OIT Public Knowledge - Cloud at NCSU - Campus IT Service Portal

The NCSU Office of Information Technology (OIT) knows that groups across the university want to use the agility, scalability, and advanced technologies that cloud services provide. OIT is developing a framework around governance, security, networking, and brokerage for these services at NCSU. The goal is to provide access to cloud computing services that include guardrails to comply with NCSU information security policies.

Why work with the Cloud Services & Support Team?

OIT brokered cloud offerings work with NCSU managed resources such as authentication, logging and networking and are vetted by the NCSU Security & Compliance (S&C) team.

The Cloud Services & Support team can also assist your group with discounts and credits from cloud vendors.

Available cloud providers

OIT currently offers brokerage services for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).

Guard Rails

Operating in the cloud presents new security and configuration challenges to the University. Working with the S&C , we have established a guiding set of Guardrails designed to prevent the most common configuration mistakes. These rules are detailed here.

Cloud Environment Request

Before you request an AWS, Azure or GCP environment, there are several questions that you will need to be prepared to answer.

Billing: The financial requirements for the cloud environment.

Project ID
Department/College Bookkeeper

Cloud Resource Roles: These roles identify the primary users that will configure and maintain the cloud environment. They include the following:

Cloud Owner: The person is the individual that is primarily responsible for the use of this environment. Can also be referred to as the owner or sponsor of the environment.
Technical Contact: The individual who is the primary support contact for system administration and support.
Cloud Environment Administrators: Users with Unity IDs that will need privileged access to the Cloud Environment.

Data Classification: Indicates the sensitivity of the data that will be stored or processed in the cloud environment.

Green
Yellow
Red
Purple

Regulatory Requirements: Additional regulatory requirements required by sponsor and granting agency.

FERPA
PHI/HIPAA
NIST 800-53
NIST 800-171
Other Requirements

Campus Connectivity: Whether the requested cloud environment will need network connectivity to the NCSU campus -- including internally routable (RFC1918) NCSU address space.

Cost of Service

Cloud services use a “pay-as-you-go” model where you are charged for the services you utilize
With the NCSU-provisioned access, OIT will centrally manage the billing and accounting for most GCP, AWS and Azure cloud environments
Project IDs are needed for internal re-billing purposes

Brokered Cloud Features

Cloud Environments brokered through OIT will provide the following benefits.

NCSU Managed Identity Access
Connectivity to the NCSU Campus Network through a VPN connection (if needed).
IP address/range management.
Security & Compliance Oversight
Centralized Logging
Single Single on (MFA) integration
Persona/Entra ID Integration for group management
Domain Name Service (DNS)
Centralized Billing and Management
Budget Alerts

Technical Support

For support on new or existing cloud environments, please use the Cloud Environment Request to open a service request with the NCSU Cloud Services & Support Team.

Service Availability

Cloud resource availability is based on design and deployment of the cloud resource. The Cloud Services & Support Team can advise on designing a cloud environment with the appropriate level of resiliency.

Maintenance Schedule

The Cloud Services & Support Team will announce planned cloud maintenance windows as communicated from the respective cloud vendors through the NCSU OIT help portal and targeted emails and alerts.

Helpful Information

Cloud Login Links

Training

Cloud Training Resources are available for AWS, Azure and GCP through the NCSU LinkedIn Learning partnership.