DAIS - Digital Archive of the Serbian Academy of Sciences and Arts: Security

From TRAP-RCUB

Revision as of 23:15, 29 September 2021 by Trap (talk | contribs) (Created page with "== Operational continuity and disaster recovery == DAIS is hosted by the University of Belgrade Computer Centre on a virtual machine in a Proxmox environment under a CentOS op...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Operational continuity and disaster recovery

DAIS is hosted by the University of Belgrade Computer Centre on a virtual machine in a Proxmox environment under a CentOS operating system. Hardware resources are incrementally adjusted to the database size and the number of visitors. The repository database is stored on a PostgreSQL 9.5 server inside the production-level virtual machine. Database export is enabled.

The software platform of DAIS is based on DSpace 5.10. The core DSpace code and Java code have not been modified to facilitate the implementation of DSpace upgrades. Major modifications have been made to the configuration, localization files and the XMLUI configuration. The system has been enriched with additional applications (displaying citation counts from the Web of Science, Scopus, Dimensions and Altmetric Attention Scores; displaying recommended citation; full ORCID integration; displaying human-readable funding information in the selected interface language). The source code of the customized version of DSpace and all additional applications is stored on a local Git server accessible only to the repository development team. Detailed documentation about software, installation, configuration, maintenance, and troubleshooting is available on Confluence. This enables easy replication of procedures and ensures continuity in case of staff changes.

Backups are regularly performed at the virtual machine level. Both live instances and their passive backups reside on hardware-enabled and redundant RAID setups. The monitoring and alerting service MONIT, maintained by the RCUB team, constantly monitors the operation of the repository and sends alerts to system administrators in case of unexpected events. Local firewall appliances, such as Iptables and Fail2ban, are used to protect and restrict access to the DAIS instance. The repository follows a regular upgrade cycle and, where possible, existing and widely accepted best practices.

In case of major software configuration changes or updates, the virtual machine is cloned and all changes are tested on the clone. Before any intervention on the production machine, a snapshot is created in the virtualization system, to enable roll-back and prevent data loss. End-users are duly informed about planned changes and upgrades.

Continuity of Access

According to the law, SASA is the national academy and the most prominent scholarly institution in Serbia. The institutes are independent legal entities but their work is closely tied with the mission and the activities of SASA (e.g. joint projects, co-publishing projects, joint conferences, etc.). In line with their mission and the role of publicly funded institutions, SASA, SASA institutes, and RCUB (as the Outsource Partner) seek to provide reliable and secure archiving for diverse outputs of SASA and SASA institutes, while ensuring an easy access and widest dissemination of the Open Access content. The current level of funding is sufficient to maintain and develop DAIS. Development and maintenance, as well as data security, are ensured through a SLA with RCUB.

SASA and SASA institutes are able to preserve data access in case of unexpected emergency budget cuts. DAIS is easy to keep running and service costs are not high. All repository managers are employed under regular contracts at participating institutions and their activities related to repository management do not incur any additional cost. The SLA with RCUB foresees Post-Cancellation Service Time, i.e. a period of time after the termination of SLA during which the repository will be available with the minimum maintenance services provided. Accordingly, even in case of funding disruption, the services will be kept running, providing sufficient time to find a sustainable solution.

Hardware security

The computer hardware that runs the repository is the property of RCUB. A dedicated team at RCUB takes care of the configuration, maintenance, security, software updates and development. RCUB has a dedicated team responsible for infrastructure security. RCUB security officers are responsible for general network security, server security, and service maintenance and they collaborate closely with the repository development team. Servers and network devices are kept in a dedicated area with physical access strictly limited to authorized staff. Access to the backup facilities is strictly limited access. The premises are equipped with fire alarms and a fire retardant system. Uninterrupted power supply is ensured by means of an automatic stand-by electric power generator. Dedicated staff members are physically present on the premises 24/7. Remote security services are also provided.

Retrieved from ‘https://repowiki.rcub.bg.ac.rs/index.php?title=DAIS_-_Digital_Archive_of_the_Serbian_Academy_of_Sciences_and_Arts:_Security&oldid=426