Lehigh University Procedure for Subdomains for third-party services
Description
We all recognize the weight that a .edu domain carries with it. From a Lehigh University perspective, we take great pride in our reputation and want to protect it. We have a very strong technical staff at Lehigh University that is responsible for the administration of our Lehigh University hosted technical services, and we partner with talented third-party vendors in order to improve our services. It can be difficult to determine when to use Lehigh University subdomains, especially when working with third-party vendors. The purpose of this document is to set up specific criteria outlining when a lehigh.edu subdomain should be used vs. implementing redirects to a third-party vendor.
Scope
This procedure applies to all Lehigh University departments and the staff and faculty within those departments as they enter into contracts and agreements with third-party vendors.
DNS Background & Recommendations
Domain Name Service (DNS) is a service that connects meaningful human-readable names/URLs with their numeric IP addresses. Lehigh University Library & Technology Services (LTS) maintains multiple DNS servers at Lehigh University.
LTS retains official responsibility for maintenance of the DNS servers, including all subdomains, hostnames, CNAMEs, and all other DNS record types for Lehigh University. Our DNS servers are maintained by well-trained LTS system administrators that adhere to university policies and best practices related to server administration and security. Our DNS servers are secured, monitored, and highly available.
Lehigh University domain and subdomain names are registered and owned by Lehigh University to represent Lehigh University on the internet. Lehigh subdomain names end with “lehigh.edu ” and are reserved for services provided by Lehigh University and are administered and supported by Library and Technology Services (LTS).
Lehigh reserves the use of the top-level lehigh.edu and subdomains for official Lehigh use and for services that are provided by Lehigh University Staff & Faculty. Except for aliases and other non-address records, each subdomain name must point to a valid university network IP address. In fact, we recommend the use of lehigh.edu subdomains for any sites and/or services hosted and supported by Lehigh University faculty and staff. Prior to 2019, we made some exceptions to this rule, and those exceptions have driven the creation of this policy. We do not want to extend the perception that Lehigh University is responsible for third-party vendor-hosted services that we do not have any insight into, nor ability to address systems issues when they arise. Under extenuating circumstances, exceptions may be granted for legitimate business needs but must be approved by the CTO.
Exceptions are generally limited to:
Special arrangements with vendors providing specific (Lehigh-branded) services to University faculty, staff, and students, where other arrangements are not possible. For those very rare cases, a University business agreement must be in place that clearly calls out expected SLAs for that service. The vendor is responsible for acquiring and maintaining any and all TLS certificates. The requesting Lehigh office/department that holds the contract with the third party claims sole responsibility for that service relationship, and is responsible for monitoring and ensuring that the certificates are valid and up to date, to prevent any issues that may reflect negatively on Lehigh University.
Subdomain Delegation
Lehigh University will not delegate the authority of any subdomains to third-party vendors, as we would then lose the ability to monitor that subdomain, which would inhibit our ability to ensure the security of our systems and services. No exceptions will be made.
Third-Party Vendor Guidance and Recommendations
There has been an increase in use of third-party cloud vendors to provide services. These third-party cloud services can be used without being served from a Lehigh subdomain. Our recommendation is to use one of the following approaches to embrace these vendor services without adding them to our domain:
Lehigh Go is a self-service link shortener that can be used to generate a Lehigh URL that redirects from Lehigh GO to any third-party domain/URL:
https://lts.lehigh.edu/services/explanation/lets-go-creating-short-link-addresses-urls-lehighExample: http://go.lehigh.edu/applygrad redirects to https://www.applyweb.com/lehighg/index.ftl
go.lehigh.edu/keyword and lehigh.edu/go/keyword are equivalent
Lehigh keyword redirects can be requested by entering a Help Desk ticket requesting a redirect. Provide the requested lehigh.edu/keyword along with the third-party vendor URL you would like the keyword redirected to. The LTS team will contact the requester with any questions and/or will let the requester know if the keyword name is not available.
Example: www.lehigh.edu/hire redirects to lehigh.hiretouch.com
Lehigh subdomain redirects can be requested by entering a Help Desk ticket requesting a redirect. Provide the requested lehigh.edu/keyword along with the third-party vendor URL you would like the keyword redirected to. The LTS team will contact the requester with any questions and/or will let the requester know if the keyword name is not available.
Example: market.lehigh.edu redirects to secure.touchnet.net/C20958_ustores/web/
Revision History
Date | Version | Description | Approval |
|---|---|---|---|
May 4, 2020 | 1.0 | Initial procedure created by Amanda Caton | Approved |