University of Hamburg - to research, to teach, to educate and form, to homepage
RRZ
Regional Computing
Center (RRZ)

Photo: UHH, RRZ/MCC, Mentz

Terms of Use

As PDF Document (in German)

Terms of Use for Virtual Servers at the RRZ of the University of Hamburg

March 22, 2007

The RRZ of the University of Hamburg offers its users virtualized servers for their own IT services. For this purpose, virtualization software is used to operate several virtual server instances as “guest systems” on the “host system” of a physical machine. In addition to the general IT operating policies of the University of Hamburg, the following provisions apply to the operation of such a virtual server instance:

  1. A virtual server is set up upon request. The RRZ provides a corresponding form on its website for this purpose. All members of the University of Hamburg are eligible to apply.
  2. Whether a project is suitable for a virtual server must be discussed in advance with the Central Services group at the RRZ. Guest systems are particularly suitable for systems that require high availability without generating a consistently high CPU, network, or hard disk load; a guest system should not permanently use more than 25 percent of a CPU. Hardware-based copy and access protection, such as a dongle, cannot currently be supported.
  3. Upon request, the RRZ will install a current version of Open SuSELinux; other operating systems can be used, but must be procured and installed by the project itself. Upon handover, each project is responsible for its own guest system. This includes, in particular, full responsibility for security. This means that the operating systems must be kept up to date with the latest patches, as must proprietary or open source software products such as PHP or Perl scripts.
  4. The RRZ will not log on to the guest system at any time. The root/administrator password should be changed immediately after handover. Upon agreement, the RRZ can provide the project with access to the “root terminal” of the guest system. This is limited to exceptional situations where access to the guest system is not possible by other means.
  5. The RRZ operates the hard disk resources of all guest systems on a redundant disk system in order to prevent failures and data loss at the lowest level as far as possible. In addition, each project is responsible for backing up its own system. It is strongly recommended that regular backups of the system and data be performed. The RRZ's central backup and archive system is available for this purpose.
  6. The RRZ ensures the security of the host system. To this end, the necessary operating system updates or configuration adjustments are made. Maintenance work on the host system, for which the guest systems must be temporarily shut down, will be announced to the projects one week in advance at an agreed location. Only in the event of an acute threat to the entire system can advance notice or consultation be waived.
  7. Each project shall designate a technical contact person to the RRZ; this person shall be responsible for the ongoing support of the guest system and shall also be entered in the name server as the person responsible for the IP address of the guest system. The technical contact person for the project shall be responsible for the administrative tasks mentioned in point 3. The RRZ shall notify this person by email or telephone in the event of maintenance work, malfunctions, or misuse of the guest system. Any change or temporary replacement of the technical contact person (e.g., due to vacation) must be reported to the RRZ.
  8. If a guest system is not administered or is inadequately administered or misused, or if other guest systems are hindered in their operation due to excessive resource requirements, the guest system can be blocked automatically or manually. If a guest system has had to be blocked repeatedly or causes permanent overload, the RRZ may classify the project as unsuitable for the use of a virtual instance and block it permanently.

Subsequent conditions or clarification regarding the use of virtual servers at the RRZ as of July 1, 2016:

Effective immediately, the RRZ requires a “vS representative” for the operation of a virtual server. This person must be a permanent employee of the University of Hamburg (not a student). The personal user ID of the vS representative is permanently linked to the virtual server in the RRZ Service Portal.

The vS administrator

  • is responsible for the security of the virtual server and should monitor it continuously and close any security gaps that become known as quickly as possible (e.g., by regularly installing the patches provided by the manufacturer) or instruct the designated administrators to do so and monitor their performance appropriately.
  • can informally appoint a representative or add them independently in the RRZ Service Portal.
  • can informally appoint administrators to support them in the administration and necessary maintenance of the virtual server. The full name and user ID are required for this. If support is provided by a third party outside UHH (e.g., a company), the full contact details (name, address, telephone, email) are required.
  • Together with the designated representative, is the only person authorized to renew/confirm the use of the virtual server in the RRZ Service Portal on an annual basis.
  • will regularly check emails regarding the virtual server sent to the specified user ID.