Infrastructure Standards and Guidelines
All web applications must be compatible with and hosted on Leicester City Council hosting environment.
Email us for full technical details of our hosting environment
There are situations where it is appropriate the application on supplier provided hosting or further third party hosting. In this case, please follow the hosting guidelines set out below
Domain Name Standards
All domain names must be registered through Leicester City Council. We will check to see if a name is available for you and offer tips on choosing a good domain. Email us to be put in contact with domain name purchaser
Under certain circumstances we will purchase non leicester.gov.uk domain names on your behalf. This is usually for partnership sites or where we want to prevent people setting up sites with similar names to one of ours.
Have BS7799 certification (now ISO27001)
Carry out penetration testing and confirm annually this has taken place
Set up services with Microsoft High Security policy to disable unnecessary services on the system.
Provide a service level agreement that guarantees 99.8% availability of the service
Provide an acceptable response to support calls with a service level agreement
Monitors the service availability and responds to outages
Ensure patches applied to the operating system, firewall and any other server software.
Dedicated firewall to prevent access from co-hosted servers belonging to other organisations, in a shared environment, or to isolate the internet facing server from the council network
Monitoring of network access for threats
Methods for dealing with denial of service DOS attacks
An incident reporting scheme
To ensure the service or application stays available to the public you need to consider what will happen in the event of an emergency.
Backups - We would require the equivalent to a daily backup to tape, verification of tapes, weekly tape rotation and off site storage routine to be specified
Resilient link - It is desirable that the hosting service provides at least one resilient link to the Internet in case of failure to the main link.
Failover servers – onsite - The most likely cause of loss of service will be problems on a particular server. It is highly desirable for there to be a hot standby server ready to take over should the need arise. If no hot standby is available, it is essential that a SLA is in place to get parts for existing servers replaced within 1 hour.
Failover service – offsite - what would happen if the hosting site disappeared?
Ensure the contract supplies sufficient bandwidth for your service and that there is scope to increase it as your service becomes more popular
Change: First draft
Author: Yasin Jassat