Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

Data Owner Responsibilities

  • Administrative oversight of department’s IFS licence

  • Provide a Purchase Order for IFS costs (after July 2025)

  • Appoint Data Managers for all the drives within the Department IFS licence

  • Receive email warnings as maximum capacity reached

  • Extend storage capacity by providing a PO

  • If acting as Data Manager also, the following responsibilities equally apply

  • Annual review of Data Manager/s to ensure they are correct.

Data Manager Responsibilities

  • Assist incident recovery activities by reviewing data

  • Identifying data that may belong elsewhere so it can be moved

  • Adding users to the appropriate security groups as UMD and Assured computers are rolled out so that they can access the data.

  • Ongoing responsibility for data access - adding and removing users (either via self serve or directing CSCS to do on your behalf)

  • Ongoing identifying additional security groups that may be required and requesting them from CSCS

  • Ensuring that data in the drive is stored appropriately (according to data classification policy below)

  • Responding to alerts if drive is possibly running out of space

  • Share urgent data that may be required in the short term before drive access restored to all users

  • Ensuring that data access is provided only to authorised users and those with UMD or Assured computers

  • Annual review of users who have access to data to ensure that it is correct.

Info

DO and DM have access to a report of all of their managed Group drives and Security groups. They can access it by going to their Halo home portal, select My reports and open the Group drive(s) on the list.

IFS Cost

IFS is paid for on a per TB basis. 1TB is £150 per year and will be billed to each department. UIS have graciously granted CSCS until July 2025 at no cost to give the School time to move into IFS and iron out any difficulties. When the renewal comes up each data manager will receive an email with information about paying for the licence and data.

IFS Data Quota

Data storage is purchased on a per TB basis. If your IFS drive gets close to its quota, the data manager will receive an email to that effect. You can instruct your users to do some housekeeping, or increase the space by going to this page https://selfservice.uis.cam.ac.uk/storage/IFS/

New Group Drives

Adding a new group drive can be done via the IFS Self Service portal

...

Expand
titleUsing the UIS Self Service Portal to add a new group drive (Project) to IFS
  1. Click here

image-20240905-065912.pngImage Removedimage-20240905-065912.pngImage Added

  1. Click here

image-20240905-065919.pngImage Removedimage-20240905-065919.pngImage Added

  1. Enter a Project name and change the size if more than 1TB required

image-20240905-065928.pngImage Removedimage-20240905-065928.pngImage Added

  1. Click "Add a Project Manager"

image-20240905-065934.pngImage Modified

  1. Add Data Project Managers by typing in their CRSids.

Data Classification Guidelines

Data should always be stored in accordance to the University’s https://help.uis.cam.ac.uk/service/security/data-sec-classes. IFS is suitable for Medium impact level 2 data.

Sharing data before IFS permissions are set up

Once you have access to your data you would be able to share it out through many methods. You must be cautious when sharing data and only use the method suggested below. Otherwise you risk:

...

  1. Copy any data that your team needs in the very short term to the files area in your Microsoft Team. Teams is simply a way of viewing the data in a restricted SharePoint site so effectively this means you will put the data in SharePoint.

    1. Think about your team and the data you want to move. Should all of the people in the team access the data? if not, is there a secured channel that is already set up that has the necessary people in it?

      1. if yes, move the files to that channel

      2. if not, create a new folder in SharePoint

  2. Make a note of what is moved so that later it can be copied back to IFS

  3. Consider LinkedIn learning or the UIS SharePoint training before you do this. See links below.

CSCS Group Drive data recovery activities

All data has been moved from CSCS group drives to IFS. It now needs to be secured so that it can be made available to users with Assured computers.

...

The Data Manager needs to review the data and identify any that needs to be locked down further. Please review the Permissions Models below and advise CSCS which one you choose for your data.

Permissions Models - Securing Your Data

Info

For simplicity of management, the ideal is that all users with access to an IFS drive can access all data. If that is acceptable, go to Option1 below.

...

Expand
titleOption 2: Secure folders at the top level
  1. pro - once established can be self managed by the data manager and CSCS in future. Flexible and allows for efficiently securing small amounts of data (less than 1TB).

  2. con - requires more time to set up, document and maintain. Additional security groups must be set up by CSCS. Documentation must be kept by Data Manager and CSCS to capture which folders are secured and by what security groups.

Securing data with top level folders

  1. Create a list of all folders that will need to be at the top level.Complete the

    1. Dont create the folders on the drive in advance.

  2. Complete the Halo form under IT, Accounts & Access, Security on group drive folder.

    1. select Add

    2. select the group drive name (if it there are duplicates choose one of them and CSCS will find the correct name from our master list)

    3. In the Group Drive Folder field, add the name of the folder you want to be created and restricted. Ideally this will be a new folder - do not create it - we have an automated process that will do so. If you have several folders to be created, attach a spreadsheet to the ticket or put the list into the Additional Information field.

  3. CSCS will create the folders and the groups to be associated with them and advise the Data Manager when this is complete.

  4. The Data Manager will move the data into the new folder. Please note that it will take approximately 24 hours for data moved into a folder to be properly secured. This happens automatically after the data is moved or copied into a folder, but depending on the number of files it can take time to work through all of them.

  5. Users can be given access to the data once they have assured computers. The procedure for giving access to users is under development.

Option 3: Move selected data to a new group drive (called an IFS Project) This drive can either be secured with a single group as in C2 Option 1 or have top level folder permissions as in C1Option 2.

Expand
titleOption 3: Move data to a new group drive

pro - very easy to manage. There is a single group to add people into and they can see all of the data.

con - to make sense economically it should contain over 500GB of data as the minimum size is 1TB. If you only put 100 GB of data in it, the department will pay for the full 1TB (£150/y)

Moving data to a new IFS Project

  1. Create a list of the data that should be moved to a new IFS project.

  2. Request a new project be created - you can log this in Halo as a Generic Request.

    1. Indicate the department and licence name the project goes into

    2. Proposed name and purpose of the project

  3. CSCS will create a new IFS Project and advise you when it is done

  4. You should be able to see it under your folders and you can drag and drop the data into it

  5. Users can be given access to the data once they have assured or UMD computers. The procedure for giving access to users is under development.

Option 4: Move data to SharePoint - For small amounts of data you might want to consider moving it into Microsoft Teams/SharePoint. If the data is to be visible to an existing Team (in MS Teams) or a Teams channel this is simply a question of moving the file to right Files area for that Channel in SharePoint. You can enroll in the UIS SharePoint course for more information on how to do this (https://www.training.cam.ac.uk/ucs/event/5330021).

Example diagrams:

The diagram below gives an example of a fictitious group drive. It has 4 top level folders, and 2 sub folders. All users who are in the Security group for Everyone will have access to data in all of those folders.

...

The data from the example diagram above has been adjusted per the suggestions above. The Data Manager needs to indicate the security groups needed (purple text). Move the E. More HR data folder under A. HR and move F. HoD Confidential to the top level (green text)

...

Granting access to IFS data

Info

Only It is the responsibility of the Data Manger to ensure only people who have a UMD or Assured computer should be are given access to IFS data.

For the most part, data managers will use a UIS web page called Toolkit https://toolkit.uis.cam.ac.uk/to add users to the appropriate security groups to be able to access group drive data. This is under construction at this moment. Once available detailed instructions will be provided.Instructions how to access are detailed below.

Colleagues who need access to the group drive will also need must have a UMD or Assured computer. If they do a data owner or manager can ask CSCS to grant them access. If they do not, speak , either the Data Manger can grant access, or the Data Manager/Owner can request via the CSCS Service Desk using this request form Clinical School Computing Service User Portal - Group Drive Access. If they do not have a UMD or Assured computer, first check if they have received an audit form from CSCS and have completed it. Secondly, have they received an invitation from CSCS to attend the Recovery Clinic. If any of those things have not happened, please contact the CSCS Service Desk and ask them to check where the person is within the process. If it is an urgent matter, please escalate with your Business and Operations Manager about getting them in the queue for a computer.

Procedure:

  1. Each user will determine which group drives they need access to and reach out to the relevant Data Managers.

    1. The list of group drives and data managers is here: https://www.staff.admin.cam.ac.uk/system/files/download/ifs-path-reference-list-all-drives.xlsx (please note that this a spreadsheet hosted on a UIS website. When you click this link it will open up a blank webpage and download the file, putting it in the downloads folder on your computer. If there are any errors, please advise CSCS. The file will be updated if changes are required).

  2. When a user asks for access to a group drive:

    1. Ensure that you have reviewed the group drive’s permissions and it has been implemented by CSCS

    2. Determine whether they should have access (you may need to speak with the Data Owner to confirm, or you may know from previous group drive configuration)

    3. Confirm the user has a UMD or assured device, using this look up tool - https://app.powerbi.com/groups/me/reports/a9baafd0-4fae-4a53-8d51-026c3384d16f/eb78adb446a7499bc1be?ctid=49a50445-bdfa-4b79-ade3-547b4f3986e9&experience=power-bi

    4. Go to the User on the left under Pages

      image-20240918-133659.pngImage Removed

    5. At the top-right corner, click on the Reset button.

      image-20240918-134049.pngImage Removed
    6. When prompted, click on Reset button.

      image-20240918-133816.pngImage Removed
    7. 5c2484bc-b48a-4f87-a789-84945a43bed2/dashboards/16bd20f4-5dee-4f5d-8f39-7ce8adc68a87?ctid=49a50445-bdfa-4b79-ade3-547b4f3986e9&pbi_source=linkShare

      1. Click in either the User Name, User Email or Department field (see below) to do a search.

        image-20240918-133912.pngImage Removedimage-20240919-111311.pngImage Added
      2. Type in either the name, CRSID or department name in the appropriate field you are looking for. If they are the user is not listed, they do not yet have a UMD device.

      3. If you are sure a user has a UMD device but you can’t find them on the list, try just their surname. People often display their initials instead of forename in the directory. Unfortunately you cannot search by CRSID.

Info

Data for this lookup tool https://app.powerbi.com/groups/me/reports/a9baafd0-4fae-4a53-8d51-026c3384d16f/eb78adb446a7499bc1be?ctid=49a50445-bdfa-4b79-ade3-547b4f3986e9&experience=power-bi is pulled from many data sources, so some information is updated every 2 hours but data on Windows devices is only updated once a day (overnight) which cannot be changed.

...

  1. Go to the

...

  1. file https://www.staff.admin.cam.ac.uk/system/files/download/ifs-path-reference-list-all-drives.xlsx

  2. Find the drive

  3. Copy the primary security group name from column

...

  1. I

...

  1. Open Toolkit

...

  1. - https://toolkit.uis.cam.ac.uk/ - and follow instructions in the

...

  1. “Adding users to groups in Toolkit” section below.

  2. Send the user a message

...

  1. and include this link https://cscs-itsupport.atlassian.net/wiki/x/A4ATLg to tell them how to view the drive

  2. If you have chosen folder-level security for the drive;

...

    1. Go to the file https://www.staff.admin.cam.ac.uk/system/files/download/ifs-path-reference-list-all-drives.xlsx

    2. Look at the Permissions groups tab in the spreadsheet and find the permissions groups

    3. Find the name of the lookup group giving access to the entire group drive

...

...

Note down the group names

    1. Proceed to Toolkit to add the users to the relevant groups (see

...

    1. the “Adding users to groups in Toolkit” section below)

Expand
titleAdding users to groups in Toolkit - under construction

Go to https://toolkit.uis.cam.ac.uk/ and sign in with your University account. ** If you cannot get access, please contact the CSCS Service Desk

Select Groups from the left side navigation bar

Select Hybrid AD Groups

image-20240828-064616.png

Ensure that your institution has been selected (see screenshot below). If it has not, click the Select institution Institution drop-down and choose it. If you aren’t you’re not sure which institution to choose, see this page Toolkit Institutions for a list.

image-20240828-064802.png

In the Search (Filter) area type or paste in the name of a group

Select the group by clicking on it once

Click the Edit button

Click Choose users manually

Type or paste in the crsid /s you are adding. You can add more than one by separate them with spaces or commas if there is more than one.

Click Add to Group button

You should see the users added to the group by CRSID and full name. Check that you added the right individual. Once you are satisfied with the result, you can click the X to exit from the edit group dialogue.

The UIS guide to managing groups with Toolkit can be found here with more details: https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/university-central-directory/toolkit/how-use-toolkit/manage-1

Folder level file permission setup

If option C1 2 is chosen you will be advised by CSCS once the new secured folders are set up. Next stepsWhen you receive the notification:

  1. The requester (usually a data manager) will be expected to move the files from the old location to the new folders that CSCS have created and secured.

  2. Open Windows Explorer and turn on hidden items. do Do this by clicking View in the toolbar, select Show, select Hidden Items

  3. Open up 2 two Windows Explorer windows - one with the old location and one showing the new

  4. Drag and drop files from the old to the new location

  5. If you see any errors, note them down and contact CSCS for assistance

  6. Confirm that the data was all copied

  7. Delete the old folder

  8. Wait 24 hours for the new permissions structure to be applied to all of the files you copied in

  9. You could now give access to other users with UMD computers per https://cscs-itsupport.atlassian.net/wiki/spaces/FAQ/pages/edit-v2/738099232#Granting-access-to-IFS-data

Data Manager Training

...

More information

UIS IFS Service Information https://help.uis.cam.ac.uk/service/cloud-services/institutional-file-store-service-ifs

...