Security
Human Health Data#
The ABiMS Cluster is not authorized to host healthcare data.
L'ABiMS Cluster n'est pas habilité pour héberger des données de santé à caractère personnel (certification HDS).
Datacenter#
The ABiMS is hosted the Station Biologique de Roscoff (https://www.sb-roscoff.fr).
This center has security standards:
- Access is restricted
- Redundant power supply
- Reliable air conditioning system
- Fire protection
Network#
Network access is controlled and restricted by a firewall.
- All access protocols are encrypted.
- Cluster access protocol is SSH (or SFTP).
- Web access is done on HTTPS.
Authentication#
The ABiMS users are managed through a central directory (OpenLDAP).
The access is limited to authorized users.
The ABiMS Cluster supports password and public key authentication.
Users or IP with multiple wrong access can be banned.
Password must meet minimum requirements.
Some web services (usegalaxy.fr, community.france-bioinformatique.fr, etc) provide their own authentication method and accept anonymous connections.
Data access#
Data access (home directory or project directory) are granted using access-control list (ACL).
Access is managed by users or groups.
- A project is a group and a directory on the storage.
- A project can be shared.
- Each access on a project must be approved by the project owner.
Data access are not logged.
IT administrators (ABiMS Cluster team support) can access the data but only in cases of security or maintenance.
Backup#
ABiMS provides a backup on your project directory located in /shared/projects/
⚠️ To take advantage of this process, you have to follow some rules:
- Only the subdirectories
archive
,script
andfinalresult
are backed up. - You must place these subdirectories at the root of your project folder.
- Please be smart in your backups for our finances and the planet.
Example:
/shared/projects/<my_project>/
├── [...]
├── finalresult
├── script
├── archive
├── [...]
Snapshots#
ABiMS also provides snapshots for short term recovery of your data to protect against deletion by error.
Servers / Services#
All servers and services are deployed using Ansible (and configurations are under revision control).
Main infrastructure services are backed up.
Data encryption#
There is no encryption on the storage.
Availability#
This service is provided as an academic best effort, but without any warranty.
Monitoring#
IT Infrastructure is monitored and the ABiMS team is notified by email on each warning.
Contact#
ABiMS Cluster team : support.abims@sb-roscoff.fr