The Agenda for this meeting was:
10:30 – 10:35 Welcome from Chair
The initial address by Christine Kitchen outlined the format for the day (breakouts, feedback). There was a reminder about subscriptions, and updates on the Terms of Reference and the website.
10:35 – 10:55 Leeds’ HPC for Secure Data (Martin Callaghan)
See the presentation which will be attached here.
Other notes include:
- 11000 cores + more coming
- ISO27001 VM farm for Windows
- Four data type classification (w.r.t. security)
- Problems and solutions:
- ISO27001 complex for users and for admins to modify/update.
- Not Linux for secure data.
- Alces Flight – disposable isolated HPC clusters
- Kubernetes on Azure cloud
- Azure batch on Azure cloud
- Cloud needed to support security affordably, and a big departure for a ‘tin hugger’?
- Cloud: funding model challenges/changes (no longer free at the point of use?)
- Cliff Addison asked about Cyber Essentials. Leeds is working through this on user education issues.
- Cost effective for data that has to remain in the UK? Is cost the best metric? Well, it still needs to be taken into account. Requires working with researchers to examine the new landscape. Ongoing. Chris K: storage is an issue – UK and encryption of data becomes very expensive.
- Export controlled data? Not handled at Leeds, but is a secondary. Aaron gave a brief overview.
- Martin noted a secure safe rooms.
- Why not just do it on the cloud themselves? They can, and it’s not an issue. RC want to make it easy for people who don’t have the technical or governance skills. Cliff: there can be compliance issues and a central source is helpful for demonstrating compliance. Protects reputation of university and researchers
- Governance models: retained
- Why will it need to be chargeable: existing budget is fixed and spent for the next two years. Real cloud usage would be outside this. Costs need to be controlled. Jacky: is there a consultancy service to allow researchers to build costs into grant proposals? Martin: this will be coming. A need to be a realistic of costs, and value:cost issues, and the costs imposed on grant proposals.
- Andy Turner asked: beginning of the end of local hosting? Martin: probably not, but who knows. Chris: support staff are the important element, not the data centre.
Other questions: On sli.do to be answered
10:55 – 11:15 Managing Secure Data at Swansea (Simon Thompson)
The presentation will be available here.
Other notes include:
- 5PB medical imaging wales project
- CLIMB: related
- NLP and NHS free text data
- Federation: processing near data, as can’t securely move the data.
- Cloud and USA ownership?
- Data egress: human intensive, and not very scalable.
- Intrusion detection and data transport: SCP, SFTP, etc. Intrusion detection creates a lot of FP. Everything is logged, and algs being built to detect it.
- Data providence: Trust the data that is incoming to be setup to be ingested
- Audits cover automation, etc.
- SQL instances: need more explanation on this answer with respect to the answer.
- NHS regulations: actually helps as NHS is used to sharing data securely. It -is- risk averse, though.
- Use of blockchain: not yet, not can see much use.
- Patriot act concerns: all main vendors US owned and could take the data. This is an issue, but NHS Digital ok, provided you do the diligence. UK Cloud might be used (govt. Owned). Also UK data centres. Pricing? Cloud and cost of storage for 15 years compliance (10x the cost of on-premise).
- Will the federated model continue? This is being built now as a framework for late 2018, as a pilot. So federated assumed
11:15 – 11:35 Panel Discussion
Some topics discussed included:
- Patriot act + Brexit: Current framework relies on EU membership – will this break the use of US-based cloud providers? (Eduroam too). SSH + federated security for HPC. Different RCs have different requirements.
- What are the user requirements – system should prevent this? System admins: need secrity clearances. System admins being ‘owned’ by the team as reputational risk to the team doing the project.
- Is it trust or a ‘blame framework’? Simon: not blame.
- Different security levels? The tagging comes from the data provider.
- How is data that shouldn’t be there determined? This is hard to police sometimes. Some automation of this possible.
11:35 – 12:30 Breakout Sessions on the challenges of managing secure data with HPCs
There were lively discussions that continued over lunch.
13:30 – 14:30 Feedback from Groups
This was presented to the SIG, but not captured.
14:30 – 15:00 ‘Tell me what you want, what you really, really want !’ – Potential SIG Priorities.
Some topics discussed included:
- Supplier representation at HPC-SIG. Don’t need to be members – but could a subscription by vendors be used to do something useful (bursaries, etc.)
- How useful was the SIG for Hull? Personal contact, 2010 report very, very useful.
- Authority of advice and expertise is useful.
- Introductions – lack of was intentional – does that work or not.
- Bios on the web pages (links to LinkedIn or similar)? Some don’t like LinkedIn. Need to check with GDPR – or share some other profile? Can we link to LinkedIn according to the LinkedIn T&Cs?
- What is the purpose of the website – promote research, careers, resources. Drive traffic to it. But has to be a communal responsibility.
15:30 – 16:00 ‘Here are the results of the Norwegian jury !’ – Voting on the priority levels of identified SIG activities
This was conducted electronically.
The following questions were asked and responses received:
|Is there interest in a mentorship / buddy scheme?||86% Yes of 29 responding.|
|Is the slack channel useful?||70% Yes of 30 responding.|
|Should we be looking at other social media channels?(if yes, please provide suggestions to the SIG committee)||29% Yes of 28 responding.|
|Is there interest in promoting the diverse members with links back to webpages as well as a service synopsis (couple of paragraphs) to help new sites learn about the cores services/mission of the centres||100% Yes of 32 responding.|
|Is there interest in producing some impact case studies or a SIG Annual Report?||97% Yes of 31 responding.|
|Should the SIG have a dedicated session in future to promote achievements of early stage careers impact in service delivery? (Sponsorship via suppliers to provide prizes potential or using some of the subscription costs to provide this)?||90% Yes of 29 responding.|
|Should we open the membership to technical representatives from the Supplier Community (technology / software) under strict conditions (NO MARKETING! and no more than two reps per meeting) with two open sessions (supplier allowed) and two closed sessions (HEIs and current affiliated members) per annum?||44% Yes of 32 responding.|
|Membership fees: Do the current costs need revising?||67% Yes of 27 responding.|
|Is the current scheduling of meetings optimal (Start and End Times / Locations)?||100% of 27 responding.|
|Knowledge Exchange:Is there interest in creating an F.A.Q / Knowledge base to support the development of best practice across centres?||This was based on strongly disagree to strongly agree. Overall result 1.03 (agree) over 33 respondents. 3 disagreed, and 3 were neutral.|
|Is it possible to establish best practices and standardisation across the member sites?||71% Yes of 28 responding.|
|Can we identify a top 3 issues for the HPC-SIG to focus efforts on? (if so, we can provide post-it notes / paper at the back of the room for sites to produce the top issues and the three most frequently mentioned will be presented back to the SIG as the top 3 issues for us to focus on!)||Comments received included:
16:00 – 16:15 SIG Business and Close
There was no additional SIG business.