Why ACCORD? Today's scientific enterprise is collecting, using, and sharing increasingly diverse data types from different sources. And most research data today needs to be protected in order to comply with applicable laws and contract agreements (or simply to ensure data integrity for research reproducibility). Protecting sensitive data has become a burden for researchers and institutions. Specialized cyberinfrastructure, such as a HIPAA-compliant system, are expensive to build and maintain. And research data may be subjected to other protection requirements besides HIPAA (e.g., FISMA-CUI). The lack of access to high-performance and compliant cyberinfrastructure can severely limit or even prevent researchers from undertaking high-impact projects. This challenge is exacerbated at smaller, minority-serving, or teaching-oriented institutions, excluding them from many major research opportunities.
To address these challenges, the University of Virginia at Wise, a non-PhD granting institution, is leading a consortium of eleven public universities in Virginia to build the ACCORD community cyberinfrastructure. ACCORD is a shared high-performance, compliant-capable computing system supporting researchers at public universities across the Commonwealth. ACCORD leverages the latest CI tools such as containers, InCommon/CoManage, and Globus to provide flexible and accessible secured HPC resources to users. Individual partner universities can audit and integrate ACCORD into their institutional compliance plan.
ACCORD grew out of our collective desire to collaborate with one another across the State of Virginia. Acknowledging that most of our research institutions lack the capacity to host sensitive data, we formed a consortium to build and share resources to enable state-wide research participation.
Regardless of whether you are a researcher at an R1, a teaching-oriented, or a minority-serving institution, our goal is to provide useful and accessible resources for your research, education, and training needs. Ultimately, our goal is to introduce and support Virginia researchers to join and make the most of the data revolution.
ACCORD is built as a seamless software-hardware system stack. Our goal is to provision flexible resources while assuring security and optimal performance. ACCORD is built on OpenStack with industry's latest tools and architecture designs supporting a state-wide community of researchers.
ACCORD Approach: balancing between Security, Compliance, and Accessibility
Successful balancing between security (protecting data), compliance (meeting policy requirements), and accessibility (reducing user burden) underpins ACCORD's approach. While it's relatively simple to implement the most stringent security measures, or deploy the most comprehensive process to assure compliance, doing so tends to be detriment to the system's accessibility and scalability. To address the competing priorities of mechanism, policy, and people, ACCORD implements two key mechanisms: (1) establish an ACCORD liaison at partner institutions, and (2) implement a secure architecture for data transfer and access.
Institutional ACCORD Liaison - Compliance must be assured end-to-end, and verified to the satisfaction of the researcher's home institution. Therefore, ACCORD establishes a liaison at each partner institution. The liaison interfaces between the researcher, institutional OSP/contract/legal entities, and the ACCORD program. The liaison supports researchers to configure and test his/her ACCORD container to assure: (1) meeting researcher needs, and (2) meets/receive institutional compliance approval. Ultimately, the ACCORD liaison balances compliance with accessibility for both the researcher and the home institution.
ACCORD secure access architecture - Assuring system security is the central to ACCORD's design; yet, user accessibility must also be prioritized. To address these competing objectives, ACCORD leverages industry's latest tools and best practices, including Science DMZ, GLOBUS, InCommon/CoManage, and containers. We also develop our own utilities such as the data transfer client that coordinates a whitelist controller (poke through firewall) with the GLOBUS data transfer engine. ACCORD assures security by isolating and rigorously managing data ingress/egress processes; concurrently, ACCORD support accessibility by streamlining the user's process into an automated back-end process. Ultimately, the ACCORD security architecture balances security with accessibility for both the ACCORD system and its users.