Topics Map > ResearchDrive

ResearchDrive - Admin Guide for Campus IT Staff Supporting Researchers

This document is a ResearchDrive admin guide for campus IT staff who support researchers.

ResearchDrive Support Models

ResearchDrive is designed as a collaborative service with the ability to delegate many support functions to local IT staff. See ResearchDrive - Request Support for an overview of the support models. If you prefer that your researchers work through their local IT staff, contact the ResearchDrive Team to request that self-service be disabled for your Department ID/UDDS. See the UW-Madison Department Search tool to find your ID.

Campus IT staff are welcome to sign up for a demo ResearchDrive account to test out the service by filling out the ResearchDrive account sign up form on the ResearchDrive - Getting Started page and then contacting the ResearchDrive Team so that the account can be approved.

ResearchDrive Support Tasks

The most common support tasks associated with ResearchDrive are helping users connect to the storage, transfer data, add/remove collaborators, and restore data from snapshots. In a collaborative support model, local IT staff are added as admin contacts for a ResearchDrive account and are then able to assist researchers with the following instructions.

Connecting to ResearchDrive

ResearchDrive is available from anywhere on the UW-Madison campus network or off-campus through a VPN.

Transferring Data

There are multiple ways to transfer data to and from ResearchDrive.

Working with Collaborators

ResearchDrive is integrated with the central campus Active Directory Services for NetID-based-authentication and security permissions and also the Roles and Access Management (Manifest) service for creating collaboration groups and providing NetIDs for UW affiliates and external collaborators.

An IT Admins Manifest folder has been created for each department with researchers eligible for ResearchDrive. Manifest uw:app:researchdrive:itadmins Folder. IT Admins can manage their own groups to add/remove technical staff. These IT admin groups are automatically added to a PIs ResearchDrive account at activation. IT admins can view a list of their PIs with ResearchDrive accounts in the Manifest uw:app:researchdrive:pis Folder and clicking on the Folders tab. Contact the ResearchDrive Team if you have any questions or need additional groups created.

Each ResearchDrive account has a Manifest - uw:app:researchdrive:pis:[netid] folder and several default collaboration groups defined that are published to Active Directory and used to provide secure access to the storage shares.

Note: you can add individual people or add existing Manifest groups to your ResearchDrive collaboration groups. See Manifest - Manage Group Members for more details.

ResearchDrive Default Security Groups
Role Manifest Group Active Directory Group Features Use Cases
Admins rdrive-[netid]-admin rdrive-[netid]-admin

Provides administrative control of a ResearchDrive account.

  • add or remove collaborators
  • change security permissions
  • add, remove, or modify all data by default
  • restore data from backup snapshots
  • purchase additional storage
  • PI
  • Lab manager
  • IT support
Lab Members rdrive-[netid]-lab rdrive-[netid]-lab

Provides full read/write access to a ResearchDrive account for lab members.

  • add, remove, or modify all data by default
  • restore data from backup snapshots
  • Lab members
  • Collaboratrs who need to add, remove, or modify data
Read Only rdrive-[netid]-readonly rdrive-[netid]-readonly

Provides limited read only access to a ResearchDrive account.

  • read only access all data by default
  • cannot add, remove, or modify any data
  • Collaborators who only need to access data but not change it
External rdrive-[netid]-external rdrive-[netid]-external

Provides a UW NetID account to external collaborators and affiliates.

  • Provides access to WiscVPN
  • Does not provide access to ResearchDrive storage. Once the user has a NetID you can add them to admin, lab members, or read only groups to provide access to the storage.
  • External collaborators or affiliates that do not have UW NetIDs

Refer to ResearchDrive - Working with Collaborators for more details.

Restoring ResearchDrive Data from Snapshots

Data stored on ResearchDrive is automatically backed up daily via snapshots and replicated offsite for additional data protection. Snapshots are taken once a day and kept for 14 days. Additionally, weekly snapshots are made and retained for five weeks. This allows you to recover accidentally deleted or files or folders within the past month.

Snapshots are immutable.  That means you cannot alter, change, or delete snapshots, which offers great protection from things like ransomware.

Refer to ResearchDrive - Restoring Files or Folders from Snapshots for more details.

ResearchDrive Service Architecture

The ResearchDrive service uses Dell PowerScale platform and is comprised of storage split between two clusters. The primary storage cluster is hosted in one of our campus data centers and the mirror site is hosted in another campus data center several miles away. The ResearchDrive service is architected based on the NIST 800-53 framework and complies with the UW-Madison - IT - Restricted Data Security Management Policy. It includes data protection and security features including encryption in transit and at rest, offsite backups, role based access control, and monitoring by the UW-Madison Office of Cybersecurity Operations Center (CSOC).

ResearchDrive Network and Firewall Considerations

ResearchDrive is hosted on private campus networks using the DoIT managed RFC 1918 Service. It is only available from UW-Madison campus networks or VPNs and is not accessible from the public internet.

Please contact DoIT Network Services via the Help Desk to discuss configuration options if you believe you have a network related bottleneck to ResearchDrive.

ResearchDrive Networks
Networks Purpose Firewall Requirements Restricted Data
10.130.57.0/24, 10.134.41.0/24, 10.134.66.0/24 ResearchDrive Client network SMBv3: 445/TCP No
10.130.144.0/25, 10.136.63.0/24 ResearchDrive Restricted Data Client network SMBv3: 445/TCP Yes
10.128.56.128/25, 10.134.70.0/24, 128.104.79.64/26, 128.104.137.128/25 ResearchDrive Management network DNS: 53/TCP/UDP, kerberos 88/TCP/UDP, ldap: 389/TCP/UDP and 636/TCP, SMBv3: 445/TCP/UDP N/A

ResearchDrive Security Permissions

IT admins that use Campus Active Directory Services (CADS) can create custom AD and/or Manifest security groups in addition to the default security roles. Contact the ResearchDrive Team if you are interested in using custom security groups.

Campus AD Reference Documents

ResearchDrive Endpoint Security

Refer to the Office of Cybersecurity Secure Endpoint Configuration Matrix for guidance on endpoint security recommendations.


Keywords:
research drive admin administrator ad cads active directory network firewall manifest security permission group ntfs file system isilon doit 
Doc ID:
96643
Owned by:
Casey S. in UW-Madison Research Data
Created:
2019-12-15
Updated:
2024-09-09
Sites:
UW-Madison Research Data
ResearchDrive is a new file storage solution for Faculty PIs, permanent PIs, and their research group members, provided through a campus investment in research cyberinfrastructure, and available in Fall 2019. It is suited for a variety of research purposes, including backup, archive, storage for data inputs/outputs of research computing, and others. It is a secure and permanent place for keeping data.