Old Server Policy
This policy has been superceeded by a newer
policy.
In order to provide reasonable security and server reliability and availability,
we recommend that:
- SLAC provides a well maintained central Web server for use by all groups
at SLAC. This should minimize the demand for multiple servers.
- Requirements for additional Web servers should be documented and brought
to the WWW-Tech for discussion and approval if appropriate. Guidelines for
appropriateness will need to be worked out based on experience.
- No new
Web servers should be set up at SLAC without review and approval
by the WWW-Tech
and/or some higher authority.
- Any SLAC authorized Web server will be dedicated to the Web server
task and maintained by staff who will:
- keep current with security patches, evaluate and expeditiously apply
as appropriate;
- keep the operating system at a level supported by the vendor;
- upgrade (server and application software and hardware) and provide
capacity planning;
- ensure the administrator of the server, or a designate, will be available
during working hours to resolve problems;
- keep and make available a current list of phone numbers where administrators
or designates may be reached in a critical situation outside normal hours;
- provide high availability;
- provide users with the ability to audit use via logs and monitor exceptions;
- provide backup of data
- provide backout procedures for installations of new software or configurations;
- properly restrict access to information;
- regularly attend the WWW-Tech meetings and provide updates on progress
and problems as well as new software functions available.
- As part of the management of the central server the the following will be provided:
- an automated indexing facility and user search tool for the SLAC Web
pages;
- a simple way for users to designate that Web pages are to be available
to only SLAC nodes;
- evaluation of new servers and functions (e.g. replication) and recommendations
for use as appropriate.