STORAGE AND BACKUP DURING THE RESEARCH PROCESS
How will data and metadata be stored and backed up during the research ?
The research data will be stored on the network access storage infrastructure provided by the IT department of the IGBMC. This storage is hosted on the certified regional data center managed by the Strasbourg university. It is based on a robust software based storage solution including data protection mecanism through erasure coding.
A local snapshot of the data is done daily and kept for 30 days. A replication of the storage infrastructure is done once a month on a remote location to protect the data in case of complete loss of the storage system (destruction, irrerversible failure, etc.). However the infrastructure hosting the replica of the data is not adapted for production use and is not able to replace the main storage system.
How will data security and protection of sensitive data be taken care during the research
In the event of an incident (accidental deletion or erasure of data), data can be recovered from the storage snapshots within 30 days. Access to snapshots doesn’t require the intervention of the IT department. In case of a major crash or destruction of the storage infrastructure, data can be restored by the IT department from a replica updated monthly.
The storage spaces are provided by the IGBMC IT department "per research project ". Each project space has a quota which is requested by the owner of the space at the time of its creation and which may change if necessary during the life of the project. Each space is also associated with a list of users authorized to read and write to it.
The storage space of our project will be accessible as follows:
- Through the SMB protocol on workstations (Windows, Mac, Linux) connected to IGBMC internal network or connected to the VPN (only certified workstations are alllowed on the IGBMC internal network).
- From the HPC cluster of the IGBMC
- Through the Globus network
Access to data is controlled through Unix rights and ACL. Each storage space is associated with a dedicated Unix group. All file created to the storage space have default access for the dedicated group. Only member of the dedicated group can read and modify data stored in the corresponding storage space.
The IGBMC IT department can add or remove internal or guest user from the dedicated Unix group by request of the storage space owner.
User authentication for workstation, HPC cluster or Globus is based on a centralised and secured LDAP directory.
There are no institutional data protection policies in place at IGBMC yet.