Sensitive Data Services for Research
Sensitive Data Services for Research (Open Beta) consists of two components:
- Sensitive Data Connect: a web user interface for storing and sharing sensitive data during the active phases of research projects
- Sensitive Data Desktop: a web user interface that provides access to a secure virtual computing environment ( or virtual Desktop). The Desktop is not connected to the internet. This enables secure computation and processing of sensitive data. All CSC project members and collaborators can access the same private Desktop. As data can't be exported from SD desktop, it can be used to provide a limited and restricted access to a specific dataset.
Sensitive Data Services have increased security, compared to the HPC (Puhti and Mahti) and general purpose cloud environments (cPouta and Rahti) of CSC. Thus data that can't be processed in these environments may still be processed in SD Services environment.
Sensitive Data Services are available for all CSC customers. To access CSC's services for sensitive data using MyCSC portal:
Create a user account
Create or join a CSC project and add project members
Fill in the Personal Data Handling form and agree with CSC Data Processing Agreement
Each project member needs to add service access to SD Desktop and to Allas (in case you want to use SD Connect, a user interface for CSC cloud storage solution called Allas)
Apply for billing units or disk quota
For specific guidance regarding these steps check the Accounts paragraph in the beginning of this user guide.
Quickstart: Processing sensitive data in your Desktop
This quickstart guides you through importing encrypted sensitive data in your private Desktop for data analysis.
Quickstart: Sharing sensitive data with SD Connect
This quickstart guides you through encryptting sensitive data with personal encryption keys for data sharing using SD Connect.
Allas: The general purpose data storage service of CSC. At the moment SD-connect is using Allas as a storage service and you can in practice consider Allas and SD Connect as just one service. However, ongoing development of SD connect is likely to make it diverge from the standard Allas service in the future.
Bucket/Container: In object storage systems the storage spaces into which files are stored are called in some tools as containers and in some tools as bukcets. These two terms refer to the same thing: the kind-of root directories in your storage area in Allas/SD Connect. The bucket/container name is visible to the internet. You can have multiple buckets in the same project (up to 500), but each bucket must have a name that is unique throughout the whole storage system (including other projects). By default the data in a bucket is accessible just to the project members. However you can grant access to other CSC projects or users with SD Connect.
CSC Project: Using CSC services is based on projets: all your data in CSC belong inside a project. You can belong to one or multiple projects. Each project has a main user, project manager, who can add members and services to the project. Project manager is responsible for the activities of the project. She for example needs to describe which type of sensitive data the project is processing.
SD Connect Account: It is the CSC project ID in Openstack, it is used to define the project with whom you share your containers in SD Connect. It is a synonym of CSC Project ID when using the command line tool. In the SD Connect user interface is displayed under User Information> Project usage and displayed as a series of 32 numbers and letters: e.g. AUTH_3a66dbf90b2940dc9c651362af595b23.
Virtual machine (VM): is a virtual computing environment which works like a real-physical computer. It has a processor, memory and operating system but it exists only as a code or a partition of the host computer. VMs used for the Sensitive Data Services currently support only Linux operating systems and are completely isolated from the internet for security reasons.
Virtual machine flavor (VM flavor): a flavor defines the resources and configurations of a cloud computing environment. It specifies the compute, memory, and storage capacity that can be assigned to the virtual machine.