Versions Compared

Old Version 8

changes.mady.by.user Tenyo Grozev

Saved on

compared with

New Version 9

changes.mady.by.user Tenyo Grozev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Spinup has been approved for hosting certain resources that have sensitive data (e.g. HIPAA, PHI, FERPA). These resources currently include:

  • Servers
    • Windows 2016 - CIS hardened
    • CentOS 7 - CIS hardened
    • Ubuntu 18.04 LTS - CIS hardened
  • Databases
    • Dedicated MySQL
    • Dedicated PostgreSQL
    • Dedicated SQL Server Standard Edition
  • Storage
    • Storage@Yale

When you create a new space you fill out a questionnaire to determine the risk level and type of data that will be hosted there. If the space is tagged as moderate or high risk you will need to accept the Spinup Security Agreement and will be able to create the above listed resources.

...

You can only expose web services running on port 443 (HTTPS) and you'll need to open port 443 in iptables and in your Spinup space firewall (from the Spinup UI).

Dedicated MySQL, PostgreSQL and

...

SQL Server databases

These databases run on the Amazon RDS platform and are pre-configured to have at-rest data encryption, centralized logging, and support for SSL connections.

...

  • From the Spinup UI, request a S@Y share - this will open a ServiceNow ticket for the Storage team
    • In the Configuration section make sure you check "This share will contain High Risk Data"
    • This will force the Permissions Model to "Base"
    • You need to use CIFS protocol to mount the share on Linux (NFS is not supported for secure shares)
  • Once you submit the request it will open a ServiceNow ticket that you can track via ServiceNow
    • You should get notified via e-mail once the share is ready (takes about a day)
  • When the share is ready you can mount it on your server:
    • On Linux servers
      • Install cifs-utils
        sudo yum install -y cifs-utils
      • Mount the share using your AD credentials, e.g.
        sudo mount.cifs //storage.yale.edu/home/YXNAT-CC1000-SSPS-AHEF /mnt -v -o vers=3.0,domain=yale,username=netid
      • If you need to make it persistent and mount at boot time, you can add an entry to your /etc/fstab file
    • On Windows servers
      • Attach as you would a regular Windows share

...