Description Company: None


Keywords: Data collection, securing hosting/storage, collaborative platform, large scale experimentation

Functional Components Description

The High-Security Laboratory (HSL) is designed to host decisive research activities in order to make networks, Internet exchanges and associated telecommunications equipment safer. It allows to collect and store data while ensuring their confidentiality and integrity, both logically and physically, while offering a safe environment for researchers to work. The HSL relies on “trust zones”, dedicated and isolated environments with limited and controlled interactions with the Internet. Such an environment benefits from all the services offered by the HSL (network and data protection, automatic backup, local services – APT, DNS, LDAP, NTP…) while been always separated from the outside world by two levels of security from different constructors/technologies (two firewalls from different constructors for the logical aspects, two different biometric authentication mechanisms for the physical ones)., as shown in Figure 1. Such trust zones are deployed for each hosted project, including its own network and VLAN to ensure it is isolated from other hosted projects, but also user accounts and groups dedicated to the project in the HSL LDAP directory, associated firewalling and users/groups access lists policies (ACLs). These zones are fully integrated to the automatic configuration and software management solution (puppet). The access to such a trust zone is possible through a dedicated Virtual Private Network (VPN), deployed exclusively for each project, and only limited to the user accounts linked to the project’s LDAP groups.