Working with your virtual desktop
Once a virtual desktop has been created, each CSC project member can securely access it from their browser.
Access virtual desktop
When you log in to SD Desktop Homepage, you will be able to access your virtual computing environment from:
-
Recent connections. Click on your desktop's image (visible only if recently accessed).
-
All connections. Click on + next to the CSC project ID (e.g.
project_NNNNN
): this allows you to visualize and access all the desktops associated with the project (desktopname-NNNNNNNNNN
) via a secure connection.
When you open the connection, a virtual computing environment (Linux CentOS operating system) will open in your browser. If you are accessing the virtual desktop for the first time, you will see the panel getting started, from which you can, for example, adjust the screen resolution.
You can work with the desktop like in a standard computing environment, accessing several pre-installed programs from the applications menu bar (top left corner). Examples include Open Office, image-viewing applications, video and audio players, Jupyter Notebooks etc. You can also open a terminal and use Linux from the command line. For more information on accessing R-Studio, please check the paragraph below.
Security-related features of SD Desktop include:
-
The computing environment (visible from your browser) is isolated from the internet. So you can, for example, open a Firefox web browser but not access any site online. At this moment, you will also not be able to access any repositories directly.
-
You can access or import files into the computing environment only using the Data Gateway application (see below for more information);
-
Unencrypted files are not visible via the SD Desktop service. You can access and visualize only encrypted files (uploaded to CSC using SD Connect or encrypted programmatically with the service's public encryption key).
-
The copy-paste function from your computer/laptop to the browser visualizing your secure desktop is entirely disabled for security reasons. However, you can use this function inside the virtual desktop.
-
Only files saved in the shared-directory or the external volume are accessible to all project members via the virtual desktop.
You can close the connection to your virtual desktop in two ways:
-
Log out from the desktop (in the workspace view, top right corner of the browser, select your username and log out). This will close all applications and disconnect the work session. You can access the same desktop anytime after logging in to the services.
-
If you initiated an analysis programmatically (running a script), you can close the browser window. This doesn't interfere with the processes running. Thus, when you reconnect to your desktop, all your tools and interfaces are still open and you can continue working. However, log out from the desktop once the analysis is finished. If you leave more than ten connections open, you will be unable to re-access the services.
Note
SD Desktop only supports ten simultaneous connections. You will be automatically logged out from the virtual desktop if a connection has been left accidentally active for two days.
Accessing RStudio
Open the terminal and launch RStudio with:
start-rstudio-server
This will return a URL and a service-specific password:
RStudio Server - Sensitive Data Desktop Edition
---------------------------------------------------------------------------------------
Copy/Paste this URL into Firefox:
http://localhost:8787/
-----------------------------------------------------------------------------------------
Enter these at the RStudio Server sign-in screen
----------------------------------------------------------------------------------------
Username: accountname Password: Example23241232
----------------------------------------------------------------------------------------
To stop RStudio Server: Ctrl+C
Next:
- paste the URL in Firefox
- after a few seconds, you can input the username and password (service-specific) and access the server.
Note
Only files saved in shared-directory or external volume are accessible to other project members using RStudio.
Accessing encrypted sensitive data within SD Desktop
As the virtual desktop is isolated from the internet, the only way to access data for analysis is by utilizing a specific application called Data Gateway.
This application will allow you to establish a secure connection with two other Sensitive Data Service components and:
- Access and analyze encrypted files directly uploaded via SD Connect by any of the project members
- Reuse published data under controlled access via the Sensitive Data (SD) Apply service.
Encrypted files are visible in read-only mode (similar to opening a PDF file or streaming a YouTube video). This solution allows you to process large amounts of data without storing additional copies on your virtual desktop.
Note
In SD Desktop, you can access only encrypted files. Accessing unencrypted data or files encrypted only with your public encryption key will result in an error.
Accessing encrypted data stored in SD Connect using Data Gateway
You can access encrypted data stored in SD Connect by following these steps:
-
Open Data Gateway (you can find the application on your desktop)
-
Select SD Connect
-
Add your CSC credentials (username and password). Note: we disabled the copy/paste options for security reasons; thus, you need to type in your password
-
Click on Login and next click on Continue
-
In the new window, under Create secure access click on Create. The application will create a secure connection with SD Connect, and a new folder called Projects will be accessible from your desktop or programmatically from the terminal. Next, click on Open folder.
You can directly access all the files stored in SD Connect in read-only mode from the project folder. The application will automatically decrypt them. The current streaming speed can be up to 50 MB/s.
Note
The Projects folder is available only when the Data Gateway application is open. Thus, Data Gateway needs to be open during data processing in streaming mode.
Importing data inside the desktop
If during the analysis phase you need to edit or annotate files, you make a full copy of it on your virtual desktop following these steps:
-
Access the files of interest in the Project folder using Data Gateway
-
Select the files from the Project folder, make a copy and paste it in the virtual desktop home directory (the files will be visible only from your browser) or in the shared folder (in this case, the files will be accessible also by all the CSC project members).
The files are automatically decrypted by the Data Gateway application during the copy/paste process and are directly available for analysis or editing.
Note
Your private workspace in SD Desktop is completely isolated from the internet for security reasons. However, you can use the procedure described above if you need to import specific scripts into your desktop (for example, from GitHub or other trusted repositories).
Accessing published data for reuse via SD Apply
Data Gateway can also be used to access data published under controlled access via other Sensitive Data Service components. To access a specific dataset for reuse on your virtual desktop, you must first apply for it using SD Apply service. When the data owner (or Data Access Committee) has granted you access, you can access the dataset in SD Desktop for a limited time.
You will encounter an error message if you still need to apply for access or if the access period has ended.
SD Apply is currently in the pilot phase. Don't hesitate to contact CSC Service Desk (subject: sensitive data) for more information.