Central Web Hosting Policy

Background

Central Web Hosting Services are set up to provide a consolidated, fully monitored and managed environment for hosting departmental or project websites. As highly reliable and secure central servers will be used to host these services, web site owners can focus on the development of their websites without worrying about the server management or operational support of the servers. It also relieves these owners from the burden of keeping the servers secure and the effort to manage them.

It is hoped that this centralized support arrangement can eradicate the levels of risk of having many web servers distributed around the campus with different security protections. The consolidated infrastructure to host these websites also leverages economies of scale, thereby creating significant cost savings.

In order to guarantee the stability of the servers and to protect the websites resided in the servers, the Web Hosting Policy has to be established.

The Central Web Hosting Policy

1. The Central Web Hosting service is a tightly integrated service environment with carefully selected hardware and software being standardized to maintain consistency. Websites which conform to this environment can migrate from any self maintained servers to this centrally managed and maintained environment. The original server hardware can be kept back for development purpose.
2. Website to be developed should make prior arrangement with the ESU to get more information about the web hosting environment and to ensure conformance to the environment of the central web service. The central support and the website owner concerned will then mutually agree on the standard tools to be used for developing the Web services. Otherwise, there will be no guarantee on the compatibility of tools and the proper delivery of Web service.
3. Compatibility advices will be provided to assist migration of existing web sites. In order to provide a stable environment for the Web services already hosted, no development activities will be allowed in these Web servers. Users are expected to do all developments and testing on their own machines before uploading to the central Web hosting servers.
4. To achieve the best security protection, the server will timely apply security patches issued by the vendors of software. Although the patches normally will not affect the user's web applications hosted in the server, however, should this occur, it will be the responsibilities of the user to ask the developer to resolve the problem. To protect the server and the other web applications hosted, security patches applied will normally not be removed even though they cause problem with some web applications.
5. Web account owners will be allocated a default directory to hold their contents. Accounts will be given out for Web content owners for maintenance purpose. It is the sole responsibility of the account owners to protect the account information including the use of proper password and regular password change. It is not recommended for web site owners to pass the account information to external developers. However, if it is unavoidable, web site owners are reminded to change their account passwords once the developers have finished their work.
6. If the Web service developed is expected to generate heavy loading on bandwidth such as video/audio streaming or serve a large number of concurrent access, full details on the service must be provided and prior arrangement must be made.
7. Website account owners are solely responsible for the accuracy and the propriety of their Web contents. They should also conform to the University Web guidelines and the related University policies.
8. Daily and Weekly system backup of central Web hosting servers will be performed for disaster recovery and individual Web service recovery purposes. However, web site owner are advised to maintain a copy of their own (both program and data).

Service Rights and Termination

1. With proper justification, the central support staff may examine system accounting logs and/or access any account's directories to investigate and/or resolve system problems.
2. Should the websites hosted become the target of a network attack or a target of the investigation arisen from a security incident, the central support reserves the right to take any necessary actions (including, but not limited to, temporary suspension of the account holder's account) in order to restore normal server or network operation.
3. The central support may, without prior notice, terminate a centrally hosted Web service, if such service violates of the University policies. The central support will not be liable for any damages or loss resulted from such termination.