Skip to content

Security

Human Health Data#

The IFB Core Cluster is not authorized to host healthcare data.

L'IFB Core Cluster n'est pas habilité pour héberger des données de santé à caractère personnel (certification HDS).

Datacenter#

The IFB Core Cluster is hosted by IDRIS (https://www.idris.fr/).

This center has high security standards:

  • Access is restricted and strictly controlled (closed zone, "Zone à Régime Restrictif"), including access control system, intrusion detection system, video surveillance and security guard
  • Redundant power supply
  • Reliable air conditioning system
  • Fire protection

Network#

Network access is controlled and restricted by a firewall.

  • All access protocols are encrypted.
  • Cluster access protocol is SSH (or SFTP).
  • Web access is done on HTTPS.

Authentication#

The IFB Core users are managed through a central directory (OpenLDAP).
The access is limited to authorized users.

The IFB Core Cluster supports password and public key authentication.

Users or IP with multiple wrong access can be banned.

Password must meet minimum requirements.

Some web services (usegalaxy.fr, community.france-bioinformatique.fr, etc) provide their own authentication method and accept anonymous connections.

Data access#

Data access (home directory or project directory) are granted using access-control list (ACL).

Access is managed by users or groups.

  • A project is a group and a directory on the storage.
  • A project can be shared.
  • Each access on a project must be approved by the project owner.

Data access are not logged.

IT administrators (IFB Core Cluster team support) can access the data but only in cases of security or maintenance.

Backup#

⚠️ There is no backup for the main storage.

Snapshots#

Some snapshots are available to protect against deletion by error but only one by day and for 5 days.

Servers / Services#

All servers and services are deployed using Ansible (and configurations are under revision control).
Main infrastructure services are backed up.

Data encryption#

There is no encryption on the storage.

Availability#

This service is provided as an academic best effort, but without any warranty.

Monitoring#

IT Infrastructure is monitored and the IFB Core team is notified by email on each warning.

Contact#

IFB Core Cluster team : contact-nncr-cluster@france-bioinformatique.fr