Azure SRE Service – Data Stewards FAQ

Body

The Secure Research Enclave (SRE) is designed to meet the requirements of common use cases, such as the analysis of datasets that require approval for data movement into or out of the environment. These datasets often come with restrictions on visibility, storage, and access. The SRE model ensures remote access and controls data exfiltration, making it suitable for various use cases.

Roles

  • Data Owner or Data Steward: Responsible for the dataset's integrity, security, and lifecycle. They manage data movement by uploading to the external storage location, approving export requests, and downloading or sharing exported datasets.

Accessing your Secure Research Enclave

  • Launch the Microsoft Remote Desktop application, or download Microsoft Remote Desktop.
  • Select + Add -> Workspace from the application menu bar.
  • Enter your University of Pittsburgh Primary Email Address or enter https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery.
  • Click the ‘Subscribe’ button.
  • Authenticate with Microsoft via Pitt Passport.
  • Wait for the Workspaces view to refresh and for Research Enclave Access to appear.
  • Expand the Research Enclave Access workspace to reveal the Remote Desktop Connection.
  • Launch the Remote Desktop Connection.
  • Authenticate the RDP login popup using your Pitt Username and Password.
  • You will be authenticated and should see the SRE Data Science VM Login Screen.

Adding Research Data to the SRE Workspace

  • The SRE uses an external-facing Azure Storage Account as the ingress/egress point for datasets. This is configured as blob (object) storage, and datasets can be uploaded/downloaded using mechanisms like Globus, AzCopy CLI tool, and Azure Storage Explorer.
    • Upload data to the container named "ingest" on the storage account, which has external access enabled for the Data Steward Group using IAM.
    • More information on the Enterprise Data Transfer Service can be found on the Knowledge Base for Enterprise Data Transfer Service.
    • Azure Storage Explorer can be used for uploading data. It is available for Windows, Linux, and MacOS.

Approving Data Egress Requests

  • Researchers can request data export approval from the SRE Project Data Steward by copying/moving a file to a designated Storage Account Container.
  • Azure Data Factory will detect the file and notify the SRE Project Data Steward(s) via email, or the Data Steward can directly handle the export.
  • Refer to the SRE Project Charter for the directory structure. Copy the dataset to the appropriate directory and wait for Azure Data Factory to process it.
  • Use GLOBUS, Azure Storage Explorer or the Azure Portal to share or download the egressed files from the 'egress' container.

Managing Researchers

Groups and Permissions:

  • Assign roles and permissions within the SRE and the Data Science Virtual Machine file structure using the following groups:
    • SRE Project All Users
    • SRE Project Data Stewards
    • SRE Project Researchers
  • Groups are synced from the Central Directory Service (CDS). Contact the RC Admin for membership changes.

User Profiles:

  • Maintain user profile sizes within limits to prevent login issues.
  • If login issues occur, clear known cache folders from the user profile on the Data Science Virtual Machine.

Managing Software/Package Updates in the SRE

Software:

  • Software packages installed during onboarding may need updates. Download newer versions outside the SRE and move them into the environment using the Data Ingress Process. Install the software from the OS after ingress.

Packages:

  • Software applications may require updates to libraries or new libraries. Use the ingress process to move these libraries/packages into the SRE for installation.

Support - Getting Help

  • Question about the SRE Environment?
    • You might have questions about the SRE in the SRE Project Charter shared with the SRE Project Team during onboarding discussions with the SRE Service Team. Consult the SRE Project Charter for important pieces of information regarding the setup of the SRE Data Science VM and other resources configured in the environment.
    • All SRE Project inquiries can be submitted directly to the IT Help Desk by clicking the Request Help button on the upper right-hand corner of the Azure SRE Service page.

Details

Details

Article ID: 1883
Created
Mon 7/22/24 1:54 PM
Modified
Fri 1/24/25 3:37 PM

Related Services / Offerings

Related Services / Offerings (1)

Secure Research Enclave
RESEARCH DATA SERVICES The Azure Secure Research Enclave (SRE) is a specialized Cloud Compute Service Offering tailored to meet the unique needs of researchers in healthcare and related fields.