Presentation is loading. Please wait.

Presentation is loading. Please wait.

TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.

Published byJustina Anderson Modified over 8 years ago

Similar presentations

Presentation on theme: "TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information."— Presentation transcript:

1 TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information Technology (USIT) University of Oslo

2 Outline Sensitive Data TSD setup, solutions, status and future Lessons learned How to get on board

3 What is sensitive data? Norway : Personal Data Act §2, point 8 –race/ethnic data, political opinion, philosophical and religious beliefs, the fact that a person has been suspected of, charged with, indicted for or convicted a criminal act, health, sex life and trade-union membership

4 Who has sensitive data Almost everyone

5 TSD launch in Computerworld 16/5-14

6 TSD Pilot 2009 - 2012

7 System requirements Security, isolation and access control as given by law Large storage capacity Multi tenant (multiple users) High performance computing (HPC) resource High bandwidth Easy to maintain and operate Easy to use and “practical” (also for audio and video) Some freedom within confined user space Accessible from anywhere through proper mechanisms A variety of software and public data-sources must be available Windows and Linux support (server/host-side) Data collection services Data sharing services

8 Setup, solutions and status

9 System outline Gateway HPC - ColossusVM-server Storage Internet Secure encrypted network to special high volume data production sites 1 (project) 1 (storage area) n 1

10 Using TSD VM U 1 S 1 S1S1 TSD disk VM U 2 S 1 GW User 1 Study 1 Colossus disk Colossus Front end Colossus User 2 Study 1 TSD S 1 DB SPSS Office Stata SAS R Matlab.... Libre Office R Module load...

11 Data import and export using TSD File lock server Virtual file lock server Virtual project- server File lock HD Project HD TSD NFS mount 2 Data copied here by sftp (2-factor authentication) encrypted data if sensitive 1 4 3

12 Data collection using TSD “Nettskjema-minID” “Nettskjema-minID” Nettskjema homepage minID Project VM Project disk File lock Encrypted XML (PGP) TSD

13 Security details OATH TOTP 2-factor authentication –Smart phones or programmable hardware tokens Import/export is under strict control No open connection to the internet All administration happens from the inside Strong separation between projects Hardened FreeBSD gateway and firewall Encrypted backup, one key per project Sys-admins are single users (traceability) Sys-admins have to use same authentication process

14 TSD status > 80 research projects > 350 users Secure storage (> 1 PiB on disk) Secure data analysis Linux or windows hosts (> 250 VMs) Secure import and export Web-based data harvesting HPC cluster (>1500 cores) Postgres DBs Video and sound display

15 Capabilities enabled by TSD Large scale NGS research on human genomes Large scale medical imaging studies Large scale studies with web-based data collection Off-site analysis of sensitive data Secure storage for verification of published research Electronic consent

16 Future of TSD - main topics How to handle video and sound –harvesting –management –metadata –analysis Journal system for Psychologists (Univ of Umeå collaboration) Biobanks VMware and VDI infrastructure Galaxy inside TSD Elixir helpdesk connected to TSD Hosting docker containers Invariant storage of research data National eInfrastructure investement in TSD

17 Lessons learned Design before you implement Do security assessment during all the time Brainstorm and discuss Test, document and implement in paralell You will have to redo things! Have a “Board of Changes” when in prod

18 How to get on board tsd-drift@usit.uio.no

19 Thanks to tsd-core@usit virt-core@usit storage-core@usit postgres-core@usit network-core@usit hpc-core@usit windows-core@usit unix-core@usit IT-security@usit Project group / developers IT-dir Lars Oftedal Hans A. Eide Märtha Felton Administration / associated

Download ppt "TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect www.NetComLearning.com.

What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Accelerate Your Business RP IaaS (Infrastructure as a Service) IaaS.

Accelerate Your Business RP IaaS (Infrastructure as a Service) IaaS.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms.

The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms.
Silicon Graphics, Inc. Poster Presented by: SGI Proprietary Technologies for Breakthrough Research Rosario Caltabiano North East Higher Education & Research.

Silicon Graphics, Inc. Poster Presented by: SGI Proprietary Technologies for Breakthrough Research Rosario Caltabiano North East Higher Education & Research.
DatacenterMicrosoft Azure Consistency Connectivity Code.

DatacenterMicrosoft Azure Consistency Connectivity Code.
Copyright © 2005 VMware, Inc. All rights reserved. VMware Virtualization Phil Anthony Virtual Systems Engineer

Copyright © 2005 VMware, Inc. All rights reserved. VMware Virtualization Phil Anthony Virtual Systems Engineer
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Virtual Machine Management

Virtual Machine Management
Virtual Desktop Infrastructure Solution Stack Cam Merrett – Demonstrator User device Connection Bandwidth Virtualisation Hardware Centralised desktops.

Virtual Desktop Infrastructure Solution Stack Cam Merrett – Demonstrator User device Connection Bandwidth Virtualisation Hardware Centralised desktops.
Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.

Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.
Risk assessment - TSD Gard Thomassen, PhD USIT, UIO.

Risk assessment - TSD Gard Thomassen, PhD USIT, UIO.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Similar presentations

Ads by Google