Research Virtual Machine Service

Operating Model

Further information is contained within the Technical FAQ. If you have a question which is not answered by the service description, below, please check there.

Responsibilities of The Academic/Researchers Owning and Administering a VM — Summary

The academics and researchers using a VM provided by this service are responsible for maintaining its security, at a minimum ensuring all security-related patches are applied quickly and and appropriate firewall is in place. This and other responsibilities are detailed in the section Responsibilities of the VM Owner and VM Administrator, below. If these responsibilities are not met, in particular if a VM is found to be vulnerable, we reserve the right to disconnect the VM from the network without notice. This is in accord with University policy.

Funding Model, Cost and Entitlement to VMs

Funding Model

The service runs on a financial model whereby the University funds a basic level of capability that is available to all researchers, with substantial contributions funded by research groups to meet their own requirements. Groups then receive VM resources equivalent to their financial contribution. Therefore there is some free-at-the-point-of-use resource available to groups that have not directly financially contributed. However, VMs available through this free at point of use resource are of a limited specification and may not be suitable for all use cases (further details below)

Who is entitled to a VM?

All University research groups are entitled to a VM.

What if I don’t have any funds available?

There are limited resources available for research groups to obtain VMs free-at-the-point-of-use. However, the VMs available will be of a lower specification than those offered to contributing groups.

Typical “free” VMs will have a low specification:

  • One virtual CPU core.
  • A maximum of 4 GB RAM.
  • 10 to 24 GB disk space — though more storage can be added by mounting RDS shares.

If you are considering contributing to the service we would be happy to discuss your requirements and may be able to provide evaluation access.

How much does a VM cost? (Virtual hardware and VMware licences.)

The cost of a VM reflects the cost of the underlying hardware and also the cost of the VMware licences. (Sysadmin support and hosting costs are free-at-the-point-of-use.)

Typically, a VM will not be cheaper than a similarly-specified standalone, physical machine. However, there are many benefits of using one of these VMs over such a physical machine — see below.

For an estimate, please contact the Research Infrastructure team.

How much does a VM cost? (Operating system licences, e.g., MS Windows)

Any licences required for your chosen operating system and applications must also be paid for. In particular, VMs running MS Windows will require a licence to be purchased. VMs running Ubuntu do not require the purchase of a licence.

About the Platform

Supported Operating Systems

VMs are available with either Linux or MS Windows installed. OS-X is not supported because of Apple’s licensing restrictions.

Available Operating System Images

The following images are available. They have the recommended security configuration in place, including measures to prevent brute-forcing of passwords; a minimal installation of applications; and authenticates using central University credentials.

  • Ubuntu LTS — we no longer support Scientific Linux.
  • Please contact us for the versions available – we update the default version of our images

Researchers who wish to install their own operating system from scratch will need the help of a member of IT staff as VMware console access will be required.

Backups and Service Resilience

Should the physical server on which a VM is hosted fail, the VM can be migrated to another physical server in the VMware cluster.

All VMs are backed up nightly (at the block level). Should a catastrophic failure of the infrastructure occur, VMs can be restored from backup.

Data located on a VM-mounted CIFS RDS/Isilon share can be considered safe, assuming the share is replicated and snapped.

Benefits of these VMs over a standalone, physical machine

These VMs are located on a platform with hardware redundancy and failover, nightly backups, and are located in an IT Services data-centre in which hardware and power supply is monitored. i.e., the service is resilient.

Furthermore, VM snapshots can be taken and stored, so that: VMs can shutdown and spun up again at a later date easily; VMs can easily be cloned; a VM can be returned to a known, earlier state.

Use Cases

What are these VMs suitable for?

Typical uses include:

  • Web servers with a SQL database backend.
  • Download sites for publicly-accessible data (e.g., mounted from the RDS).
  • Hosts which require fast, secure access to RDS.

What are these VMs not suitable for?

These VMs are not suitable for:

  • CPU-intensive work.
  • Any service requiring high bandwidth IO.
  • Large amounts of RAM.
  • Hosts which are required to be particularly secure, e.g., those holding sensitive data.

Root/Administrator Privilege and Available Support from IT Services

Can I get root/administrator access?

Yes. This is the default. N.B. With root/administrator access you will have responsibilities to meet, as detailed in the section Responsibilities of the VM Owner and VM Administrator, below.

Can I get sysadmin support from IT Services?

In most cases the answer is no, the VM Owner and VM Administrator become responsible for the VM on handover. However, in some circumstances it may be possible to offer support, e.g., via the RIT Edge Compute service.

Service Availability and Support

  • Every effort will be make to ensure VM availability but service availability is not guaranteed.
  • There will be no support for the service outside of office hours; this includes weekends, bank holidays and times at which the University is closed (e.g., over the Christmas and New Year period).

Responsibilities of the VM Owner and VM Administrator

VM Owner The academic or postdoc business owner whose research is facilitated by, or made accessible from, the VM.
VM Administrator Either a member of IT services who administers the VM operating system (if available in your school or research group), or an academic or postdoc designated by the VM Owner to administer the VM’s operating system.

Owner, Administrator, Contact and Service Information

Each virtual machine will be associated with one or more VM Owners. It is the responsibility of the VM Owner(s) to ensure that each the following information is supplied to IT Services and that this information is kept up to date:

  • Contact details for VM Owner.
  • Brief details of the service(s) run on the VM, e.g., Webserver (HTTP and/or HTTPS), SSH, etc.
  • Name and contact details of VM Administrator.

Responsibilities of the VM Administrator

The VM Administrator will have full administrator/root access to the operating system. The VM Administrator is responsible for keeping VM secure — this must be considered an on-going process:

  • All security patches made available by the OS vendor must be applied in a timely manner. If necessary, the OS must be upgraded to a current version to ensure security patches are available.
  • An appropriate firewall must be active on the VM at all times.
  • User-access restrictions to the OS must be maintained (e.g., via appropriate SSH daemon configuration).
  • All VMs are initially setup so that Research IT have Root/Administrator access. This access must be maintained.
  • All VMs are initially setup with a Nessus/Tenable agent running which monitors for vulnerabilities.
    This agent must be maintained.

What happens if I do not keep my VM secure?

If a VM is found to be vulnerable we will contact you in order to plan remedial action, either by the VM Administrator, or if urgent, by ourselves. If remedial action is not taken, IT Services reserves the right to disconnect your VM from the network at short notice. This is in accord with University policy.

What happens if my VM is hacked?

IT Services reserves the right to disconnect your VM from the network without notice in the event of an apparent security-related issue.

VM Use and Data Storage

Use of the VM must comply with policies relating to University IT Facilities, in particular:

N.B. This service is NOT considered secure enough for sensitive and/or personal data. Any VM found to hold sensitive and/or personal data will be shutdown without notice.

Last modified on August 4, 2022 at 12:49 pm by Simon Hood