The Secure Research Environment (SRE) is a Cloud Computing Service Offering at the University of Pittsburgh, featuring a virtual environment designed to protect sensitive and restricted research data from misuse and unauthorized access. The SRE minimizes risk to the University and to the principal investigator of an unlawful exposure of sensitive data. A researcher simply opens a web browser, connects to their secure research environment, and sees the data and software that they need to perform research analyses. The data is saved in the Cloud-based infrastructure. There is no need to use the computing power of a local computer or to store data on a local machine. It is an analogous user experience to logging in remotely to a desktop computer, where a researcher sees a personalized screen that is familiar to them.
Frequently Asked Questions:
Who can get access to the SRE?
Any University of Pittsburgh account owner performing research at the University can gain access to an SRE using their PITT Username and Password.
What is the process to get access?
Generally, if a research team is using an SRE – you can request access with the assistance of the SRE Project Data Steward through your Department RC Admin.
When should a PI consider moving an existing project to SRE?
If you have an existing project, and this project is utilizing data governed by FERPA, GLBA, HIPAA, NIST, PCI, etc. and is not already in an approved, restricted environment.
Is training needed to use an SRE?
Formal training is not required. Using the SRE is as easy as using your own computer.
Why do I need to consider using an SRE?
The SRE is a virtual computing space specifically designed to secure sensitive data, such as PII and PHI, and intellectual property. PITT IT has built the SRE using the Microsoft Azure cloud computing infrastructure and is accessible via Azure Virtual Desktop. The Azure environment and selected tools do meet HIPAA’s standards for handling protected health information/patient data and other sensitive, personally identifiable data.
What analytical tools/applications are currently available in an SRE?
Software available within the SRE will depend on the intended use of the environment and determined through onboarding consultation. Example Data Science Virtual Machine configurations are made available through Microsoft.
Can I customize a VM, clone it and then duplicate it for multiple instances in my SRE?
Yes, it is possible to setup a VM and prepare it as an image for re-use. But certain steps must be taken to prepare for this during provisioning. You should indicate your intention to do this during onboarding.
Can I other Azure Services within the SRE workspace?
Possibly. Depending on the requirements for the Services or resources. You should indicate your interest in these Services during onboarding.
Can I connect to the Data Science VM using SSH?
Yes. Like the mechanism for accessing the Data Science VM through Remote Desktop, an SSH client (Putty, Command Line, e.g.) can be made available via the workspace on the SRE AVD Host.
Can the Virtual Machines in the SRE be operated on a schedule?
Yes. If you are interested in scheduling the Power On/Off actions to manage availability of the Virtual Machines in the SRE, more information can be found here on using Azure Start/StopV2.
What information is available on the Azure VM Series, Disk and Storage Account performance details?
Is there dynamic scaling capability with the Data Science VM?
No. Virtual Machines can be added to the SRE a fixed capacity (n VMs) and left powered off until needed.
How is compute and data storage configured for my Project?
SRE Research needs are discussed with an IT engineer who will consult with the PI as to the appropriate compute configuration and data storage needs required to support the project.
How long can I keep data in the SRE?
The data should reside in the SRE during the research project. After project completion, a cost-effective and secure approach to the data should be used, e.g., the data should be securely archived or deleted.
Are there more details about the security of the SRE?
User authentication is configured to the existing PITT Azure active directory tenant and active directory service.
Private network access is isolated from existing PITT networks.
All access to the secure enclave resources will be via endpoints in AVD.
Monitoring, logging and reporting will be via Azure Log Analytics Workspace in the SRE Environment.
Approved data is brought in and out of SRE Projects via an Honest Broker/Data Steward.
Approved data is brought in and out of SRE Projects via an Honest Broker/Data Steward.
All Platform as a Service (PaaS) services will be deployed with private endpoints and public access disabled except where required.
Defender for Cloud enabled. It scans for any suspicious activity or potential problems and takes action to prevent or address them, making your cloud environment more secure.