SensitiveCloud Documentation

SensitiveCloud is a secure computing and storage environment provided by CERIT-SC (part of e-INFRA CZ) for sensitive data processing and research. Primarily tailored to academic research (notably life sciences and medicine), its design complies with security standards such as ISO 27000, C5, ISO 15189, and ECRIN. SensitiveCloud leverages container technology via Kubernetes (K8s).

Getting Started - Requesting a Project

SensitiveCloud resources must be requested by a Principal Investigator (PI). The PI takes responsibility for data management and resource allocation during the project’s lifetime.

Contact us at mailto:support@e-infra.cz with your request.
Include the following information in your message:
- Project name & acronym (for internal identification).
- Resource requirements: approximate CPU time, RAM, storage capacity, and GPU needs.
- Short project/activity description.
- Expected duration of resource allocation.
- Team members’ names and email addresses.

Example of a request email:

Subject: New SensitiveCloud Project Request
  
Dear SensitiveCloud support,   
Our group, "Project XYZ (XYZ2023)", conducts research on ABC and requires a secure 
platform for data storage and processing. We estimate an initial need 
of roughly 10TB storage (expected growth of 1TB/year), 20 CPUs, 30GB RAM, 
and 1 NVIDIA A100 GPU, for approximately 10 months.   
Our research group includes:   
* John Wick; john.wick@example.com   
* Luke Skywalker; luke.skywalker@example.com 

Thank you,
PI’s Name (Digitally signed)

After looking over your request, we will arrange a brief meeting to make sure that SensitiveCloud meets your project’s requirements. Afterwards, your team will receive training covering safe working practices and effective utilization of the SensitiveCloud environment.

Connecting to SensitiveCloud

Access to SensitiveCloud resources is secured via:

Rancher management portal
Secure VPN connection (mandatory for resource access). VPN Setting
Multi-factor authentication (MFA) set up via the e-INFRA CZ single-sign-on (SSO). Tutorial on setting up MFA.

Managing Your Project and User Access

Principal Investigators have administrative control over:

User permissions: grant or revoke access to project resources.
Allocated resource changes: currently, this procedure is manual; contact mailto:trusted@ics.muni.cz to adjust your resource allocations.

SensitiveCloud access relies on user groups defined in the Perun Identity Management system. Your group’s identifier typically starts with the prefix sc_ (example: sc_project-acronym).

Adding users

Please be careful when selecting the right group when adding/removing members. All groups can be found at the following link: https://perun.e-infra.cz/organizations/3898/groups/15034/subgroups.

Adding Users

Log in to perun.e-infra.cz.
Select your group (with prefix sc_: sc_project-acronym).
Click the Members tile → select Invite.
Enter your colleague’s name and email address, then submit your invitation.
- They will receive an email and must complete their registration via their home organization’s login.

Removing Users

Open your group’s member management interface in Perun.
Select group members to remove.
Click Remove. These users immediately lose SensitiveCloud access via your project group.

Next Steps & Further Documentation

Documentation on how to use Rancher in SensitivCloud is common with the standard Kubernetes documentation.