How to conduct research project management in tiCrypt?

Summary

This checklist addresses Project Investigators with sub-admin roles who manage research projects using tiCrypt.

Sub-admins can execute research projects in two ways:

• Research Teams Not Utilizing Project Tags: Open project with no restrictions. Requires only membership to join.
• Research Teams Utilizing Project Tags: Tagged project with security levels and requirements. Requires membership and user certificates to join.

Glossary

• Team: An access-controlled collection of users with similar interests commonly using a set of memory and hard disk resources.
• VM: A Virtual Machine is a digital version of a physical computer that emulates all actions of a real machine in a virtual environment.
• VM Configuration: A configuration acting as an access gateway for a tiCrypt user to a virtual machine.
• Project: A tiCrypt access-controlled entity that sets files/directories apart as classified.
• Subproject: A child project of a main project with similar properties.
• Project Tag: A label that classifies a tiCrypt file/directory and imposes access restrictions via project membership and security requirements.
• Project Membership: Proof of access to an active project as a member or manager with or without restrictions.
• Security Requirement: A required condition to fulfill a project security level.
• Security Level: A layer of security made of one or more security requirements granting project access.
• User Certification: Proof of compliance with one or more security requirements with or without an expiration date.
• Open Overlay: A master menu containing multiple sections and commands related to projects.
• VM Hardware Setup: An organized hardware assembly containing a Libvirt Image, cores, memory, and devices associated with a team or user that serves the virtual machine's physical space.
• VM Profiles: A managed group of VM users with the same VM permissions. (used for quick stamping when multiple VM users need the same permissions).
• Default Certification Lifespan: The minimum number of days/years for a project member to have their membership certification active in a project.
• Maximum Certification Lifespan: The maximum number of days/years for a project member to have their membership certification active in a project.
• Risk Assessment ID: A text serving tagging purposes when filtering teams in the management tab.

info

If your research team still needs to be registered in tiCrypt, we recommend you read** the Onboard new users article.

1. Research Teams Not Utilizing Project Tags

You will execute the following actions to set up an Unlocked Project for your research team.

Before setting up the project, you should create a new team where you will add the users who will be part of the research project. The team will allow you to track the resource quota of the project and let the project members know each other.

Already have a team?

If you already have a team with members for the project, you can skip the next two steps and go to "Create a New Unlocked Project via Vault" section.

Create a New Team for Project

• Navigate to the tab in the teams section.
• Click the Create new team in the top right.
• In the prompt, type a name for your team.
• Optionally, type a short team description including the project name.
• Click .

note

You do not need to write anything in the Risk assessment ID field. This option serves management purposes in large projects.

Add Members to the Team for Project

To add & manage team members navigate to the tab in the Teams section.

• Select the team you want to add members to.
• Click the Add/Manage Members button in the top right.
• In the prompt, type the user name(s) you want to add to the team.
• Click on the right.
• View the added team member in the list below.
• Click .

Create a New Unlocked Project via Vault

• Navigate to the tab in the projects section on the top right.
• Click the "Create top-level project" to create a new project.
• In the prompt, type the project's tag, tag color, and the project name.
• Optionally, type a short description.
• Optionally, type the PI's name.
• Click .
• Re-login to view the changes.

note

For this workflow, do not write anything in the security level field. Adding a security level to the project will require members to have user certifications for access.

Add Users to Project via Management

• Navigate to the tab in the projects section.
• Select the project you want to add a member(s) to.
• Click the "Add member(s)" option.
• In the prompt, type the name of the users you want to add to the project.
• Select their role in the project.
• Select the project restrictions.
• Select whether or not to update members' expiration and role in the project.
• Click .

note

For this workflow, do not write anything in the membership expiration unless required by the management policy.

Create a Virtual Machine & Drive for unlocked Project

To Do

Before setting up a VM & Drive for your unlocked project, you should have the name of the Hardware Set Up, the drive capacity, drive format, and whether or not the drive will be backed up for the project from your admin.

• Navigate to the tab in the section.
• Click the Create configuration in the top center.

In the prompt.

• Type the name of the new configuration.
• Type the name of the team for the project.
• Optionally, type a description, including the project name.
• Set the project on unlocked.

Next.

• Select a hardware setup available from your admin for project purposes.

Next.

• Click the button on the right.
  • Alternatively, add an existing drive.
• In the prompt, type the name of the drive you want to create for the configuration.
  • Verify that the team for the project is selected.
  • Set realm to Libvirt.
  • Select the estimated drive capacity for your project.
  • Select the drive format based on your operating system.
  • Select the "this drive may be backed up" option.
• Click .

Skip steps 4 & 5

When creating a Virtual Machine for an unlocked project you may skip adding extra drives, and additional options.

In the prompt.

• Verify that the box "Launch a VM from this configuration immediately" is ticked.
• Click .

Format Configuration

After you successfully, created a VM and a drive, the system will prompt you to format the configuration. In the new prompt, click the button.

Add members to Virtual Machine Configuration

note

Before adding users to Virtual Machine Configuration, you must select it, click the Start VM button, then click the Connect button on the right to use the VM.

• Navigate to the tab in the section.
• Select the newly created active VM configuration.
• Click the User Management card.
• Click the Add users in the top center.
• In the prompt, type the members' names you want to add to the virtual machine configuration.
• Set profile to Custom.
• Select user role.
• Tick the user's permissions in the VM configuration.
• Click .
• Click .

tip

If you encounter permission issues when adding new users to your VM, use the sync user access option.

Share Drive with Project Members

caution

A drive can only be mounted in one place as read-write or in multiple places as read-only. You will set the drive to read-only to allow users to mount it and add data to it. Use the read-write mode for other scenarios.

• Navigate to the tab in the section.
• Select the newly created drive you would like to share.
• Click the Share icon located in the top right corner.
• In the prompt, type the name of the project members you want to share the drive with.
• Select the read-only mode.
• Click .
  • Optionally, use the same process to add more users.
• Once you finish, click in the lower right corner.

info

Learn more about drive sharing in the Drive modes section.

Optional Steps

Attach More Drives in a Running VM

As a sub-admin, you can attach more drives in a running VM configuration.

caution

Before attaching a drive to a running VM, make sure the drive has the same format as the previously attached home drive. Example: both drives are either NTFS for Windows or EXT4 for Linux/Mac.

Read-Only

To attach a drive in read-only mode navigate to the tab in the section.

• Select the Virtual machine to which you want to attach the drive.
• Scroll down and click the Drive Management card.
• Click the Attach drive(s) button in the top center.
• In the prompt, select the Read-only field.
• Type the name of the drive you want to attach in read-only mode.
• Tick "Add drive(s) to the VM configuration" box.
• Click .

Read-Write

To attach a drive in read-write mode navigate to the tab in the section.

• Select the Virtual machine to which you want to attach the drive.
• Scroll down and click the Drive Management card.
• Click the Attach drive(s) button in the top center.
• In the prompt, select the Read-write field.
• Type the name of the drive you want to attach in read-write mode.
• Tick "Add drive(s) to the VM configuration" box.
• Click .
• In the new prompt, click .

attach-read-write-drive-vm

Change Drives in an Inactive VM

As a sub-admin, you can change and attach drives in an inactive VM.

To change a drive in an inactive VM navigate to the tab in the section.

• Select the inactive Virtual machine you want to change the drives of.
• Click the Three dots button on the right.
• Select the Edit option.
• In the prompt, scroll down to the Extra drives (optional) section.
• Click Close to unattached a drive.
• Type the name of the drive you want to attach.
• Click Type to change the drive mode from read-only to read-write and vice-versa.
  • Optionally, click Order to change the order of the drives on the hard disk.
• Click .

Announce All Project Members about the Project

• Navigate to the tab in the projects section.
• Select your newly created project.
• Click on Make an announcement button in the top right.
• In the prompt, type your message to all project members, letting them know the name of the project, the VM, and the drive they have access to.
• Click .

Additional Resources

To help users view your project and run your Virtual Machine, you may share the following resources with them:

• View Notifications.
• Tag files/directories with the project.
• Connect to a VM.
• View existing projects in the Vault.
• Open remote application from VM.
• Upload Project Data to the Vault.
• Transfer Project Data between Vault and VM Configuration.

2.Research Teams Utilizing Project Tags

You will execute the following actions to set up a tagged Project for your research team.

Before setting up the project, you should create a new team where you will add the users who will be part of the research project. The team will allow you to track the resource quota of the project and let the project members know each other.

Already have a team?

If you already have a team with members for the project, you can skip the next two steps and go to "Create Security Requirements for the Project" section.

Create a New Team for Project

• Navigate to the tab in the teams section.
• Click the Create new team in the top right.
• In the prompt, type a name for your team.
• Type a Risk Assessment ID for later analysis.
• Optionally, type a short team description including the project name.
• Click .

create-team-admin

Add Members to the Team for Project

To add & manage team members navigate to the tab in the Teams section.

• Select the team you want to add members to.
• Click the Add/Manage Members button in the top right.
• In the prompt, type the user name(s) you want to add to the team.
• Click on the right.
• View the added team member in the list below.
• Click .

Create Security Requirements for the Project

• Navigate to the tab in the Security requirements section.
• Click the Create new security requirement in the top right.
• In the prompt, type the name of the security requirement.
• Type a description of the requirement and how to comply with it.
• Select for certifications "must be given an expiration date" option.
• Type the default certification lifespan the project members may have.
• Type the maximum certification lifespan that project members may have.
• Click .

create-security-req-admin

tip

Make your process easier using similar keywords for security levels and security requirements of the same project.

Create a Security Level for the project

• Navigate to the tab in the Security levels section.
• Click the Create new security level in the top right.
• In the prompt, type the name of the security level.
• Type an appropriate description of the level.
• Type the appropriate security requirements for the security level.
• Click .

create-security-level-admin

Create a New Tagged Project via Management

• Navigate to the tab in the projects section.
• Click the Create top-level project in the top right.
• In the prompt, type the project's TAG, tag color, and project name.
• Type a clear project description, including its security level and requirements.
• Select the appropriate security level.
• Type the full name of the Principal Investigator (Usually your name).
• Click .
• Re-login to view the changes.

create-project-management

Add Users to Project via Overlay

• Navigate to the tab in the projects section.
• Select the project you want to add a member(s) to.
• Click the Open Overlay button in the top right.
• In the prompt, click the Add User(s) to the project button.
• In the new prompt, type the names of the users you want to add to the project.
• Click the button on the right.
• Scroll down and select the project membership expiration date.
• Select the member's role in the project.
• Select the project restrictions.
• Select to "attempt to update their membership" in the project.
• Click .

Certify Users for Security Requirement via Overlay

• In the existing overlay, click the Member Certifications option on the left panel.
• Click Certify User(s) for a security requirement in the top right.
• In the prompt, type the name of the security requirement.
• Type the name of the user(s) who will be certified.
• Select the expiration date of the certifications.
• Select "attempt to update user(s) expiration" in the project.
• Click .

Create a Virtual Machine & Drive for Tagged Project

To Do

Before setting up a VM & Drive for your Tagged project, you should have the name of the Hardware Set Up, the drive capacity, drive format, and whether or not the drive will be backed up for the project from your admin.

• Navigate to the tab in the section.
• Click the Create configuration in the top center.

In the prompt.

• Type the name of the new configuration.
• Type the name of the team for the project.
• Type a description, including the project name.
• Select the tag of the previously created project.

Next.

• Select a hardware setup available from your admin for project purposes.

Next.

• Click the button on the right.
  • Alternatively, add an existing drive.
• In the prompt, type the name of the drive you want to create for the configuration.
  • Verify that the team for the project is selected.
  • Set realm to Libvirt.
  • Select the estimated drive capacity for your project.
  • Select the drive format based on your operating system.
  • Select the "this drive may be backed up" option.
• Click .

Steps 4 & 5

The following two steps may be edited with the permission of a system admin only. It is not recommended to type anything if you do not have clear instructions about the extra drives and hosts.

Next.

• Optionally, click the Add a new drive button.
• In the above field, type the drive name you want to add.
• Select Order field to Auto.
• Select Type field to Read-only.

Next.

• Optionally, type a MAC Address that will automatically be assigned to the drive.
  • Alternatively, type a preferred hostname on which the VM will be scheduled to start.

In the prompt.

• Verify that the box "Launch a VM from this configuration immediately" is ticked.
• Click .

Format Configuration

After you successfully, created a VM and a drive, the system will prompt you to format the configuration. In the new prompt, click the button.

Add members to Virtual Machine Configuration

note

Before adding users to Virtual Machine Configuration, you must select it, click the Start VM button, then click the Connect button on the right to use the VM.

• Navigate to the tab in the section.
• Select the newly created active VM configuration.
• Click the User Management card.
• Click the Add users in the top center.
• In the prompt, type the members' names you want to add to the virtual machine configuration.
• Set the profile to Custom.
• Select user role.
• Tick user's permissions in the VM configuration.
• Click .
• Click .

Share Drive with Project Members

caution

A drive can only be mounted in one place as read-write or in multiple places as read-only. You will set the drive to read-only to allow users to mount it and add data to it. Use the read-write mode for other scenarios.

• Navigate to the tab in the section.
• Select the newly created drive you would like to share.
• Click the Share icon located in the top right corner.
• In the prompt, type the name of the project members you want to share the drive with.
• Select the read-only mode.
• Click .
  • Optionally, use the same process to add more users.
• Once you finish, click in the lower right corner.

info

Learn more about drive sharing in Drive modes section.

Optional Steps

Verify the VM Hardware Setup for the project VMs with your admin

You may discuss with the system admin your preferred host address, VM Image, or anything related to your project's VM configuration and drives.

• Together with the system admin, navigate to the tab in the VM Hardware Setup section.
• View the available VM Hardware Setups.
• View the realm, image, OS, cores, and memory of your designated VM hardware setup.
• Click Simulate Allocation button in the top right.
• In the prompt, view the simulated cost for your project by name, profile, cores, memory, and devices.
• Click .

Create Subproject via Projects

To Remember

• A subproject is a project that is branched off of a parent.
• Subprojects do not inherit any access restrictions from the parent.
• A user might be able to access resources tagged with a particular project but not be able to access resources tagged with a parent project.
• Adding a user to a subproject automatically adds them to the parent project.
• Removing a user from a subproject will still keep their membership in the parent project.

To create a subproject navigate to the tab in the Projects section.

• Select the project you want to create a subproject of.
• Click the Create subproject button in the top right.
• In the prompt, type a tag name and select a tag preferred color.
• Type the subproject name.
• Optionally, type a subproject description.
• Optionally, select a security level for the subproject.
• Optionally, type the principal investigator's name (PI).
• Click .

Subprojects can have different security levels from their parent project and are independent regarding access control. However, the project hierarchy determines which resources can be tagged with a specific project.

Share VM Configuration with another Subadmin/PI

• Navigate to the tab in the section.
• Select the VM configuration you own.
• Click the Connect button on the right.
• Click the Three dots option on the right.
• Click Share from the prompted options.
• In the prompt, type the user name you want to share your VM configuration with.
• Select the "Attempt to sync user access to the VM".
• Select "Automatically share the associated drive with any new owners".
• Click .

note

The other Subadmin/PI will have shared ownership of the VM, enabling them to take over its drives if necessary.

Announce All Project Members about the Project

• Navigate to the tab in the projects section.
• Select your newly created project.
• Click on Make an announcement button in the top right.
• In the prompt, type your message to all project members, letting them know the name of the project, the VM, and the drive they have access to.
• Click .