Skip to content Skip to site navigation

Instacloud Service Details

Introduction

Instacloud is a service to provision technology resources in the public cloud. It’s uniquely different from other UIT services; some of those differences might mean Instacloud is not compatible with all users’ goals, circumstances or deployment scenarios. To best ensure success, please read this entire document to ensure you understand how this service works and determine whether it’s right for you.

While University IT uses automation to help manage and secure the server, the primary responsibilities of administration lies with the user.

If these conditions do not align with your needs or capabilities, there are alternatives to Instacloud-provisioned technologies. A free UIT consultation can help you decide the best approach and find suitable alternatives.

Security

Self-Patching

Instacloud virtual machines are self-patching using built-in software that’s centrally-managed by University IT. This means that updates to the operating system and some third-party software will be downloaded and installed onto the server periodically.

Automatic Reboots

Oftentimes, the virtual machine will be automatically rebooted. UIT aims to schedule these automated events to occur late at night or early morning, typically on the weekends, but users do not have control over the timing of these actions, nor can they postpone them. There might be rare circumstances that require UIT administrators to respond to an emerging security concern, too.

Full-Tunnel Stanford VPN for SSH and RDP

Cloud security groups and network firewalls are configured to permit access to the resources but have some limitations. For example, using ssh or RDP to connect to a server requires using Stanford VPN with Full Tunnel profile. The default split-tunnel VPN configuration will not work. These cloud security groups cannot be modified by users.

Snapshots & Backups

Virtual machines do not include data backup services; users are responsible for backing up their own data. Included with the Instacloud service, however, are nightly snapshots of virtual disks, which allow for a roll-back in case of catastrophic error. For a free consultation on backup solutions or to request a roll-back to a previous snapshot, please submit a Help request.

Centralized Logging

We have enabled enhanced logging at multiple levels. Common operating system logs from within virtual machines are gathered, delivered and retained to a separate security-related account. Actions performed by the cloud account managers are also logged and retained. Finally, network metadata (virtual private cloud networking flow logs) are captured and retained.

Qualys Cloud Agent

This software evaluates the system for vulnerabilities using Stanford’s Qualys vulnerability management service. The Agent is configured to use minimal resources.

CrowdStrike Falcon Insight

This application provides enhanced enterprise security functionality, including endpoint detection and response service and antimalware protection.

Limitations & Benefits

Cloud Account Web Console Access

Instacloud users do not need to manage their own cloud account from Amazon Web Services, Azure or Google Cloud Platform. Provisioned systems are in a professionally-managed central account. Users have no access to the cloud account web console.

Resizing & Migration

Once deployed, Instacloud virtual machines cannot be resized or migrated to another account, zone or region. Non-Instacloud technologies cannot be provisioned in the same account, either. External resources, like relational databases or object storage buckets, deployed in another cloud account are acceptable alternatives.

Data & Server Risk Classification

This service is approved for low and moderate risk classification. If circumstances change, please submit a Help request to work with the Instacloud administrators to find an acceptable solution.

Support

Troubleshooting & Software Installation

Users are expected to have enough technical knowledge to support their own machines, help keep them secure and remain compliant with Stanford’s Minimum Security Standards. Users should be able to install their own software and troubleshoot issues that arise in the operation of the machine. Depending on availability, some support may be available on a fee-for-service basis; submit a Help request for more information.

Stopping & Restarting

If you shut down (halt) your server, you will not be able to restart it on your own. Please submit a Help request to have an Instacloud administrator start the machine from the web admin console. You should have no issues issuing a restart command, however. There is no charge for this request.

Disabling or Tampering with Management Controls

Using an Instacloud-provisioned resource means you agree not to disable or tamper with the software, configurations or policies that are installed by University IT and are used to remotely manage the server, keep it secure and aid in provisioning and billing.

Admin & Security Access

Unless there’s an urgent security, privacy or legal reason, University IT will not attempt to access your virtual machine. Please consult the University Administration Guide for expectations of privacy and security.

Subscription & Billing

Monthly Charges

Your organization will be responsible for the monthly cost of the virtual machine, which is a flat monthly recurring charge, with the amount depending on the size and configuration. Users benefit from the discounts and savings strategies that University IT pursues; the amount will not fluctuate based on network usage, processing or operational hours.

Cancelling Service

Disuse or stopping (halting) the machine will not cancel the monthly recurring charge. Users are responsible for submitting a Help request to stop the Instacloud service.

Deleting Data

When your Instacloud subscription is cancelled, the virtual machine will be terminated and all data will be deleted. Please save your data and confirm its integrity ahead of requesting a cancellation of service.

Last modified January 27, 2022