Service Description
ITS knows that groups across the university want to use the agility, scalability, and advanced technologies that cloud services provide. ITS is developing a framework around governance, security, networking, and brokerage for these services at UNC. The goal is to provide access to cloud computing services that include guardrails to comply with UNC information security policies.
The use of publicly available cloud providers such as AWS, Azure and GCP provides several benefits to UNC.
- Optimize your spending
- Get what you need fast
- Scale resources as needed
- Deliver resources not available on campus
- Use vendor provided database, application and security software to streamline solution delivery.
You can request the creation, modification, or deletion of an AWS, GCP or Azure cloud environment using the listed offerings.
Service Details
Available cloud providers
ITS currently offers brokerage services for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). The UNC brokered services are architected to support non-sensitive Tier 0 and 1 data environments. These cloud platforms can also be used to host sensitive data (Tiers 2 and 3), but additional Security oversight and a risk assessment are required for sensitive workloads. Please review the University’s Information Classification Standard for additional information regarding sensitive data tiers.
Guard Rails
Operating in the cloud presents new security and configuration challenges to the University. Working with the ITS-Security group, we have established a guiding set of Guardrails designed to prevent the most common configuration mistakes.
Service Provisioning
Before you request an AWS, Azure or GCP environment, there are several questions that you will need to be prepared to answer.
- Cloud Resource Roles: These roles identify the primary users that will configure and maintain the cloud environment. They include the following:
- Supported By: The individual who is the primary support contact for system administration and support.
- Assignment Group: The group in ServiceNow that provides system administration and on-call support.
- Assigned To: The person is the individual that is primarily responsible for the use of this environment. Can also be referred to as the owner or sponsor of the environment.
- Classification: Indicates the primary use of the cloud environment. Classifications can be mixed if needed, but this is not recommended. Options include the following:
- Production
- User Acceptance Testing (Test)
- Development
- Campus Connectivity: Whether the requested cloud environment will need network connectivity to the UNC campus -- including internally routable (RFC1918) UNC IP addresses.
- Desired Name: A suggested name for the cloud environment. This name should contain the projected use for the environment and its classifications for the production level, criticality and data sensitivity.
Audience
Employees
Expected Delivery
5 Business Days
Keywords
Google Cloud Compute, Amazon Web Services
Support
UNC Brokered Cloud Features
Cloud Environments brokered through UNC ITS will provide the following benefits.
- UNC Managed Identity Access
- Connectivity to the UNC Campus Network through a VPN connection (if needed).
- IP address/range management.
- ITS Security Oversight
- Centralized Logging
- Single Single on (MFA) integration
- Grouper Integration for group management
- Domain Name Service (DNS)
- Centralized Billing and Management
- Active Directory Integration
- Budget Alerts
Technical Support
For support on new or existing cloud environments, please use the listed offerings to open an service request with the UNC Cloud Team.
Service Availability
Cloud resource availability is based on design and deployment of the cloud resource. The UNC Cloud Team can advise on designing a cloud environment with the appropriate level of resiliency for the workload hosted.
Maintenance Schedule
The UNC Cloud Team will announce planned cloud maintenance windows as communicated from the respective cloud vendors.