HKU ITS Cloud
 Information Technology Services (ITS)
Cloud Computing Services (itscloud@hku.hk)

Terms & Policies

Users must pay attention to the following Terms and Policies:

Terms of Services

  • Policies & Regulation of HKU ITS
    All subscribed users are assumed to understood the Policies & Regulations, Personal Information Collection Statements and Privacy Policy Statements of HKU ITS posted at http://www.itservices.hku.hk/home/about/policies.htm.
  • Terms Governing the Use of Departmental Web Server
    All subscribed users are assumed to agree to abide by the Terms and Conditions Governing the Use of Departmental Web Server (CF-106i) at (http://www.itservices.hku.hk/ccoffice/forms/CF-106i.pdf).
  • The use of the ITS Cloud system is mainly for academic teaching, learning, research and university administration.
    It must NOT be used in relation to any commercial activities, consultancy services, unethical or illegal activities,
    or creating any weapons or military products capable of delivering weapons. ITS Cloud reserves the right to take
    appropriate measures to suspend or terminate any part of ITS Cloud services which is (or suspected to be)
    breach of these regulations.
  • ITS Cloud shall not be liable for any loss, expense, costs or damages of any nature suffered by any Customer resulting in whole or in part from ITS Cloud's exercise of its rights or unavailability of ITS Cloud services under any circumstances.

Service Level Agreement

Charging Policies

  • Provisioning of Cloud VM Resources
    Once the New/Extend VM request is approved and provisioned, the minimum rental fee will be charged to the department account code as specified in request form.
  • Increase of Cloud Resources during service period
    For private Cloud VM, users can refer to Requestor Guide to make request for additional resources. On the other hand for Microsoft Azure public Cloud VM, there is no option to add additional resources during active subscription period.
  • Decrease of Cloud Resources during service period
    No refund request is accepted for any request to decrease the cloud resource during service period.
  • Termination of Cloud Resources during service period
    No refund request is accepted for any request to terminate the cloud resource during service period.

Data Backup/Restore Policies

  • Backup Policies (Private Cloud VM)
    All users must be responsible for the data backup and protection of  the files and data on Cloud VM by himself/herself. ITS Cloud shall not be liable for any data loss on the subscribed Cloud VM. However we still keep regular system weekly backup at least once per week at every Saturday, and only 4 backup versions will be retained for restore purpose.   
  • Backup Policies (Public Cloud VM)
    There is no regular backup available on public cloud Azure VM. All users must be responsible to regular upload/download important data on the subscribed public Cloud Azure VM.  
  • Restore Policies (Private Cloud VM)
    Users can send enquiry to itscloud@hku.hk to request for system restoration. The charging price for the one-off restoration should refer to the price list.
  • Restore Policies (Private Cloud VM)
    There is no restore arrangement can be made as there is no regular backup available on public cloud Azure VM. All users must be responsible to regular upload/download important data on the subscribed public Cloud Azure VM.

VM Expiration Policies

  • Before the subscribed VM expiry
    Reminder E-mail will be sent to requester to make extend request before 30, 14, 1 day before VM expiration.
  • At the VM expiry date
    System will automatic shutdown the VM. Requester cannot power-on it again until he/she make extend request and being approved
  • After the VM expiry date (Private Cloud VM)
    System will automatic delete the VM after 7 days of expiration. ITS Cloud accepts no liability for any loss or damage which may arise from the removal of subscribed VM.
  •  After the VM expiry date (Public Cloud Azure VM)
    System will automatic delete the VM immediately after expiration. ITS Cloud accepts no liability for any loss or damage which may arise from the removal of subscribed VM.

Policies of SSL certificate services at ITS Cloud VM

    1. Each ITS Cloud VM can be provided with SSL protection without additional charge if:
      1. The domain name of the VM is in the format of <abcdef>.hku.hk (3-level domain, other levels of domain names like <adc>.<abcde>.hku.hk are not covered).
      2. The VM is deployed at ITS Cloud network subnet.
      3. HTTPS service is not necessary to serve other peer ITS Cloud servers at same network subnet.

      To facilitate us to equip the VM with SSL protection mentioned above, the VM owner is requested to:
      1. Fill in CF-60 Application for Host Computer Node/Sub-Domain Name by indicating the domain name and IP address and confirming the VM is hosting on ITS Cloud and SSL protection is required.
      2. Generate a self-signed certificate at the subscribed OS level (procedures can be found at the following reference sites):
        - Apache on Linux
        - IIS on Windows
        - Tomcat
      3. Fill in CF-163 Application for Vulnerability Scanning for IT Applications/Systems when the VM is ready for production. The SSL certificate will be made effective after the test is passed.
    2. In case a non-3-level domain name or separate standalone SSL is necessary, please submit an order form to ITS via CF-36 for its purchase.

Firewall Protection Policies

  • Host based Firewall and External Firewall Protection 
  • The default security rules applied on firewalls for newly subscribed ITS Cloud VM with effective from May 8, 2017 would be as follow:
  • Traffic types
    Host based firewall:
    iptables for Linux Server or Windows firewall for Windows server
    (Controlled by VM owners)
    External firewall:
    (Controlled by ITS)
    a.
    Web access (http/https)
    Accessible from HKU network only
    If it is necessary to open web access from Internet, the VM owner can update the host based firewall by themselves
    Allowed
    b.
    Remote login (SSH/SCP for Linux Server, RDP for Windows Server)
    Accessible from HKU network only
     
    Blocked and not allowed to open
    c.
    Any other TCP/UDP traffic with specific port
    Follow OS default setting, blocked by default.
    If it is necessary to open specific traffic from any IP subnet, the VM owner need to update the host based firewall by themselves
    VM owner submits CF-164 at ITS online form to request to release specific ports at the external firewall