for SSH and RDP traffic to specified VPN accounts).
By default, outgoing traffic to a virtual server is allowed.

Since the default firewall configuration is restrictive, it may take some troubleshooting with our team to get the access rules allowed, especially for complex and/or uncommon applications.

Backup/Restores

Backups are at the virtual machine level, though file-level restores are also possible (see for more information). It is not possible to include or exclude certain directories to be backed up as the entire virtual machine will be backed up.

Backups are provided at an additional cost.
Retention policy: 7 calendar days
Restores are available upon request, provided the backup is still available within the retention period.

Service Owner

Information Technology Services (ITS)

Service Representative

ITS System Services Infrastructure - Managed Services

General contact information: itscs@hawaii.edu
Billing: itsdc@hawaii.edu

Service Criticality

Business Critical

Disclaimer

ITS reserves the right to modify or revoke this service at any time, in response to and not limited to the following:

Changes in infrastructure applications and operating system licensing and/or resources and allocation.
Response to security breaches, in which a hosted server may be potentially shut down to avoid a breach.

Change Log:

2026-04-30: SLA revamped and formatted to better display on Data Center Service website. Pricing table added and links updated to new knowledge base. Terminology updated to reflect modern technology terms.
2025-12-09: Added link to "Azure Arc" blurb.
2025-11-12: Added text to "ITS Responsibilities" to include scheduling automated OS updates.
2025-11-10: Modified text pertaining to changes in backup service and availability.
2025-03-01: Modified Service Offerings to be in line with the new standard configurations, removed SATA disk option. Added SSL certificate information.
2024-02-01: Removed RHEL 7, added RHEL 8 & 9 and Windows Server 2022. Changed "server registration database" to "device registration program".
2023-01-09: Formatting and backup terminology updated; replaced "Bacula" with "backup service/client". Pricing list updated. Disclaimer clause added.
2023-02-14: Corrected pricing list for storage.
2023-09-19: Added clause under "Proactively upgrade your Operating System before it is End of Service Life (EOSL)."

����Ӱҵ