Web Hosting (cPanel) SLA

Service Agreement Overview

Users of OIT’s Web hosting service will be asked to sign a Service Level Agreement (SLA) which will outline the responsibilities of OIT and the customer, as well as providing some general information on policies of NC State University.  In general, OIT is the owner of the service, but the customer is the owner of the content on the web site. Please be sure to read the SLA for all of the details.

Responsibilities of Service Agreement

It is important to note that for this service, OIT is the service provider and any content delivered via this service is owned by the customer.

The customer is responsible for the following:

  • cPanel account maintenance:
    • Maintain and secure cPanel administrator account
    • Maintain and secure any sub-accounts
    • All software used by the customer must be maintained at the latest available version.
  • Creating and/or maintaining any contents, scripts or applications to be delivered by the web service.
  • Requesting the approval of any domain names: https://getontheweb.ncsu.edu/university-urls-and-domains/.  
  • Providing OIT the names, phone numbers, and email addresses of at least two critical contact personnel.
  • Making sure content stored or presented within the website, or requested by the website is in compliance with:
    • Requirements of university policies,
    • FERPA, HIPPA, GLB, ECPA, CFAA, and all other applicable federal and state laws regarding confidentiality of information,
    • NC State’s REG 08.00.02 – Computer Use Regulation.
  • Ensuring content meets the NC State Information and Communication Technology Accessibility Regulation (https://go.ncsu.edu/ict-accessiblity-reg). This includes Web pages, Web applications, and electronic documents.
  • Ensuring that everyone who manages content in this environment, regardless of the URL’s or tools used to host that content, reads and agrees to all terms and conditions specified.

Additionally, customers of the web hosting service must be aware of the following rules regarding PCI Compliance:

  • This service is NOT PCI-compliant. You are not permitted to accept, receive, or transmit any sort of credit card information through this service, nor may your site link or transmit information to a payment processor.
  • The customer must ensure that the environment does not contain any system components that are in either PCI DSS primary or secondary scope.
    • Primary scope includes any system components that processes, transmits and/or stores Payment Card Numbers (including the Credit Card Security Code) whole or in part.
    • Secondary PCI scope is any system component that either provides services to primary components or attaches to the primary scope directly.

If you need to accept credit card information for any purpose, you are required to contact NC State Merchant Services (merchantservices@ncsu.edu) to arrange for use of the university’s e-storefront service or other Merchant Services-approved options.

If the web service’s URL is not registered in the ‘.ncsu.edu’ domain, the customer is also responsible for:

  • Registration and payment of domain registration fees and charges.
  • Securing approval for NC State University to handle the domain.
  • Providing necessary information and/or executing the appropriate tasks to migrate the domain to NC State University.
  • Continuing renewal payments for domain registration.

OIT will be responsible for:

  • Providing backups
  • Generating renewal SLA’s on an annual basis
  • Tier 1 administrative support of the cPanel environment

OIT will not be responsible for:

  • Maintaining or creating any content to be delivered by the service.
  • Maintenance and updates of any software used by the customer.
  • Any copyright infringements caused by the unauthorized use of copyrighted material.
  • Any authorizations, approvals, or payments for non- ‘ncsu.edu’ domains.
  • Migration of any and all content as a function of executing an exit strategy.
  • Generating or providing website usage/access statistics.

Please note that OIT does offer separate maintenance agreements if you need assistance with creating, updating and/or maintaining your site. More information: https://design.oit.ncsu.edu/our-services/.

Penalties

If the web service, or any associated applications hosted on this service are in violation of any of the aforementioned confidentiality or PCI-related terms/conditions:

  • The site will be immediately disabled from access by/to the Internet
  • Customer’s cPanel account will be immediately disabled.
  • In the case of security issues the site and account will only be reactivated upon approval by OIT’s Security & Compliance Unit that confidential and/or PCI-related information has been removed and associated applications hosted on this service have been disabled or remediated.

Service Restrictions

  • Customer may not implement a mail hosting service.
  • Accounts come with 10GB and additional quota may be requested in 10GB increments. No single cPanel account shall be granted more than 50GB total.
  • No more than five web applications should be installed in a single cPanel account.
  • OIT reserves the right to disable any services, sites or applications that are – in the opinion of the Manager of Identity & Web Services (or their designate) – misbehaving, run-away, or consuming excessive CPU resources.
  • Course related materials should not be hosted in this service. We recommend reviewing your options at https://getontheweb.ncsu.edu/get-started/.
  • Additional restrictions, as well as guidelines and best practices, may be included on the Web Services website, https://oit.ncsu.edu/campus-it/web-services/.

Capacity / Performance Targets and Commitments

Requirements for scalability

The following assumptions may be necessary for the medium and long-term increase in workload and service utilization.

Transferring cPanel Accounts Between Servers to Balance Resource Utilization

In order to provide the best service possible for all accounts, OIT Web Services will monitor the resource utilization of all cPanel accounts and servers. Monitored resources include, but are not limited to, bandwidth, CPU and RAM.

Based on these metrics, OIT Web Services may transfer cPanel accounts between cPanel servers to establish a more balanced usage of all cPanel servers’ resources.

An account transfer will only be performed after the account owner has been informed and a specific time for the transfer has been agreed upon by OIT Web Services and the account owner.

Transferring an account requires a short period of time for the account data to be migrated to the new server and for the DNS records to be updated to the new server’s hostname. The actual IP address of the hosted server will be different. The change of the IP address may be significant to customers who are using IP address-based firewall rules to allow access by a specific cPanel server.

Customers are responsible for communicating their need for IP address information if their account has been identified as one that will be transferred.