The aim of TSD is to offer storage and processing of data in a secure environment. University IT infrastructure in general comes with a number of security measures already included, but the UiO network is open and all computers have official ip addresses and quite liberal access lists. To achieve a higher degree of security and to make working with control and risk management easier, we chose to disconnect from UiOs regular network and offer just a limited number of ways one can interact with the system.
All projects/user groups are hence issued with their own dedicated virtual network interconnecting any number of dedicated project servers (Windows and/or Linux).
Windows 2012 servers with SAS, Matlab, stat, R, and more.
Redhat 6.0 with Libre (open) Office and R.
All projects are issued with a basic amount of storage space which can be expanded if needed.
High performance computing
Projects can apply for access to the HPC cluster Colossus.
Backup is handled by UiOs regular backup system with the addition of encryption. The encryption key is only available on the dedicated terminal server with a copy stored in safes on two separate locations.
Data transfers to and from the services is handled by a special purpose file staging service and the project administrator controls access rights for all project members. By default all project members are able to transfer data in, but only the project administrator can do a data transfer out.
Connecting to the system is first done by accessing a login server via an encrypted SSH tunnel. From the login server users will connect to project VMs via PCoIP (Windows)/Thinlinc (Linux). The login procedure requires a one-time password that you get from a smartphone/yubikey.
The system is built on the idea that having a robust firewall around a system where one provides a full separation of the projects, is the best policy. A two-step authentication is needed to gain access to the system. Inside the system, every project has its own VLAN and its own virtual file system. This means that projects cannot find any information about any other project on the system.
For storage purposes we use a logically separated part of Astrastore (UiOs and Norstores storage resource). Encrypted backups are done in UiOs regular backup system and has a separate encryption key for each project. Use of PostgreSQL databases is also offered in TSD 2.0 and there is also a secure high performance computing resource, Colossus, available to the projects.
The solution is run on dedicated computers in a separate location in USITs machine room where only USITs operational personnel have access. To achieve complete separation of project environments running on the same hardware, we use RHEV KVM as a hypervisor. This means that a physical computer can be divided into several separate virtual computers which for all intents and purposes are working independently.
Maintenance and operational tasks
System maintenance and operational tasks are performed by personnel from the USIT operations group. All access demands two-step authentication. Operations are separately managed for this solution to ensure that the security cannot be compromised by a successful break in on any other operational server at UiO.
Project servers are presented to the user as a Windows or Linux terminal server with local storage. Cut/paste, mapping of disks and more, is turned off. All data transfers in and out of the system has to take place via the file staging service.
All access from external networks demands two-step authentication.
The computers are hardened more than normal.
All user management is done per environment. This means that the security does not depend on the users regular UiO account.
All changes in access rights is done with a written approval from the project administrator (in TSD 2.0 this can often be done in minID).
Dedicated storage, encrypted backups and encrypted communication is used.
Encryption keys are generated with a unique set of keys for each project/environment. These are stored on paper in a safe in two separate locations.
Data transfer in and out of the system is done via a special purpose file staging service.