Acceptable Usage Policy
Version 1.5 (October 2018)
The Irish Centre for High-End Computing (ICHEC) operates a national service for the provision of High-Performance Computing to researchers in Ireland. This service is shared by a large number of people and projects so to ensure that this common resource is run securely, fairly and efficiently the present document defines a set of rules which we require of users in order to achieve this end. Any breaches of this policy will be brought to your attention, and if you do so seriously or constantly, we will take it up with your Principal Investigator. If necessary, we will hold jobs, or even kill them, in order to keep the system as a whole operating smoothly and may suspend your login account.
- User accounts must not be shared between individuals under any circumstances and passwords and ssh keys must be kept private and secure. Provision is made for collaboration and data sharing through shared project work directories so there is no reason for user account sharing.
- Users may not apply for multiple accounts. However, users may join more than one project, and therefore gain legitimate access to resources associated to all these projects, including access to more than one project directory.
- Password authenticated access to the infrastructure may only be granted from authorised Internet domains of partner institutions. Access from any other location will only be possible by tunnelling connections through an authorised domain or by using key based authentication.
- Only secure, encrypted connection protocols (such as SSH, SCP, etc.) will be accepted.
Data and Storage
- Do not use /tmp for temporary storage. Special per-job scratch directories are created for running jobs as well as special directories for specific applications. See system documentation on the website or open a support query if in doubt.
- Do not process or store any copyrighted applications or data without permission or license or illegal data on the system. All users are responsible for the contents of their storage areas.
- Sensitive or personally identifiable data such as medical patient data must not be stored on the system.
- All users have a responsibility to ensure that any data has been fully anonymised before transferring to ICHEC Systems and that all data is used, gathered, processed, stored and transferred in compliance with Data Protection obligations.
- Only user home directories are backed up. Project work directories under /ichec/work are NOT backed up. Backups of home directories are only carried out as part of our system failure recovery plan, and the restoration of user files deleted accidentally is NOT provided as a service. Any valuable data should be copied off ICHEC systems regularly as we do not have the resources to guarantee the long term integrity of the large volumes of data stored.
- Users may not attempt to read other users' data without their prior authorisation, (irrespective of the file permission) except in the case where members of a common project/group share data in the dedicated project directories.
- Login nodes are for the sole purpose of performing code development (editing, compiling, etc.), submitting batch jobs and running short, lightweight pre- and post-processing tasks. Production applications must not be run on the login nodes, and must instead be submitted to the batch system.
- As the number of development nodes is limited and ICHEC is a shared service, we ask users to use these nodes responsibly, and refrain from grabbing all available resources. Users are therefore asked not to reserve more than one set of development nodes for interactive use.
- Applications which adversely impact the stability or performance of the system for other users will not be permitted. If and when such applications are identified by ICHEC technical staff, users must stop all runs until a solution is in place and permission has been given by ICHEC technical staff to resume running the application.
- The use of unlicensed software, or the use of licensed software which contravenes the licensing terms is strictly prohibited. To that effect, ICHEC has made a number of centrally supported licensed packages only available on request to ensure strict compliance with licensing terms.
- Unauthorised commercial use of our systems is strictly prohibited.
- The password for your ICHEC account should be unique and kept private. Similarly, a unique ssh keypair should be used for ICHEC with the private key encrypted with a strong passphrase.
- If you suspect that your password or ssh key has been compromised, for any reason whatsoever, change it immediately using a secure channel! Also, this incident should be reported via email to the ICHEC helpdesk.
- If you suspect that a machine has been compromised, contact the ICHEC helpdesk immediately.
- Any attempt to gain unauthorised access through password guessing, network and system scanning or the use of software vulnerability exploits is strictly prohibited.
- ICHEC staff will never ask you for your password and if you do receive anything suspicious please notify us via a valid email address such as firstname.lastname@example.org.
Acknowledgement and Support
As ICHEC is publicly funded to help enable high level research, it is of vital importance that the results of this research are publicised to a wide audience. This is essential in justifying any past and future investment in HPC resources. In order to do this we require at a minimum that:
- Any publications, posters, presentations, etc. arising out of work completed with the help of ICHEC should include an acknowledgement such as "The authors wish to acknowledge the Irish Centre for High-End Computing (ICHEC) for the provision of computational facilities and support."
- Researchers should notify ICHEC of any publications, posters, presentations, etc. arising out of work completed with the help of ICHEC.
- On request, researchers should provide summaries of the work carried out on ICHEC resources for the purposes of annual reports, etc.