You are here

Security and Infrastructure

Infrastructure

QDR uses ISO 14721:2012, section 4.1.1.1 (common services), as a reference model for technical infrastructure development.

All software running the production environment of QDR is open-source. This includes operating systems running on Amazon Web Service’s (AWS) EC2 and S3 servers (Linux), a content management system based on Drupal, a repository framework based on Dataverse, as well as a suite of configuration management (Chef), continuous integration (Jenkins) and monitoring tools (Nagios). To further ensure continuous delivery of deployed code, our team also relies upon open-source tools to perform automated tests (Selenium) and an infrastructure execution and management tool (Terraform). Each of these tools is well-supported by open-source communities. Our technical directors and system administrator regularly monitor security and vulnerabilities related to this suite of software.

The hardware used to run QDR is provisioned at AWS and managed by our technical team. Our infrastructure at AWS is configured with a set of Virtual Private Clouds (VPC) for security, and we ensure proper bandwidth is available by using Elastic Load Balancing which distributes incoming user traffic across multiple EC2 instances.

Security

The security of our holdings is of paramount importance to QDR. Security and risk management are carried out by QDR’s technical team, in collaboration with the Syracuse University Maxwell School IT department, and a contract with the cloud infrastructure provider AWS. Data are stored in the Dataverse software on our main AWS servers (AWS US East – Ohio). AWS stores redundant copies of all data and automatically checks MD5 checksums both at rest and on transfer. Additional “hot” system back-ups are kept on AWS. Regular file back-ups are also kept on local servers at Syracuse University. In addition, QDR is a member of the Data Preservation Network, which provides long-term, decentralized storage for our holdings.

For each server that QDR provisions, we create a VPC through AWS. The VPC is achieved through private IP subnets, as well as a virtual private network (VPN) that secures access to the VPC.

End-user access to data requires that users register and agree to QDR’s General Terms and Conditions of Use. All traffic with QDR is SSL encrypted. Sensitive data are managed by curation staff according to dedicated protocols and stored with additional AES-256 encryption where warranted.