Sponsored Project Administration - SPA
UVM Data Management Information
The National Science Foundation (NSF), as well as many other funding agencies, frequently asks that proposals include information about how data generated from sponsored research activities will be managed, handled, and shared. Enterprise Technology Services (ETS) has prepared the following information about UVM data handling and storage to assist investigators in providing that information.
University of Vermont Data Management Information
ETS provides for the University a suite of central services that includes email, web publishing, traditional file and print services, and more. ETS staff have created a robust infrastructure to support physical, operational and security requirements of these critical services.
ETS maintains two Data Centers. Our primary Data Center is located off-campus, in South Burlington. This facility provides a high level of fault tolerance, through redundant power systems, redundant cooling, and replication of selective services between this site and our backup Data Center. The primary site hosts traditional physical servers, blade-style servers, and a large part of our VMware ESX virtual environment, as well as our High Performance Computing (HPC) cluster and our Storage Area Network. Authorized staff requiring physical access to the Data Centers must swipe their UVM ID and present their hand for a biometric scan. Two redundant, high-capacity fiber optic links connect the primary Data Center to the UVM campus.
The backup Data Center, located in on-campus, hosts a smaller set of services, including redundant instances of security services, a smaller VMware ESX virtual environment for high availability of some virtual resources, and some replicated storage. This site also hosts our enterprise backup service, EMC NetWorker, comprising a primary index server, numerous distributed storage nodes, a large-capacity robotic tape library and several large pools of disk-based backup storage. Some backup sets are cloned to tapes for archiving in a third secure location. These archived backup sets are retained for up to seven years, depending on policy requirements.
In both Data Centers, our Storage Area Network (SAN) provides robust, fault-tolerant data services, based on an IBM v7000 Storage Controller. This device aggregates and virtualizes storage spread across traditional disk arrays, and provides replication of sets of data between the data centers.
UVM’s incoming email gateway systems are physical hosts, running Linux, Sendmail, and Sophos’ PureMessage malware scanning. Mail then is routed to UVM’s email servers, also physical hosts running Linux and the Dovecot email server software. These systems, located in both data centers, are clustered, storing email data in a special shared file system, which is replicated between the two locations. Users access their email remotely through the IMAP protocol secured with SSL/TLS; they have no direct access to the mail servers.
The main web services are provided by physical hosts running Linux and the Apache web server software, which renders web pages and scripts that are stored on a distributed NFSv4 file service. The Apache web servers run as an unprivileged user, and can only render content to which the public has been granted read access. Alternatively, content can be protected with either a username/password pair controlled by apache, or by providing a University Netid and password via Kerberos/GSSAPI.
Traditional file services are provided in two ways. One service uses Samba to provide windows-like file services to all employees and students, as well as some specific departments. This data resides in the same distributed NFS file service that hosts web content. The other service provides Windows-based file services to employees, including individual file storage as well as shared departmental or workgroup storage (known as the “Shared Drive”).
UVM’s Windows-based file service is hosted on a Windows Server 2008 R2 virtual server running within the large VMware environment, with storage provided by the SAN. We control access to files and folders by granting access to Security Groups, or occasionally to specific user accounts. Some of the Security Groups are populated automatically based on information from our PeopleSoft systems. Other groups are created and maintained by server administrators or by authorized delegates within client departments.
and Windows fileservers and web content are protected by our enterprise
backup system. Users may initiate their own recovery of data from this
system on Linux systems. On the Windows file server, users may use the
Previous Versions facility to review or recover files within a three
week period. Server administrators may recover data on behalf of users
for a period of one year.
Last updated 10-10-11
Last modified October 10 2011 09:33 AM