If my system is protected by a firewall, how do I enable HSI/HTAR transfers from IU's Scholarly Data Archive?

Important:
Files containing PHI must be encrypted when they are stored (i.e., at rest) and when they are transferred between networked systems (i.e., in transit). Do not use HSI, HTAR, or Samba to transfer data containing PHI unless those data are encrypted already; HSI, HTAR, and Samba do not encrypt data during transit. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. To ensure that files containing PHI are encrypted when they are stored on the SDA, encrypt them before transferring them. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI .

If your system is protected by a firewall, to enable HSI/HTAR transfers from the Scholarly Data Archive (SDA), Indiana University's distributed HPSS data archive, you have two options:

  • If your firewall requires specific port ranges for transfers, you can use the HSI environment variable HPSS_PFTPC_PORT_RANGE to define a range of restricted ports that HSI will use for inbound HPSS connections. For example, to see a port range to ports 50000-51000:
    • In the ksh or bash shell, on the command line, enter:
        export HPSS_PFTPC_PORT_RANGE=ncacn_ip_tcp[50000-51000]
      
    • In the csh or tcsh shell, on the command line, enter:
        setenv HPSS_PFTPC_PORT_RANGE 'ncacn_ip_tcp[50000-51000]'
      
    Note:
    HPSS uses dynamic ports for data transfer; it does not use a specific port range.
  • Configure your firewall to accept incoming traffic from the following subnet:
      149.165.226.0/26 (netmask 255.255.255.192)
    

    HSI/HTAR will initiate transfers from any SDA host that is available. Consequently, you must add the entire subnet that's reserved for SDA hosts. For example, if your system is running iptables, use the following command to accept incoming transfers from all SDA hosts:

      iptables -A INPUT -s 149.165.226.0/26 -j ACCEPT
    

If you need help or have questions, email the Research Storage team.

This is document awkf in the Knowledge Base.
Last modified on 2018-02-22 16:43:46.

Contact us

For help or to comment, email the UITS Support Center.