Skip to content

Sensitive Data Services for Research

Introduction

Sensitive Data Services for Research provide CSC customers a secure cloud computing environment that can be used for processing sensitive data according to CSC policies and general terms of use. The services are currently released in Open Beta. To learn more about Sensitive Data services for Research and future developments check the Sensitive Data Services for Research webpage.

Sensitive Data Services for Research (Open Beta) consists of two components:

  • Sensitive Data Connect: a web user interface for storing and sharing sensitive data during the active phases of research projects
  • Sensitive Data Desktop: a web user interface that provides access to a secure virtual computing environment ( or virtual Desktop). The Desktop is not connected to the internet. This enables secure computation and processing of sensitive data. All CSC project members and collaborators can access the same private Desktop. As data can't be exported from SD desktop, it can be used to provide a limited and restricted access to a specific dataset.

Sensitive Data Services have increased security, compared to the HPC (Puhti and Mahti) and general purpose cloud environments (cPouta and Rahti) of CSC. Thus data that can't be processed in these environments may still be processed in SD Services environment.

Getting access

Sensitive Data Services are available for all CSC customers. To access CSC's services for sensitive data using MyCSC portal:

  1. Create a user account

  2. Create or join a CSC project and add project members

  3. Fill in the Personal Data Handling form and agree with CSC Data Processing Agreement

  4. Each project member needs to add service access to SD Desktop and to Allas (in case you want to use SD Connect, a user interface for CSC cloud storage solution called Allas)

  5. Apply for billing units or disk quota

For specific guidance regarding these steps check the Accounts paragraph in the beginning of this user guide.

Quickstart: Processing sensitive data in your Desktop

This quickstart guides you through importing encrypted sensitive data in your private Desktop for data analysis.

Processing

Quickstart: Sharing sensitive data with SD Connect

This quickstart guides you through encryptting sensitive data with personal encryption keys for data sharing using SD Connect.

Sharing

Useful terminology:

Allas: The general purpose data storage service of CSC. At the moment SD-connect is using Allas as a storage service and you can in practice consider Allas and SD Connect as just one service. However, ongoing development of SD connect is likely to make it diverge from the standard Allas service in the future.

Bucket/Container: In object storage systems the storage spaces into which files are stored are called in some tools as containers and in some tools as bukcets. These two terms refer to the same thing: the kind-of root directories in your storage area in Allas/SD Connect. The bucket/container name is visible to the internet. You can have multiple buckets in the same project (up to 500), but each bucket must have a name that is unique throughout the whole storage system (including other projects). By default the data in a bucket is accessible just to the project members. However you can grant access to other CSC projects or users with SD Connect.

CSC Project: Using CSC services is based on projets: all your data in CSC belong inside a project. You can belong to one or multiple projects. Each project has a main user, project manager, who can add members and services to the project. Project manager is responsible for the activities of the project. She for example needs to describe which type of sensitive data the project is processing.

SD Connect Account: It is the CSC project ID in Openstack, it is used to define the project with whom you share your containers in SD Connect. It is a synonym of CSC Project ID when using the command line tool. In the SD Connect user interface is displayed under User Information> Project usage and displayed as a series of 32 numbers and letters: e.g. AUTH_3a66dbf90b2940dc9c651362af595b23.

Virtual machine (VM): is a virtual computing environment which works like a real-physical computer. It has a processor, memory and operating system but it exists only as a code or a partition of the host computer. VMs used for the Sensitive Data Services currently support only Linux operating systems and are completely isolated from the internet for security reasons.

Virtual machine flavor (VM flavor): a flavor defines the resources and configurations of a cloud computing environment. It specifies the compute, memory, and storage capacity that can be assigned to the virtual machine.

Last edited Wed Sep 22 2021