Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Spinup has been approved for hosting certain resources that have sensitive data (e.g. HIPAA, PHI, FERPA). These resources currently include:

  • Servers
    • Windows 2016 - CIS hardened
    • CentOS 7 - CIS hardened

When you create a new space you fill out a questionnaire to determine the risk level and type of data that will be hosted there. If the space is tagged as moderate or high risk you will need to accept the Spinup Security Agreement and will be able to create the above listed resources.

Windows 2016 - CIS hardened

This server image is pre-configured with Windows firewall and DUO multi-factor authentication.

CentOS 7 - CIS hardened

This server image is pre-configured with SELinux, iptables firewall, and DUO multi-factor authentication.

Important: Do not disable SELinux since you will not be able to SSH into the server if SELinux is disabled! If you permanently disable SELinux and you get logged out you will be permanently locked out of your server!


Using a Storage@Yale share on your secure server

You can request and mount a S@Y share on your Spinup secure server.

  • From the Spinup UI, request a S@Y share - this will open a ServiceNow ticket for the Storage team
  • You should get notified via e-mail once the share is ready (takes about a day)
  • You have to use CIFS (Samba) to mount the share on your server:
    • On Linux servers
      • Install cifs-utils
        sudo yum install -y cifs-utils
      • Mount the share using your AD credentials, e.g.
        sudo mount.cifs //storage.yale.edu/home/YXNAT-CC1000-SSPS-AHEF /mnt -v -o vers=3.0,domain=yale,username=netid
      • If you need to make it persistent and mount at boot time, you can add an entry to your /etc/fstab file
    • On Windows servers
      • Attach as you would a regular Windows share

Important: If you're using Docker on your Spinup server you may run into weird network problems when connecting to Storage @ Yale. This is because the storage uses IPs on the 172.18.0.0/16 subnet and docker by default tries to use that same subnet. You can check this by running ifconfig and inspecting the network interfaces that are in use - if any of them use 172.18 that's a problem. You can override the default behavior of Docker so it uses a different subnet.

  

  • No labels