Elisha,

Thanks for taking the time to comment.  

Q: It might be a good idea to specify in the General Overview what kinds of machines may take advantage of this.

A: Section 2.1 bullet 2 specifies Windows, Unix and Linux operating systems are supported.

Q: It says in 2.1 that it is “Available for data stored on servers connected on the campus network;” Does that mean any fixed computer in any location on the campus network, or do the servers have to live in the data center?

A: The backup client will work for any system connected to a wired port on the campus network.  The system does not need to be in the datacenter.  Performance will vary based on available bandwidth. 

Q: Can the number of backups/duration of retention be extended?

A: It can but only but only by exception and only in extraordinary circumstances.  Our current backup system is limited in its capabilities.  We have purchased a new backup system and we are in the processes of implementing it.  The new system is far more flexible.  Look for enhancements in the near future.   

Q: How far away from the data center is the offsite backup? Is it far enough away to safely assume data continuity in the face of a major regional disaster?

A: The offsite backups are currently stored at the Pit.  We are in the process of conducting a business impact analysis (BIA).  One of the outcomes of the BIA is to drive requirements for a new disaster recovery plan.  I suspect that DR will eventually (within the next year or so) be done in the cloud.

Q: How is the integrity of backups monitored/measured? Is that a UNM IT function or an End User one?

A: Integrity checking of backups is done by reviewing the client’s backup logs on the server being backed up.  This is the customer’s responsibility.  Additional monitoring options will be available in the future. 

Q: Are on-demand snapshots possible?

A: Yes but not with the backup service.  On-demand snapshots are available to customers with systems hosted on our storage.  There are caveats and in some cases additional fee apply.

Q: 2.1.1 – “Maintain and ensure devices have up-to-date virus/malware and protection and operating system
(critical) updates installed within one week of vendor distribution;” This is not always possible for major systems.

A: Exceptions can be made in extraordinary circumstances with reasonable justification.  

Q: 2.1.2 – “Customers must purchase additional storage prior to exceeding capacity;” is there monitoring that notifies end users when limits are being approached?

A: Reports are available but the customer must check the reports.  Look for improvements on this in the future. 

Q: 2.2.2 – same question as I have on other SLAs regarding selection of 99.9% uptime for this service, how it is measured, etc. Are new backups triggered automatically when they fail due to backup service downtime?

A: Uptime is measured by our monitoring system.  Backups occur nightly.  In the event of an outage during the backup windows, backups will restart where they left off the night before.

Regards,

Brian 

Eugene,

Thanks for taking the time to comment:

– The IT data center is tier 4 including co-lo
2.1.1
– I will post the Co-location Facility Access Agreement this week.  Today if possible.
– The second bullet on 2.1.1 should say Request escorted access.  I will update the SLA.
– Yes unescorted access is available 24/7.  I will update the SLA. 
–  I will ask our agreements committee about must vs shall language.
2.2.2
– Co-location racks are visually inspected.  If there are warning lights/indicators or unusual sounds the technical contact will be notified.   Facilities equipment is visually inspected for leaks, unusual noises or warning lights.  Issues are addressed immediately using the appropriate request/incident methodology.   There is no separate report for the walk through.         
3.2
– When a request comes in to store sensitive data hosted via colo, the request is forwarded security.  Security refers the customer to the data steward for approval.  Once approved security validates the technical controls.
– Different customers can be collocated in the same racks.  The rack doors are not locked so yes collocation customers do have physical access to other colo customer equipment.  Equipment is not racked based on data type.
– Unescorted access is 24/7.  This will be updated in the SLA.  Escorted access is during business hours. Escorted access can be escalated in the event of an emergency.  Escalation is done by placing a call to the IT service desk. 
– 3.2 is referring to enhancing or adding features to the service.  4.3 is the process for requesting exceptions to the SLA.
– No, the special data types are not listed in the Data Classification Standard, they have been classified by the appropriate UNM Data Owners/ Stewards, as identified in UNM Policy 2580, and as denoted on the Data Governance web site at: http://data.unm.edu/data-classification.html
If IT receives a request for a Colocation service that involves a new data element not on the list, it will be forwarded to the Data Owners, who will classify that data element.
Regards,
Brian

• This reply was modified 8 years, 8 months ago by tbui.

Elisha,

Thanks for taking the time to comment.
<p style=”background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;”><span style=”font-family: ‘Calibri’,sans-serif; color: black;”>Internal Audit will use the DC Standards to conduct their review of data centers (as with UNM IT DCs).  In addition, we would expect management of the distributed IT organizations to manage to the standards (as minimums).  Finally, if requested by the administration, UNM IT would check for compliance and inform management.</span></p>
<p style=”background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;”>Regards,</p>
<p style=”background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;”>Brian Pietrewicz</p>