Skip to content
Tony Wildish edited this page Jun 4, 2024 · 14 revisions

Welcome to the BH SDE wiki!

This page contains the user documentation for the Barts Health Precision Medicine Platform Secure Data Environment.

Introduction

A note on terminology: We refer to a Secure Data Environment (SDE) and a Trusted Research Environment (TRE) interchangeably here. Locally, we prefer the SDE designation, but we're based on a package which calls itself a TRE. To all intents and purposes, they mean the same thing.

What is it

As the name implies, an SDE is an environment in which data can be analysed securely. This means that there is no direct access to the internet, data cannot be uploaded or downloaded freely. This greatly reduces the possibility of data leaks, accidental or otherwise, and is a requirement for handling sensitive data.

Data can only be put into or extracted from the SDE by one of two routes:

  • Data requested via the DAC(link?) will be pushed into the project storage after any appropriate pre-processing, such as anonymisation.
  • Other data can be imported or exported by going through an 'airlock' process, where the data is staged through secure storage and is reviewed by the PMP team before access is granted.

In order to keep the data secure, there are some restrictions on the analysis environment. The data can be accessed through virtual machines (VMs), contained in a workspace. Each workspace is unique to a project, with only project-members having access to it. The VMs in a workspace cannot be accessed directly through SSH, they have to be accessed by a web-based virtual desktop.

Our SDE is based on the AzureTRE package from Microsoft. This is an implementation built by Microsoft as an 'accelerator' for the community. It's not a product in the sense that you can't just click on a button in the Azure portal and have it deploy, and they don't officially support it at this time. For this reason, we have to develop it further ourselves, so that it satisfies all our requirements. See the timeline below for more details.

Getting started

Once a project has been approved through the DAC, we will provision a workspace for it. Users will be assigned one of two roles:

  • Workspace Administrator, who can create and destroy resources in the workspace, or
  • Workspace Researcher, who can use resources, but not create or destroy them.

You should then be able to log into the SDE, select your workspace, and view/manage/use the resources in it.

Getting help

TBD. For now, just contact us by email.

Using your workspace

See Using-your-workspace

Timeline

FAQ