TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.

Slides:



Advertisements
Similar presentations
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Ljubomir Ivaniš CPU d.o.o.
Development on Nordic platform for sensitive biomedical data The Tryggve project Antti Pursula.
System Center 2012 R2 Overview
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
PlanetLab Operating System support* *a work in progress.
Accelerate Your Business RP IaaS (Infrastructure as a Service) IaaS.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Password?. Project CLASP: Common Login and Access rights across Services Plan
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE
Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms.
A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.
Tryggve project developing services for sensitive biomedical data: Call for Nordic use cases NeiC 2015 Conference Workshop on sensitive data Antti Pursula.
Copyright © 2005 VMware, Inc. All rights reserved. VMware Virtualization Phil Anthony Virtual Systems Engineer
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID:
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Virtual Desktop Infrastructure Solution Stack Cam Merrett – Demonstrator User device Connection Bandwidth Virtualisation Hardware Centralised desktops.
Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.
Risk assessment - TSD Gard Thomassen, PhD USIT, UIO.
Getting Started with Oracle Compute Cloud
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
Virtual Desktops and Flex CSU-Pueblo Joseph Campbell.
Barracuda Load Balancer Server Availability and Scalability.
Customized cloud platform for computing on your terms !
Services for Sensitive Research Data Gard Thomassen, PhD Head of Research Support Services Group Leader of the ”Services for Sensitive Data” project University.
Making the Internet a Better Place for Business NIST PKI Steering Committee March 14, 2002.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Live Migration Failover Clustering with Cluster Shared Volumes (CSV) Support for new Processor features Improved Performance Lower Power Costs Enhanced.
Nordic platform for sensitive biomedical data The Tryggve project Antti Pursula
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.
Simple to deploy, easy to manage Consistently rich experience, regardless of deployment model 1 Platform 1 Experience Pooled virtual machines Highest.
Lars Ailo Bongo NBS meeting Tromsø, Jan 23, 2016 NeLS Norwegian e-Infrastructure for Life Sciences Overview and recent developments
SQL Server 2012 Session: 1 Session: 4 SQL Azure Data Management Using Microsoft SQL Server.
TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.
Services for Sensitive Research Data Iozzi Maria Francesca, Group Leader & Nihal D. Perera, Senior Engineer Research Support Services Group ”Services for.
© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.
Brian Lauge Pedersen Senior DataCenter Technology Specialist Microsoft Danmark.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
E-Infrastructure for Sensitive biomedical data NeiC 2015 Conference Espoo, Finland Antti Pursula.
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
Accessing the VI-SEEM infrastructure
Bentley Systems, Incorporated
BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.
Building a Virtual Infrastructure
Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel
Managing Clouds with VMM
Zero Clients and Virtual Desktops in Academic Environments
The New Face of Information Retrieval: The Ankara University Open Access Platform Prof. Dr. Sekine Karakaş Prof. Dr. Doğan.
TSD Status and TSD API USIT
Connecting Remotely Winter 2014.
PerformanceBridge Application Suite and Practice 2.0 IT Specifications
06 | SQL Server and the Cloud
Presentation transcript:

TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information Technology (USIT) University of Oslo

Outline Sensitive Data TSD setup, solutions, demo, status and future How to get on board Some discussion topics Q&A

What is sensitive data? Norway : Personal Data Act §2, point 8 –race/ethnic data, political opinion, philosophical and religious beliefs, the fact that a person has been suspected of, charged with, indicted for or convicted a criminal act, health, sex life and trade-union membership

Who has sensitive data Almost everyone

TSD launch in Computerworld 16/5-14

Norsk KreftGenom Konsortium Sammenliknet med den hardware vi benyttet fram til overgangen til TSD, som vel kan karakteriseres som en middels brukbar tjenermaskin, med 64 kjerner, kan vi med TSD oppnå en teoretisk hastighetsforbedring på 30X. I tillegg til dette kommer at vi har opitmalisert vår analysepipeline, ved at vi har parallellisert flere trinn. Tidligere ville en sekvenseringsanalyse på 48 svulst/normal-par resultert i kjøringstid på to-tre måneder minimun. Vi kjørte nå denne uka på TSD det samme på to dager og noen timer. Altså forsiktig sagt en dramatisk forbedring. Prof Eivind Hovig, NCGC

Teknisk ukeblad & e24, 5/5-14

Uniforum

TSD Pilot

System requirements Security, isolation and access control as given by law Large storage capacity Multi tenant (multiple users) High performance computing (HPC) resource High bandwidth Easy to maintain and operate Easy to use and “practical” (also for audio and video) Some freedom within a confined user space Accessible from anywhere through proper mechanisms A variety of software and public data-sources must be available Windows and Linux support (server/host-side) Data collection services Data sharing services

Setup, solutions and status

System outline Gateway HPC - ColossusVM-server Storage Internet Secure encrypted network to special high volume data production sites 1 (project) 1 (storage area) n 1

TSD demo Check out the login help pages, all projects can use PCoIP and ssh+RDP to access windows from 15/8-15 Thinlinc (html5 based ) for access to linux machines in TSD will be enabled by August Help pages :

Data import and export using TSD File lock server Virtual file lock server Virtual project- server File lock HD Project HD TSD NFS mount 2 Data copied here by sftp (2-factor authentication) encrypted data if sensitive 1 4 3

Data collection using TSD “Nettskjema-minID” “Nettskjema-minID” Nettskjema homepage minID Project VM Project disk File lock Encrypted XML (PGP) TSD

Security details OATH TOTP 2-factor authentication –Smart phones or programmable hardware tokens –2-factor absolutely everywhere Import/export is under strict control No open connection to the internet All administration happens from the inside Strong separation between projects Hardened FreeBSD gateway and firewall Encrypted backup, one key per project Sys-admins are single users (traceability) Sys-admins have to use same authentication process

Homepage Risk evaluation etc : mer-om/systembeskrivelse/

Projects g/sensitiv/mer-om/kunder/

TSD status > 90 research projects > 350 users Secure storage (> 1 PiB on disk) Secure data analysis Linux or windows hosts (> 250 VMs) Secure import and export Web-based data harvesting HPC cluster (>1500 cores) Postgres DBs Video and sound display

Capabilities enabled by TSD Large scale NGS research on human genomes Large scale medical imaging studies Large scale studies with web-based data collection Cross border data-collection Off-site analysis of sensitive data Secure storage for verification of published research Electronic consent, soon Free storage from Norstore, soon free CPU?

Nordic collaboration opportunities Laws are fairly similar (Norway very strict) Difficult to exchange sensitive data for research One should learn from each other as these systems demands very special IT-knowledge Services development and system-administration know-how is non-sensitive and may be shared Building TSD addressed many novel security questions in a University setting to be learnt from Large DBs/registeries of health data may enable very interesting research in the future TSD is involved in the NeIC-based Tryggve project We are happy to collaborate!

Main collaborators on TSD Collaborators Norwegian Storage Infrastructure (NorStore) Norwegian Genetics Analysis Platform (GenAp) Norwegian Dietary Registry (Medical Faculty) Institute of Psychology (Faculty of Social Sciences) Norwegian Cancer Sequencing Consortium (NCGC) Reference group Oslo University Hospital, NorStore, Regional Ethical Committee, National Institute of Public Health, Norwegian Cancer Registry, Research Network at OUS, Elixir Norway, NCGC, GenAP, Institute of Psychology.

Future of TSD - main topics More on how to handle video and sound –harvesting –management –metadata –analysis Journal system for Psychologists (Univ of Umeå collaboration) Biobanks computing resource ? Thinlinc (August 2015) and PCoIP (15/8-15) VMware and VDI infrastructure for video Galaxy inside TSD Elixir helpdesk connected to TSD Hosting docker containers Invariant storage of research data (connected with Cristin ?) National eInfrastructure investment in TSD ??

Use of direct identification inside TSD Disclaimer / instruction : “Prosjektleder er ansvarlig for at man benytter direkte identifiserbare data så lite som overhodet mulig inne i TSD. Ved bruk av Nettskjema + minID/BankID skal personnummer vaskes bort og koplingsnøkkel lagres slik at den er tilgjengelig for så få prosjektdeltakere som mulig“ hjelp/secure-nettskjema/index.html

Unencrypted large datasets -> TSD Controlled end-end networks using ACL´s SFTP with 2-factor No open internet connections in any endpoint

PCoIP (encrypted and 2-factor) TSD then needs port 22 for sftp/ssh and port 4172 for TCP and UDP Directional control of c&p

Thinlinc Linux Remote Desktop protocol over html5 (https) with 2-factor authentication BSD firewall in front Same in principle as PCoIP setup : –“Login server” –“Connection broker” –“Virtual project machines / servers” –Can have directional control of c&p

Thanks to Project group / developers IT-dir Lars Oftedal Hans A. Eide Märtha Felton Reference group Administration / associated

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.