Requesting Public Access to a Spinup Hosted Web Application or Website

Owned by Galen Dove (Unlicensed)
Last updated: Sept 30, 2021 by Andrew Guirguis (Unlicensed)
3 min read

Problem

How can I expose my servers or my application inside or outside of the Yale network with a load balancer?

How can I terminate HTTPS to my application - internally to Yale networks/VPN or externally to the Internet?

Solution

Steps for Requesting Public Internet Access for Your Spinup Hosted Application

  1. Perform a Security Planning Assessment, SPA, for your application hosted in secure or non-secure Spinup.
  2. If your application will be using Yale University's root domain yale.edu, you must receive approval for its domain name, contents, and usage with YaleSites. Furthermore, if your application will be using the Yale School of Medicine's root domain medicine.yale.edu, you must receive additional approval from the YSM Office of Communications.
  3. Submit a ServiceNow ticket for Load Balancing after the SPA and domain validation are completed: ServiceNow Service Request
    1. Note the desired domain name in the Short Description: "Spinup Load Balancer for <examplea.exampleb.yale.edu>"
    2. In the Description of the Request please add the following information:
      1. Name of the website or application.
      2. Brief description of the site or application.
      3. NetId  for the site or application owner.
      4. Name of the container or instance in Spinup.
      5. The text of the email response from YaleSites (and YSM Office of Communications, if applicable) approving your usage.
      6. The service request ticket number corresponding to your SPA.

Explanation of Terms Used

Security Planning Assessment

A Security Planning Assessment (SPA) is intended the first step in thinking about the security of your application.  Although spinup and secure spinup are pre-approved platforms under the SPA, the applications hosted on these platforms are not. Even for low risk systems, a SPA should still be performed.

A SPA is the first step in understanding the Minimum Security Standards (MSS) as they apply to your application.

Minimum Security Standards

Under the minimum security standards, you should follow best practices with regard to the configuration of the Spinup instances hosting your application.

If your application is hosted in Spinup's container service, please secure the application through an Nginx reverse proxy.  Details are described at here.

For applications that you yourself have developed, you should code them with security in mind, adhering to industry standards and practices.

If you are working with an outside vendor or using a vendor supplied application hosted in Spinup, please work the vendor to ensure that the application is secured.

For information about your responsibilities, please refer to the following:


Validation of requested domain name

If the yale.edu domain or subdomain is being requested, please open a servicenow ticket assigned to YaleSites.

  • The domain name itself will be verified by the webmaster
  • YaleSites will verify that the website is not a commercial endorsement of third party software or endeavor. 
  • Appropriateness of content will be reviewed to support Yale's reputation.

med.yale.edu domain names have special attention as noted below below.


Please review and agree to the following terms of use for Spinup load balanced websites:

  1. Websites should comply with the Yale Copyright Policy and must follow Yale’s Standards of Business Conduct
  2. ITS reserves the right to close accounts for inappropriate use, inaccurate or untimely information, privacy, security or performance reasons, violations of University policy, or illegal activities including posting copyrighted materials.
  3. No Protected Health Information (PHI) may be posted on any Spinup websites. ITS reserves the right to immediately remove materials that have been identified as potential PHI violations, or any materials containing data defined by Yale as confidential or restricted such as SSN or credit card numbers and to immediately terminate accounts in violation of these Yale University policies.
  4. Websites should comply with Yale’s web accessibility policy. The Accessibility at Yale website provides information on building and maintaining websites to be accessible for people with disabilities.
  5. Websites are managed by individual authors; any material served without password or other restrictions is publicly available. Web authors may choose to shield their sites from Internet search engines as well as Yale’s local search services.
  6. Use of the Yale logo and colors must adhere to the guidelines of the University Printer. The University Printer helps monitor the graphic quality of Yale’s publications and websites to ensure alignment with Yale’s visual identity standards. Please review Yale’s Identity Guidelines.
  7. School of Medicine departments and organizations (with the exception of MB&B), including faculty lab websites, need to contact the YSM Office of Communications for more information about the School of Medicine’s web services before creating a Spinup website.