Because many factors come into play, only your department can decide if it is right for you to run your own server. Be realistic about the personnel resources and costs involved in running your own server safely and securely. One of the most important and most costly components of successfully running a server is the hiring of properly trained personnel. This requirement is one that tends to get overlooked or grossly underestimated in terms of time and costs involved. Many times the responsibility is placed on a graduate student who may be gone in a year or added as a side task to the workload of a current employee with no server experience, with the assumption that once the server is setup it will run reliably forever. The reality is that a server requires constant attention throughout its lifecycle in order to keep it functional, secure and running with minimum downtime. A compromised server could have negative consequences for users across campus as well as for the reputation of the University of Wyoming.

The following is a brief overview of issues that should be considered when deciding whether to run your own server:

• Hiring personnel that are trained in all aspects of server management and security to ensure that data is not compromised and that the University of Wyoming network and reputation are not compromised.
• Installing the operating system safely and properly - some viruses can infect a vulnerable (un-patched) computer in as little as 10 seconds after being connected to the network.
• Safely and properly installing and configuring any services the system may need.
• Configuring the security on the system properly, including file-level access, account management, and service lockdown.
• Evaluating and managing additional security concerns, including network protocol security and firewall configuration.
• Installing upgrades, including motherboard BIOS, peripheral BIOS, hardware, software, operating system, etc.
• Creating a backup system, including purchasing the backup hardware, planning a comprehensive strategy, defining a restore procedure, defining an offsite storage place, etc.
• Researching, testing, and installing patches, including hot fixes and security releases. This includes monitoring discussion and mailing lists, contacting manufacturers for updates, etc. This is one of the most important ongoing functions of running a server on campus. If your server is vulnerable and not patched, it is possible (and common) for your server to negatively impact the entire campus network.
• Providing a proper storage environment, including providing a climate-controlled, clean (the room should have air filters), secure room to store the server with networking installed, access to low distribution power units, access to emergency power supply, inclusion of a rack system that can make the addition or repair of hardware easier to accomplish (especially in multi-server environments), etc.
• Training, including initial and ongoing training on the operating system as it is constantly upgraded, ongoing training on the software installed on the system (most companies upgrade their software annually), training on hardware as it is upgraded, etc.
• Evaluating, installing, and configuring anti-virus software.
• Installing and utilizing disk defragmenter software, which is a good idea to use on a server to keep it running as efficiently as possible.
• Monitoring, including performance monitoring, monitoring Event Logs for possible security breaches or problems, 24-hour monitoring for server up-time, 24-hour monitoring of room climate, etc.
• Alerting, including the implementation of a system to alert someone 24 hours a day if any of the systems being monitored are not working properly.
• Creating redundancy, including the redundant drive arrays and power supplies, the most common problems for servers. Someone needs to know and understand how the redundancy works, how the hardware works, and how to best utilize what it offers.
• Reporting, including creating a process to report prolonged out-of-service situations.
• Keeping up with changing hardware and software.
• Administering Maintenance Agreements, including the yearly purchase of Maintenance Contracts with both the OS vendor and the vendor of the software installed on the server.

Yes, UW department-managed servers can run Forefront antivirus, however, server administrators must get server updates, patches and Forefront pattern files directly from Microsoft.

Server environments are simply too specialized for IT personnel to know what patches need to be applied and what antivirus management needs to be maintained to keep things running properly and avoid down time. For this reason, Information Technology does not push server updates out through the same mechanism that is used to patch desktops on campus (WSUS).  All server computer accounts that are on the UWYO domain should be specifically “opt out” of WSUS and should be set to patch directly from Microsoft on a regular basis with oversight from the System Administrator in charge of the server.  Please contact your departmental user consultant or the IT Help Desk at 766-4357, option 1, to have your server computer account set properly on the UWYO Domain.

The university transitioned to Forefront Client Security in the Spring of 2011 for campus desktop environments. Though the Forefront client will run on Windows Server environments, IT does not provide support for this scenario. Forefront for desktops is heavily integrated into WSUS to make management of the vast desktop environments easier and less resource intensive. Nonetheless, department-managed servers can install Forefront and can set it to update directly from Microsoft.

System Administrators will need to read and understand the installation process in order to get their servers setup properly to maintain protection. If you are a server administrator and you want to run Forefront on your system please see the guidance below to get you started. This information is provided for purely informative purposes and to get knowledgeable server administrators the information they need to install Forefront.

Installing Forefront on Departmental Servers:

1. Make sure your server is “opt out” of WSUS if it is on the UWYO Domain.
2. Visit the following Microsoft link to read about installing Forefront with the “no MOM” option: http://technet.microsoft.com/en-us/library/bb404279.aspx
3. All client installation software for UW can be found here:
   • Base client setup files for 32-bit OS: \\uwapps\AntiVirus\forefront\BaseClient\
   • Base client setup files for 64-bit OS: \\uwapps\AntiVirus\forefront\BaseClient\x64\