"With SURF Research Access Management, UT arranges easy and secure access for external researchers"
"SURF Research Access Management (SRAM) allows our researchers to collaborate securely with external researchers. They can also access our data without us having to create guest accounts," says ICT account manager Hendri Hondorp of the University of Twente (UT). Read more about how UT tackled this.
How to let external researchers log in to local cloud service?
UT found that there was increasing demand for a research collaboration environment where not only the data had to (remain) at UT, but also external researchers had to be able to access it securely. The university arrived at a local, open source cloud service: Nextcloud. The big question was then: how do we give external researchers easy and secure access to this local cloud storage? That's where SRAM came into the picture, as the interface between the institution (the identity provider - IdP) and Nextcloud (the service provider - SP).
No guest accounts needed
Previously, UT had to create guest accounts for all external members of research collaborations. That is extra work and also less secure. "Now we outsource the guest account part, so to speak, to SRAM. Researchers log in to us via SRAM with their own institution account. By linking with SRAM, we know they are who they say they are, because their identity has been verified at their own institution."
Researchers associated with a company can log in with eduID, an institution-independent digital (guest) identity for teaching and research. "Foreign researchers log in with the institution account of the foreign institution. That goes through eduGAIN and it works easier than I initially expected," Hondorp says. eduGAIN links international IdPs to SPs; over five thousand institutions worldwide are connected.
Easily invite researchers
After first running a pilot, UT put Unishare (the UT product name for the combination of SRAM and Nextcloud) into production at the end of July 2023. "We now have more than 20 research projects running, two months later. And that too is easier than I expected; people receive an invitation from a UT researcher via SRAM and they just have to accept it with their institution account or eduID. They log into the Nextcloud server with multi-factor authentication and within Nextcloud there is a group folder with the data being shared."
Linking services yourself
Technically, UT did not have to adapt or prepare anything for SRAM, except the link between Nextcloud and SRAM. Hondorp compares SRAM to a power strip into which you plug services that others can use. "My understanding is that we ourselves can plug our services into SRAM so that they are immediately available for collaborations of our own institution, but also for those of others."
"Include IT administrators in project"
There was some resistance among the administrators of UT's central IT service, Hondorp says: "That was because they were not familiar with SRAM and because administrators are conservative in implementing changes: 'never change a winning team'. That resistance disappeared when we took them into the project and showed them what SRAM is. Now they see its benefits, see how easy everything is. Researchers can easily create collaboration groups, work together in one document, store and share data, you name it."
UT's next step: linking Virtual Research Environment
In addition to Unishare, UT is looking at the next SRAM link: "The next step is to try to link our Virtual Research Environment (VRE) with SRAM, so that we can share our virtual machines, which reside in Microsoft Azure, with externals."
Hondorp finds the collaboration with SURF and in particular with the SRAM team very enjoyable, he says in conclusion: "The knowledge of SURF services is high, the contact is low-threshold and we work together intensively in case of questions or problems."
Are you considering working with SRAM at your institution? Hendri Hondorp of the University of Twente has these tips for you:
- Do IT administrators have doubts? Involve them in the project and show them how easy SRAM works. And that the IT department maintains insight and control.
- Link services to SRAM that are useful for externals, so for example not the service in which you manage your own administration.
- Use SRAM mainly to support federated collaborations, so for services whose use exceeds your own institution.
- SRAM is open source, so anyone can easily make changes (improvements, wishes).