Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Ward Ward Presentation Transcript

  • Research Data Protection: An Overview of the VCUeRA System Jim Ward Director of Research Information Systems Office of Research
  • What Types of Data Protection?
    • Physical Protection
      • Physical access and environmental controls
    • Network Protection
      • Network attacks and threats
    • Application Protection
      • Authentication and Authorization
    • Hardware Protection
      • Hardware failures, backups and redundancy
  • Current Configuration
    • Office of Research currently manages eleven servers
      • Windows 2003 Server
    • The VCUeRA production system consists of four servers
      • Two Web servers
        • IIS (Internet Information Services) 6.0
      • Two Database servers
        • SQL Server 2000
        • Database size: 95GB (24 DVDs or 132 CDs)
  • Physical Security
    • Located at University Computer Center
      • Building and VCU Computer Center have 24 hour security and access
    • Require passwords at system console
    • Renamed administrator’s account
    • Disable guest accounts
  • Physical Security Cont.
    • Environmental Controls
      • Dedicated air conditioning and noise containment
    • Dedicated Power and UPS
      • All servers have redundant power supplies
      • Servers should be on a dedicated circuit
        • Multiple circuits are installed at Computer Center
      • UPS (Uninterruptable Power Supply)
        • Computer Center has a dedicate USP for entire center
  • Network Security
    • VLAN (Virtual Local Area Network)
      • Server VLAN
      • Desktop VLAN (SECNet)
      • Wireless VLAN
      • Residence Hall VLAN
    VCU Network Server VLAN Desktop VLAN Residence Hall VLAN Wireless VLAN
  • Network Security Cont.
    • Firewall – defines which ports the system is allowed to use
    Only allow Web access from anywhere Only allow web access from VCU address
    • Web Servers
      • Only allow access to http and https ports from anywhere
    • Database Servers
      • Only allow access to SQL port from web server
    • Implemented using two firewalls
      • Network based (controlled by VCU Network Services)
      • Server based (installed on server and controlled by OR IT staff)
  • Application Security
    • Secure HTTP (HTTPS)
      • A secure method for viewing web pages
      • Same technology as used by banks and other online commercial retailers
      • At VCU, a certificate must be issued and installed on each server yearly
        • A certificate is issued for https://vcuera.research.vcu.edu
    • Application Authentication
      • Process for determining user identity
      • VCUeRA uses VCU eID
  • Application Security Cont.
    • Application Authorization
      • Process by which user is granted access to specific area of the application
      • VCUeRA uses application roles
        • Access granted to a specific department or school requires department chair or school dean approval
        • Access to a entire module requires approval from the Vice President for Research
  • Hardware Failures
    • Disk Failures
      • RAID
      • Web servers use RAID 1
      • Database servers use RAID 5 with hot spare
    • Sever Log Monitoring
      • Software installed to monitor servers log (application, security, system log)
      • Sends e-mail notification when an error or warning is written to any server log
    • DELL Open Manage
      • Monitors server for dell specific hardware issues and writes error to server logs when error occurs
  • Backups
    • Backups of Servers
      • VCU has a dedicated VLAN for backups and requires using a second dedicated network card
      • Perform nightly incremental backups using Computer Center’s Tivoli Storage Management
    • Additional Database Backups
      • A full copy of the database is created each night on the server (takes about 15 minutes)
      • Every 20 minutes a copy of any database changes are copied to disk
      • These are backed up using Tivoli
  • Redundancy
    • Website
      • Two servers acting as one
      • If one fails, we can continue to function on other
    • Database
      • The files created from the changes backup are also copied to the second database server.
      • If a manual restore of the production database was required, it would take 8-10 hours.
        • 4-5 hours to restore the backup file from tape, plus
        • 4-5 hours to restore the database
      • Can restore in a little as 20 minutes
  • Additional Protections
    • Security Patches
      • Security patches are manually installed within 1 week of release from Microsoft
      • Usually installed after hours
    • Remote Access
      • On campus, use Remote Desktop for remote administration of servers
      • Off campus, a VPN (Virtual Private Network) session is required for all administrative functions
  • VCUeRA Configuration DB1 DB2 Web1 Web2 HTTP and HTTPS requests to Web1 and Web2 https://vcuera.research.vcu.edu VPN Server Remote administration of servers Tivoli Backup Management Data Copy Firewall
  • Future Plans
    • Perform yearly vulnerability scans by Technology Services
    • System Logs sent to Technology Services MARS system (Technology Services’ Monitoring, Analysis and Response System)
    • Move two servers to Computer Center’s hot site
      • Second web server
      • Backup database server
  • What does this mean for me?
    • Data needs to be protected with numerous layers of security
    • Make backups of your data and secure them
    • If you require a server or storage space, you should contact Technology Services at http://www.ucc.vcu.edu/
      • Provide storage space
      • Provide server support, maintenance, and security for dedicated servers at a cost of $100 per server per month
      • DO NOT install a server in your office
  • Inquisite
    • Accounts are distributed to departments
    • Annual fee of $800 per year per account
    • Department assigns an account administrator
      • Manage all surveys for account
      • Serve as primary contact for department regarding Inquisite
    • Investigators can request an account separate
      • Still need to designate an account administrator
      • Still required to pay $800 per year per account
      • More information can be found at http://www.ts.vcu.edu/faq/inquisite/