1. eTRIKS Platform for bioinformatics ISGC 17/03/15 Pengfei Liu, CC-IN2P3/CNRS

2. Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted projects eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visualization module Security module Conclusion 7/3/20162

3. eTRIKS : European TRanslational Information and Knowledge management Services 7/3/20163 Oct-2012 – Sept-2017 23M Euro 2B Euro Public Private Partnership

4. Objectives of eTRIKS project eTRIKS is a collaborative project focused on increasing the efficiency of translational research (TR) by: – Establishing a cloud based, flexible, scalable TR platform (eTRIKS platform). – Reducing the cost of TR data and Knowledge Management – Facilitating cross study analyses – Ensuring data confidentiality – Providing KM Services to support Private/Public projects in IMI 7/3/20164

5. Translational research 7/3/20165 Cohort of patients with diseases Goal: Combining Clinical observations and bioassay techniques to provide more efficient research of treatments Allowing cross-institute research WGS RNAseq Mass Spec Imaging RT Sensing Bioassays: measurements on genes, molecules, organs

6. Participants of eTRIKS project 7/3/20166 Data analysis tool Development (tranSMART) eTRIKS platform design and development Data curation eTRIKS platform Hosting

7. Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/20167

8. eTRIKS cloud 7/3/20168 Cloud based platform Quick provisioning Horizontal Scalability Resources utilization efficiency

9. eTRIKS cloud environment Hardware 2 controllers (PE R420) 6 hypervisors (PE R620) CPU: 128 core MEM: 768 GB 100 TB block storage (MD3220) 100 TB Database storage (MD3220) Software OpenStack 2014.1(IceHouse) Ubuntu 14.04.1 LTS (Trusty Tahr) 7/3/20169

10. eTRIKS cloud environment 7/3/201610 Physical host Virtual machines 1 Project = n VMs + 1 DB instance Database server User raw data DB Instance iSCSI Volume SSH gateway Curation ETL tranSMART worker(s) Project A Project B Project C Project D

11. Hosted projects Public server (Software as a service) Share public data for translational research. Open access : (https://public.etriks.org/)https://public.etriks.org/ Abirisk (Platform as a service) Study on anti drug-immunization for biopharmaceutical products restricted access OncoTrack (Platform as a service) Identification of bio-marker for colon cancer. restricted access 7/3/201611

12. Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates in eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/201612

13. eTRIKS platform overview 7/3/201613 Data curation and storage End_User CC-IN2P3 Cloud Data analysis and visualization module Data_Curator Curation Server DataBase Data storage Volume Data storage Volume tranSMART Galaxy R R Platform_Admin

14. eTRIKS platform : security module Objectives: User and platform authenticity Data confidentiality Data integrity Security module: User management mechanism Authentication mechanism Authorization mechanism Logging mechanism 7/3/201614 Data curation and storage Data analysis module

15. Security module : Authenticity of platform and user Authenticity of eTRIKS platforms Certificate Public server Abirisk OncoTrack Collaboration tools Authenticity of user Login and password Public key infrastructure 7/3/201615

16. Security module: user registration and validation 7/3/201616 LDAP eTRIKS platform services (e.g. transmart, galaxy, etc.) eTRIKS platform services (e.g. transmart, galaxy, etc.) Project members HTTPs Ldaps User Resgistration (https://portal.etriks.org) User Resgistration (https://portal.etriks.org) Project CZAR HTTPs Admin DashBoard (https://portal.etriks.org) Admin DashBoard (https://portal.etriks.org) Ldaps HTTPs

17. Security module : authentication mechanism architecture 7/3/201617 Authentication Server (OpenLDAP) Authentication Server (OpenLDAP) Data analysis and visualization module SSH gateway End User HTTPs SSH Ldaps Data_curator, Platform_admin Admin DashBoard (https://portal.etriks.org) Admin DashBoard (https://portal.etriks.org) Ldaps HTTPs Project CZAR Data curation and storage Module Data curation and storage Module SSH

18. Security module : Authentication client Authentication client for VMs Linux Pluggable Authentication Modules (PAM) Authentication client for admin dashboard Java client developped by CC-IN2P3 (Java Naming Directory Interface). Authentication client for transmart Spring security ldap plugin Authentication client for Galaxy Apache Module mod_authnz_ldap 7/3/201618

19. 7/3/2016 Security module : authorization mechanism architecture 19 Authorization Server eTRIKS platform services eTRIKS Portal Decision tranSMART DataBase Server DataBase Server Collaboration Tools Authorization Request Policy engine Security Policy Repository Authorization server Policy Repository stores policies in XACML (Policy specification language). Policy engine is implemented by using WSO2-IS. Accessible via https (restful web service).

20. 7/3/2016 Security module: Logging mechanism 20 All critical actions which could corrupt critical data are logged into curation server and database servers locally. Targeted data Raw data (which is accessible via the curation server) Curated data (which is accessible via the database sever) Targeted actions Create Delete Modify Current logged messages Who executed the action When the action is executed

21. eTRIKS platform : Data curation and storage module Objectives: Data uploding Data storage Block storage (i.e. cinder) Database storage (i.e. postgresql) Data curation environment ETL tools (Kettle script over Pentaho) Access of block and Database storage Data curation and storage: Curation server Block storage Database storage 7/3/201621 Data curation and storage Data analysis module Security module Security module

22. Security Module Security Module Data curation and storage module 7/3/201622 tranSMART Galaxy tranSMART Galaxy SSH gateway End User HTTPs SSH Data_curator, Platform_admin Curation Server DataBase SSH Block storage SSH Raw data uploaded via SFTP to block storage (i.e. cinder volume) Data curation server Data curation tools (i.e. Pentaho data integration tool) Curated data are stored in a database server (i.e. Postgresql) Data analysis tools can access curated data via database server

23. Data analysis module Objectives: Translational research Easy to access and share data Data visualization Data analysis tool: tranSMART Galaxy R 7/3/201623 Data curation and storage Data analysis module Security module Security module

24. tranSMART 7/3/201624

25. Galaxy 7/3/201625

26. Overview Introduction What is eTRIKS? What are the objectives of eTRIKS? Who participates in eTRIKS project? eTRIKS cloud CC-IN2P3 eTRIKS cloud Hosted project eTRIKS platform design and development Platform architecture Data curation and storage module Data analysis and visiulazation module Security module Conclusion 7/3/201626

27. Conclusion eTRIKS platform Translational information and knowledge management Scalability Flexibility Security Easy to deploy on a private cloud 7/3/201627

28. Questions ? 7/3/201628

29. 7/3/2016 Other points of eTRIKS security system 29 Encryption: All the communication between clients and eTRIKS platform are encrypted (i.e. Https, ssh, ldaps.). CC-IN2P3 provides possibilities to encrpt raw data for hosted project. Access control mechanism: Access control service is accessible via restful web service. Java client is provided Web interface for managing policy rules and policy combining algorithm

30. XACML policy specification language XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. 7/3/201630

31. XACML access request example … Foo … Admin … read … 7/3/201631