Cloud Hosting SLA
General Overview
This is a Service Level Agreement (SLA) between the UCLA campus community (Clients) and Humanities Technology (HumTech), documenting the cloud hosting services HumTech provides. It outlines the service one can expect from HumTech (response times, availability, etc.) as well as the responsibility of those utilizing the service.
This agreement is reviewed January of every year, though changes may occur more frequently.
Service Description
HumTech offers cloud hosting services that allow faculty, staff, and graduate students (clients) within the Humanities Division to host their university related projects. Cloud hosting services include Windows and Linux server operating systems (OS’s); MySQL, PostgreSQL, and Microsoft SQL databases; and object and file storage. Clients are provided with direct access to the server, database, and/or storage solution being used.
Depending on need, the cloud hosting services can have the following functionality:
- Access to the entire OS, database, or storage solution
- 1 static IP address accessible from the internet
- SSH, HTTP, HTTPS protocols accessible from the internet (other internet protocols can be considered upon request)
- LAMP stack (Linux, Apache, MySQL Database, PHP) available upon request
- SSH Access limited to UCLA IP or through UCLA VPN
Responsibilities
HumTech
- HumTech will provide initial setup (including installation of WordPress upon request).
- HumTech will regularly perform maintenance updates to Linux, Apache, MySQL, and PHP, and follow other best practices to maintain the security of website servers (required by UCLA IT Security).
- HumTech will regularly monitor the performance and security of the products and services they provide. This includes, but isn’t limited to, Linux and Windows operating systems, Apache, MySQL, and PHP. The monitoring is non-intrusive.
- HumTech will provide clients with updates as needed regarding the operational stability of the service and report concerns or suggestions for enhanced performance.
- HumTech will respond to work requests in a timely manner.
- HumTech will check in annually with clients to ensure cloud accounts is still needed. Principle Investigators, who cannot annually confirm continued use of provided cloud services, will have their services disabled/stopped/removed and its content temporarily archived before permanent deletion.
- HumTech will immediately take services offline that pose major security risks or show signs of abuse (hacking, network penetration testing, network scanning, etc.) until the client is able to resolve the issue. For non-major security risks, HumTech will send clients three requests to the client to resolve the issue over the course of 3 weeks before taking the service offline.
Client
- Clients are responsible for managing and maintaining all content. “Content” includes, but isn’t limited to, text, images, PDF’s, coding files, databases, applications such as WordPress, and any plugins associated with the application.
- Clients must abide by all policies related to their content, including copyright, FERPA, DMCA governance policies, all applicable local, state, and federal policies, and all applicable policies in foreign states and countries in which they have internet presence. UCLA will not be responsible for your actions or actions you take with UCLA resources.
- Clients must ensure compliance with all applicable University policies and guidelines (see UCLA IT Services website for a listing of applicable IT policies and guidelines).
- Clients are responsible for any issues that may result from a security update. Coding and programming support will not be provided unless previously agreed to.
- Clients must ensure HumTech has access to cloud hosted services at all times.
- Clients must respond to HumTech’s annual check-in to confirm continued use of cloud hosting services. If no response is provided within 30 days, services will be removed and archived.
- Clients are responsible for resolving major security issues to bring their affected service online. For non-major security issues, clients have three weeks to respond to reported security issues to prevent their services from being taken offline.
- Clients are responsible for maintaining reasonable security measures at all times. This includes, but isn’t limited to, using firewalls to block access where necessary, keeping software up to date, and using proper password management. More details can be found under “Security” below.
Service Commitment
Service Availability
Cloud hosting services are available 24 hours a day, 365 days a year, with a target up time of 99%. Regularly scheduled maintenance can occur Tuesdays and Thursday nights between 9pm to 11pm Pacific time. In the event of an emergency, HumTech reserves the right to perform urgent maintenance at any time which may temporarily impact your service.
Service Request
For support, email support@humnet.ucla.edu. Standard business hours for service requests are between 8am – 5pm, Monday through Friday, excluding university holidays.
Upon receiving a service request, we target the following levels of service on a first-come, first served basis:
- Target response time – within 2 days (14 hours)
- Target resolution time – within 5 days (40 hours)
Initial setup for cloud hosting services may take 2 weeks or longer depending on requirements.
Incidents
In the event of an incident that stops cloud hosting services from functioning, HumTech will work immediately to resolve the issue. If a clients individual application stops working, it is the responsibility of the client to manage the resolution of the issue. Clients can send a service request to HumTech who can help on a best effort basis.
Security
Vulnerability Scans
Scans for potential vulnerabilities on Humanities websites and servers are regularly conducted by UCLA IT Security. HumTech will reach out immediately in the event that a vulnerability is discovered that requires action from a client.
Per mandate by the Cyber Responsible Executive/Dean of Humanities, if security vulnerabilities are not resolved within 30 calendar days, HumTech will block public access to the website/server. The timing of this block may be increased or decreased depending on the severity of the vulnerability.
Server Security Measures
The following are the minimal security measures that should be implemented and maintained at all times:
- Firewalls must remain up/active and provide reasonable protections. For example, block access to port 22 (SSH) on your server from the entire internet and only allow UCLA networks. Any services outside port 22 (SSH), 80 (HTTP), and 443 (HTTPS) are not supported. All other ports must remain closed/firewalled.
- Ensure all software/apps are regularly updated and on the latest secure version. This includes PHP, custom databases, WordPress, Drupal, and any plugins and/or modules.
- Maintain best practices for creating and storing credentials (username/passwords and SSH keys).
- Never share credentials.
- Protect credentials in a password manager such as Lastpass or any other solution that will encrypt the password. Do not keep your credentials in a clear text file.
- If you lose your phone, laptop, desktop, and/or computing device, change your credentials as soon as possible.
- Use good passwords with more than 18 characters using lower, upper, numbers, and special characters. Do not use dictionary words.
- Passwords and SSH Keys should be changed and updated every 90 days at a minimum.
- Do not use credentials over un-encrypted protocols such as telnet, HTTP, FTP, etc. Use encrypted protocols SSH, HTTPS, or FTPS. If you accidentally type your credentials “in the clear”, please change your credentials immediately.