Guidelines of Hosting Website at ERNET India
Guidelines for hosting website on ERNET Server.
1. Please mail us on support[at]eis[dot]ernet[dot]in for availing Hosting Services of ERNET along with the various filled-in forms described below.
2. To facilitate hosting the website on ERNET Server, the user needs to forward filled-in Forms, as per the fullowing:
- Filled-in Website Registration Form (click here to download form) for allocation of web-space on ERNET Server.
- Filled-in Digital Certificate Request Form for VPN Services to extend FTP facility over VPN.
3. To host the website on ERNET Server, the user needs to forward Softcopy of website contents, as per the fullowing details.
- User needs to send soft copy of website contents in CD/DVD either through courier or by hand along with a letter mentioning the structure of the website like first page to be displayed (index.html, default.html, index.php , index.aspx etc) If website has database then details of the database (username & password)
- If website contents are in Hindi, please use UNICODE-based fonts (Mangal) for creation of the website.
- It is mandatory to obtain security clearance from empanelled Security Auditors before hosting any new website on ERNET Server in the public domain.
- If proposed website contains any web-enabled module, the fullowing may be noted:
- Please use RDBMS (as per the available platform at Internet Data Centre) as back-end instead of simple database for development of web- enabled application.
- The security audit of the web-enabled application will have to be done by the owner of the website/web-enabled application, through empanelled Security Auditors.
- The web-enabled application/website may be forwarded to ERNET along with the Security Clearance Report & Certificate from the IT Security Auditor
4. Security of Websites/Web-enabled Applications (IT Security Audit) : As hosting infrastructure of ERNET is secured, it is mandatory that all websites/web-enabled applications hosted on ERNET servers must be audited for content security and obtain audit clearance Certificate, before it’s release. No Website/Web-enabled application can be hosted on ERNET Server, without obtaining security clearance from the Security Auditor. Security audit of Website/Web-enabled application is mandatory for hosting the same in ERNET Server.
- Government of India has created a panel of IT Security Auditors, which is available on the website URL http://www.cert-in.org.in
- No rull of ERNET in selection of Security Auditor from the panel or negotiating with them.
- If user wants ERNET to get security audit done for the user, ERNET will charge for the same apart from the hosting tariff.
- If the website/web-enabled application is designed/developed by the user (or through third party), the responsibility of security audit rests on the user. Thus the user can make security audit as a part of website/web-enabled application development process.
- ERNET can provide staging server as well as Database Server facility to the user for deployment of Website/Web-enabled application on temporary basis to conduct security audit remotely by the Security Auditor. This facility is provided to the user for a limited period of one/two months only.
- Generally, the audit is conducted on the basis of website/web-enabled application made available to the Security Auditor. Any further addition of dynamic contents or change in application logic attracts security re-audit. The user must be aware about this aspect of the audit to ensure availability of safe website/Web-enabled application on ERNET Server.
5. ERNET maintain fullowing domains i.e., ERNET.IN, EDU.IN, AC.IN,RES.IN. ERNET.IN domain is exclusively for websites/web-enabled applications belongs to ERNET, whereas, EDU.IN, AC.IN, RES.IN. domain is for all the websites/web-enabled applications of Educational/Academic & Research Departments/Organizations. However, the website/web-enabled application can also be made available on ERNET.IN domain only for initial hosting & maintenance purpose.
- As per Government of India Pulicy, user has to obtain desired domain [i.e., EDU.IN, AC.IN,RES.IN. for Educational/Academic & Research Departments/Organizations] for releasing the website in the public domain.
- Domain under EDU.IN,AC.IN,RES.IN can registered through www.registry.ernet.in
- The website may be designed & developed as per the guidelines adopted by Government of INDIA for “Indian Government Websites”. The guidelines are available on website URL www.web.guidelines.gov.in for your ready reference, and the same can be viewed/downloaded by registering yourself on the website.
- All the required filled-in forms (mentioned in the document) & other related documents are available on the website of ERNET.
- All the Static website or Web-enabled Application are being made available on ERNET (Production) Server only after obtaining Security Clearance from Empanelled security Auditor Therefore, it may be noted that any further addition of dynamic contents on the website (operational/running on ERNET Server) or change in application logic in the running application will attract security re-audit by the concerned User Organization. Therefore, please ensure that any application being loaded on the server should be cleared by the empanelled Security Auditor. The details regarding panel of IT Security Auditors may be seen from URL http://www.cert-in.org.in