ITS Cloud Terms and Policies

(A) Terms of Services

Policies & Regulation of HKU ITS

  • All subscribed users should understand and follow all the Policies & Regulations of HKU ITS mentioned at
  • The use of the ITS Cloud system is mainly for academic teaching, learning, research and university administration. It must NOT be used in relation to any commercial activities, consultancy services, unethical or illegal activities, or creating any weapons or military products capable of delivering weapons. ITS Cloud reserves the right to take appropriate measures to suspend or terminate any part of ITS Cloud services which is (or suspected to be) breach of these regulations.
  • ITS Cloud shall not be liable for any loss, expense, costs or damages of any nature suffered by any Customer resulting in whole or in part from ITS Cloud’s exercise of its rights or unavailability of ITS Cloud services under any circumstances.

(B) Service Level Agreement

(C) Charging Policies

  • Provisioning of Cloud VM Resources: Once the New/Extend VM request is approved and provisioned, the minimum rental fee will be charged to the department account code as specified in request form.
  • Increase of Cloud Resources during service period: For private Cloud VM, users can refer to Requestor Guide to make requests for additional resources.
  • Decrease of Cloud Resources during service period: No refund request is accepted for any request to decrease the cloud resource during service period.
  • Termination of Cloud Resources during service period: No refund request is accepted for any request to terminate the cloud resource during service period.

(D) Data Backup/Restore Policies

  • Backup Policies (Private Cloud VM): All users must be responsible for the data backup and protection of the files and data on Cloud VM by himself/herself. ITS Cloud shall not be liable for any data loss on the subscribed Cloud VM. However, we keep regular system weekly backup at least once per week, and only 4 backup versions will be retained for restore purpose.
  • Restore Policies (Private Cloud VM): Users can send enquiry to to request for system restoration. The charging price for the one-off restoration should refer to the price list. Any restore request for expired VM will NOT be accepted. 

(E) VM Expiration Policies

  • Before the subscribed VM expiry: Reminder E-mail will be sent to requester to make extend request before 30, 14, 1 day before VM expiration.
  • At the VM expiry date: System will automatic shutdown the VM. Requester cannot power-on it again until he/she make renewal request and being approved.
  • After the VM expiry date (Private Cloud VM): System will automatic delete the VM after 3 days of expiration. ITS Cloud accepts no liability for any loss or damage which may arise from the removal of subscribed VM.

(F) SSL certificate services policies at ITS Cloud VM

  • Each ITS Cloud VM can be provided of * wildcard SSL certificate protection without additional charge if the following 3 conditions are met:
    1. The domain name of the VM is in the format of <abcdef> (3-level domain, other levels of domain names like <adc>.<abcde> are not covered).
    2. The VM is deployed at ITS Cloud network subnet.
    3. HTTPS service is not necessary to serve other peer ITS Cloud servers at same network subnet.
To facilitate us to equip the VM with SSL protection mentioned above, the VM owner is requested to take following 3 steps (a, b, c) to apply for * wildcard SSL certificate:
  1. Fill in CF-60 Application for Host Computer Node/Sub-Domain Name by indicating the domain name and IP address and confirming the VM is hosting on ITS Cloud and SSL protection is required.
  2. Generate a self-signed certificate at the subscribed OS level (procedures can be found at the following reference sites):
  3. Fill in CF-163 Application for Vulnerability Scanning for IT Applications/Systems when the VM is ready for production. The SSL certificate will be made effective after the test is passed.
  • In case if a non-3-level domain name or separate standalone SSL certificate is necessary, please submit an order form to ITS via CF-36 for its purchase.

(G)Firewall Protection Policies

The default security rules applied on firewalls for newly subscribed ITS Cloud VM are:


Traffic types


OS based firewall:
ufw/iptables of Linux Server or Windows firewall of Windows server
(Controlled by VM owners)
External firewall:
(Controlled by ITS)
aWeb access (http/https)

Accessible from HKU network only

If it is necessary to open web access from the Internet, the VM owner can update the OS based firewall by themselves

bRemote login (SSH/SCP for Linux Server, RDP for Windows Server)Accessible from HKU network onlyBlocked and not allowed to open
cAny other TCP/UDP traffic with specific port

Follow OS default setting, blocked by default.

If it is necessary to open specific traffic from any IP subnet, the VM owner needs to update the OS based firewall by themselves

VM owner submits CF-164 to request to release specific ports at the external firewall



Multi-Factor Authentication

February 2024
February 2024

Mandatory for all staff accounts

May 2024
May 2024

Mandatory for all student accounts