Enable HSI/HTAR transfers from IU's Scholarly Data Archive when your system is protected by a firewall

Important:

Files containing PHI must be encrypted when they are stored (at rest) and when they are transferred between networked systems (in transit). To ensure that files containing PHI are encrypted when they are stored, encrypt them before transferring them to storage. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI.

If your system is protected by a firewall, to enable HSI/HTAR transfers from the Scholarly Data Archive (SDA), Indiana University's distributed HPSS data archive, you have two options:

If your firewall requires specific port ranges for transfers, you can use the HSI environment variable HPSS_PFTPC_PORT_RANGE to define a range of restricted ports that HSI will use for inbound HPSS connections. For example, to see a port range to ports 50000-51000:
- In the ksh or bash shell, on the command line, enter:
```
export HPSS_PFTPC_PORT_RANGE=ncacn_ip_tcp[50000-51000]
```
- In the csh or tcsh shell, on the command line, enter:
```
setenv HPSS_PFTPC_PORT_RANGE 'ncacn_ip_tcp[50000-51000]'
```
Note:

HPSS uses dynamic ports for data transfer; it does not use a specific port range.
Configure your firewall to accept incoming traffic.
To view all the content available to you here, use the green Log in button at the top of this page to log into the Knowledge Base.

For more on HSI, refer to the HSI Reference Manual. If you have questions or need help, email the UITS Research Storage team (store-admin@iu.edu).