Acceptable Usage Policy

Mission

To facilitate and enhance computationally-intensive research at BYU by providing reliable, state-of-the-art, high performance computing (HPC) resources to faculty and students.

General

The Advisory Committee of the Office of Research Computing oversees system resources and operations. The committee is composed of the BYU Associate Academic Vice President for Research and Graduate Studies; the Vice President of Information Technology/CIO; the Assistant Vice President of Information Technology; the Deans of the Colleges of Engineering, Physical and Mathematical Sciences, and Life Sciences; a High Performance Computing (HPC) oriented Faculty Advisor; and the Director of the Office of Research Computing.

All users of Office of Research Computing resources are expected to adhere to the BYU Computer and Electronic Communications General Use Policy and Procedures:

• BYU General Computer and Electronic Communications General Use Policy
• BYU General Computer and Electronic Communications General Use (Procedures)

Policies, procedures, resource offerings, and expectaions specific to the Office of Research Computing are outlined in the following sections.

Systems Use

Office of Research Computing accounts are privileges to be used in conjunction with and in support of BYU research activities and for course usage, if the course usage would not differ significantly in requirements from typical research usage. Office of Research Computing resources are not to be used for non-BYU research programs.

Only the resources that are needed should be requested, both in terms of account requests and job submissions. Individuals should not "game" the job scheduler.

Office of Research Computing systems are made available for the facilitation of research and academic courses; they are not suitable for the treatment of patients or for any other purpose in which timely access is a necessity. No guarantee is made concerning system uptime, disaster recovery, or availability of operations in an emergency.

Privacy

All network and system usage is subject to monitoring and recording in order to maintain confidentiality, data integrity, and system availability. Any improper or unlawful use may be disclosed to organization and law enforcement officials, and appropriate action may be taken.

Users who are unwilling to follow or who are actively in violation of policies will have account privileges revoked.

HTTP cookies are only used to establish and maintain authentication and authorization to access portions of the website as well as to enable website functionality.

Cost

Office of Research Computing resources are provided at no cost to eligible users.

User Eligibility

To be eligible for an Office of Research Computing account, you must have a justifiable compute resource need and be an active BYU employee, a BYU student, or an external research collaborator working closely with BYU researchers.

CFS-track faculty members are treated as the head of a research group for purposes of account sponsorship, account management, resource usage and allocation, etc.

Undergraduates, graduate students, post-doctoral fellows, contract faculty members (e.g. adjunct, affiliate, etc), and others are required to have a CFS-track BYU faculty member sponsor and approve their account to validate the need and legitimacy of the account.

External collaborators require a CFS-track BYU faculty sponsor and the approval of the sponsor's department chair to validate the need and legitimacy of the account. External users are only to use Office of Research Computing resources for the computational needs associated with collaborative BYU research.

Eligibility ceases when a user leaves the university due to graduation, termination of employment, or completion of a collaborative research project.

User Accounts

New Accounts

Office of Research Computing staff evaluate and approve or deny all new account requests.

Account requests from CFS-track faculty members are submitted directly to the Office of Research Computing for approval. All other requests are first approved by a sponsoring CFS-track faculty member.

Collaborator accounts are requested by a BYU faculty member and also require approval from the sponsoring faculty member's department chair.

Web-only accounts (a.k.a. sponsor-only accounts) are available to faculty who do not need a system login but need to validate and approve account requests and renewals from the users they sponsor.

Account requests require a brief explanation of the research being done and a justification of why Office of Research Computing resources are needed.

Account Renewals

Accounts are valid for up to one year and can be renewed annually upon providing an updated explanation of ongoing research and justification of need.

Office of Research Computing staff approve faculty account renewal requests.

Faculty are expected to approve or deny account renewal requests from those they sponsor. In rare circumstances, Office of Research Computing staff may approve these renewal requests.

Expired Accounts

Users receive an email warning notice prior to account expiration and again at expiration.

Logins to Office of Research Computing compute resources are suspended for expired accounts. Account logins for sponsored accounts (e.g. students, postdocs, collaborators) are suspended if the account of the sponsoring faculty member has expired.

Expired accounts can be renewed for up to four months from the date of expiration or until the account data is deleted, whichever occurs first. After that, a new account must be requested.

Data is subject to deletion upon account expiration, though data is typically not deleted until at least two weeks have passed since expiration.

Account Expectations

User accounts are not to be shared. Each user should use only their assigned login name, password, and two-factor authentication to access Office of Research Computing resources.

Passwords should be kept private and safe.

All users must enroll in two-factor authentication.

Users who share credentials with others, share access to accounts with others, or access the accounts of others may have their access temporarily or permanently revoked.

Service accounts for such purposes as group logins are very rarely permitted. Requests must be submitted to the Office of Research Computing for review.

The need to share datasets is not a valid reason to share an account. File sharing groups should be created instead.

The Office of Research Computing expects that users have at least basic skills in unix/linux command line utilities (e.g. basic text editor, ssh, scp, sftp). Support and training in these areas are not actively provided by the Office of Research Computing, but the Office of Research Computing does provide basic online tutorials and will point users to other training resources.

Users should provide an accurate, actively used email address when requesting an account. Users should be willing to receive and read email from the Office of Research Computing regarding system outages, user meetings, training, system updates, or account issues.

Users may not open up the permissions on their personal directories so that others may access them directly. Users should use file sharing groups instead.

Client systems should have session locking enabled with pattern-hiding displays (i.e. a screensaver with a password lock). Session locking should be automatically enabled after a 10 minute period of inactivity and should be manually activated when a user steps away from the computer.

Protected Data

For the purposes of this document, "protected data" refers to any of the following:

• Confidential Unclassified Information (CUI) as described in the programs specified in Executive Order 13556
• Regulated data that may not be specifically categorized as CUI but needs strong security controls (e.g PHI under HIPAA)
• Data that BYU classifies as needing strong security controls

Users may store and process protected data as specified in the Protected Data policy. Usage must be specifically pre-approved by the Office of Research Computing in writing. Protected data types not listed are not authorized for use.

Any health-related information, whether or not it is regulated by HIPAA, should be adequately de-identified in accordance with standards specified in HIPAA regulations unless identification is absolutely essential for the associated research.

All usage of PHI (Protected Health Information) shall be in accordance with an active IRB protocol or approved contract that was signed off by ORCA. PHI that does not meet this requirement may not be stored on Office of Research Computing systems. The Office of Research Computing will typically make ORCA, the IRB, or university administrators aware of non-compliance with university policy regarding human subjects research.

By storing protected data with the Office of Research Computing, the user agrees that the Office of Research Computing may impose additional restrictions for the protection of the data on behalf of the university, regardless of where it is stored or processed. This includes when data is stored on other systems such as those owned by faculty, students, departments, collaborators, or on third-party systems such as cloud providers. The Office of Research Computing strives to maintain a balance between usability and security. Some regulations are very strict and the university must protect the data regardless of where it resides.

Data/Storage

Users are responsible for their own data. The Office of Research Computing will take precautions to preserve data integrity but provides no guarantee against data loss, corruption, or accidental disasters.

All filesystems are controlled with user and group quotas. Quotas can be adjusted, within reason, based on need.

The Office of Research Computing provides Home Directory, Scratch, and Group storage:

Home Directory Storage is intended for storing source code, processing results, and other critical data.

Scratch Storage (aka compute storage) is to be used for data processing done during job execution. Scratch Storage is not to be used as a long-term data archive or harbor. Aging user data on Scratch Storage is subject to automatic migration and/or deletion.

Group Home Storage is for sharing data between multiple user accounts.

Group Scratch Storage is for sharing scratch data between multiple users accounts, and like Scratch Storage, is not to be used as a long-term data archive. Aging Group Scratch data is subject to automatic migration and/or deletion.

Archive Storage is no longer available to new users. This information is retained for those whose usage is grandfathered in. Archive storage is intended to store large amounts of data that is impractical to stage across campus networks, but is inappropriate to harbor in Scratch and/or Home Directory Storage. Archive Storage IS accessible from interactive login nodes. Archive Storage is NOT accessible from compute processing nodes.

The Office of Research Computing DOES perform routine backups of data in Home Directories.

The Office of Research Computing DOES perform routine backups of Group Home Storage.

The Office of Research Computing does NOT perform backups of Group Scratch Storage.

The Office of Research Computing does NOT perform backups of Scratch Storage.

The Office of Research Computing does NOT perform backups of Archive Storage.

Users are encouraged to maintain separate, off-site copies of their data if possible and if the off-site copy would comply with all relevant data security requirements.

Application Software

The Office of Research Computing pays for and manages some applications that are widely used across systems, e.g. compilers.

The Office of Research Computing may contribute to software costs if multiple departments are also contributing - budgets permitting and at the discretion of the Office of Research Computing Director.

Users may install software in their home directories, scratch space, or in group directories as appropriate.

Office of Research Computing staff, at their discretion, will do their best to assist users to install and manage applications that are widely used, where system level access is required, and/or where license servers must be set up or accessible. Some software requires excessive amounts of effort to install and may not feasible to work with given existing personnel and time constraints. Other software requires too many permissions, have design flaws that cause too many problems, or are just too much of a security risk for installation.

Data Deletion

Data stored on Office of Research Computing systems is automatically deleted from expired accounts after time periods specified in other sections of this document. Users can accelerate this process, if desired, under the My Account->Preferences/Settings section where it says Remove my account. This will mark the user's data as subject to deletion immediately, though it will not be deleted until the next data deletion cycle.

Users may submit a support ticket to request the "immediate" (within reason) deletion of their data, specifying any particular requests as noted in the remainder of this section.

The Office of Research Computing will comply with "immediate" data deletion requests when the requestor can positively identify himself or herself as the owner of the account in question. It is the responsibility of the user to maintain an active username, password, and two-factor authentication method consistent with login requirements; if the user was able to access the account to create the data in the first place, it is a reasonable expectation that a user who cares about his or her data will maintain that access. Alternative methods of identifcation may be established, as needed, at the discretion of the Office of Research Computing.

Data stored in a group file sharing location is often no longer distinguishable from data from other users, at least not in a consistently safe, reliable manner. Additionally, the legal ownership of the files may be difficult for the Office of Research Computing to determine due to employment status, contracts, etc. that staff members have no knowledge of or access to. Users typically treat data in group directories as property of the group. Therefore, the Office of Research Computing usually assumes that requests for deletion of data do not include data stored in group directories unless the requestor specifies particular paths of files to delete; these requests may not be able to be satisfied by the Office of Research Computing without permission from the group owner. Statements on ownership by the group owner will be treated by the Office of Research Computing as authoritative. The requestor is encouraged to contact the owner of the file sharing group to resolve any ownership concerns. If a satisfactory resolution is not achieved, the requestor is encouraged to discuss concerns with the university's Chief Privacy Officer.

Data in this section generally refers to files created by a user on the system rather than ancilary contact and accounting information. When users ask that their accounts be deleted, it is almost universally for the purpose that they stop receiving mass emails from the Office of Research Computing; they do not typically mind that their data is not immediately deleted. Staff mark the accounts as being subject to deletion, at which point the data will be deleted during a future deletion cycle as part of various processes. If a requestor instead really wishes for certain data to be deleted within a certain time frame, the requestor must specify that time frame in the request as well as list any other information that they request be removed. Staff members will then take reasonable actions to fulfill the request within a reasonable time frame.