Instacloud is a service to provision technology resources in the public cloud. It’s uniquely different from other UIT services; some of those differences might mean Instacloud is not compatible with all users’ goals, circumstances or deployment scenarios. To best ensure success, please read this entire document to ensure you understand how this service works and determine whether it’s right for you.
While University IT uses automation to help manage and secure the server, the primary responsibilities of administration lies with the user.
If these conditions do not align with your needs or capabilities, there are alternatives to Instacloud-provisioned technologies. A free UIT consultation can help you decide the best approach and find suitable alternatives.
Instacloud virtual machines are self-patching using built-in software that’s centrally-managed by University IT. This means that updates to the operating system and some third-party software will be downloaded and installed onto the server periodically.
Oftentimes, the virtual machine will be automatically rebooted. UIT aims to schedule these automated events to occur late at night or early morning, typically on the weekends, but users do not have control over the timing of these actions, nor can they postpone them. There might be rare circumstances that require UIT administrators to respond to an emerging security concern, too.
Full-Tunnel Stanford VPN for SSH and RDP
Cloud security groups and network firewalls are configured to permit access to the resources but have some limitations. For example, using ssh or RDP to connect to a server requires using Stanford VPN with Full Tunnel profile. The default split-tunnel VPN configuration will not work. These cloud security groups cannot be modified by users.
Snapshots & Backups
Virtual machines do not include data backup services; users are responsible for backing up their own data. Included with the Instacloud service, however, are nightly snapshots of virtual disks, which allow for a roll-back in case of catastrophic error. For a free consultation on backup solutions or to request a roll-back to a previous snapshot, please submit a Help request.
We have enabled enhanced logging at multiple levels. Common operating system logs from within virtual machines are gathered, delivered and retained to a separate security-related account. Actions performed by the cloud account managers are also logged and retained. Finally, network metadata (virtual private cloud networking flow logs) are captured and retained.
Qualys Cloud Agent
This software evaluates the system for vulnerabilities using Stanford’s Qualys vulnerability management service. The Agent is configured to use minimal resources.
CrowdStrike Falcon Insight
This application provides enhanced enterprise security functionality, including endpoint detection and response service and antimalware protection.
Limitations & Benefits
Cloud Account Web Console Access
Instacloud users do not need to manage their own cloud account from Amazon Web Services, Azure or Google Cloud Platform. Provisioned systems are in a professionally-managed central account. Users have no access to the cloud account web console.
Resizing & Migration
Once deployed, Instacloud virtual machines cannot be resized or migrated to another account, zone or region. Non-Instacloud technologies cannot be provisioned in the same account, either. External resources, like relational databases or object storage buckets, deployed in another cloud account are acceptable alternatives.
Data & Server Risk Classification
This service is approved for low and moderate risk classification. If circumstances change, please submit a Help request to work with the Instacloud administrators to find an acceptable solution.
Troubleshooting & Software Installation
Users are expected to have enough technical knowledge to support their own machines, help keep them secure and remain compliant with Stanford’s Minimum Security Standards. Users should be able to install their own software and troubleshoot issues that arise in the operation of the machine. Depending on availability, some support may be available on a fee-for-service basis; submit a Help request for more information.
Stopping & Restarting
If you shut down (halt) your server, you will not be able to restart it on your own. Please submit a Help request to have an Instacloud administrator start the machine from the web admin console. You should have no issues issuing a restart command, however. There is no charge for this request.
Disabling or Tampering with Management Controls
Using an Instacloud-provisioned resource means you agree not to disable or tamper with the software, configurations or policies that are installed by University IT and are used to remotely manage the server, keep it secure and aid in provisioning and billing.
Admin & Security Access
Unless there’s an urgent security, privacy or legal reason, University IT will not attempt to access your virtual machine. Please consult the University Administration Guide for expectations of privacy and security.
Subscription & Billing
Your organization will be responsible for the monthly cost of the virtual machine, which is a flat monthly recurring charge, with the amount depending on the size and configuration. Users benefit from the discounts and savings strategies that University IT pursues; the amount will not fluctuate based on network usage, processing or operational hours.
Disuse or stopping (halting) the machine will not cancel the monthly recurring charge. Users are responsible for submitting a Help request to stop the Instacloud service.
When your Instacloud subscription is cancelled, the virtual machine will be terminated and all data will be deleted. Please save your data and confirm its integrity ahead of requesting a cancellation of service.