Compare revisions

Miroslav Kratochvil · Miroslav Kratochvil · Jenny Thuy Dung Tran · Jenny Thuy Dung Tran · Jenny Thuy Dung Tran · Miroslav Kratochvil
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -176,7 +176,7 @@ deploy:vm:
    - echo "$KNOWNHOSTS" > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  rules:
-    - if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_NAME == "develop" && $CI_PROJECT_PATH == "R3/howto-cards"'
+    #- if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_NAME == "develop" && $CI_PROJECT_PATH == "R3/howto-cards"'
    - if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_NAME == "master" && $CI_PROJECT_PATH == "R3/howto-cards"'
  script:
    - ssh -p $SSHPORT $SSHCONNECT "mkdir -p ~/$CI_COMMIT_REF_NAME/sources/public/$CI_JOB_ID ~/$CI_COMMIT_REF_NAME/public"

--- a/cards.md
+++ b/cards.md
@@ -99,6 +99,7 @@ order: -1
 			<li><a href="{{ 'external/integrity/organization' | relative_url }}">Organization</a></li>
 			<li><a href="{{ 'external/integrity/sanitisation' | relative_url }}">Sanitising Data Files</a></li>
 			<li><a href="{{ 'external/integrity/spreadsheets' | relative_url }}">Working with spreadsheets</a></li>
+			<li><a href="{{ 'external/integrity/transfer/owncloud-privatebin' | relative_url }}">Transfer of Human Data with OwnCloud</a></li>

 		</ul>
 	</div>

--- a/external/exchange-channels/atlas-hpc/atlas-hpc.md
+++ b/external/exchange-channels/atlas-hpc/atlas-hpc.md
 ---
 layout: page
-permalink: /external/integrity/transfer/atlas-hpc/
-shortcut: integrity:transfer:atlas-hpc
+permalink: /external/exchange-channels/atlas-hpc/
+shortcut: exchange-channels:atlas-hpc
 redirect_from:
+  - /cards/exchange-channels:atlas-hpc
+  - /external/exchange-channels:atlas-hpc
+  - /integrity/exchange-channels/atlas-hpc
+  - /external/external/exchange-channels/atlas-hpc/
  - /cards/integrity/transfer:atlas-hpc
  - /external/integrity/transfer:atlas-hpc
  - /integrity/transfer/atlas-hpc
@@ -12,9 +16,9 @@ redirect_from:
 # Data transfer between Atlas and UL HPC Clusters
 A recommended storage pattern is to have the master copy of data on Atlas (project folder) and only store data on the UL HPC Clusters temporarily for the required practical duration of computational analysis. The derived data and results should hereafter be transferred back to Atlas. This How-to Card describes the different methods to transfer data between Atlas and the UL HPC Clusters. The three recommended methods to transfer data are:

-1. [Via laptop with ```scp``` or ```rsync```](#1. Via laptop using scp or rsync)
-2. [Via dedicated Virtual Machine (VM)](#2. Via dedicated Virtual Machine (VM) using rsync)
-3. [Via Large File Transfer (LFT)](#3. Via Large File Transfer (LFT)) 
+1. [Via laptop with ```scp``` or ```rsync```](#1-via-laptop-using-scp-or-rsync)
+2. [Via dedicated Virtual Machine (VM)](#2-via-dedicated-virtual-machine-using-rsync)
+3. [Via Large File Transfer (LFT)](#3-via-large-file-transfer-lft) 

 Please refer to the dedicated knowledge bases to see how to [connect to UL HPC Clusters](https://hpc-docs.uni.lu/connect/access/) and to [mount Atlas](https://service.uni.lu/sp?id=kb_article_view&sysparm_article=KB0010233). 

@@ -27,7 +31,7 @@ When using the UL laptop to transfer data between UL HPC Clusters and Atlas, you

 Please visit the [UL HPC documentation](https://hpc-docs.uni.lu/data/transfer/#data-transfer-tofromwithin-ul-hpc-clusters) to see how to use `rsync` and `scp`.

-## 2. Via dedicated Virtual Machine (VM) using rsync
+## 2. Via dedicated Virtual Machine using rsync
 Data can be transferred via a dedicated VM, which can be requested via [ServiceNow](https://service.uni.lu/sp?id=sc_cat_item&table=sc_cat_item&sys_id=49956812db3fa010ca53454039961978). 
 Instead of transferring data between Atlas and UL HPC Clusters through the laptop as described above, the transfer will go through the dedicated VM. Once connected to the VM and mounted to Atlas, the ```rsync``` command can be used in the same way as described in the [UL HPC documentation](https://hpc-docs.uni.lu/data/transfer/#data-transfer-tofromwithin-ul-hpc-clusters). This method is recommended for **recurring transfers of very large datasets** that benefit from high-speed network connection between the VM and the HPC.


--- a/external/exchange-channels/cryptomator/cryptomator.md
+++ b/external/exchange-channels/cryptomator/cryptomator.md
@@ -17,22 +17,27 @@ Cryptomator is a cloud cryptor - a tool allowing to work on and to share encrypt

 Cryptomator protects your data by ingesting it in a so-called vault, which is mounted to a virtual drive and password protected. To access and view the data, you must unlock the vault with the created password. The data is stored on the cloud of your choice when creating the vault, but is encrypted automatically by the Cryptomator client. It is only from the virtual drive which act as a USB flash drive that you can access and view the data, as it shows the decrypted view of its content. Ingesting your files directly into the virtual drive permits Cryptomator to automatically encrypt the data with AES and 256-bit key length. 

-Please follow the below sections to: download Cryptomator locally on your computer, enable Cryptomator on your preffered cloud, or manage vaults as an administrator. Please visit Cryptomator’s official website for the full documentation on [vault management](https://docs.cryptomator.org/en/latest/). 
+This How-to Card provides a guide on the below topics. For the full documentation on using Cryptomator, please visit the [official website](https://docs.cryptomator.org/en/latest/). 
+- [Download Cryptomator Desktop](#downloading-cryptomator-desktop)
+- [Setting up Cryptomator Hub](#setting-up-cryptomator-hub)
+- [Vault management](#vault-management) 
+- [Collaborating on a shared vault as a user](#collaborating-on-a-shared-vault-as-a-user)

 `Note:` Cryptomator does not offer cloud storage but adds an extra protection to your data stored on the cloud by automatically encrypting the files in the vault. 

-## Downloading Cryptomator Desktop
+## Downloading Cryptomator Desktop 
 The desktop version of Cryptomator is available both for macOS, Windows, and Linux. Please follow the [guide](https://docs.cryptomator.org/en/latest/desktop/setup/) on Cryptomator's official website to install the application on your operating system. 

 <img src="img/cryptomator-main.png" height="400px"><br>

-## Setting up key management system with Cryptomator Hub
- Cryptomator Hub adds key and access management to your vaults from a central component deployed on your infrastructure, permitting collaborative work. As an admin, you can share your vaults with other people, who can access the vault by authenticating with Keycloak. There is thus no need for creating new accounts nor sharing encryption passwords with collaborators which are easily stolen, copied, or misused, and no data is shared on any online services. 
+## Cryptomator Hub
+ Cryptomator Hub adds key and access management to your vaults from a central component deployed on your infrastructure, permitting collaborative work. As an owner/administrator of a vault, you can share your vaults with other people, who can access the vault by authenticating with Keycloak. There is thus no need for creating new accounts nor sharing encryption passwords with collaborators which are easily stolen, copied, or misused, and no data is shared on any online services. 

 As a vault administrator it is important to manage the admin password properly. In case you lose or forget the admin password, a recovery key is needed to restore access to the vault. This recovery key is generated upon creating the vault (see guide below). In practical, it is the responsibility of the project manager and/or PI to manage and store the admin vault password securely. Please use passphrase and proper password management when creating the admin vault password. For further information, visit the How-to Card on [password management]( https://howto.lcsb.uni.lu/?access:passwords). 

-## Enabling Cryptomator using a cloud of your choice
-1. Go to the LCSB instance of Cryptomator Hub https://lcsb.cryptomator.cloud/.
+## Setting up Cryptomator Hub
+**Prerequisite:** A Cryptomator license is required to use Cryptomator Hub and can be requested via the [Service Portal](https://service.uni.lu/sp?id=sc_cat_item&sys_id=d3766892db3fa010ca534540399619a8&sysparm_category=735620d2db3fa010ca53454039961940). 
+1. Go to the LCSB instance of [Cryptomator Hub](https://lcsb.cryptomator.cloud/).
 2. Click on “LCSB Login”. 

    <img src="img/cryptomatorHub-login.png" height="400px"> <br>
@@ -41,7 +46,7 @@ As a vault administrator it is important to manage the admin password properly.

    <img src="img/uni-login.png" height="400px"> <br>

-4. When signed in successfully, you will be presented with the Hub's main page. To create a new vault, click the “Add” button on the top left corner and then "create new". 
+4. When signed in successfully, you will be presented with the Hub's main page. To create a new vault, click the “Add” button on the top right corner and then "create new". 

    <img src="img/hub-mainpage.png" height="350px"> <br>

@@ -49,20 +54,20 @@ As a vault administrator it is important to manage the admin password properly.

    <img src="img/creating-vault.png" height="350px"> <br>

-6. A recovery key is displayed on the page. Copy the recovery key and store it in a safe location (e.g. password management system). The recocery key is needed for restoring access to the vault data. Tick the checkbox and click “Create Vault”. 
+6. A recovery key is displayed on the page. Copy the recovery key and store it in a safe location (e.g. password management system like [Bitwarden](https://bitwarden.com/) or [Keepass](https://keepass.info/)). The recocery key is needed for restoring access to the vault data. Tick the checkbox and click “Create Vault”. 

    <img src="img/recovery-key.png" height="350px"> <br>

-7. The vault has now been successfully created from the Hub. Click “download zipped vault folder”. 
+7. The vault has now been successfully created from the Hub. You can now mount the vault to your desired cloud storage location by clicking “download zipped vault folder”. 

    <img src="img/download-vault-template.png" height="350px"> <br>

-8. Unzip the vault in your preferred cloud storage location (e.g., ownCloud or OneDrive). 
+8. Unzip the vault in the cloud storage location (e.g. ownCloud or OneDrive). 

    <img src="img/ownCloud-folder.png" height="300px"> <br>

-## Managing a vault as an administrator
-The following steps can only be performed by the vault administrator. 
+## Vault management
+The following steps shows how to share a vault with other people and can only be performed by the vault administrator.

 1. From the Hub's main page, click on the vault you wish to share and then "Manage vault". 

@@ -76,12 +81,10 @@ The following steps can only be performed by the vault administrator.

    <img src="img/add-member.png" height="450px"> <br> 
 
-4. The team member has to register their local device to the shared vault (see next section). Once the device of the user has been registered to the vault, the admin can grant access by clicking on “update permission”. 
+4. Before the user can access your vault, the user has to register the vault to the user's local device (see section "Collaborating on a shared vault as a user). Only then can the vault administrator grant permission by clicking on “update permission”. 

    <img src="img/grant-access.png" height="150px"> <br>

-5. Once access is granted, the team member can unlock the vault locally. 
-
 ## Collaborating on a shared vault as a user
 1. Open the desktop application. Click the “add’ button and then “Existing vault”. 

@@ -101,15 +104,15 @@ The following steps can only be performed by the vault administrator.

 5. Cryptomator will automatically redirect you to the login page. Please authenticate yourself with Keycloak.

-6. If it is the first time you connect your device to the shared vault, you have to register the device. In this case, you will be prompt to enter a device name and then click "Confirm. The admin can now grant access to the device. 
+6. If it is the first time you connect your device to the shared vault, you have to register the device. In this case, you will be prompt to enter a device name and then click "Confirm". The admin can now grant access to the device. 

   <img src="img/register-device.png" height="200px"> <br> 

-7. Once the admin grants access the vault is unlocked. Click “Reveal drive” to access the vault on the virtual drive. 
+7. Once the admin grants access, click “Reveal drive” to access the vault on the virtual drive. 

   <img src="img/unlock-vault.png" height="400px"> <br> 

-8. All data can now be ingested in the vault on the virtual drive.
+8. You can now view decrypted data and save files in the vault on the virtual drive.

    <img src="img/vault-data.png" height="400px"> <br> 


--- a/external/integrity/transfer/owncloud-privatebin/owncloud-privatebin.md
+++ b/external/integrity/transfer/owncloud-privatebin/owncloud-privatebin.md
@@ -16,11 +16,11 @@ This How-to Card provides a step-by-step guide on how to transfer Human Data via
 **Prerequisite:** LUMS account is needed and can be requested via the [Service Portal](https://service.uni.lu/sp?id=sc_cat_item&table=sc_cat_item&sys_id=c536257ddb336010ca53454039961936).

 1. Use a zip software that supports AES256 encryption to zip your file(s) with a strong password. 
-* For Windows computer you can use [7-zip](https://www.7-zip.org/download.html), which uses AES256 encryption per default. 
-* For Mac you can use [Keka](https://www.keka.io/en/). To enabled AES256 encryption, please go to `settings > Compression` and tick the **Use AES-256 encryption** checkbox like displayed below. <br>
-<img src='img/keka-encryption.png' height='350px'>
+* For Windows computer you can use [7-zip](https://www.7-zip.org/download.html), which uses AES256 encryption by default. 
+* For Mac you can use [Keka](https://www.keka.io/en/). To enable AES256 encryption, please go to `settings > Compression` and tick the **Use AES-256 encryption** checkbox like displayed below. <br>
+<img src='img/keka-encryption.png' height='350px'> <br>
 2. Use a password generator to generate a strong encryption password. 
-* An online password generator is [dice ware](https://diceware.dmuth.org/), or you can use the feature in a password manager like [BitWarden](https://bitwarden.com/) or [KeePass](https://keepass.info/) to generate a strong password.
+* Use an online password generator like [dice ware](https://diceware.dmuth.org/), or a password manager like [BitWarden](https://bitwarden.com/) or [KeePass](https://keepass.info/) to generate a strong password.
 3. Go to [LCSB PrivateBin](https://privatebin.lcsb.uni.lu/) and type/add the password in the Editor tab.   
 4. Enable the feature "Burn after reading" by ticking the checkbox. This means that the link to the password can only be used **once** so it expires upon first access. 
 <img src="img/encryptionpassword.png">
@@ -28,11 +28,11 @@ This How-to Card provides a step-by-step guide on how to transfer Human Data via
 * You should be redirected to a page containing the password link. 
 <img src="img/passwordLink.png">
 5. Share the password link with your collaborator via your preferred communication channel.
-6. The collaborator (recipient) **must** confirm that the password was successfully received before you can proceed with the following steps. If collaborator reports an error, it means the password was compromised and data transfer is not secured anymore. In this case zip-file should be deleted and the process should started again. This is a crucial step in the data transfer!
+6. The collaborator (recipient) **must** confirm that the password was successfully received before proceeding with the following steps. If collaborator reports an error, it indicates the password was compromised and data transfer is not secured anymore. In this case the zipped archive should be deleted and the process should started again. This is a crucial step in the data transfer!
 7. Login to [OwnCloud](https://owncloud.lcsb.uni.lu/) with LUMS account.
 * Upload the zipped archive to OwnCloud and make a share link with the collaborator. 
 * See a full guide on how to use [OwnCloud]({{ '/?exchange-channels:owncloud' | relative_url }}).
-<img src="img/owncloudShare.png">
+<img src="img/owncloudshare.png">
 8. Share the access link with your collaborator by typing in their email as shown on the image above. 
 * The collaborator will automatically receive a link to the encrypted data on OwnCloud by email.  
 9. The collaborator can now decrypt the data with the password received via Privatebin.
No results found