Dedicated Server Usage Policy

Purpose
This policy outlines the guidelines and procedures for our customers about the usage available at our Data Center, maintenance, and monitoring of dedicated servers hosted within our Internet Data Center (IDC). The goal is to ensure optimal performance, security, reliability, and disaster recovery readiness while adhering to industry best practices.

1. General Usage Guidelines

  1. Authorized Access:
  • Only authorized personnel are allowed to access the server environment, both physically and remotely.
  • Multi-factor authentication (MFA) must be enforced for all remote access.
  1. Server Configuration:
  • Servers are configured according to approved standards, including operating systems, applications, and security patches.
  • Unauthorized software installation or configuration changes are prohibited.
  1. Resource Allocation:
  • Resource allocation (CPU, RAM, storage, bandwidth) will be strictly monitored to prevent overutilization that could impact other services.
  1. Data Privacy & Security:
  • All data stored on the server are comply with applicable privacy laws and regulations (e.g., GDPR, HIPAA).
  • Encryption protocols are implemented for sensitive data at rest and in transit.
  1. Backup Policy:
  • Daily backups are performed and stored offsite or in a geographically redundant location.
  • Backup integrity checks should occur weekly to ensure recoverability.

2. Hardware Replacement in Case of Disaster

  1. Hardware Maintenance SLA:
  • A Service Level Agreement (SLA) with the hosting service guarantee hardware replacement within 4 hours for critical failures during business hours and 8 hours outside business hours.
  1. Spare Parts Inventory:
  • Maintain an inventory of critical spare parts (e.g., hard drives, power supplies, network cards) at the data center to expedite repairs.
  1. Disaster Recovery Plan (DRP):
  • In case of catastrophic hardware failure, a DRP include:
    • Immediate failover to a secondary server or cloud instance.
    • Restoration of services from the most recent backup within 24 hours.
  1. Post-Recovery Audit:
  • After any hardware replacement or disaster recovery event, Data Center technical team conduct a root cause analysis to identify and mitigate future risks.

3. Network Monitoring

  1. Real-Time Monitoring Tools:
  • Deploy advanced network monitoring tools (e.g., Nagios, Zabbix, PRTG) to track bandwidth usage, latency, packet loss, and uptime.
  1. Alert Notifications:
  • Configure alerts for abnormal activity such as spikes in traffic, DDoS attacks, or unauthorized login attempts.
  • Alerts must be sent via email, SMS, and/or phone calls to designated IT staff.
  1. Firewall & Intrusion Detection:
  • Implement firewalls and intrusion detection/prevention systems (IDS/IPS) to safeguard against malicious activities.
  • Regularly update firewall rules and review logs for anomalies.
  1. Bandwidth Throttling:
  • Set thresholds for bandwidth usage to prevent service degradation due to excessive consumption.

4. Rack Cooling Monitoring

  1. Temperature Sensors:
  • Temperature and humidity sensors in each rack monitor environmental conditions continuously.
  1. Thresholds:
  • Data Center acceptable temperature ranges (e.g., 64°F–80°F / 18°C–27°C) and humidity levels (40%–60%).
  • Trigger automated alerts if thresholds are exceeded.
  1. Cooling Redundancy:
  • Redundancy available in cooling systems to maintain operational continuity in case of HVAC system failure.
  1. Regular Inspections:
  • Data Center technical team conduct monthly inspections of cooling equipment to verify functionality and cleanliness of air filters.

5. Data Center Power Monitoring

  1. Uninterruptible Power Supply (UPS):
  • Data Center racks are equipped with UPS units to provide temporary power during outages.
  • Test UPS batteries quarterly to ensure they can sustain operations until generators kick in.
  1. Generator Backup:
  • Maintain diesel and natural gas-powered generators capable of running the entire facility for at least 72 hours without refueling.
  1. Power Distribution Units (PDUs):
  • Data Center use intelligent PDUs to monitor power consumption per rack and detect potential overload scenarios.
  1. Voltage Stability:
  • Monitoring voltage fluctuations and implement surge protectors to prevent damage to sensitive equipment.
  1. Energy Efficiency:
  • Data Center optimize power usage effectiveness (PUE) by adopting energy-efficient technologies and practices.

6. Physical Security Measures

  1. Access Control:
  • Data Center restrict physical access to the data center using biometric scanners, keycards, or PIN codes.
  • Data Center Maintain an audit log of all entries and exits.
  1. Surveillance Cameras:
  • CCTV cameras covering all entrances, exits, and server aisles. Recordings are retained for a minimum of 90 days.
  1. Fire Suppression Systems:
  • Data center deployed clean agent fire suppression systems to extinguish fires without damaging electronic equipment.
  1. Visitor Policy:
  • Visitors are escorted by authorized personnel at all times and sign a confidentiality agreement before entering.

7. Compliance & Auditing

  1. Regulatory Compliance:
  • Data Center adhere to relevant regulatory frameworks such as ISO 27001, SOC 2, PCI DSS, and others based on the nature of the business.
  1. Periodic Audits:
  • Technical team conduct internal audits every six months and external audits annually to assess compliance and identify areas for improvement.
  1. Documentation:
  • Data Center maintain comprehensive documentation of all policies, procedures, incidents, and resolutions.

8. Incident Response Plan

  1. Incident Reporting:
  • Data Center established a clear process for reporting incidents, including contact information for the incident response team.
  1. Escalation Procedures:
  • Technical team define escalation paths for different types of incidents (e.g., minor vs. major outages).
  1. Post-Incident Review:
  • After resolving an incident, document the details, analyze the root cause, and implement corrective actions to prevent recurrence.

9. Training & Awareness

  1. Employee Training:
  • Data Center provide regular training sessions for employees on cybersecurity, disaster recovery, and proper server management practices.
  1. Awareness Campaigns:
  • Data Center promote awareness about phishing attacks, social engineering, and other common threats through newsletters and workshops.

Conclusion

This Dedicated Server Usage Policy ensures that we maintains high standards of performance, security, and resilience. By following these guidelines, we minimize downtime, protect critical assets, and deliver reliable services to end-users.

Final Note: This policy is reviewed and updated annually to reflect changes in technology, regulations, and organizational needs.