Child pages
  • IT Security (HPC)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleFile/Data Sharing guidelines

If you need or want to share your files/data with others, the following guidelines should be considered:

  • For long-term sharing, submit a service-now request for creation of a group folder.
  • All data in your HPC home directory will be archived (removed from HPC) after you leave JCU.
  • Principle of least privilege
    • Ensure you have authority to share. 
    • Share only what needs, and is safe, to be shared.
    • Submit a service-now request to create group(s) for sharing.
    • Sharing data as read-only incurs less risk than sharing read+write.
    • The more people you give access to, the more risk you incur.  Anyone with write access to your files can overwrite/delete them accidentally (or deliberately).


Expand
titleDesktop fileshares (decommissioning)

JCU TS staff are working to turn off all desktop file shares (SMB protocol).  Alternative options for researchers are:

  1. Many national/international research areas already have mature facilities/services for housing, protecting, and/or publishing your research data.  Ideally, these options should be your first choice.
  2. AARNet CloudStor provides a storage option that can be seen by a greater spread of personal computing devices than HPC.
  3. OneDrive provides up to 5TiB of storage to all JCU staff/students.  Like CloudStor, this option is compatible with a very large range of personal computing devices.
  4. Australian Research Data Commons (ARDC) will continue to provide resources for Australian researchers.
  5. Several researchers and HPC staff are involved in a trial of Mountain Duck software as a replacement for traditional file shares (to personal computing devices).  So far, all experiences have been positive, so this option is likely to be made available to anyone interested soon.
  6. Public cloud resources are definitely a good option - control of usage becomes extremely important in this case.

Using JCU's VPN service is the safest way to access HPC resources when not on a JCU campus.

Currently, there is a JCU firewall exception that allows you to connect to HPC login nodes by SSH from off-campus - this exception may be removed in future.

HPC systems are automatically patched and scheduled reboots will occur.  Generally speaking, HPC staff will try to avoid killing your jobs - but we may get directed to do work that will kill jobs/connections.


Expand
titleSoftware guidelines

JCU HPC houses over 2PiB of research data.  The price of backing up this amount of data is beyond our budget.  Only use software from trusted sources.
If the software you are wanting to use isn't already available on HPC, submit a service-now request to have the software installed.
If you are developing software, ensure that the source code is held in a version control system (e.g., github or bitbucket).
Note:  Many researchers choose to install software in personal directories.  JCU TS security staff have identified significant risk to such privileges - HPC staff may be directed to configure a NOEXEC setting on HPC user filesystems in future.  A sandpit-like environment will be made available for verifying safety of yet-to-be-trusted software if/when such a change is made.

...