On May 17th, 2013, IU approved Policy IT-28 Cyber Risk Mitigation. This policy states that all units of IU must use the services provided by UITS to the greatest extent practicable. This policy has far-reaching impact on the computing environment at IU and one of the affected services provided by the SICE units has been Virtual Machines (VMs). Since UITS provides VM services for IU through their Intelligent Infrastructure (II), we are now obligated to use this service. The II VM hosting environment is extremely robust and feature-full so the only real impediment to using the service is the cost. The costs are in no way out of line for the level of service being provided, but it does present challenges for the school to support projects requiring VMs in a fair and equitable fashion. The purpose of this document is to give general information about the II VM service and the cost model supported by the school.
Intelligent Infrastructure (II) VM Services
II VMs are available in a variety of configurations and pricing models. Configurations up to 6 CPUs and 32 GB of memory are supported and pricing starts at around $355/year for a low-end VM. For details of the pricing model, please see the features and pricing link from the II Virtual Systems page.
VM Funding Sources
This section outlines the various types of uses for VM and how they are funded
- Central SICE Services - Central services critical to the function of the school are funded directly out of the school IT budget. This would include systems used to support central file and print services, core web services, and security systems.
- Instructional Services - VMs that are used for direct class support by SICE instructors will be funded either through the school IT budget or specific educational support budget lines, depending on the exact nature of the project. Projects of this nature must have needs that cannot be met using other UITS and SICE services and be approved by the SICE IT Director.
- Research and Project Support (School Funded) - The school will provide up to $800/year/faculty member for VMs used in the support of the faculty member's research. This funding level is sufficient for 2 low-end II VMs or 1 larger II VM. Projects of this nature must have needs that cannot be met using other UITS and SICE services and must have approval of a member of the SICE faculty.
- Research and Project Support (Faculty or Grant Funded) - Beyond the School-Funded VMs, it will be up to the faculty member to provide funding sources for additional VMs. There is no limit on the number and size of VMs that can be provisioned for such projects, provided that the faculty member provides an account number to cover the cost
- Special and Unfunded Projects - If a project requires a VM and there is no funding available, then it would typically be expected that it would be funded from the $800/year allocation of a sponsoring faculty member. If there is no faculty member sponsoring the project or the $800/year allocation of the sponsor is already being used, the project lead can petition the school to provide funding. There is no guarantee that funding will be available and all projects will have to be approved by the SICE IT Director.
Alternatives to II VMs
There are a number of cases where project needs cannot be met by the II VM services and alternatives will have to be found. Example of such cases include:
- Large Systems - The II system has VM limits (6 CPUs and 32GB of memory) that may not be sufficient for many research needs. In such cases, it may be necessary for the project to purchase dedicated research hardware to overcome these limits.
- Large Storage Requirements - The storage space in use within the II system is high-availability SAN storage which is relatively expensive. Some projects requiring very large amounts of storage may find that the storage costs in II are simply cost prohibitive and purchasing dedicated research hardware or using alternative storage services may be required.
- Network Limitations - There are certain projects that have specific network requirements that cannot be met in II. For example, we have some dedicated security VLANs that are partitioned off from the rest of the IU network and II VMs would not have access to those networks.
- Usage Limitations - There are certain use-cases that are not appropriate for II. For example, systems used in security research (such as honeypots or systems that will be intentionally infected with malware) may not be allowed in the II environment.
- OS Limitations - There are certain operating systems that cannot be virtualized for either technical or licensing issues. For example, Apple license agreements prohibit virtualization of Mac OS X so services requiring MAC OS X can't use II.
This list is not intended to be a complete list but just gives you an idea of the types of systems that would not be able and/or required to use II.
Further Information and Help
If you have any further question about this policy, or you would like to have a VM created, please just submit a request to the SICE Help Desk.