Services for Sensitive Research Data

Iozzi Maria Francesca, Group Leader & Nihal D. Perera , Senior Engineer

Research Support Services Group”Services for Sensitive Data” University Center for Information Technology (USIT)University of Oslo

Outline

Part I• What is “Services for Sensitive Data”- TSD• Project background- “ How TSD was established”• Prerequisites for getting access to TSD• System outline• Access control • What type of services a project can get?

Part II • Demo & How-to

Gard Thomassen,TSD 2.0

Services for Sensitive Data - TSD

«Services for Sensitive Data» is an e-Infrastructure which provides a set of services to collect/register, to store and to analyze sensitive-data, in a highly secured enviroment.

Our services are recognized by : Norwegian Data protection Authority (DT) Regional Ethical Committee (REK) Norwegian Social Science Data Services (NSD)

Our services are designed to serve all the universities, high schools and other public research institutions in Norway.

Project background

Pilot project from 2009

Full scale project from 2012

In production from may 2014

Expanding and changing ...

Services TSD provides to researchers Information security, isolation and access control in compliance

with the directive on privacy and electronic communication

Large storage capacity (> 1 Petrabytes of Disk space)

High performance computing (HPC) resource (> 1500 cores)

High bandwidth

Accessible from anywhere in the world through proper mechanisms

A variety of software and databases

Data collection services (Nettskjema)

What are the prerequisites for getting access to TSD services ?

Data should be classified as sensistive-data

An formal approval from one of the following institutions:

The Norwegian Data protection Authoruty

Regional Committee for Medical and Health Research Ethics(REK)

National Social Science Data Service (NSD)

What is sensitive data?

Contracting & Pricing

Contracting means having a Data Handler Agreement and a TSD Usage Agreement between the data owner (the institution your project belongs to) and the service provider (UiO/USIT).

Prices are defined within the TSD Usage Agreement. The contracting depends on the institution the project belongs to.

Link: http://www.uio.no/tjenester/it/forskning/sensitiv/ta-i-bruk/index.html

Applying for a project (Register your project)

Before you can register your project, you should have obtained the formal approval from one of the above mentioned authorities.

Link: http://www.uio.no/tjenester/it/forskning/sensitiv/ta-i-bruk/index.html#toc5

Access control - two –factor authentication

Smartphones or programmable hardware tokens

OATH-TOTP 2-factor authentication

System outline

16

Gateway

HPC - ColossusVM-server

Storage

Internet

Secure encrypted network to special high volume data production sites

1 (project)

1 (storage area)

n 1

Gard Thomassen,TSD 2.0

Using TSD

VM U1 S1

S1

TSD disk

VM U2 S1

GWUser1 Study1

Colossus disk

Colossus

Front endColossusUser2 Study1

TSDS1 DB

Type of machines & services a project can get

A project can have Windows 2012 Server VM and/or a Linux Server VM

The VMs comes with a portfolio of software installed.

If requested each project get access to our HPC cluster – Colossus.

Each project gets their own virtual working enviroment in a dedicated VLAN/subnett.

A project can have many users

Data import & export facility in TSD

“Sluice HD”

“Sluice –server”

“Project–server”

Virtual “Sluice –

server”

Project HD

Data copied here by ssh + scp (2-factor authentication)Encrypted data if sensitive

1

2

3

4

TSD 2.0

Demo

Step1:Connect your laptop to the uio-guest network. Open a browser window and order a UiO-guest account (you need your mobil!)

Step2:Are you a linux user? https://login.tl.tsd.usit.no/

Are you a windows user? https://view.tsd.usit.no (you have to select the “Install VMWare Horizon Client”)

Demo

Step3:Download on your mobil the app: Google Authenticator (or FreeOTP for Android).

Open the App, select “configure” and then “scan barcode”The barcode is on the paper you received!

Step4:Use your username, password and OTP code to connect to TSD! Enjoy!

Outlook

Filesystem and directories structure

How to change the password

How to import/export file

How to set up nettskjema in TSD

How to submit jobs on Colossus Cluster

I have done a mess! What shall I do?

Filesystem and directories structure

Given that your project is pXX (here p77) there are:

Directories that visible to all the pXX-users pXX/data/durable (important stuff!) pXX/data/no-backup (not so important stuff!) pXX/data/colossus (hpc)

Private directories ( single user) pXX/home (exported to hpc)

Import and Export folders (all pXX-users) pXX/fx/import pXX/fx/export pXX/fx/15MC56NAUKWPN629/60044

(nettskjema) /shared/ read only to all! (data useful for everyone)

Filesystem and directories structure

Panic! Where are my directories????

How to change password?

Open a browser in TSD and type:

https://brukerinfo.tsd.usit.no

How to import/export files in/out TSD?

NB: you need to have file-transfer protocol on your local machine (either sftp or FileZilla or winSCP) to connect to the filelock: tsd-fx01.tsd.usit.no

Export:1) in TSD drop your file in the /tsd/pxx/fx/export folder 2) on your local machine, login to the filelock and pick up the file!

Import:1) on your local machine, login to the filelock and drop the file 2) in TSD pick up the file from /tsd/pxx/fx/import folder

Demo live of the file import.

How to import/export files in/out TSD?

Note of caution:

No files bigger then 1TB

No 100 files at the time. Better one tar-ball (or zip or 7zip)!

No special character in the file-names (norwegian characters etc)

Remove the file from the filelock once you have copied it!

Encrypt before transferring!

How to set up nettskjema in TSD?

You can use nettskjema to run web-based questionnaire. The sensitive answers will pop up magically in TSD!

Create your Nettskjema form (https://nettskjema.uio.no)

Get the Form ID

Inform us:

How to set up nettskjema in TSD?

... we need to do some magic to create for you the secret and public key pairs. Once we are ready:

Your nettskjema answers will appear in here:/tsd/pxx/fx/import/sns/SBHA5SJDKS8KW8/<FORM ID>/

The answers are encrypted. Use either Kleopatra or GPA (windows) or gpg (linux) to decrypt them.

The keys are stored in:/tsd/pxx/data/durable/pxxGPG/

With Kleopatra or GPA, you need to import the secret key at the first use:

How to set up nettskjema in TSD?

How to use Colossus (HPC)?

Your project needs to be configured in order to use Colossus resources (HPC) and must have a linux VM server

Connect to the linux server (https://login.tl.tsd.usit.no)

Open a terminal and write your sbatch script

Copy your data you want to compute on /tsd/pxx/data/colossus or /tsd/pxx/home/

Submit you script

How to use Colossus (HPC)?

Software on Colossus are synced with the Abel software portfolio

Max run on colossus: 30 days!

Colossus has hugemem nodes (16GB node)

Attention: you can submit a job 30 day 4 hugemem nodes but it will cost several thousand NOK!!!

You can increase your memory, but if max-mem > mem-per-cpu then you consume more CPUs (because you are allocating more CPUs)

Be smart! Tune properly your job scripts.

I have done a mess! What shall I do?

Have you deleted by mistake the entire data of the PhD thesis to be presented in one month?

Breath deeply and calm down....

Linux: cd /tsd/pxx/.snapshot/ here you find everything from teh last night!

Windows: ask us! We have the snapshot for you.

Get in contact with TSD

User Support: tsd-drift@usit.uio.no

Contracting Support: tsd-contract@usit.uio.no

…or in case of fire alarm:

Iozzi Maria Francesca, Group LeaderResearch Support Services Group”Services for Sensitive Data” m.f.iozzi@usit.uio.no

Enjoy TSD!