Service controls
This table provides an overview of all the service controls required to maintain a Schoolyear AVD implementation. In addition to the code and title, it lists three Triggers. They describe when a control should be evaluated or acted upon.
-
Initial: You have to act on this control when performing the initial implementation.
-
Periodically: We advise acting on this control with at least the noted frequency in months.
-
Event: Act on this control in case of the specified event.
Each control is described in detail further down on this page.
| Code | Title | Initial | Periodically | Event |
|---|---|---|---|---|
| A | Infrastructure | |||
| A.1 | Maintain prerequisites | X | 12 | Personnel/Microsoft/Azure changes |
| A.2 | Maintain admin access for service team | X | Personnel changes | |
| A.3 | Install or update to the most recent major version | X | 12 | |
| A.4 | Update to the most recent minor version | 3 | Emergency patch | |
| A.5 | Rotate App Registration secret | 6 | Secret revocation | |
| A.6 | Maintain the wildcard certificate | X | * | Certificate revocation |
| A.7 | Maintain DNS delegation | X | DNS server or resolver changes | |
| A.8 | Maintain deployment time clearance | X | 6 | |
| A.9 | Maintain license server connections | X | License server or network changes | |
| A.10 | Clean up temporary devices | 3 | Reaching Entra’s object quota | |
| B | Images | |||
| B.1 | Implement & maintain images | X | 12 | New education requirements |
| B.2 | OS patches | 6 | Emergency patch | |
| B.3 | Software patches | 6 | Emergency patch | |
| C | Incident support | |||
| C.1 | Maintain a service team | X | 12 | Personnel changes |
| C.2 | Maintain an on-call schedule for incident response | X | 12 | Personnel changes |
* The frequency of certificate renewal depends on the lifetime of the certificates you use. Most commercial providers offer yearly certificates by default, whereas popular automated services require only monitoring for automation failures.
A: Infrastructure
Section titled “A: Infrastructure”A.1 Maintain prerequisites
Section titled “A.1 Maintain prerequisites”You need to make sure you keep all your Prerequisites for the service. These include third-party licenses, accounts and configurations that Schoolyear does not provide. If one of these prerequisites is no longer available, your service may become unavailable.
We recommend revisiting the list of prerequisites at least once a year and whenever the suppliers of the prerequisites make a relevant change.
If you are using Schoolyear AVD on ChromeOS devices, you have to make sure the network these ChromeOS are on remains isolated. Furthermore, if the public IP addresses of this network change, you have to update the configuration in the AVD add-on. This prerequisite is mentioned separately because it is not immediately obvious when the network is no longer isolated, while the security impact is large.
A.2 Maintain admin access for the service team
Section titled “A.2 Maintain admin access for the service team”The members of your service team need admin access to Schoolyear to do their job.
- If a member of the service team leaves the role: remove the user from Schoolyear or remove the admin rights.
- If a new member joins the service team: grant the user admin rights.
A.3 Install or update to the most recent major version
Section titled “A.3 Install or update to the most recent major version”The installation was performed during the implementation, so this control is mostly about performing major version updates. What makes a major update “major” is that it requires an impactful change or action by the service team. How much time is required to perform this update depends on your organization and the update.
As by our Versioning policy, major versions are supported for at least one year. But once that year has passed, it loses support 6 months after a new major version is introduced. Therefore, we recommend performing a major version update at least once a year.
You may decide to perform a major update sooner if it includes a feature or fix desired by your users.
A.4 Update to the most recent minor version
Section titled “A.4 Update to the most recent minor version”We recommend reserving some time every 3 months to keep up with minor version updates when available. Minor versions require a small change or action in your Azure infrastructure and are supported for 6 months. That means that when a new minor version is released, your current version loses support in 6 months.
A.5 Rotate App Registration secret
Section titled “A.5 Rotate App Registration secret”The App Registration created during the implementation has an API secret. We recommend rotating this secret every 6 months, but your policy may be more or less strict. If you want to follow a different cadence, adjust the expiration date of the secret accordingly.
To rotate the App Registration secret, follow the Rotate Secrets guide.
A.6 Maintain the wildcard certificate
Section titled “A.6 Maintain the wildcard certificate”The wildcard certificate you imported during the implementation expires at some point, like all certificates do. How often this certificate expires is different for every certificate supplier. Check what the expiration is for your certificates and adjust the frequency for this control accordingly.
To rotate the certificate, follow the Rotate Secrets guide.
A.7 Maintain DNS delegation
Section titled “A.7 Maintain DNS delegation”You need to make sure that the DNS delegation you configured during the implementation remains active and available. That means that when the DNS server changes, this configuration needs to be carried over, and that you need to keep the DNS server online.
You probably have bigger problems if your DNS server goes offline, so if that is the reason you are reading this right now, please visit this website for help.
A.8 Maintain deployment time clearance
Section titled “A.8 Maintain deployment time clearance”In the AVD add-on you can configure per App how much time in advance the deployment job starts. It is important this duration is long enough for the deployment to finish, but more importantly, enough for the service team to respond to any failures that may occur.
The deployment time configured initially may have been appropriate at that time. However, this may change over time. Perhaps, your service team may now need more time or less time to respond to incidents, or deployments are taking longer to finish due to capacity constraints in your Azure region.
We recommend revisiting these configurations every 6 months based on your experience and historical deployment times.
A.9 Maintain license server connections
Section titled “A.9 Maintain license server connections”If you have Apps that depend on local license server connections, you need to make sure these servers and their peering remain available.
In practice, these servers may not be your responsibility, so it is important to maintain contact with those who are responsible to ensure their continued reachability.
A.10 Clean up temporary resources
Section titled “A.10 Clean up temporary resources”Schoolyear AVD creates new resources for each exam for which it is enabled. These resources are deleted automatically after the exam.
However, there are a few types of resources that cannot be deleted by Schoolyear AVD or sometimes fail to delete. Therefore, we recommend cleaning up these resources every 3 months.
For instructions on how to clean up these resources, see the Clean up resources guide.
B: Images
Section titled “B: Images”B.1 Implement & maintain images
Section titled “B.1 Implement & maintain images”The service team needs to implement and maintain the images used for Schoolyear AVD. There may be new applications that need to be packaged, new libraries that need to be included or versions that need changing.
We recommend reaching out to the users at least once per academic year to gather any change in the applications needed during exams. Additionally, as the usage of the service grows, new applications may be required throughout the academic year.
B.2 OS Patches
Section titled “B.2 OS Patches”The OS included in the images does not update automatically. We recommend triggering a rebuild for all your images at least every 6 months to update the OS, and whenever there is an applicable security patch released for the OS version.
You can trigger a rebuild of the images by rerunning the avdcli commands that were originally used to start the image build.
An easier option is to simply restart the existing Image Templates if you didn’t delete them yet.
You should be able to find them in the Azure Portal
B.3 Software patches
Section titled “B.3 Software patches”Just like the OS in the image does not update automatically, the software installed on the OS does not either. This is by design, to make sure the exam experience for students is stable, but it does require periodic rebuilds.
We recommend triggering a rebuild for all your images at least every 6 months, and whenever there is an applicable security patch released for one of the applications installed on an image.
You can trigger a rebuild of the images by rerunning the avdcli commands that were originally used to start the image build.
C: Incident response
Section titled “C: Incident response”C.1 Maintain a service team
Section titled “C.1 Maintain a service team”You need to maintain a service team for Schoolyear AVD to make sure the service remains available to your users. In case of personnel changes, you need to ensure the service team remains effective.
Furthermore, we recommend evaluating the service team once a year. Is your team effective, and does your service meet the expectations of your users?
C.2 Maintain an on-call schedule for incident response
Section titled “C.2 Maintain an on-call schedule for incident response”For the education department it needs to be clear how to contact the service team in case of an incident. For the service team it needs to be clear who should respond to incoming orchestration alerts from Schoolyear AVD.
In case of personnel changes, you need to ensure the availability of the team meets the requirements from the education department. Furthermore, we recommend reevaluating this process once a year.