Upload
databaseguys
View
209
Download
2
Tags:
Embed Size (px)
Citation preview
Research Data Protection:An Overview of the VCUeRA SystemJim Ward
Director of Research Information Systems
Office of Research
What Types of Data Protection?• Physical Protection
• Physical access and environmental controls
• Network Protection• Network attacks and threats
• Application Protection• Authentication and Authorization
• Hardware Protection• Hardware failures, backups and redundancy
Current Configuration• Office of Research currently manages eleven
servers• Windows 2003 Server
• The VCUeRA production system consists of four servers• Two Web servers
• IIS (Internet Information Services) 6.0
• Two Database servers• SQL Server 2000• Database size: 95GB (24 DVDs or 132 CDs)
Physical Security• Located at University Computer Center
• Building and VCU Computer Center have 24 hour security and access
• Require passwords at system console
• Renamed administrator’s account
• Disable guest accounts
Physical Security Cont.• Environmental Controls
• Dedicated air conditioning and noise containment
• Dedicated Power and UPS• All servers have redundant power supplies• Servers should be on a dedicated circuit
• Multiple circuits are installed at Computer Center
• UPS (Uninterruptable Power Supply)• Computer Center has a dedicate USP for entire center
VCU Network
Network Security• VLAN (Virtual Local Area Network)
• Server VLAN• Desktop VLAN (SECNet)• Wireless VLAN• Residence Hall VLAN
Server VLAN Desktop VLAN
Residence Hall VLANWireless VLAN
Network Security Cont.• Firewall – defines which ports the system is
allowed to use
Only allowWeb accessfrom anywhere
Only allow webaccess from VCUaddress
• Web Servers• Only allow access to http and
https ports from anywhere• Database Servers
• Only allow access to SQL port from web server
• Implemented using two firewalls• Network based (controlled
by VCU Network Services)• Server based (installed on
server and controlled by OR IT staff)
Application Security• Secure HTTP (HTTPS)
• A secure method for viewing web pages• Same technology as used by banks and other
online commercial retailers• At VCU, a certificate must be issued and installed
on each server yearly• A certificate is issued for https://vcuera.research.vcu.edu
• Application Authentication• Process for determining user identity• VCUeRA uses VCU eID
Application Security Cont.• Application Authorization
• Process by which user is granted access to specific area of the application
• VCUeRA uses application roles• Access granted to a specific department or school requires
department chair or school dean approval• Access to a entire module requires approval from the Vice President
for Research
Hardware Failures• Disk Failures
• RAID• Web servers use RAID 1• Database servers use RAID 5 with hot spare
• Sever Log Monitoring• Software installed to monitor servers log (application,
security, system log)• Sends e-mail notification when an error or warning is written
to any server log• DELL Open Manage
• Monitors server for dell specific hardware issues and writes error to server logs when error occurs
Backups• Backups of Servers
• VCU has a dedicated VLAN for backups and requires using a second dedicated network card
• Perform nightly incremental backups using Computer Center’s Tivoli Storage Management
• Additional Database Backups• A full copy of the database is created each night on
the server (takes about 15 minutes)• Every 20 minutes a copy of any database changes
are copied to disk• These are backed up using Tivoli
Redundancy• Website
• Two servers acting as one• If one fails, we can continue to function on other
• Database• The files created from the changes backup are also
copied to the second database server.• If a manual restore of the production database was
required, it would take 8-10 hours.• 4-5 hours to restore the backup file from tape, plus• 4-5 hours to restore the database
• Can restore in a little as 20 minutes
Additional Protections• Security Patches
• Security patches are manually installed within 1 week of release from Microsoft
• Usually installed after hours
• Remote Access• On campus, use Remote Desktop for remote
administration of servers• Off campus, a VPN (Virtual Private Network)
session is required for all administrative functions
VCUeRA Configuration
DB1
DB2
Web1
Web2
HTTP and HTTPS requests to Web1 and Web2
https://vcuera.research.vcu.edu
VPN Server
Remote administrationof servers
Tivoli Backup Management
DataCopy
Firewall
Future Plans• Perform yearly vulnerability scans by
Technology Services
• System Logs sent to Technology Services MARS system (Technology Services’ Monitoring, Analysis and Response System)
• Move two servers to Computer Center’s hot site• Second web server• Backup database server
What does this mean for me?• Data needs to be protected with numerous
layers of security
• Make backups of your data and secure them
• If you require a server or storage space, you should contact Technology Services at http://www.ucc.vcu.edu/• Provide storage space• Provide server support, maintenance, and security
for dedicated servers at a cost of $100 per server per month
• DO NOT install a server in your office
Inquisite• Accounts are distributed to departments
• Annual fee of $800 per year per account
• Department assigns an account administrator• Manage all surveys for account• Serve as primary contact for department regarding
Inquisite
• Investigators can request an account separate• Still need to designate an account administrator• Still required to pay $800 per year per account• More information can be found at
http://www.ts.vcu.edu/faq/inquisite/
QUESTIONS?