• Like
Ward
Upcoming SlideShare
Loading in...5
×
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
187
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Research Data Protection: An Overview of the VCUeRA System Jim Ward Director of Research Information Systems Office of Research
  • 2. What Types of Data Protection?
    • Physical Protection
      • Physical access and environmental controls
    • Network Protection
      • Network attacks and threats
    • Application Protection
      • Authentication and Authorization
    • Hardware Protection
      • Hardware failures, backups and redundancy
  • 3. Current Configuration
    • Office of Research currently manages eleven servers
      • Windows 2003 Server
    • The VCUeRA production system consists of four servers
      • Two Web servers
        • IIS (Internet Information Services) 6.0
      • Two Database servers
        • SQL Server 2000
        • Database size: 95GB (24 DVDs or 132 CDs)
  • 4. Physical Security
    • Located at University Computer Center
      • Building and VCU Computer Center have 24 hour security and access
    • Require passwords at system console
    • Renamed administrator’s account
    • Disable guest accounts
  • 5. Physical Security Cont.
    • Environmental Controls
      • Dedicated air conditioning and noise containment
    • Dedicated Power and UPS
      • All servers have redundant power supplies
      • Servers should be on a dedicated circuit
        • Multiple circuits are installed at Computer Center
      • UPS (Uninterruptable Power Supply)
        • Computer Center has a dedicate USP for entire center
  • 6. Network Security
    • VLAN (Virtual Local Area Network)
      • Server VLAN
      • Desktop VLAN (SECNet)
      • Wireless VLAN
      • Residence Hall VLAN
    VCU Network Server VLAN Desktop VLAN Residence Hall VLAN Wireless VLAN
  • 7. Network Security Cont.
    • Firewall – defines which ports the system is allowed to use
    Only allow Web access from anywhere Only allow web access from VCU address
    • Web Servers
      • Only allow access to http and https ports from anywhere
    • Database Servers
      • Only allow access to SQL port from web server
    • Implemented using two firewalls
      • Network based (controlled by VCU Network Services)
      • Server based (installed on server and controlled by OR IT staff)
  • 8. Application Security
    • Secure HTTP (HTTPS)
      • A secure method for viewing web pages
      • Same technology as used by banks and other online commercial retailers
      • At VCU, a certificate must be issued and installed on each server yearly
        • A certificate is issued for https://vcuera.research.vcu.edu
    • Application Authentication
      • Process for determining user identity
      • VCUeRA uses VCU eID
  • 9. Application Security Cont.
    • Application Authorization
      • Process by which user is granted access to specific area of the application
      • VCUeRA uses application roles
        • Access granted to a specific department or school requires department chair or school dean approval
        • Access to a entire module requires approval from the Vice President for Research
  • 10. Hardware Failures
    • Disk Failures
      • RAID
      • Web servers use RAID 1
      • Database servers use RAID 5 with hot spare
    • Sever Log Monitoring
      • Software installed to monitor servers log (application, security, system log)
      • Sends e-mail notification when an error or warning is written to any server log
    • DELL Open Manage
      • Monitors server for dell specific hardware issues and writes error to server logs when error occurs
  • 11. Backups
    • Backups of Servers
      • VCU has a dedicated VLAN for backups and requires using a second dedicated network card
      • Perform nightly incremental backups using Computer Center’s Tivoli Storage Management
    • Additional Database Backups
      • A full copy of the database is created each night on the server (takes about 15 minutes)
      • Every 20 minutes a copy of any database changes are copied to disk
      • These are backed up using Tivoli
  • 12. Redundancy
    • Website
      • Two servers acting as one
      • If one fails, we can continue to function on other
    • Database
      • The files created from the changes backup are also copied to the second database server.
      • If a manual restore of the production database was required, it would take 8-10 hours.
        • 4-5 hours to restore the backup file from tape, plus
        • 4-5 hours to restore the database
      • Can restore in a little as 20 minutes
  • 13. Additional Protections
    • Security Patches
      • Security patches are manually installed within 1 week of release from Microsoft
      • Usually installed after hours
    • Remote Access
      • On campus, use Remote Desktop for remote administration of servers
      • Off campus, a VPN (Virtual Private Network) session is required for all administrative functions
  • 14. VCUeRA Configuration DB1 DB2 Web1 Web2 HTTP and HTTPS requests to Web1 and Web2 https://vcuera.research.vcu.edu VPN Server Remote administration of servers Tivoli Backup Management Data Copy Firewall
  • 15. Future Plans
    • Perform yearly vulnerability scans by Technology Services
    • System Logs sent to Technology Services MARS system (Technology Services’ Monitoring, Analysis and Response System)
    • Move two servers to Computer Center’s hot site
      • Second web server
      • Backup database server
  • 16. What does this mean for me?
    • Data needs to be protected with numerous layers of security
    • Make backups of your data and secure them
    • If you require a server or storage space, you should contact Technology Services at http://www.ucc.vcu.edu/
      • Provide storage space
      • Provide server support, maintenance, and security for dedicated servers at a cost of $100 per server per month
      • DO NOT install a server in your office
  • 17. Inquisite
    • Accounts are distributed to departments
    • Annual fee of $800 per year per account
    • Department assigns an account administrator
      • Manage all surveys for account
      • Serve as primary contact for department regarding Inquisite
    • Investigators can request an account separate
      • Still need to designate an account administrator
      • Still required to pay $800 per year per account
      • More information can be found at http://www.ts.vcu.edu/faq/inquisite/
  • 18. QUESTIONS?