"With SURF Research Access Management, UT arranges easy and secure access for external researchers"

How to let external researchers log in to local cloud service?

UT found that there was increasing demand for a research collaboration environment where not only the data had to (remain) at UT, but also external researchers had to be able to access it securely. The university arrived at a local, open source cloud service: Nextcloud. The big question was then: how do we give external researchers easy and secure access to this local cloud storage? That's where SRAM came into the picture, as the interface between the institution (the identity provider - IdP) and Nextcloud (the service provider - SP).

No guest accounts needed

Previously, UT had to create guest accounts for all external members of research collaborations. That is extra work and also less secure. "Now we outsource the guest account part, so to speak, to SRAM. Researchers log in to us via SRAM with their own institution account. By linking with SRAM, we know they are who they say they are, because their identity has been verified at their own institution."

Researchers associated with a company can log in with eduID, an institution-independent digital (guest) identity for teaching and research. "Foreign researchers log in with the institution account of the foreign institution. That goes through eduGAIN and it works easier than I initially expected," Hondorp says. eduGAIN links international IdPs to SPs; over five thousand institutions worldwide are connected.

Easily invite researchers

After first running a pilot, UT put Unishare (the UT product name for the combination of SRAM and Nextcloud) into production at the end of July 2023. "We now have more than 20 research projects running, two months later. And that too is easier than I expected; people receive an invitation from a UT researcher via SRAM and they just have to accept it with their institution account or eduID. They log into the Nextcloud server with multi-factor authentication and within Nextcloud there is a group folder with the data being shared."

Linking services yourself

Technically, UT did not have to adapt or prepare anything for SRAM, except the link between Nextcloud and SRAM. Hondorp compares SRAM to a power strip into which you plug services that others can use. "My understanding is that we ourselves can plug our services into SRAM so that they are immediately available for collaborations of our own institution, but also for those of others."

"Include IT administrators in project"

There was some resistance among the administrators of UT's central IT service, Hondorp says: "That was because they were not familiar with SRAM and because administrators are conservative in implementing changes: 'never change a winning team'. That resistance disappeared when we took them into the project and showed them what SRAM is. Now they see its benefits, see how easy everything is. Researchers can easily create collaboration groups, work together in one document, store and share data, you name it."

UT's next step: linking Virtual Research Environment

In addition to Unishare, UT is looking at the next SRAM link: "The next step is to try to link our Virtual Research Environment (VRE) with SRAM, so that we can share our virtual machines, which reside in Microsoft Azure, with externals."

Hondorp finds the collaboration with SURF and in particular with the SRAM team very enjoyable, he says in conclusion: "The knowledge of SURF services is high, the contact is low-threshold and we work together intensively in case of questions or problems."