- LF formatting for C14, C15 and C16
parent
e4fd1197af
commit
30f9917316
3 changed files with 75 additions and 74 deletions
|
|
@ -16,7 +16,7 @@ With the help of the [Data Architecture Diagram](https://gitea.geologie.ac.at/ge
|
|||
|
||||
**Data storage:** The Data Architecture Diagram also describes the virtual infrastructure ([data storage](https://gitea.geologie.ac.at/geolba/tethys.backend/wiki/DataArchitectureDiagram#3-storage-infrastructure)) used to store the data and metadata in the repository. By using PostgreSQL, TETHYS is able to manage large volumes of metadata and provide fast and secure access to this information. The data files are stored on an Ubuntu 22.04 file server with ext4 partition. Corresponding file checksums md5 and sha512 are also stored in the database.
|
||||
|
||||
**Data Discovery:** TETHYS supports data discovery in various ways. The datasets can always be found through the Data Frontend, https://tethys.at/search, browsing by subject, author, language or year, or by searching inside the metadata attributes title, author or keywords. All visible metadata are indexed and searchable by [Solr](https://tethys.at/solr/rdr_data/select?q=\*%3A\*). Tethys Metadata and File downloads can be queried by a REST API (Representational State Transfer Application Programming Interface), which allows repository staff to interact with the Tethys system and retrieve metadata and data files programmatically.
|
||||
**Data Discovery:** TETHYS supports data discovery in various ways. The datasets can always be found through the Data Frontend, https://tethys.at/search, browsing by subject, author, language or year, or by searching inside the metadata attributes title, author or keywords. All visible metadata are indexed and searchable by [Solr](https://tethys.at/solr/rdr_data/select?q=*%3A*). Tethys Metadata and File downloads can be queried by a REST API (Representational State Transfer Application Programming Interface), which allows repository staff to interact with the Tethys system and retrieve metadata and data files programmatically.
|
||||
|
||||
For the **metadata management** the Data Architecture Diagram provides information on the specific types of metadata that should be included with the data. This may include information on the format and structure of the metadata, as well as the types of information that should be included. Tethys RDR supports three metadata standards for the metadata export (**Dublin Core, DataCite and ISO19139**).
|
||||
|
||||
|
|
@ -67,7 +67,6 @@ The deletion of a record initiates the following process:
|
|||
|
||||
|
||||
|
||||
|
||||
# C14.6. Any checks (i.e. fixity checks) used to verify that a digital object has not been altered or corrupted from deposit to use.
|
||||
|
||||
For internal fixity checks, TETHYS Repository operates an automated cron job that routinely tests all the md5 and sha512-checksums for data stored by the TETHYS Repository and produces a regular report providing appropriate warnings if a silent data corruption is detected in the storage layer. Corresponding code of the cron job can downloaded via [TEHYS Code repository](https://gitea.geologie.ac.at/geolba/tethys.backend/src/branch/master/commands/ValidateChecksum.ts).
|
||||
|
|
|
|||
|
|
@ -6,14 +6,12 @@ In order to comply with international metadata standards such as Dublin Core, Da
|
|||
|
||||
The new TETHYS editorial system on the server side, which is also known as tethys.backend, is a web-based open-source software that operates directly on the PostgreSQL database. It is built using AdonisJS, which is a Node.js-based web framework that provides a robust set of tools and features for building scalable and secure web applications. AdonisJS also includes an object-relational mapper (ORM) that allows developers to work with database tables and records using object-oriented programming techniques. The styling of the TETHYS backend is built using Tailwind, which is a utility-first CSS framework.
|
||||
|
||||
|
||||
# C15.2. Any IT service management approach followed and the functions this approach specifies (e.g. systems documentation, software inventories, code repositories, infrastructure development planning).
|
||||
|
||||
General descriptions of the systems and software used can be found in our [Wiki]( https://gitea.geologie.ac.at/geolba/tethys.backend/wiki/?action=_pages). There you will find public information about the recovery of the Tethys research repository, details about the database model, instructions for starting docker container and a data architecture diagram for a clear understanding of all storage locations. All code repositories are accessible online via a [Gitea instance](https://gitea.geologie.ac.at) hosted at the GeoSphere Austria data center. The associated Tethys Docker images are also securely stored there using the [built-in Docker registry functionality](https://gitea.geologie.ac.at/geolba/-/packages). All necessary configurations to launch the Docker container are described in the wiki. \
|
||||
General descriptions of the systems and software used can be found in our [Wiki](https://gitea.geologie.ac.at/geolba/tethys.backend/wiki/?action=_pages). There you will find public information about the recovery of the Tethys research repository, details about the database model, instructions for starting docker container and a data architecture diagram for a clear understanding of all storage locations. All code repositories are accessible online via a [Gitea instance](https://gitea.geologie.ac.at) hosted at the GeoSphere Austria data center. The associated Tethys Docker images are also securely stored there using the [built-in Docker registry functionality](https://gitea.geologie.ac.at/geolba/-/packages). All necessary configurations to launch the Docker container are described in the wiki. \
|
||||
Internal information about virtual server, maintenance and security settings are stored in a separate, **private** wiki on internal LAN servers. \
|
||||
Hardware Infrastructure is generally renewed every 3-4 years, which is transparent to the system because of virtualization. Operating systems are regularly updated to the latest releases and patches.
|
||||
|
||||
|
||||
# C15.3 Any international, community or other technical infrastructure standards in place and how compliance is monitored.
|
||||
|
||||
~~GeoSphere Austria is certified according to the international standard ISO 27001 for information security management. Compliance with these standards is monitored by the organization responsible for issuing certification and conducting audits. This organization inspects and monitors the organization's infrastructure and processes to ensure that the relevant standards are met and the certification for GeoSphere Austria can be renewed and compliance is monitored.
|
||||
|
|
@ -29,21 +27,19 @@ The TETHYS research repository is being developed using the **Continuous Integra
|
|||
|
||||
To ensure that the availability, bandwidth, and connectivity are sufficient to meet the needs of the designated community of TETHYS RDR, the following measures are taken:
|
||||
|
||||
|
||||
1. **A reliable and reputable hosting provider**: All basic hard- and software services of TETHYS repository are hosted by the Geosphere Austria computer center, which is a reliable provider that supplies the necessary infrastructure and software services.
|
||||
All the necessary backend and middleware systems for TEHTYS, as well as the web servers and SOLR search server for the frontend, are operating on virtual VMware servers. This setup provides sufficient capacity and high performance, as well as enhanced availability through virtualization. The dedicated machine responsible for the PostgreSQL database is equipped with a powerful IO system to ensure high performance. The server operating systems responsible for the TETHYS frontend and backend are operating on virtualized Ubuntu 22.04.
|
||||
The use of professional monitoring software like ICINGA helps to ensure that Tethys research repository is running smoothly and that its users can access the data they need without interruption. Tethys research repository utilizes the open-source web analytics software, Matomo, to monitor access statistics and gain insights into user behavior.
|
||||
All the necessary backend and middleware systems for TEHTYS, as well as the web servers and SOLR search server for the frontend, are operating on virtual VMware servers. This setup provides sufficient capacity and high performance, as well as enhanced availability through virtualization. The dedicated machine responsible for the PostgreSQL database is equipped with a powerful IO system to ensure high performance. The server operating systems responsible for the TETHYS frontend and backend are operating on virtualized Ubuntu 22.04.
|
||||
The use of professional monitoring software like ICINGA helps to ensure that Tethys research repository is running smoothly and that its users can access the data they need without interruption. Tethys research repository utilizes the open-source web analytics software, Matomo, to monitor access statistics and gain insights into user behavior.
|
||||
2. **Caching mechanisms**: TETHYS REST API has implemented caching mechanisms, which are based on REDIS cache. REDIS provides fast in-memory data storage and retrieval to reduce the load on the repository's servers and speed up access to frequently accessed content.
|
||||
3. **Load balancing**: TETHYS uses NGINX as a load balancer to distribute traffic across multiple servers to ensure that the repository can handle high levels of traffic and provide a seamless user experience.
|
||||
4. **Performance monitoring** and capacity planning: TETHYS staff regularly monitors the performance of the repository and performs disk capacity planning to ensure that the repository can handle future growth in usage.
|
||||
5. **Multiple access points**: TETHYS provides multiple access points to the repository, including web interfaces, REST APIs, and web applications. TETHYS frontend web application employs a full responsive frontend design to ensure that users can access the data from a variety of devices and platforms. This means that the repository's web interface is optimized to provide an optimal viewing and interaction experience across a wide range of screen sizes and device types, including desktops, laptops, tablets, and smartphones.
|
||||
|
||||
|
||||
# C15.6 Processes in place to monitor and manage the need for technical change, including in response to the changing needs of Preservation C09, and Reuse C13 by the Designated Community.
|
||||
|
||||
There are several processes that are used to monitor and manage the need of technical changes in software development of Tethys.
|
||||
|
||||
* Change management: This involves establishing a formal process for requesting, reviewing, approving, and implementing changes to Tethys software development. Changes may include new features, bug fixes, or modifications to existing functionality.
|
||||
Version control: This enables the developer team to keep track of changes to software code and ensure that everyone is working on the most up-to-date version. This is done using Git versionskontrolle.
|
||||
* Continuous integration/continuous delivery (CI/CD): These are practices that involve automating the building, testing, and deployment der software. This helps catch errors and ensure that changes are released into production environments as quickly and reliably as possible.
|
||||
* Agile methodologies: Agile development focuses on iterative development cycles, with frequent feedback and collaboration between developers, stakeholders, and end-users. This approach helps ensure that software development stays aligned with changing requirements and priorities.
|
||||
- Change management: This involves establishing a formal process for requesting, reviewing, approving, and implementing changes to Tethys software development. Changes may include new features, bug fixes, or modifications to existing functionality.
|
||||
Version control: This enables the developer team to keep track of changes to software code and ensure that everyone is working on the most up-to-date version. This is done using Git versionskontrolle.
|
||||
- Continuous integration/continuous delivery (CI/CD): These are practices that involve automating the building, testing, and deployment der software. This helps catch errors and ensure that changes are released into production environments as quickly and reliably as possible.
|
||||
- Agile methodologies: Agile development focuses on iterative development cycles, with frequent feedback and collaboration between developers, stakeholders, and end-users. This approach helps ensure that software development stays aligned with changing requirements and priorities.
|
||||
|
|
|
|||
|
|
@ -1,22 +1,28 @@
|
|||
# C16.1 The levels of security required for differnt data and metadata and environments, and how these are supportet
|
||||
|
||||
For supporting the levels of the required security for data, metadata and environments we have implemented a multi-layered approach to security, which includes physical, technical and administrative controls. Physical controls involve securing access points, restricting visitor access, and monitoring who enters the premises. Strong encryption, a firewall and an antivirus software are used for technical control to secure networks. Administrative controls involve developing security policies and procedures, training employees, and conducting regular security audits.
|
||||
|
||||
# C16.2. The IT security system, employees with roles related to security and any risk analysis approach in use.
|
||||
|
||||
The IT security system has several different types of employees and roles which are involved to manage the IT security system and perform the risk analyses. This means that there are different roles involved in the IT of Geosphere Austria.
|
||||
|
||||
* The Information Security Analyst is responsible for identifying and managing security risks, as well as developing and implementing security policies and procedures.
|
||||
* The Network Security Engineer is an expert in designing and implementing security measures to protect computer networks from cyber attacks.
|
||||
* The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed.
|
||||
* The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response.
|
||||
- The Information Security Analyst is responsible for identifying and managing security risks, as well as developing and implementing security policies and procedures.
|
||||
- The Network Security Engineer is an expert in designing and implementing security measures to protect computer networks from cyber attacks.
|
||||
- The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed.
|
||||
- The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response.
|
||||
|
||||
# C16.3 Measures in place to protect the facility. How the premises where digital objects are held area secured.
|
||||
|
||||
To premise where digital objects are held there is a multi-layered security system implemented that includes physical, electronic, and procedural controls.
|
||||
* The Physical security measures include surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry.
|
||||
* The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats.
|
||||
* The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols.
|
||||
|
||||
- The Physical security measures include surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry.
|
||||
- The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats.
|
||||
- The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols.
|
||||
|
||||
# C16.4 Any security-specific standards the repository references or compiles with.
|
||||
|
||||
We have one of the most well-known standards at the moment: ISO/IEC 27001. This is a standard that provides a framework for establishing, implementing, maintaining, and continually improving information security management systems.
|
||||
|
||||
# C16.5 Any authentification and authorization protectures employed to securely manage access to system use.
|
||||
|
||||
For authentification and authorization protectures employed to securely manage access to Tethys, we are using LDAP, SAML, and Keycloak to ensure access to system usage. LDAP is used for user authentication and authorization, while SAML provides a secure way to exchange authentication and authorization data between different systems. Keycloak as an identity and access management solution is integrated with both LDAP and SAML, allowing for easy management of user identities and credentials. Overall, this combination of technologies provides a secure and reliable way to authenticate users and ensure that only authorized individuals have access to Tethys.
|
||||
Loading…
Add table
Reference in a new issue