Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you are familiar with supercomputing on Sol or Agave/Phoenix, Aloe will feel quite similar. However, due to the security requirements and technological differences, there are several changes between general-use systems like Sol and HIPPA HIPAA complement systems like Aloe.

...

Aloe cannot send email notifications about jobs, such as when they start, end, or fail. Instead, Aloe will send Slack messages directly to you via a bot named “aloe-slurm-bot”. You will need to use the official ASU Slack to receive these notifications. To enable thisnotifications, add the following to your job script:

Code Block
#SBATCH --mail-type=ALL
Info

Note: MailUser will always be set to your ASURITE - you cannot change this value.

For general help with Slack, see the official ET Slack page: https://tech.asu.edu/slack

For help with the aloe-slurm-bot, submit a request at https://links.asu.edu/kesc-support.

Web Portal

The Aloe web portal is more restricted than Sol or Agave/Phoenix. For example:

  • Downloading files is restricted to using Globus

  • Uploading files is discouraged. See using Globus

  • The job composer has been disabled

  • The Active Jobs will only display your jobs regardless of the filter

  • There is no way to submit support tickets via the web portal. Instead, email asre-support@asu.edu A request can be submitted at https://links.asu.edu/kesc-support

Data Ingress and Egress

Sol and Agave/Phoenix have less restricted ways of transferring data, and allow for ease of sharing data between users in the same group.

In a HIPPA HIPAA environment, data movement and sharing are governed by strict policies to ensure no breach of confidential information. Per section 5 6 of the acceptable use policy Acceptable Use Policy:

Sensitive data (e.g., ePHI, PII, HIPAA, other restricted forms of data) must remain inside the KESC environment unless explicit permission to transfer data has been granted by the PI and a member of KESC Management.

If data is being sent to a subcontractor or other agent, additional contractual documents such as
a Data Use Agreement or Business Associate Agreement.

Data may only be transferred into or out of ASRE KE Secure Cloud using approved methods such as Globus, SFTP, and similar authenticated, authorized, and encrypted methods.

Because of this, downloading data from the Web Portal has been restricted.

Please see https://asurc.atlassian.net/wiki/spaces/ASREPUBLICKESC/pages/19090637561913290767/Data+Storage+and+Transfer for acceptable data transfer methods.

Additional information on transferring data can be found in the Data Management and Storage document.

If you have questions about how to move your data in or out of KESC, please contact asre-support@asu.edu submit a request at https://links.asu.edu/kesc-support.

Warning

If you suspect a data leak of PII leak has occurred, report it immediately to KESC staff!

...

Aloe uses NFS 4 with FACLs (File Access Control Lists) for all networked storage. This includes /home, /globus, /projects, and /rc/packages. These directory permissions may appear with as the owner or group as ke_ldap_app or domain users. The NFS FACL may not appear to translate to POSIX style permissions (ie. drwxrwx--- or mode 770) as one might expect. Regardless of what POSIX permissions say, the enforced permission permissions are of the NFS FACL. For an accurate view of the FACL permissions, use the command nfs4_getfacl

...

https://www.osc.edu/book/export/html/4523

https://linux.die.net/man/5/nfs4_acl

Warning

This is a secure environment and it should go without saying but do NOT set files or directories to be readable, writeable, executable, traversable, or in any other way accessed by another user. Home directory permissions are inherited by files, there should be no need to use chmod except for enabling a file to be executable or to further restrict permissions.

If you suspect a data leak of PII leak has occurred, report it immediately to KESC staff!

...