30e5aaa87ac3b384bafc594b39c6c80e.ppt
- Количество слайдов: 31
e. TRIKS Platform for bioinformatics ISGC 17/03/15 Pengfei Liu, CC-IN 2 P 3/CNRS
Overview • Introduction • • What is e. TRIKS? What are the objectives of e. TRIKS? Who participates e. TRIKS project? e. TRIKS cloud • CC-IN 2 P 3 e. TRIKS cloud • Hosted projects • e. TRIKS platform design and development • Platform architecture • Data curation and storage module • Data analysis and visualization module • Security module • Conclusion 3/15/2018 2
e. TRIKS : European TRanslational Information and Knowledge management Services 23 M Euro Oct-2012 – Sept-2017 2 B Euro Public Private Partnership 3/15/2018 3
Objectives of e. TRIKS project e. TRIKS is a collaborative project focused on increasing the efficiency of translational research (TR) by: – – – Establishing a cloud based, flexible, scalable TR platform (e. TRIKS platform). Reducing the cost of TR data and Knowledge Management Facilitating cross study analyses Ensuring data confidentiality Providing KM Services to support Private/Public projects in IMI 3/15/2018 4
Translational research Cohort of patients with diseases Bioassays: measurements on genes, molecules, organs WGS RNAseq Mass Spec Imaging RT Sensing Goal: • Combining Clinical observations and bioassay techniques to provide more efficient research of treatments • Allowing cross-institute research 3/15/2018 5
Participants of e. TRIKS project Data curation Data analysis tool Development (tran. SMART) e. TRIKS platform design and development e. TRIKS platform Hosting 3/15/2018 6
Overview • Introduction • • What is e. TRIKS? What are the objectives of e. TRIKS? Who participates e. TRIKS project? e. TRIKS cloud • CC-IN 2 P 3 e. TRIKS cloud • Hosted project • e. TRIKS platform design and development • Platform architecture • Data curation and storage module • Data analysis and visiulazation module • Security module • Conclusion 3/15/2018 7
e. TRIKS cloud • Cloud based platform • Quick provisioning • Horizontal Scalability • Resources utilization efficiency 3/15/2018 8
e. TRIKS cloud environment • Hardware • 2 controllers (PE R 420) • 6 hypervisors (PE R 620) • CPU: 128 core • MEM: 768 GB • 100 TB block storage (MD 3220) • 100 TB Database storage (MD 3220) • Software • Open. Stack 2014. 1(Ice. House) • Ubuntu 14. 04. 1 LTS (Trusty Tahr) 3/15/2018 9
e. TRIKS cloud environment Project A Project B Project C Project D 1 Project = n VMs + 1 DB instance DB Instance Virtual machines User raw data Database server SSH gateway i. SCSI Volume Curation ETL tran. SMART worker(s) Physical host 3/15/2018 10
Hosted projects • Public server (Software as a service) • Share public data for translational research. • Open access : (https: //public. etriks. org/) • Abirisk (Platform as a service) • Study on anti drug-immunization for biopharmaceutical products • restricted access • Onco. Track (Platform as a service) • Identification of bio-marker for colon cancer. • restricted access 3/15/2018 11
Overview • Introduction • • What is e. TRIKS? What are the objectives of e. TRIKS? Who participates in e. TRIKS project? e. TRIKS cloud • CC-IN 2 P 3 e. TRIKS cloud • Hosted project • e. TRIKS platform design and development • Platform architecture • Data curation and storage module • Data analysis and visiulazation module • Security module • Conclusion 3/15/2018 12
e. TRIKS platform overview CC-IN 2 P 3 Cloud Data curation and storage Curation Server Security Data storage Volume Data. Base Data_Curator Platform_Admin Module End_User Data analysis and visualization module tran. SMART Galaxy R 3/15/2018 13
e. TRIKS platform : security module • Objectives: • User and platform authenticity • Data confidentiality • Data integrity • Security module: • • User management mechanism Authentication mechanism Authorization mechanism Logging mechanism Security Module Data curation and storage Data analysis module 3/15/2018 14
Security module : Authenticity of platform and user • Authenticity of e. TRIKS platforms • Certificate • • • Public server Abirisk Onco. Track Collaboration tools Authenticity of user • Login and password • Public key infrastructure 3/15/2018 15
Security module: user registration and validation Ldaps Project CZAR HTTPs Admin Dash. Board LDAP (https: //portal. etriks. org) User Resgistration HTTPs (https: //portal. etriks. org) Ldaps Project members HTTPs e. TRIKS platform services (e. g. transmart, galaxy, etc. ) 3/15/2018 16
Security module : authentication mechanism architecture HTTPs Project CZAR Admin Dash. Board Ldaps Authentication Server (Open. LDAP) (https: //portal. etriks. org) Ldaps Data_curator, Platform_admin SSH gateway SSH Data curation and storage Module Ldaps End User HTTPs Data analysis and visualization module 3/15/2018 17
Security module : Authentication client • Authentication client for VMs • Linux Pluggable Authentication Modules (PAM) • Authentication client for admin dashboard • Java client developped by CC-IN 2 P 3 (Java Naming Directory Interface). • Authentication client for transmart • Spring security ldap plugin • Authentication client for Galaxy • Apache Module mod_authnz_ldap 3/15/2018 18
Security module : authorization mechanism architecture e. TRIKS platform services Authorization Server e. TRIKS Portal Authorization Request tran. SMART Collaboration Tools Decision Policy engine Security Policy Repository Data. Base Server Authorization server • Policy Repository stores policies in XACML (Policy specification language). • Policy engine is implemented by using WSO 2 -IS. • Accessible via https (restful web service). 3/15/2018 19
Security module: Logging mechanism All critical actions which could corrupt critical data are logged into curation server and database servers locally. • Targeted data • Raw data (which is accessible via the curation server) • Curated data (which is accessible via the database sever) • Targeted actions • Create • Delete • Modify • Current logged messages • Who executed the action • When the action is executed 3/15/2018 20
e. TRIKS platform : Data curation and storage module • Objectives: • Data uploding • Data storage • Block storage (i. e. cinder) • Database storage (i. e. postgresql) • Data curation environment • ETL tools (Kettle script over Pentaho) • Access of block and Database storage • Security module Data curation and storage Data analysis module Data curation and storage: • Curation server • Block storage • Database storage 3/15/2018 21
Data curation and storage module • Raw data uploaded via SFTP to block storage (i. e. cinder volume) • Data curation server • Data curation tools (i. e. Pentaho data integration tool) • Curated data are stored in a database server (i. e. Postgresql) • Data analysis tools can access curated data via database server Data_curator, Platform_admin End User SSH HTTPs SSH gateway Security Module SSH Curation Server Block storage SSH tran. SMART Galaxy Data. Base 3/15/2018 22
Data analysis module • Objectives: • Translational research • Easy to access and share data • Data visualization • Data analysis tool: • tran. SMART • Galaxy • R Security Data curation and storage module Data analysis module 3/15/2018 23
tran. SMART 3/15/2018 24
Galaxy 3/15/2018 25
Overview • Introduction • • What is e. TRIKS? What are the objectives of e. TRIKS? Who participates in e. TRIKS project? e. TRIKS cloud • CC-IN 2 P 3 e. TRIKS cloud • Hosted project • e. TRIKS platform design and development • Platform architecture • Data curation and storage module • Data analysis and visiulazation module • Security module • Conclusion 3/15/2018 26
Conclusion • e. TRIKS platform • Translational information and knowledge management • Scalability • Flexibility • Security • Easy to deploy on a private cloud 3/15/2018 27
Questions ? 3/15/2018 28
Other points of e. TRIKS security system Encryption: • All the communication between clients and e. TRIKS platform are encrypted (i. e. Https, ssh, ldaps. ). • CC-IN 2 P 3 provides possibilities to encrpt raw data for hosted project. Access control mechanism: • Access control service is accessible via restful web service. • Java client is provided • Web interface for managing policy rules and policy combining algorithm 3/15/2018 29
XACML policy specification language • XACML stands for "e. Xtensible Access Control Markup Language". The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. 3/15/2018 30
XACML access request example <Request …> … <Subject> <Attribute. Id="urn: oasis: names: tc: xacml: 1. 0: subject-id Data. Type="http: //www. w 3. org/2001/XMLSchema#string"> <Attribute. Value>Foo</Attribute. Value> </Attribute> … <Attribute. Value>Admin</Attribute. Value> </Attribute> </Subject> <Action> … <Attribute. Value>read</Attribute. Value> </Attribute> </Action> … </Request> 3/15/2018 31
30e5aaa87ac3b384bafc594b39c6c80e.ppt