Server and Application ManagementTechnology Services
Purpose
This Server and Application Management Policy is established to ensure the security, reliability, and optimal performance of the servers and systems managed by Gustavus Adolphus College. Proper server, application, and patch management are critical components of maintaining a secure and efficient computing environment.
Scope
This policy applies to all members of Technology Services who are authorized to perform work related to server and application management, which covers all servers and applications under the purview of Technology Services, including those hosted off campus (remote, cloud-based, off-premise, co-located, etc.).
Server Deployment and Management
Server Procurement
Technology Services will follow an approved and consistent procurement process to acquire servers and related hardware. Servers must meet minimum hardware and compatibility requirements as determined by authorized personnel.
Server Installation
All servers will be installed, configured, and maintained by qualified and authorized personnel to ensure consistency, security, and reliability.
Server Documentation
Comprehensive documentation, including hardware and software configurations, will be maintained by Technology Services for all servers and related infrastructure. This documentation will be accessible to authorized personnel.
Access Control
Access to servers will be strictly controlled through approved role-based access control mechanisms. Only authorized individuals will have access to server consoles and configuration settings.
Monitoring and Logging
Servers will be monitored routinely to identify and address performance issues and security threats. Logs will be maintained and reviewed regularly on a schedule that conforms with staff availability. At a minimum, a weekly review will be conducted.
Patch Management
Patch Identification
Technology Services will actively monitor for software and firmware updates, patches, and security updates applicable to server operating systems and related software.
Patch Testing
Before deployment, patches will be confirmed, and when possible, tested to ensure compatibility and stability. Critical security patches may be expedited at the discretion of authorized personnel.
Patch Deployment
Regular patch deployment schedules will be established and followed. Non-disruptive patches will be deployed during regular maintenance windows.
Emergency Patching
Critical security vulnerabilities may necessitate immediate patch deployment. In such cases, authorized Technology Services personnel may follow an expedited patching procedure that is commensurate with the perceived urgency.
Application Management
Application Procurement
All applications and software used by the College will be obtained through official procurement processes managed by Technology Services. Licensing compliance will be maintained by authorized personnel.
Application Deployment
Applications will be deployed and configured by qualified and authorized personnel to ensure stability, compatibility, and security.
Application Documentation
Technology Services will maintain comprehensive documentation, including installation procedures, configuration details, and licensing information for all applications deemed critical for business continuity.
Application Updates
All applications will be kept up to date with the latest patches and updates to address security vulnerabilities and improve functionality.
Backup and Recovery
Server Backups
Regular backups of server data and configurations will be performed to ensure data integrity and facilitate disaster recovery. More information can be found in the Data Management Policy.
Recovery Testing
Periodic recovery testing will be conducted to verify the effectiveness of backup and restoration processes.
Security and Compliance
Security Measures
Servers will be configured and maintained with robust security measures, including the appropriate firewalls, intrusion detection systems, and access controls deemed necessary by authorized personnel.
Compliance
Technology Services will adhere to relevant laws, regulations, and industry standards related to server management and patching, including data protection and privacy laws. More information can be found in the Information Security Program.
Server Decommissioning
End-of-Life Servers
Servers reaching end-of-life or end-of-support will be retired, and all data will be securely removed or migrated to newer hardware.
Policy Implementation Assistance
Contact the Chief Technology Officer with questions or comments related to this policy.
Policy Authority
The XLT has responsibility for this policy and will obtain necessary approvals for changes.