How to conduct research project management in tiCrypt?
Summary
This checklist addresses Project Investigators with sub-admin roles who manage research projects using tiCrypt.
Sub-admins can execute research projects in two ways:
- Research Teams Not Utilizing Project Tags: Open project with no restrictions. Requires only membership to join.
- Research Teams Utilizing Project Tags: Tagged project with security levels and requirements. Requires membership and user certificates to join.
- Team: An access-controlled collection of users with similar interests commonly using a set of memory and hard disk resources.
- VM: A Virtual Machine is a digital version of a physical computer that emulates all actions of a real machine in a virtual environment.
- VM Configuration: A configuration acting as an access gateway for a tiCrypt user to a virtual machine.
- Project: A tiCrypt access-controlled entity that sets files/directories apart as classified.
- Subproject: A child project of a main project with similar properties.
- Project Tag: A label that classifies a tiCrypt file/directory and imposes access restrictions via project membership and security requirements.
- Project Membership: Proof of access to an active project as a member or manager with or without restrictions.
- Security Requirement: A required condition to fulfill a project security level.
- Security Level: A layer of security made of one or more security requirements granting project access.
- User Certification: Proof of compliance with one or more security requirements with or without an expiration date.
- Open Overlay: A master menu containing multiple sections and commands related to projects.
- VM Hardware Setup: An organized hardware assembly containing a Libvirt Image, cores, memory, and devices associated with a team or user that serves the virtual machine's physical space.
- VM Profiles: A managed group of VM users with the same VM permissions. (used for quick stamping when multiple VM users need the same permissions).
- Default Certification Lifespan: The minimum number of days/years for a project member to have their membership certification active in a project.
- Maximum Certification Lifespan: The maximum number of days/years for a project member to have their membership certification active in a project.
- Risk Assessment ID: A text serving tagging purposes when filtering teams in the management tab.
If your research team still needs to be registered in tiCrypt, we recommend you read** the Onboard new users article.
1. Research Teams Not Utilizing Project Tags
You will execute the following actions to set up an Unlocked
Project for your research team.
Before setting up the project, you should create a new team where you will add the users who will be part of the research project. The team will allow you to track the resource quota of the project and let the project members know each other.
If you already have a team with members for the project, you can skip the next two steps and go to "Create a New Unlocked Project via Vault" section.
Create a New Team for Project
- Navigate to the tab in the teams section.
- Click the
Create new team
in the top right. - In the prompt, type a name for your team.
- Optionally, type a short team description including the project name.
- Click .
You do not need to write anything in the Risk assessment ID
field. This option serves management purposes in large projects.
Add Members to the Team for Project
To add & manage team members navigate to the tab in the Teams
section.
- Select the team you want to add members to.
- Click the
Add/Manage Members
button in the top right. - In the prompt, type the user name(s) you want to add to the team.
- Click on the right.
- View the added team member in the list below.
- Click .
Create a New Unlocked Project via Vault
- Navigate to the tab in the projects section on the top right.
- Click the "Create top-level project" to create a new project.
- In the prompt, type the project's tag, tag color, and the project name.
- Optionally, type a short description.
- Optionally, type the PI's name.
- Click .
- Re-login to view the changes.
For this workflow, do not write anything in the security level
field. Adding a security level to the project will require members to have user certifications for access.
Add Users to Project via Management
- Navigate to the tab in the projects section.
- Select the project you want to add a member(s) to.
- Click the "Add member(s)" option.
- In the prompt, type the name of the users you want to add to the project.
- Select their role in the project.
- Select the project restrictions.
- Select whether or not to update members' expiration and role in the project.
- Click .
For this workflow, do not write anything in the membership expiration
unless required by the management policy.
Create a Virtual Machine & Drive for unlocked Project
Before setting up a VM & Drive for your unlocked
project, you should have the name of the Hardware Set Up, the drive capacity, drive format, and whether or not the drive will be backed up for the project from your admin.
- Navigate to the tab in the section.
- Click the
Create configuration
in the top center.
- Type the name of the new configuration.
- Type the name of the team for the project.
- Optionally, type a description, including the project name.
- Set the project on
unlocked
.
- Select a hardware setup available from your admin for project purposes.
- Click the button on the right.
- Alternatively, add an existing drive.
- In the prompt, type the name of the drive you want to create for the configuration.
- Verify that the team for the project is selected.
- Set realm to
Libvirt
. - Select the estimated
drive capacity
for your project. - Select the
drive format
based on your operating system. - Select the
"this drive may be backed up"
option.
- Click .
When creating a Virtual Machine for an unlocked
project you may skip adding extra drives, and additional options.
- Verify that the box
"Launch a VM from this configuration immediately"
is ticked. - Click .
After you successfully, created a VM and a drive, the system will prompt you to format the configuration. In the new prompt, click the button.
Add members to Virtual Machine Configuration
Before adding users to Virtual Machine Configuration, you must select it, click the Start VM
button, then click the Connect
button on the right to use the VM.
- Navigate to the tab in the section.
- Select the newly created active VM configuration.
- Click the
User Management
card. - Click the
Add users
in the top center. - In the prompt, type the members' names you want to add to the virtual machine configuration.
- Set profile to
Custom
. - Select user role.
- Tick the user's permissions in the VM configuration.
- Click .
- Click .
If you encounter permission issues when adding new users to your VM, use the sync user access option.
Share Drive with Project Members
A drive can only be mounted in one place as read-write
or in multiple places as read-only
. You will set the drive to read-only
to allow users to mount it and add data to it.
Use the read-write
mode for other scenarios.
- Navigate to the tab in the section.
- Select the newly created drive you would like to share.
- Click the
Share
icon located in the top right corner. - In the prompt, type the name of the project members you want to share the drive with.
- Select the
read-only
mode. - Click .
- Optionally, use the same process to add more users.
- Once you finish, click in the lower right corner.
Learn more about drive sharing in the Drive modes section.
Optional Steps
Attach More Drives in a Running VM
As a sub-admin, you can attach more drives in a running VM configuration.
Before attaching a drive to a running VM, make sure the drive has the same format as the previously attached home drive.
Example: both drives are either NTFS
for Windows or EXT4
for Linux/Mac.
Read-Only
To attach a drive in read-only mode navigate to the tab in the section.
- Select the Virtual machine to which you want to attach the drive.
- Scroll down and click the
Drive Management
card. - Click the
Attach drive(s)
button in the top center. - In the prompt, select the
Read-only
field. - Type the name of the drive you want to attach in
read-only
mode. - Tick
"Add drive(s) to the VM configuration"
box. - Click .
Read-Write
To attach a drive in read-write mode navigate to the tab in the section.
- Select the Virtual machine to which you want to attach the drive.
- Scroll down and click the
Drive Management
card. - Click the
Attach drive(s)
button in the top center. - In the prompt, select the
Read-write
field. - Type the name of the drive you want to attach in
read-write
mode. - Tick
"Add drive(s) to the VM configuration"
box. - Click .
- In the new prompt, click .
attach-read-write-drive-vm
Change Drives in an Inactive VM
As a sub-admin, you can change and attach drives in an inactive VM.
To change a drive in an inactive VM navigate to the tab in the section.
- Select the inactive Virtual machine you want to change the drives of.
- Click the
Three dots
button on the right. - Select the
Edit
option. - In the prompt, scroll down to the Extra drives (optional) section.
- Click
Close
to unattached a drive. - Type the name of the drive you want to attach.
- Click
Type
to change the drive mode fromread-only
toread-write
and vice-versa.- Optionally, click
Order
to change the order of the drives on the hard disk.
- Optionally, click
- Click .
Announce All Project Members about the Project
- Navigate to the tab in the projects section.
- Select your newly created project.
- Click on
Make an announcement
button in the top right. - In the prompt, type your message to all project members, letting them know the name of the project, the VM, and the drive they have access to.
- Click .
Additional Resources
To help users view your project and run your Virtual Machine, you may share the following resources with them:
- View Notifications.
- Tag files/directories with the project.
- Connect to a VM.
- View existing projects in the Vault.
- Open remote application from VM.
- Upload Project Data to the Vault.
- Transfer Project Data between Vault and VM Configuration.
2.Research Teams Utilizing Project Tags
You will execute the following actions to set up a tagged
Project for your research team.
Before setting up the project, you should create a new team where you will add the users who will be part of the research project. The team will allow you to track the resource quota of the project and let the project members know each other.
If you already have a team with members for the project, you can skip the next two steps and go to "Create Security Requirements for the Project" section.
Create a New Team for Project
- Navigate to the tab in the teams section.
- Click the
Create new team
in the top right. - In the prompt, type a name for your team.
- Type a
Risk Assessment ID
for later analysis. - Optionally, type a short team description including the project name.
- Click .
create-team-admin
Add Members to the Team for Project
To add & manage team members navigate to the tab in the Teams
section.
- Select the team you want to add members to.
- Click the
Add/Manage Members
button in the top right. - In the prompt, type the user name(s) you want to add to the team.
- Click on the right.
- View the added team member in the list below.
- Click .
Create Security Requirements for the Project
- Navigate to the tab in the
Security requirements
section. - Click the
Create new security requirement
in the top right. - In the prompt, type the name of the security requirement.
- Type a description of the requirement and how to comply with it.
- Select for certifications
"must be given an expiration date"
option. - Type the
default certification
lifespan the project members may have. - Type the
maximum certification
lifespan that project members may have. - Click .
create-security-req-admin
Make your process easier using similar keywords
for security levels and security requirements of the same project.
Create a Security Level for the project
- Navigate to the tab in the
Security levels
section. - Click the
Create new security level
in the top right. - In the prompt, type the name of the security level.
- Type an appropriate description of the level.
- Type the appropriate security requirements for the security level.
- Click .
create-security-level-admin
Create a New Tagged Project via Management
- Navigate to the tab in the projects section.
- Click the
Create top-level project
in the top right. - In the prompt, type the project's TAG, tag color, and project name.
- Type a clear project description, including its security level and requirements.
- Select the appropriate security level.
- Type the full name of the Principal Investigator (Usually your name).
- Click .
- Re-login to view the changes.
create-project-management
Add Users to Project via Overlay
- Navigate to the tab in the projects section.
- Select the project you want to add a member(s) to.
- Click the
Open Overlay
button in the top right. - In the prompt, click the
Add User(s) to the project
button. - In the new prompt, type the names of the users you want to add to the project.
- Click the button on the right.
- Scroll down and select the project membership expiration date.
- Select the member's role in the project.
- Select the project restrictions.
- Select to
"attempt to update their membership"
in the project. - Click .
Certify Users for Security Requirement via Overlay
- In the existing overlay, click the
Member Certifications
option on the left panel. - Click
Certify User(s) for a security requirement
in the top right. - In the prompt, type the name of the security requirement.
- Type the name of the user(s) who will be certified.
- Select the expiration date of the certifications.
- Select
"attempt to update user(s) expiration"
in the project. - Click .
Create a Virtual Machine & Drive for Tagged Project
Before setting up a VM & Drive for your Tagged
project, you should have the name of the Hardware Set Up, the drive capacity, drive format, and whether or not the drive will be backed up for the project from your admin.
- Navigate to the tab in the section.
- Click the
Create configuration
in the top center.
- Type the name of the new configuration.
- Type the name of the team for the project.
- Type a description, including the project name.
- Select the tag of the previously created project.
- Select a hardware setup available from your admin for project purposes.
- Click the button on the right.
- Alternatively, add an existing drive.
- In the prompt, type the name of the drive you want to create for the configuration.
- Verify that the team for the project is selected.
- Set realm to
Libvirt
. - Select the estimated
drive capacity
for your project. - Select the
drive format
based on your operating system. - Select the
"this drive may be backed up"
option.
- Click .
The following two steps may be edited with the permission of a system admin only. It is not recommended to type anything if you do not have clear instructions about the extra drives and hosts.
- Optionally, click the
Add a new drive
button. - In the above field, type the drive name you want to add.
- Select Order field to
Auto
. - Select Type field to
Read-only
.
- Optionally, type a MAC Address that will automatically be assigned to the drive.
- Alternatively, type a preferred hostname on which the VM will be scheduled to start.
- Verify that the box
"Launch a VM from this configuration immediately"
is ticked. - Click .
After you successfully, created a VM and a drive, the system will prompt you to format the configuration. In the new prompt, click the button.
Add members to Virtual Machine Configuration
Before adding users to Virtual Machine Configuration, you must select it, click the Start VM
button, then click the Connect
button on the right to use the VM.
- Navigate to the tab in the section.
- Select the newly created active VM configuration.
- Click the
User Management
card. - Click the
Add users
in the top center. - In the prompt, type the members' names you want to add to the virtual machine configuration.
- Set the profile to
Custom
. - Select user role.
- Tick user's permissions in the VM configuration.
- Click .
- Click .
Share Drive with Project Members
A drive can only be mounted in one place as read-write
or in multiple places as read-only
. You will set the drive to read-only
to allow users to mount it and add data to it.
Use the read-write
mode for other scenarios.
- Navigate to the tab in the section.
- Select the newly created drive you would like to share.
- Click the
Share
icon located in the top right corner. - In the prompt, type the name of the project members you want to share the drive with.
- Select the
read-only
mode. - Click .
- Optionally, use the same process to add more users.
- Once you finish, click in the lower right corner.
Learn more about drive sharing in Drive modes section.
Optional Steps
Verify the VM Hardware Setup for the project VMs with your admin
You may discuss with the system admin your preferred host address, VM Image, or anything related to your project's VM configuration and drives.
- Together with the system admin, navigate to the tab in the VM Hardware Setup section.
- View the available VM Hardware Setups.
- View the realm, image, OS, cores, and memory of your designated VM hardware setup.
- Click
Simulate Allocation
button in the top right. - In the prompt, view the simulated cost for your project by name, profile, cores, memory, and devices.
- Click .
Create Subproject via Projects
- A subproject is a project that is branched off of a parent.
- Subprojects do not inherit any access restrictions from the parent.
- A user might be able to access resources tagged with a particular project but not be able to access resources tagged with a parent project.
- Adding a user to a subproject automatically adds them to the parent project.
- Removing a user from a subproject will still keep their membership in the parent project.
To create a subproject navigate to the tab in the Projects
section.
- Select the project you want to create a subproject of.
- Click the
Create subproject
button in the top right. - In the prompt, type a tag name and select a tag preferred color.
- Type the subproject name.
- Optionally, type a subproject description.
- Optionally, select a security level for the subproject.
- Optionally, type the principal investigator's name (PI).
- Click .
Subprojects can have different security levels from their parent project and are independent regarding access control. However, the project hierarchy determines which resources can be tagged with a specific project.
Share VM Configuration with another Subadmin/PI
- Navigate to the tab in the section.
- Select the VM configuration you own.
- Click the
Connect
button on the right. - Click the
Three dots
option on the right. - Click
Share
from the prompted options. - In the prompt, type the user name you want to share your VM configuration with.
- Select the
"Attempt to sync user access to the VM"
. - Select
"Automatically share the associated drive with any new owners"
. - Click .
The other Subadmin/PI will have shared ownership of the VM, enabling them to take over its drives if necessary.
Announce All Project Members about the Project
- Navigate to the tab in the projects section.
- Select your newly created project.
- Click on
Make an announcement
button in the top right. - In the prompt, type your message to all project members, letting them know the name of the project, the VM, and the drive they have access to.
- Click .