eTRIKS Platform for bioinformatics ISGC 17/03/15 Pengfei Liu, CC-IN2P3/CNRS

Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted projects eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visualization module Security module Conclusion 7/3/20162

eTRIKS : European TRanslational Information and Knowledge management Services 7/3/20163 Oct-2012 – Sept M Euro 2B Euro Public Private Partnership

Objectives of eTRIKS project eTRIKS is a collaborative project focused on increasing the efficiency of translational research (TR) by: – Establishing a cloud based, flexible, scalable TR platform (eTRIKS platform). – Reducing the cost of TR data and Knowledge Management – Facilitating cross study analyses – Ensuring data confidentiality – Providing KM Services to support Private/Public projects in IMI 7/3/20164

Translational research 7/3/20165 Cohort of patients with diseases Goal: Combining Clinical observations and bioassay techniques to provide more efficient research of treatments Allowing cross-institute research WGS RNAseq Mass Spec Imaging RT Sensing Bioassays: measurements on genes, molecules, organs

Participants of eTRIKS project 7/3/20166 Data analysis tool Development (tranSMART) eTRIKS platform design and development Data curation eTRIKS platform Hosting

Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/20167

eTRIKS cloud 7/3/20168 Cloud based platform Quick provisioning Horizontal Scalability Resources utilization efficiency

eTRIKS cloud environment Hardware 2 controllers (PE R420) 6 hypervisors (PE R620) CPU: 128 core MEM: 768 GB 100 TB block storage (MD3220) 100 TB Database storage (MD3220) Software OpenStack (IceHouse) Ubuntu LTS (Trusty Tahr) 7/3/20169

eTRIKS cloud environment 7/3/ Physical host Virtual machines 1 Project = n VMs + 1 DB instance Database server User raw data DB Instance iSCSI Volume SSH gateway Curation ETL tranSMART worker(s) Project A Project B Project C Project D

Hosted projects Public server (Software as a service) Share public data for translational research. Open access : ( Abirisk (Platform as a service) Study on anti drug-immunization for biopharmaceutical products restricted access OncoTrack (Platform as a service) Identification of bio-marker for colon cancer. restricted access 7/3/201611

Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates in eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/201612

eTRIKS platform overview 7/3/ Data curation and storage End_User CC-IN2P3 Cloud Data analysis and visualization module Data_Curator Curation Server DataBase Data storage Volume Data storage Volume tranSMART Galaxy R R Platform_Admin

eTRIKS platform : security module Objectives: User and platform authenticity Data confidentiality Data integrity Security module: User management mechanism Authentication mechanism Authorization mechanism Logging mechanism 7/3/ Data curation and storage Data analysis module

Security module : Authenticity of platform and user Authenticity of eTRIKS platforms Certificate Public server Abirisk OncoTrack Collaboration tools Authenticity of user Login and password Public key infrastructure 7/3/201615

Security module: user registration and validation 7/3/ LDAP eTRIKS platform services (e.g. transmart, galaxy, etc.) eTRIKS platform services (e.g. transmart, galaxy, etc.) Project members HTTPs Ldaps User Resgistration ( User Resgistration ( Project CZAR HTTPs Admin DashBoard ( Admin DashBoard ( Ldaps HTTPs

Security module : authentication mechanism architecture 7/3/ Authentication Server (OpenLDAP) Authentication Server (OpenLDAP) Data analysis and visualization module SSH gateway End User HTTPs SSH Ldaps Data_curator, Platform_admin Admin DashBoard ( Admin DashBoard ( Ldaps HTTPs Project CZAR Data curation and storage Module Data curation and storage Module SSH

Security module : Authentication client Authentication client for VMs Linux Pluggable Authentication Modules (PAM) Authentication client for admin dashboard Java client developped by CC-IN2P3 (Java Naming Directory Interface). Authentication client for transmart Spring security ldap plugin Authentication client for Galaxy Apache Module mod_authnz_ldap 7/3/201618

7/3/2016 Security module : authorization mechanism architecture 19 Authorization Server eTRIKS platform services eTRIKS Portal Decision tranSMART DataBase Server DataBase Server Collaboration Tools Authorization Request Policy engine Security Policy Repository Authorization server Policy Repository stores policies in XACML (Policy specification language). Policy engine is implemented by using WSO2-IS. Accessible via https (restful web service).

7/3/2016 Security module: Logging mechanism 20 All critical actions which could corrupt critical data are logged into curation server and database servers locally. Targeted data Raw data (which is accessible via the curation server) Curated data (which is accessible via the database sever) Targeted actions Create Delete Modify Current logged messages Who executed the action When the action is executed

eTRIKS platform : Data curation and storage module Objectives: Data uploding Data storage Block storage (i.e. cinder) Database storage (i.e. postgresql) Data curation environment ETL tools (Kettle script over Pentaho) Access of block and Database storage Data curation and storage: Curation server Block storage Database storage 7/3/ Data curation and storage Data analysis module Security module Security module

Security Module Security Module Data curation and storage module 7/3/ tranSMART Galaxy tranSMART Galaxy SSH gateway End User HTTPs SSH Data_curator, Platform_admin Curation Server DataBase SSH Block storage SSH Raw data uploaded via SFTP to block storage (i.e. cinder volume) Data curation server Data curation tools (i.e. Pentaho data integration tool) Curated data are stored in a database server (i.e. Postgresql) Data analysis tools can access curated data via database server

Data analysis module Objectives: Translational research Easy to access and share data Data visualization Data analysis tool: tranSMART Galaxy R 7/3/ Data curation and storage Data analysis module Security module Security module

tranSMART 7/3/201624

Galaxy 7/3/201625

Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates in eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/201626

Conclusion eTRIKS platform Translational information and knowledge management Scalability Flexibility Security Easy to deploy on a private cloud 7/3/201627

Questions ? 7/3/201628

7/3/2016 Other points of eTRIKS security system 29 Encryption: All the communication between clients and eTRIKS platform are encrypted (i.e. Https, ssh, ldaps.). CC-IN2P3 provides possibilities to encrpt raw data for hosted project. Access control mechanism: Access control service is accessible via restful web service. Java client is provided Web interface for managing policy rules and policy combining algorithm

XACML policy specification language XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. 7/3/201630

XACML access request example … Foo … Admin … read … 7/3/201631