REED+ Ecosystem
Table of Contents
REED+ Overview
REED+ Secured Research is Purdue’s ecosystem for sensitive research data. REED+ gives Purdue researchers the ability to meet compliance for their research data. As a managed research ecosystem with sufficient storage, high speed computing capability, and security, REED+ strives to efficiently and cost effectively handle Purdue’s controlled research data and processing needs in a manner compliant with the highest level of cybersecurity applicable to unclassified data possessed by Purdue University and Purdue University researchers. Development of the REED+ ecosystem is supported by the National Science Foundation under Grant No. 1840043.
REED+ helps researchers meet compliance for their HIPAA, FERPA, ITAR, and EAR data needs. With the security set in place, researchers can feel at ease knowing their data is meeting compliance without the hassle of figuring it all out on their own. This also allows Purdue to undertake research opportunities that wouldn’t otherwise be possible.
Community cluster supercomputers are available to Purdue researchers. Each HPC system has specific data types or contract obligations for which it is appropriate.
All Community Clusters
Pros
- Accessible anywhere with an internet connection without a VPN.
- Collaborators can easily be added and removed from projects as needed.
- Approved for fundamental research and export controlled data subject to EAR regulations.
Cons
- Not authorized for HIPAA or export control (ITAR, CUI) data
Weber
Pros
- Requires CUI VPN to connect
- Collaborators can easily be added and removed from projects as needed by export control office.
- Approved for data subject to ITAR and Controlled Unclassified Information (CUI).
Cons
- -
Negishi
Pros
- Negishi has all of the pros as other community cluster systems
- Negishi provides data storage for data subject to the NIH's controlled access policies, including data from the database of Genotypes and Phenotypes (dbGaP).
Cons
- Negishi has all of the cons as other community cluster systems
Box Secure Storage
Pros
- Accessible anywhere with an internet connection without a VPN.
- Collaborators can easily be added and removed from projects as needed.
- File versioning allows for files to be rolled back to previous versions quickly and easily.
- Approved for HIPAA, FERPA, and NIST 800-171 data storage.
Cons
- Maximum file upload size of 15 GB.
- Data not housed within University servers.
- Maintenance and vulnerability patching are outside of the control of the University.
Where Box would be the ideal storage solution
- If your project is working with restricted or sensitive data (i.e. HIPAA, NIST 800-171, FERPA) and the majority of your data is stored in separate, smaller files.
- If a project will often require a user to access data from different machines or from an off campus location over the course of the project.
- If a project will require document sharing with collaborators from many different institutions, or if multiple institutions will be working jointly on a single project.
Data Depot
Pros
- Data is housed on University managed servers.
- Data Redundancy.
- No maximum file upload size.
- Integrated with community clusters.
Cons
- Not approved for storage of most controlled data, including HIPAA, ITAR, and NIST 800-171.
- Requires university network connection, either physical or over VPN.
- Affected by university-wide disruptions (i.e. power outages).
Where Data Depot would be the ideal storage solution
- If a research lab needs large amounts of storage space quickly, especially when using community clusters for research, and will rarely need to access data from off campus.
- If a research project will need to store files greater than 15 GB in size and maintain quick access to those files over the course of the project.
Fortress
Pros
- Data is housed locally at Purdue.
- Data is stored both in a local cache for small and recently opened files, and on robotic tape permanently.
- There is no storage quota in Fortress, monthly usage is emailed to users.
- Two copies of each file are stored in two separate locations to protect from data loss due to hardware failure.
Cons
- Accidentally deleted files cannot be recovered once they are deleted.
- Firewall rules must be changed to allow connections from specific hosts before data can be accessed.
- Fortress does not automatically switch between copies if the primary copy cannot be accessed. The researcher will need to contact RCAC to gain access to the secondary copy.
- Scheduled maintenance on the first Wednesday of each month from 8am to 12pm.
- Not approved to hold most controlled data, including HIPAA, FERPA, ITAR, NIST 800-171, and CUI.
- If a researcher needs to store a large amount of unclassified data for an extended period of time and will be accessing data from university machines throughout the project.
- If a researcher will be working with Data Depot already and needs a long-term storage area for large files—a Fortress group storage space is automatically created when any Data Depot research group space is created.
Security Level | Example Data Types | Cloud | On Premises |
---|---|---|---|
Level 1 Fundamental Research |
Published and shared broadly | Personal Box L1 & L2 Box AWS |
PURR Data Depot / Fortress / Isilon Community Clusters Workbench Science Gateways |
Level 2 Sensitive Research |
Non-Personal Data (De-identified data) |
Personal Box L1 & L2 Box AWS |
PURR Data Depot / Fortress / Isilon Community Clusters Workbench Science Gateways |
Level 3 Restricted Research |
Health Data Student Data |
Lab or Departmental Storage L3 Box (HIPAA/PHI) |
Encrypted Hard Drives HIPAA Aligned Science Gateways |
Level 4 Export Control Research |
Government Regulated Technology Defense non-Classified related Data |
Office 365 GCC High (Luna) Weber |
- PURR
https://purr.purdue.edu/ - Data Depot
https://www.rcac.purdue.edu/storage/depot - Fortress
https://www.rcac.purdue.edu/storage/fortress - Isilon
https://guides.lib.purdue.edu/DataStorage/DepartmentalSharedStorage - Community Cluster
https://www.rcac.purdue.edu/services/communityclusters - Workbench
https://www.rcac.purdue.edu/compute/workbench - Science Gateways
https://www.rcac.purdue.edu/services/software
Based on the project proposal given by the PI, SPS will help the PI set dates and deadlines for project parts such as a data security plan, review and secure budget approval prior to submitting the finalized proposal to the granting agency. Working with SPS, the PI will be guided in communicating their data needs with RCAC and ITSP to complete a data security plan that fulfills their needs. After completing the data security plan and funding has been granted, researchers will complete the necessary training, and receive access to their controlled environment.
- HIPAA
HIPAA stands for the Health Insurance Portability Accountability Act and includes personally identifiable information regarding patient medical care and records. For more information on HIPAA, visit https://www.hhs.gov/hipaa/for-professionals/index.html - FERPA
FERPA stands for the Family Educational Rights and Privacy Act and includes personally identifiable information regarding students. For more information on FERPA, visit https://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html - ITAR
ITAR stands for International Traffic in Arms Regulations and includes defense and military related technologies. For more information on ITAR, visit https://pmddtc.state.gov - EAR
EAR stands for Export Administration Regulations and includes data that is not, but has the potential for military use. For more information on EAR, visit https://www.ecfr.gov - CUI
CUI stands for Controlled Unclassified Information and includes data for the federal government that is not classified. For more information on CUI, visit https://csrc.nist.gov/Projects/protecting-controlled-unclassified-information
- SPS (Sponsored Program Services)
https://www.purdue.edu/business/sps/ - IRB (Institutional Review Board)
https://www.irb.purdue.edu/ - ITSP (Information Technology Secure Purdue)
https://www.purdue.edu/securepurdue/ - ITSP Data Handling Policy
https://www.purdue.edu/securepurdue/data-handling/index.php#Sensitive - RCAC (Rosen Center for Advanced Computing)
https://www.rcac.purdue.edu/ - IA / ECO (Information Assurance / Export Control Office)
https://www.purdue.edu/research/regulatory-affairs/export-controls-and-research-information-assurance/