Managing your own server in the DCS

This is the “DIY Sysadmin” option where the owner of the server is the administrator and DCS Tech Support do nothing with it.

If you can afford to buy one, you can purchase your own actual metal-based server and put it in the DCS datacentre. This venture carries with it some significant responsibilities though, so check that we can't already offer you the service you want, with our existing infrastructure first. Or consider whether a virtual machine, available at ITS at no cost, would suit your needs.

Buying a server:
Any server to be hosted in the server room must be a rack-mountable chassis, not a workstation or desktop PC format. If in any doubt about what to purchase, contact COM Support and we will advise you. Don't be tempted to buy a workstation thinking you will host it under your desk, because these machines can be very noisy and hot, and it's generally not possible to retro-fit these machines with rackmount kits suitable for the server room.

If you wish to go ahead, here's what we provide you with:

• Rack space
• Power supply
• Network connection to DCS network.
• Supervised access to the server room within working hours and with sensible notice regarding our current workload.

For connection to the DCS network, here are our terms and conditions:
Please run a specifically server-oriented operating system. Most OSes have a stable server version with more robust security turned on by default and remote systems administration tools. When a machine is in the server room you won't have easy access to graphical console so a system designed with that in mind is a must. Similarly upgrades and patches are handled better remotely and the resulting reboots occur less frequently with a server OS.
We require you to turn on your machine's internal firewall. Additionally we suggest you open as few ports as possible to the outside world. All machines on campus are visible to each other, and with hundreds of technically astute students on campus who would love to demonstrate their hacking skills on your machine, it's wise to give them as little opportunity as possible. Please run a supported stable version of the OS and keep it patched. Turn on automatic patching and regularly check it's taking place. Keep the usernames and passwords on your server unique. In the event of a security breach, and in order to keep the risks of cross-contamination to a minimum, we ask that you create unique usernames, UIDs, group names and GIDs on your server. That ensures that if either the Department or your system are compromised, we can limit the damage to just those systems. Please also try to ensure your passwords are unique to each system, so if one password was broken it won't give access to any other system. If you use sudo for administrator privilege, be extremely cautious which users you give access to.
If you require your server to be visible from off campus, for example as a web server, you will need a firewall exemption from ITS. Request it from https://logcabin.shef.ac.uk/fireform. It normally takes no more than 24 hours to be granted an exemption. We require a designated contact person who is the systems administrator, who we can contact if there is a problem with the server, and who is responsible for its upkeep. If we do not have anyone to contact, we will shut the server down!