Policies

From Research Computing Center Wiki
Revision as of 11:43, 11 February 2013 by Derda (talk | contribs) (Created page with " ==Introduction to GACRC Policies== The following policies are subject to revision, especially as the GACRC grows in scope and services. Your comments and questions will be u...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction to GACRC Policies

The following policies are subject to revision, especially as the GACRC grows in scope and services. Your comments and questions will be useful to our policy formulation and refinement and are actively solicited (rcac@uga.edu).

The GACRC computational infrastructure, including its servers, clusters, data stores, and other related devices are for the exclusive use of authorized users only. Individuals using these computer systems without proper authority, or in excess of their authority, are subject to having all of their activities on these systems monitored and recorded by GACRC personnel. In the course of monitoring individuals improperly using these systems, or in the course of any system maintenance, the activities of authorized users may also be monitored.

Anyone using these systems expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of unauthorized activity, system personnel may provide the evidence of such monitoring to law enforcement officials.

Anyone using these systems expressly consents to abide by the policies of the University of Georgia and/or the Georgia Advanced Computing Resource Center and, accordingly, is subject to account termination and/or immediate disconnection from GACRC resources.


Definitions

Account

The collection of information related to an authorized user of resources, including resource usage statistics.

Active Account

An account belonging to a person currently authorized to access resources.

Home Directory

Disk storage space assigned to each user with an active account, used to store temporary or permanent files. At the GACRC, there is one and only one Home Directory per Active Account, regardless of the computational resource(s) used by the account holder.

Account Holder

The authorized person responsible for an Active Account.

Archive

A file which has been moved to offline or nearline storage because activity on the file has virtually ceased.


GACRC Resource Usage

The computational resources of the Georgia Advanced Computing Resource Center are to be used in direct support of research programs at the University of Georgia. Support is also provided for classes that teach computational methods, and provide training for high performance computing. The GACRC reserves the right to restrict access to its resources for course work if such work is deemed to present a negative impact to authorized research activities.

GACRC policies supplement UGA’s Policies on the Use of Computers, found at: http://eits.uga.edu/access_and_security/infosec/pols_regs/policies/aup


GACRC Eligibility and Access

Access to and use of the computing facilities managed by the Georgia Advanced Computing Resource Center are limited to persons affiliated with the University of Georgia and associated with research projects sponsored by UGA.

Direct affiliation in this context means faculty, staff and students of the University of Georgia. Faculty includes persons holding permanent or temporary appointments as well as adjunct faculty, instructors and visiting faculty while in residence at the University. It also includes those persons with faculty status such as research associates, research scientists, post-doctoral researchers and academic and service professionals. Staff includes all those non-faculty persons employed directly by the University in a research-support role. Graduate and undergraduate students who are members of faculty research labs are eligible for accounts as well.

For directly affiliated users, accounts on the GACRC computers will remain active as long as the researchers hold the above status. Access by researchers affiliated with the University of Georgia that do not meet the criteria above will be considered on a case-by-case basis, especially researchers not directly affiliated with the University of Georgia who are collaborating on research with researchers directly affiliated with UGA. Requests for access must be forwarded to the GACRC in such cases by a person directly affiliated with UGA.

For indirectly affiliated users, access will be granted for a fixed period of time, according to the expected length of the collaborative project, but no longer than one (1) year. Application for extensions will be considered.

Accounts will remain active no more than 30 days following a status change (i.e., leaving the university). Graduate instructional accounts will only remain active for the duration of the semester in which they are actually needed. Home directories will be archived for at least 90 days, but no longer than 180 days after an account becomes inactive.

Requests for access by individuals other than those listed above should first be directed to the Director of the Center using the form provided.


GACRC Identity Management

Below are described the procedures for validating the identity of account users.

Directly Affiliated Users

All directly affiliated persons wanting an account must apply for access to the GACRC using the instructions provided on the GACRC website (http://www.gacrc.uga.edu/accounts). The applicant must authenticate to the form using his/her MyID and password for identification. Upon acceptance of the application, the user will be notified via e-mail. The applicant’s UGA MyID in conjunction with the temporary password will be used to initially log into the requested GACRC resources . After initial login, a new password should be provided, as noted in the emailed instructions. Please note that the GACRC will NOT record a user’s MyID password or his/her Social Security number.

Indirectly Affiliated Users

Indirectly affiliated users must be sponsored by a directly affiliated user. The directly affiliated user must apply on behalf of the applicant by contacting the GACRC staff.

Protection of Passwords

An account holder must never divulge their login ID and password to a third party. Only authorized account holders may access the resources of the GACRC. If a third party is found to be using an account holder’s login with or without the permission of the account holder, the account holder’s access privileges may be revoked at the sole discretion of the GACRC Manager or Director.


GACRC Resource Allocation

High-Performance Storage Provisioning

Home File System

The home file system resides on a high-performance storage device and is used for long-term storage of files needed for analyses on the GACRC computing clusters. All users have a default 100GB home quota (i.e., maximum limit) on their home directory; however, justifiable requests for quotas up to 2TB can be made by contacting the GACRC IT Manager (currently Greg Derda: derda@uga.edu). Storage in the home directory to avoid archive storage fees is not a justifiable request. Requests for home quotas greater than 2TB must be submitted by the PI of a lab group, and approved by the GACRC advisory committee (via the IT Manager). Users may create lab directories for data that is shared by a lab group, but those directories count against the quota of the creating user. An example of this, for the “abclab” users, would be: /home/abclab/labdata. Home directories are backed up.

Scratch File System

The scratch file system resides on a high-performance storage device and is to be used for temporary storage of files in use by actively running jobs. Files are to be removed from scratch when the job(s) complete. Scratch space is not backed up.

The current scratch file system is mounted on the compute clusters as escratch. Researchers who need to use scratch space can type ‘make_escratch’ and a sub-directory will be created, and the user will be told the path to the sub-directory e.g., /escratch/jsmith_Oct_22. The life span of the directory will be one week longer than the longest duration queue, which is currently 30 days (i.e., life span = 37 days). At that time, the directory and its contents will be deleted. Users can create one escratch directory per day if needed.

Archive File System

There is an archive file system available for long-term storage of data that users don’t actively need in their home directories. It is subscribed to by a PI on behalf of his/her lab group, and is mounted on the compute cluster’s login nodes (not on the compute nodes) under oflow e.g., /oflow/abclab. There is a fee for this storage, which is currently $10 / 1TB / month, with the smallest increment being 500GB @ $5 / month. Contact the GACRC staff if you would like more information on this resource. Archived files are backed up.


Security

To minimize disruption of service, protect data integrity, conserve facility resources and maximize the effectiveness of staff support, the GACRC maintains strict security requirements for access to GACRC resources. Over time, the enforcement of these requirements will become increasingly strict, with the goal of preventing any access to the GACRC resources by any person or any device that is not in strict compliance with these requirements.

User-Managed Servers, Clusters, Networks and Desktop Computers

Operating Systems

Any computer accessing the GACRC for any purpose must meet minimum levels of operating system versions and update (patch) levels. The GACRC will, from time to time, publish these minimum requirements on its website.

Anti-Virus Software

Any computer accessing the GACRC for any purpose must meet minimum levels of anti-virus protection. Any computer used by an account holder must have anti-virus software from a source approved by the GACRC, must have that virus protection activated, and must have automatic updates activated for the anti-virus software.

Suspiciously Behaving Software

Any software that behaves in a suspicious manner may at any time be terminated and/or deleted from GACRC resources at the sole discretion of the GACRC’s system administrator(s), manager, director, or security staff.

Suspiciously Behaving Networks and Devices

Any connection from any device to the GACRC may be terminated at any time, if the device or the connection or a network to which the device is attached appears to be incompliant with the GACRC’s security requirements, seems to be behaving suspiciously, or if a threat emerges requiring termination for intrusion prevention at the sole discretion of the GACRC’s system administrator(s), manager, director, or security staff.

Account Holder Responsibility

The account holder is responsible for diligently monitoring and meeting the GACRC’s operating system, intrusion and virus protection standards. An account holder’s privileges to use GACRC facilities may be terminated by the GACRC Manager or Director at any time, without notice if, in the opinion of either, the account holder is reluctant or averse to practicing diligence in meeting the GACRC’s minimum requirements for intrusion and/or anti-viral protection.


Storing Sensitive Information on GACRC Resources

Sensitive, Private, or Classified Information

The GACRC does NOT currently warrant that its practices or facilities meet government-mandated requirements for the storage and protection of sensitive, private or classified information. Users may not store such information on GACRC facilities.

Intellectual Property

The GACRC strives to protect documents, code, and results data on behalf of account holders. However, the GACRC does not assume responsibility for unauthorized access or data loss due to human or system error.

Resolving Disagreements about Revocation of Privileges or Provisioning

If an account holder is denied a request for provisioning of GACRC resources or resource privileges are revoked, the user’s Department Head may appeal to the Vice President for Research. The decision of the Vice President for Research is final.


System Maintenance and Downtime

Planned Maintenance

From time to time, GACRC personnel will perform maintenance operations requiring system operations to be reduced or interrupted. The GACRC will schedule and publish planned outages at least 30 days in advance. Reductions in service which do not cause interruption of service may not be published. Job submissions that require the resource to be maintained will be held beginning twenty-four (24) hours before the planned outage of that resource. Any jobs which have been running less than 48 hours before the outage are subject to termination.

In the case where a job or jobs have been running more than 48 hours, the account holder who owns the job will be contacted. GACRC staff will attempt to facilitate the needs of the researcher, in such cases.

Unplanned Maintenance and System Outage

From time to time, hardware, software, and/or environmental factors may cause a system or subsystem to malfunction, causing disruption to service. Also, there may be circumstances or events related to possible security or intrusions which will cause GACRC staff to take systems offline while the nature of the apparent breach is analyzed and appropriate action is taken.

Whenever possible, account holders will be notified by e-mail of these outages in advance, but that may not always be possible. Account holders will be notified by e-mail if the disruption should last more than 30 minutes.

GACRC staff will strive to preserve the work and/or prevent disruption of jobs in process during such outages. However, there may be circumstances which cause disruption of jobs and loss of data. Users are encouraged to implement methods in their code which minimize the effect of unplanned interruption of a job’s execution, such as checkpoints.


Adding Department or Grant-Sponsored Resources to the GACRC

Researchers may benefit by adding resources sponsored by grants or departments to the GACRC. In many cases, the cost of doing so will be less than the researcher’s acquisition and maintenance of the resources within their own laboratory or group.

Usage Model

When a department or research project sponsors the addition of compute power, storage capacity, and/or software to the GACRC’s compliment of high performance computing resources, the project will have access to the resource capacities that they have sponsored, throughout the duration of the research project, or as agreed upon in a separate service level agreement. When the project could benefit from resources beyond those that the project sponsored, if those resources are available through the GACRC, they will be allocated to the project. When the resources sponsored by a project are not being used by the project, they will become available to other projects.

The project will benefit from the security, environmental, and system administration provided by the GACRC.

Usage Policy Enforcement

The GACRC strives to enforce this usage model through the use of resource management software. From time to time the software may not perform in accordance with the policy. Such events, when detected, should be reported to the GACRC system administrator or manager such that corrective action can be taken to prevent such events in the future.

Funding Model

During the grant design and writing process, GACRC staff, in collaboration with the Office of the Vice President for Research Office of Sponsored Programs, is available to assist in estimating the level of computing, storage, network bandwidth, software, and services required to meet the objectives of the proposed research project. GACRC staff will provide the cost of acquiring, installing, and maintaining the proposed resources (in compliance with the architectures of the GACRC as well as established best-practices) over the life of the grant. If the grant is awarded, the GACRC will acquire and implement the resources sponsored by the project using funds allocated for such purposes.

Retrieved from "https://wiki.gacrc.uga.edu/index.php?title=Policies&oldid=1245"