Espri

Ensemble des Services pour la Recherche à l'IPSL

Security:

The technical infrastructure of the repository provides for protection of the facility and its data, products, services, and users

The technical infrastructure provides by construction a certain level of protection against the risks of data loss or service interruption due to hardware failures. As detailed in the Risk Analysis available in the DMP, this protection is guaranteed through redundant systems and data and server backups. In addition, ESPRI constantly monitors its hardware, network flows and services uptime through different systems like Nagios or Grafana. 

Depending on project requirements, ESPRI can draw up a risk management table with risks likelihood, severity and mitigation strategies, based on the analysis described in its Data Management Plan (for instance see Risk Management table made for the Copernicus C3S2_380 project in relevant links).

The ESPRI service level on a “best efforts” basis also applies to security level. In the case of outage, most of ESPRI staff is trained in basic system administration of the different services, one full time equivalent is dedicated to hardware administration and one full time equivalent is dedicated to network administration and security. The configuration of the IT infrastructure on three geographical distant sites allows the implementation of a continuity or recovery plan for the most critical services, thus guaranteeing an availability of data access services higher than 99%.

According to the criticality of the datasets, several levels of backup/archiving can be implemented: 

  • Daily replication to dedicated disk storage systems for data requiring quick restoration;
  • Daily replication to disk storage systems on two sites for the most critical data for which ESPRI provides primary storage;
  • A backup system on tape and virtual tape, based on two backup libraries of 128 slots each, with LTO-5, 6 and 7 drives, and on disk storage arrays.

For instance, unique and non-reproducible data produced by the SIRTA observatory at IPSL is mirrored on two sites of the ESPRI’s infrastructure and backed up daily on disk and archived on magnetic tape.

The security of Information System (IS) is ensured at different levels: 

  • At the repository level: the IS CNRS referent validates the installation of ESPRI systems against security alerts issued by the national CERT (listing the flaws identified in the software or risks of attacks). ESPRI servers that are open to the outside world for data distribution have read-only access to the storage spaces hosting the data. If the server is hacked, the data cannot be deleted or modified. 
  • At the IT department level: network firewalls (iptables, firewalld) or application firewalls (modsecurity, fail2ban) are used to filter network ports open to the outside world as well as to monitor network flows, with the ability to detect and block attacks.
  • At the national level: RENATER monitors the network flows and is able to quickly stop attacks and isolate the potential corrupted systems.

Finally, access to the servers on the internal network is restricted by the firewall. Only IT administrators are allowed to access server configuration: data users can only access data-related services. Similarly, SSH access to data requiring a restrictive embargo is limited to Linux user groups or Access Control Lists (ACLs). Access to private data through other protocols (HTTPS, FTP, GridFTP) requires authentication via Lightweight Directory Access Protocol (LDAP) for accounts managed internally by ESPRI or Identity Provider (OpenID) for accounts managed by the Earth System Grid federation (ESGF). Authentication and verification of identifiers are systematically ensured by the LDAP or the IdP: no password is recorded in the data distribution application. Data access permissions are managed at the access application level using directory-level ACLs.