DAIS - Digital Archive of the Serbian Academy of Sciences and Arts: Security

This public wiki is about the DAIS – Digital Archive of the Serbian Academy of Sciences and Arts

Technology

DAIS is hosted by the University of Belgrade Computer Centre (RCUB) on a virtual machine in a Proxmox VE environment with a CentOS operating system. The repository database is stored on a PostgreSQL 9.5 server inside a production-level virtual machine. Database export is enabled.

The software platform of DAIS is based on the open-source software DSpace 5.10. The core DSpace code and Java code have not been modified, in order to facilitate the implementation of DSpace patches, updates, and upgrades. Major modifications have been made to the configuration, localization files and the XMLUI configuration. The system has been enriched with additional applications (displaying citation counts from the Web of Science, Scopus, Dimensions and Altmetric Attention Scores; displaying recommended citation; full ORCID integration; displaying human-readable funding information in the selected interface language).

The customized version of DSpace and a set of additional applications are part of the software and workflow package developed by RCUB for institutional repositories. Thirty institutional repositories have been set up using this package. The service is provided to publicly funded research institutions in line with the Policy for Transparent Access to Research Infrastructures at the Computer Centre of the University of Belgrade: TRAP-RCUB IT solution and organizational model for the implementation of institutional or thematic repositories (TRAP-RCUB Policy for Transparent Access).

Documentation

The source code of the customized version of DSpace and all additional applications. It is stored on a local Git server accessible only to the repository development team. Detailed documentation about software, installation, configuration, maintenance, and troubleshooting available on Confluence is accessible only to the development team. This documentation enables easy replication of procedures and ensures continuity in case of staff changes.

The following main procedures are covered in the documentation:

setting up the virtual machine
setting up DSpace using the customized installation package stored on the internal Git server
customizing the interface design
setting up the e-mail for the feedback form and registration alerts
setting up APIs enabling integration with ORCID, Scopus, Web of Science, Dimensions and Altmetric
installing additional applications (APP, Ellena, NomadLite, RM)
metadata mapping
ingesting metadata and data (only in case curated metadata and data are available for import or harvesting)
PID (persistent identifiers, i.e. Handles) assignment
migration to the production environment
setting up service monitoring procedures
testing according to a checklist
preparing and uploading a standardized repository policy
defining a standard set of collections and user groups in DSpace
unblocking robot.txt to enable indexing by search engines
registering the repository with OpenDOAR, ROAR, BASE, CORE, and OpenAIRE
setting up and launching the initial harvesting by WorldCat and defining the harvesting interval.

In addition to the synthesized documentation, TRAP-RCUB team can rely on a knowledge base maintained in the Jira project management system. Since early 2019, the team has been using Jira to document all development actions and plans, configuration details, reported and resolved issues, and suggestions provided by users, not only for DAIS, but also for the other repositories developed and maintained by RCUB. The content is structured and searchable.

Capacity and availability

RCUB ensures sufficient storage capacity for DAIS. Hardware resources are incrementally adjusted to the database size and the number of visitors. This is facilitated by the public infrastructure and services available to RCUB as a member of the Academic Network of the Republic of Serbia (AMRES). Furthermore, according to the TRAP-RCUB Policy for Transparent Access (which also applies in the case of DAIS), 15% of the service fee paid by institutions are allocated for equipment purchase.

The repository is available 24/7. Monitoring mechanisms, remote services and staff are allocated to ensure this. Along with the internal monitoring, external monitoring is enabled through the ARGO service, jointly developed and maintained by CNRS, GRNET and SRCE, co-funded by EOSC-Hub project (Horizon 2020).

The repository provides access to web services through a shared 1 Gbps internet connection supported by the Academic Network of the Republic of Serbia (AMRES). This fully meets the requirements of the Designated Community.

Backup and monitoring

Backups are regularly performed at the virtual machine level. Both live instances and their passive backups reside on physically separated hardware-enabled and redundant RAID setups. The monitoring and alerting service MONIT, maintained by the RCUB team, constantly monitors the operation of the repository and sends alerts to system administrators in case of unexpected events. RCUB also performs regular traffic monitoring.

The repository follows a regular upgrade cycle and, where possible, existing and widely accepted best practices.

In case of major software configuration changes or updates, the virtual machine is cloned and all changes are tested on the clone. Before any intervention on the production machine, a snapshot is created in the virtualization system, to enable rollback and prevent data loss. End-users are duly informed about planned changes and upgrades.

Authentication and authorization

DAIS uses the Authentication by Password method, using the email address/password-based log-in supported by DSpace. Users can register themselves without needing approval from the administrators, and can set their passwords upon registration. DSpace supports multiple authentication methods. If a need arises, the authentication method in DAIS could be changed to ensure greater security.

Plain-text passwords are encrypted using the SHA-512 hashing algorithm. Passwords must be at least six characters long, and users are encouraged to use strong passwords. Password change may be prompted by the repository manager. When resetting a password the user will be sent an email containing a special link they can follow to choose a new password. The password change procedure can be launched by users, from the login page.

Users are not members of any special user groups upon registration, which means that they do not have access to the repository's Ingest, Archival storage, Data management, and Administrative functions, as long as they are not authorized by repository managers. To authorize users to deposit content in a particular collection and access restricted content, the repository manager must first create appropriate user groups and then assign users to particular user groups. The repository managers will check the eligibility of registered users (institutional affiliation) and will remove (delete) from the system those who are not eligible.

Two external applications (Ellena and NomadLite) for repository managers require authentication and authorization. To be able to use these applications, users must be registered in the repository. Passwords and permissions are assigned by the DAIS Administrator & RCUB user support coordinator in the Ellena Dashboard. Passwords are encrypted using the SHA-512 hashing algorithm. The same credentials are used to log in to Ellena and NomadLite. Authentication in these applications is independent from the one used in the repository.

Password handling is guided by the Terms of Service and standard institutional policies applying to credentials for services (e.g. institutional email, intranet, subscribed services, etc.). The credentials for the service backed, project management system and documentation, Git server and back-up facilities are managed in line with the internal document Staff Guidelines (UP 101), adopted by RCUB. Passwords, authorization procedures, access to services, and related security measures are defined in Article 3.10 of this document.

Hardware security

Hardware security is ensured based on the SLA between SASA and RCUB. The computer hardware that runs the repository is the property of RCUB. A dedicated team at RCUB takes care of the configuration, maintenance, security, software updates and development. RCUB has a dedicated team responsible for infrastructure security. RCUB security officers are responsible for general network security, server security, and service maintenance and they collaborate closely with the repository development team. Servers and network devices are kept in a dedicated area with physical access strictly limited to the authorized staff. Access to the backup facilities is strictly limited. The premises are equipped with fire alarms and a fire retardant system. An uninterrupted power supply is ensured using an automatic stand-by electric power generator.

Dedicated staff members are physically present on the premises 24/7. Remote security services are also provided.

Threat Management and Disaster Recovery Plan

Actions aimed at threat management and disaster recovery in DAIS are guided by the Threat Management and Disaster Recovery Plan for Repositories, adopted by RCUB as an internal document. The document applies to all repositories developed and maintained by RCUB. The plan ensures the continuity of the systems' operations in the event of unplanned disruptions and provides guidance in dealing with potential threats to integrity and security. The document is aligned with other internal documents guiding infrastructure security, such as the Staff Guidelines (UP 101) and the Guidelines for Resolving Tickets. The implementation of the measures defined in the document is supported by the services available to RCUB as a member of the Academic Network of the Republic of Serbia (AMRES).

The plan defines major threats and the corresponding response actions, as well as individuals and teams responsible for their implementation. This is a summary of the document.

The following threats are identified:

Hardware failure

Measures to prevent hardware failure are described under Hardware security.

Response: The repository systems are virtualized, regularly backedup, and can easily be replicated to a secondary site in the event of failure. RCUB uses a monitoring and alert system to receive notifications when servers have failed. (Responsibility: TRAP-RCUB Team)

In case such a need arose, RCUB could use additional resources provided through AMRES. (Responsibility: RCUB management)

Normally, minor hardware failure events are resolved within 2-3 hours. In case of a major failure, this may take 24-48 hours. (Responsibility: TRAP-RCUB Team, other RCUB teams)

Software failure

Measures to prevent software failure:

Local firewall appliances, such as Iptables and Fail2ban, are used to protect and restrict access to the DAIS instance. (Responsibility: TRAP-RCUB Team)
Software is regularly updated. (Responsibility: TRAP-RCUB Team)
Software is documented and stored on a secure Git server. (Responsibility: TRAP-RCUB Team)
Backup procedures are in place. (Responsibility: TRAP-RCUB Team)
Traffic monitoring is performed. (Responsibility: other RCUB teams and AMRES)
Only authorized and authenticated users have access to the repository submission module (Ingest function). (Responsibility: repository managers and participating institutions)
Passwords are encrypted using the SHA-512 hashing algorithm. (Responsibility: TRAP-RCUB Team)
A ticketing system to report technical issues is in place. End-users can use multiple channels to report issues: the repository feedback form, direct messaging to repository managers or the DAIS Administrator & RCUB user support coordinator, and the RCUB Helpdesk. In the former two cases, the DAIS Administrator & RCUB user support coordinator will register the issue as a "task" in the Jira project management system and assign it to an appropriate IT team member, indicating the priority level. The IT team member will immediately receive an email alert. The issue should be resolved within 48 hours. However, about 80% of issues are resolved during the same working day.

Response: The TRAP-RCUB Team will try to diagnose and resolve the issue. In case of a severe failure, the repository system can be replicated from the backup.

Power failure

Measures to prevent power failure:

Installations are regularly maintained. (Responsibility: other RCUB teams)
Dedicated staff members are physically present on the premises 24/7. (Responsibility: other RCUB teams)
UPS devices are used. (Responsibility: other RCUB teams)

Response: RCUB staff members should establish whether the failure is local or has to do with the public power supply network. In the former case, staff members will try to resolve the issue, in the latter, they will contact the power supply service. In the event of a prolonged power failure, virtual machines could be moved to a different IT environment.

After power supply is reestablished, the TRAP-RCUB team will check the repository system for potential damages due to power failure.

Compromised system security

Measures to prevent malware attacks and other events that may compromise the system security:

RCUB uses the AMRES CSIRT services for handling incidents related to the safety of ICT infrastructure and systems. (Responsibility: AMRES)
Instructions are provided in the Guidelines for Employees. (Responsibility: RCUB management and staff)

Response: The system has to be isolated. Tests are run to identify and address potential issues. The operation of the system may be temporarily suspended. In case of severe damage, the repository system could be replicated from the backup in a different IT environment. (Responsibility: RCUB, supported by AMRES)

After the issue is resolved, the TRAP-RCUB team will check the integrity of the repository system.

Exit processes

TRAP-RCUB members

Measures are taken to ensure that a sufficient number of IT and user support team members are available to prevent disruptions in the operation.

An IT team member who has resigned will be replaced by a new member, who will receive adequate training.
Software, procedures, and workflows are are documented in a way that enables easy replication of procedures and ensures continuity in case of staff changes.
If a user support member resigned, a new team member could easily be recruited from among the managers of the repositories developed by TRAP-RCUB, who are familiar with the specific repository workflows. The user manual for repository managers and the database of resolved issues in Jira are sufficiently detailed to support smooth operation during the transition period.

Response: Before resigning, the team member will be required to complete any open assignments and document all relevant issues and procedures. After the termination, access to all elements of the repository system, Git, Jira, Confluence and email will be disabled. Email will remain active for a limited time, only to enable automatic responses and the forwarding of received messages to other collaborators.

Repository managers

Response: If a repository manager in a participating institution resigns, the institution will appoint a new repository manager. The resigning repository manager will be removed from the user groups having access to the repository functions and restricted content, and access to the additional applications will be disabled.

DAIS Administrator & RCUB user support coordinator will provide training to the new repository manager and may also support repository workflows for the participating institution to facilitate the transition.

Staff of the participating institutions

Response: If a staff member of a participating institution (member of the Designated Community) resigns or gets retired, the institutions' management will decide whether the staff member will be removed from the user group enabling submission and access to restricted content or will be granted the status of an Associate.