Skip to end of metadata
Go to start of metadata
Table of Content

Service Level Agreement

Name Change

Due to the name change of the university, changes to the service had to be made.

Name of Service

Faculty Web Service, short name "facultyweb".

Service Description

The service provides the possibility to publish web pages. Web pages have the URL http://www.faculty.jacobs-university.de/USERNAME, where USERNAME is the CampusNet/LDAP/VPN account of the person publishing web pages. The web pages are served world-wide. https protocol is also provided.

Anonymous, group or project directories are not offered, all pages are attributed to a single person.

PHP5 is provided as an apache module. There is no other scripting feature available. Also, no database is provided.

Pages are up- and downloaded via FTP protocol. The FTP server name to login is www.faculty.jacobs-university.de. Passive FTP is supported and recommended. Anonymous FTP access is not provided. FTP is only available within Jacobs University's campus network. TLS extension to FTP is provided.

The account name to use is the CampusNet account and password.

There is no interactive login on the server.

Quotas are enforced. Hard quota is 5GB, soft quota is 4GB.

Service Products

The web pages served under http://www.faculty.jacobs-university.de/..., resp. https://www.faculty.jacobs-university.de/...

Service Customer

IT Faculty Committee.

Service User

Faculty members, who are assigned at least one of the following address types in CampusNet:

  • Professor
  • Adjunct Professor
  • Visiting Professor (added 2008-02-29 by TS on request of Service Customer)
  • University Lecturer (added 2008-03-05 by TS after check with Service Customer)
  • Lecturer
  • Further Lecturer
  • Research Assistant
  • Research Associate
  • sonstige Faculty (added 2010-02-25 by TS after clarification of actor types)
  • Scientific Fellow (added 2011-04-28 by TS, see [Ticket#2011042711000053])

Explicitly denied are Jacobs University members with the following address types in CampusNet, even if one of the above-mentioned address types is assigned:

  • Student

Service Continuity

The service is provided until end of May 2009.

This SLA is fixed until May 2008. Transitional information, documentation, and additional information might be changed.

The server certificate is valid until May 12, 2012. After that date, a new certificate will be installed.

Service Availability

The service is available 24/7.

Service Reliability

The service is 99% reliable, calculated per month.

Service Charging

No costs for service provisioning is charged to the Service Customer or Service User.

Service Security

Data management on the web service is done by the user. Authentication and authorization is based on live LDAP data.

Standard creation mask for files is 0133 (created with permission -rw-r--r--), standard creation mask for directories is 0022 (created with permission drwxr-xr-x).

Service Users can enforce confidentiality of their web pages by employing the .htaccess mechanism of the apache web server.

Files starting with a dot may be written and read, so that creating and manipulating a .htaccess file is possible.

Protecting web pages by shared passwords is possible by providing an appropriate .htaccess file. See How to restrict access to web pages with apache web server for help and web service to generate encrypted passwords for the .htaccess file.

To protect access to other Service User's files, especially the .htaccess file, every FTP Service User has a restricted environment available only to himself. It is not possible to access other's files via FTP.

FTP access is rectricted to the campus network for security reasons. Remote update of the pages can be done per FTP by using NetVPN Service to securely connect to Jacobs University's network before using FTP. Also, TLS extension to FTP is provided.

HTTPS protocol is provided to securely transfer information via HTTP protocol.

FTP and HTTP transmit all information, including usernames and passwords over the network in the clear. To protect your information and user credentials, use FTP with TLS extension resp. HTTPS protocol.

The SHA1 fingerprint of the server certificate is ED:57:54:79:CB:D3:3C:08:7C:AE:6D:D8:FB:BF:5A:AD:43:DE:12:16. The certified server name for HTTPS and FTP/TLS is www.faculty.jacobs-university.de. All certificate details are available at the CA.

Service Prerequisites

The Service User must have a valid CampusNet/LDAP account and a valid CLAMV account.

Service Customer/User Responsibility

The Service User is responsible for the content. IRC and Jacobs University policies, German and International laws apply. Usage of the service constitutes acceptance of the policies and this SLA.

The Service User must be knowledgeable of how to maintain web pages on a web server, including how to use the FTP protocol and an editor for HTML pages.

Service Support

Support Extent

The Service Desk for Faculty and Staff

  • ensures availability of the served web pages,
  • ensures availability of the server-side FTP process for maintaining web pages,
  • updates operating system and installed software as appropriate,
  • provides information on configuration of the server processes,
  • provides prototypical information on how access to pages can be restricted.

Support Channels

Service support can be reached by employing the Service Desk for Faculty and Staff contact channels.

Support Availability

Service support is available during Service Desk for Faculty and Staff hours.

Service Workflows

Instantiation Workflow

There is no application workflow. Service Users as defined above are automatically eligible for this service.

Logging into the FTP server the first time automatically creates the user's directory.

Operational Workflows

There are no operational workflows. Web pages are maintained by the Service User.

Decomission Workflow

As soon as the Service User as defined above is no longer eligible for this service, the user's content is subject for removal by IRC-IT without further notice. Service Users should plan ahead the future of their content before change of status or before leaving Jacobs University.

Key Performance Indicators

Monthly availability numbers of the FTP, HTTP, and HTTPS service as reported by IRC-IT's monitoring system.

Measurements of Key Performance Indicators

Availability FTP Service

External pages show the availability of this service for last month and, for informational purposes only, for the last 7 days.

Availability HTTP Service

External pages show the availability of this service for last month and, for informational purposes only, for the last 7 days.

Availability HTTPS Service

External pages show the availability of this service for last month and, for informational purposes only, for the last 7 days.

Live System Status

The live status of the system implementing the service can be seen at this external page.

Open Issues

These open issues will be remedied as soon as possible.

Access Control

Shared Passwords

A shared password for protecting web pages requires a .htaccess file containing an encrypted password. Currently, there is no provided service to generate such a password.

LDAP User

To restrict access to pages to well-known users of Jacobs University's LDAP server, the providing apache web server requires LDAP authentication and authorization modules. These are not yet installed.

scp Access

To restrict access via sshd/scp to faculty-only users, the appropriate filter has to be specified via pam_filter parameter in ldap.conf of pam. Only, it doesn't work, the filter is ignored effectively allowing everyone at Jacobs University access to the machine. That is a no-go for scp at the moment. If you have an idea, why the ldap filter setting is ignored, please give us a hint and we will add scp support and open it up to the world. (man pam_ldap, system is SuSE Linux 10.1)

To provide for secure file access, we enabled TLS extension for FTP. For compatibility reasons and ease of access we will continue to provide FTP access. Also for compatibility, we will not deny non-FTP/TLS sessions. Because FTP/TLS is a protocol extension to FTP it uses the same port, hence can not easily filtered out at the firewall, which is port 21 for FTP. To the public Internet port 21 is still not opened, but FTP/TLS for secured FTP within Jacobs University is provided.

As a workaround, scp access to the Remote Login Shell Service is possible from the outside world.

Transitional Arrangements

Name Change of University

The old names http://www.faculty.iu-bremen.de/..., resp. https://www.faculty.iu-bremen.de/... are retained at least until February 2008.

Username Migration

In the past, the "USERNAME" part was not coupled to an account. Until September 29, 2006, the current user name part, if different from the CampusNet account, will also be valid. Service Users should update links on their pages on this and on other sites to adapt to the new name. After that date, forwarding of the old names will be terminated and only the new names will be valid.

Renamed Folders

Old Folder Name

New Folder Name

Owner

allner

aallner

Anke Allner

birk

abirk

Andreas Birk

carpin

scarpin

Stefano Carpin

dierk

dschleiche

Dierk Schleicher

kortz

ukortz

Ulrich Kortz

mwinterhalter

mwinterhal

Mathias Winterhalter

mzakhartsev

mzakhartse

Maxim Zakhartsev

oliver

moliver

Marcel Oliver

schoenw

jschoenwae

Juergen Schoenwaelder

springer

sspringer

Sebastian Springer

stoll

mstoll

Michael Stoll

Links from the old to the new names are available until September 29, 2006. After this date the links will be deleted.

Moved Folders

Old Folder Name

New Folder Name

Owner

Astroparticle

srosswog/Astroparticle/

Stephan Rosswog

GeoAstro

jvogt/GeoAstro/

Joachim Vogt

irccm

jvogt/irccm/

Joachim Vogt

eecs

jschoenwae/eecs/

Juergen Schoenwaelder

faculty

jvogt/faculty/

Joachim Vogt

lofar

jvogt/lofar/

Joachim Vogt

neptunas

jvogt/neptunas/

Joachim Vogt

space

jvogt/space/

Joachim Vogt

edu-hermes

shanelt/edu-hermes/

Sharifah Nora Hanelt

Links from the old to the new names are available until September 29, 2006. After this date the links will be deleted.

Folders that could not be moved and will be deleted

Folder Name

Removal Date

clamv-doc/

29.09.2006

clamv_old/

29.09.2006

clamvdoc/

29.09.2006

clamvhtml/

29.09.2006

clamvpub/

29.09.2006

course/

29.09.2006

it-ops/

29.09.2006

math/

29.09.2006

rbd/

29.09.2006

software/

29.09.2006

ssh/

29.09.2006

For example, pages available at the group URL "http://www.faculty.iu-bremen.de/course/" will no longer be supported by this service. The URL will be available until September 29, 2006, the content will then be erased. Service Users interested in keeping the content must copy it to their personal directories before that date.

Additional Links

Server-side Software Documentation

Potential Client-side Software

Microsoft Windows

Windows Explorer

Built-in Explorer of Microsoft Windows offers client functionality FTP protocol. Passive mode is used by default.

In the "Address"-line, enter ftp://USERNAME@www.faculty.jacobs-university.de. You will be prompted for your password and can then use the usual Explorer-style data management, copy&paste, etc.

CoreFTP

CoreFTP is a free graphical client program which supports FTP with TLS extension for a secured mode. You have to activate the TLS option in the configuration of the connection.

Configuration screen for secure transfer:

After connecting, you can check the tranfer log for 234 AUTH TLS OK. to ensure secure transfer.

Linux and Unix

Linux/KDE Konquerer/Gnome

The KDE standard file system browser on Linux and Unix systems, Konquerer, has a similar simple file access mechanism for FTP access. Nautilus in Gnome is rumoured to allow this as well, but could not be tested.

Standard command line client

Default Linux/Unix also has an "ftp" command on the command line. Be sure to use passive FTP.

lftp

"lftp" is a widely deployed ftp command line client supporting FTP with TLS extension, if compiled with openssl library.

There are options to be set to force secured login and also to secure the data transfer. Please see the lftp man page for details, especially regarding the options starting with ftp:ssl-.

sitecopy

sitecopy, a command line FTP directory synchronization tool for Unix for non-interactive use. Easy to setup and use. RTFM.

Mac OS

Cyberduck

Cyberduck is reported to support secured FTP.

Several Platforms

nvu

nvu, "a complete Web Authoring System for Linux desktop users as well as Microsoft Windows and Macintosh users to rival programs like FrontPage and Dreamweaver. Nvu (which stands for 'new view') makes managing a web site a snap. Now anyone can create web pages and manage a website with no technical expertise or knowledge of HTML."

nvu an be used without reading a manual by creative clicking.

CrossFTP

"CrossFTP is a versatile, user friendly GUI FTP client for multiple-platforms. It offers a rich list of features:[...]"

Started from the Web browser via Java web start, hence hassle-free installation. Secure connection requires "Pro" version available after payment of 20USD. A one-month evaluation is possible.

FireFTP

"FireFTP is a free, secure, cross-platform FTP client for Mozilla Firefox which provides easy and intuitive access to FTP servers.

Along with transferring your files quickly and efficiently, FireFTP also includes more advanced features such as: directory comparison, syncing directories while navigating, SSL encryption, file hashing, and much more!"

Firefox browser addon, aka plugin, aka extension.