LONI Usage Policy
Last revised: 5 January 2011
▶ Table of Contents
- Individual Account Management
- Fair Use
- Reporting Suspicious Activity
- Data Confidentiality
- Software Development
- Non-Academic User Requirements
- Software Licenses
- Final Reports
- Additional Requirements
The LONI computing facilities, encompassing its hardware, software, network connections, and data, are a vital but limited resource for the Louisiana community. Therefore the LONI sites have an obligation to protect their facilities and ensure they are used properly. Allocations are used to assure equitable consumption of system resources, while personal access to the systems is controlled via user accounts. You, personally, are constrained by legal and other obligations to protect resources and the intellectual property of others on the systems.
Given the extensive nature of these resources, responsibilities are attached to the right of access. Responsible user conduct is required so as to assure fair access by all researchers. Failure to use these resources properly may result in various penalties, including, but not limited to, loss of access, academic, civil and/or criminal action.
2.1. Individual Account Management
You have the responsibility to protect your account from unauthorized access, and for the proper expenditure of allocated resources. Tools are provided to help you manage your resources, but you are responsible for using these tools properly.
2.1.1. Valid Contact Email
Every account has a contact email address associated with it, and this address must be issued by a LONI institution. Email is used as the primary communication channel between LSU@HPC and the user. The user is responsible for keeping this address up to date. In the event that an address is discovered to be invalid or unresponsive, the associated user account will be locked until the issue is resolved.
2.1.2. No Account Sharing
Your account is for your personal use only. It is not to be shared with others; neither students nor other collaborators. Others who need system access must request their own account. User authentication certificates, if they are used, are considered personal accounts and are not to be shared. Any activity indicating account sharing will result in the account being locked until remedial action is taken. Repeated misuse may result in permanent loss of system access.
2.1.3. Protecting Passwords
Your passwords and certificates are the keys to account access. You are responsible for their protection and proper use. Protective behavior includes:
- never sharing passwords
- never writing passwords down where they can be easily found
- never using tools which expose passwords on the network (e.g. telnet).
See Guidelines, Section 5, for more information.
The private key portion of an authentication certificate is the equivalent of a password. If you use certificates, you are responsible for ensuring that file and directory permissions prevent others from reading or copying any private keys.
2.1.4. Mailing List Membership
While an account is active, the user is required to be a member of the firstname.lastname@example.org mailing list. This list is used to notify everyone of important changes and events. List membership is automatic upon creation of the account, and persists until the account is deactivated. Anyone wishing to be removed from the list should send an email to email@example.com and request that their account be terminated. This will result in removal from the list.Back to Top
2.2. Fair Use
Access to a system does not grant you blanket authorization for any and all activity. You must recognize that reasonable use may vary from machine to machine within a system, depending on the function of the machine. Machines in a cluster serve one of two basic functions.
2.2.1. Computational Nodes
These are the nodes which perform the intended heavy computational work of a cluster. They are accessed via the job scheduler (e.g. LoadLevel or PBS) through the submission of job control scripts. Computational tasks are never to be run on the cluster head nodes, as this has the potential of impairing operation of the entire system.
2.2.2. Head Nodes
Head nodes are used for the interactive work required to prepare a computational task. Appropriate work on the head nodes includes: light editing, compiling, post analysis previewing, and job script creation. Extensive post processing should be done on the compute nodes. Any processing on the head nodes which adversely impacts system operation is subject to preemptory termination. Repeated abuse may result in the locking of user accounts or other administrative action as deemed appropriate.
2.2.3. Authorized Use
Authorized use of the system is defined by the purpose outlined in the proposal on which the usage allocation is based. Your use of the account is limited to activities reasonably required to accomplish that purpose.
2.2.4. Unacceptable Behaviors
The following activities are explicitly considered unacceptable and are subject to the penalties outlined below:
- using, or attempting to use, LONI computing resources without a valid allocation, or for purposes other than those stated in the allocation proposal.
- tampering with or obstructing the operation of the facilities.
- reading, changing, distributing, or copying others' data or software without authorization.
- using LONI resources to attempt to gain unauthorized access to other (non-LONI) sites.
- activities in violation of local or federal law
2.3. Reporting Suspicious Activity
You are responsible for reporting, as soon as possible, any suspicious activity you notice on your account, and exposure or compromise of passwords, passphrases, or certificates. See Section 5 for reporting procedures.Back to Top
2.4. Data Confidentiality
You are responsible to ensure the confidentiality of any data you use on LONI resources that is restricted from general public access. LONI sites provide technology to preserve the confidentiality of data, but it is your responsibility to use that technology appropriately. Such data may include:
- Intellectual property, such as report drafts or research in progress,
- Proprietary data, such as data owned by a specific company, or licensed applications.
- Regulated data, such as medical, personal identifying information, or student records.
It is your responsibility to be aware of any requirements on a data set and verify that a given LONI site can provide appropriate protection before attempting to use it. Be aware that some sites may be subject to state laws which impose requirements on data stored on those sites.Back to Top
Papers, publications, and web pages of any material, whether copyrighted or not, based on or developed under LONI-supported projects must acknowledge this support by including the following statement:
- Portions of this research were conducted with high performance computational resources provided by the Louisiana Optical Network Initiative (http://www.loni.org).
2.6. Software Development
Software developed with allocations approved by LONI or by proxy, via the allocations processes governing allocation of LONI resources, is subject to intellectual property rights as established by the LSU and participating institutions. Questions should be directed to the Director, Office of Intellectual Property, LSU, or the user’s home institutution.1Back to Top
Work performed under a peer-reviewed allocation must be published in the open literature.Back to Top
2.8. Non-Academic User Requirements
Non-academic (corporate/industrial, government, etc.) users frequently have more stringent usage requirements than those that might be provided by the LONI as a whole or by a particular site within LONI. It is the user's responsibility to assure the resources used satisfy the requirements of their organization. For LSU users, see: Office of Intellectual Property site.Back to Top
2.9. Software Licenses
All software used on LONI systems must be appropriately acquired and used according to the specified licensing. Possession or use of illegally copied software is prohibited. Likewise users shall not copy copyrighted software or materials, except as permitted by the owner or the copyright. Some installed software may require special authorization in order to be used. Users must abide by the licensing requirements and protect it from misuse.Back to Top
2.10. Final Reports
Requests for subsequent allocation awards will not be allowed until an end of project report has been received for all prior awards. Copies of prior final reports must be attachmented to the submitted proposal.Back to Top
2.11. Additional Requirements
Individual sites may be subject to organizational policies with additional requirements beyond this policy. Those organizations will make those policies available. It is your responsibility to be aware of and abide by those policies.Back to Top
Failure to abide by these policies may result in a variety of penalties imposed.
3.1. Account Suspension/Revocation
Accounts may be temporarily suspended or permanently revoked if compromised or abused. Your account may be suspended without advance notice if there is suspicion of account compromise, system compromise, or malicious or illegal activity.Back to Top
3.2. Loss of Allocation
Unauthorized behavior can result in loss of your current allocation, and may lead to the inability to obtain future allocations.Back to Top
3.3. Administrative Action
Unauthorized activity may be reported to your PI, your advisor, or your home institution for administrative review and action.Back to Top
3.4. Civil Penalties
Civil remedies may be pursued to recoup costs incurred from unauthorized use of resources or incident response due to compromise or malicious activity.Back to Top
3.5. Criminal Penalties
Activities in violation of federal, state, or local law may be reported to the appropriate authorities for investigation and prosecution.Back to Top
4.1. Additional requirements
As stated in Section 2.5, individual LONI sites may be subject to requirements beyond the scope of this document. However, it is your responsibility to identify if such requirements exist.Back to Top
4.2. Support/Diagnostic Access
LONI site personnel may review files for the purposes of aiding an individual or providing diagnostic investigation for LONI systems. User activity may be monitored as allowed under policy and law for the protection of data and resources. Any or all files on LONI systems may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site or law enforcement personnel, as well as authorized officials of other agencies, both foreign and domestic. By using LONI systems, users acknowledge and consent to this activity at the discretion of authorized site personnel.Back to Top
4.3. Access Notification
Access to user data and communications will not normally be performed without explicit authorization and/or advance notice unless exigent circumstances exist. Post-incident notification will be provided in such cases.Back to Top
The following are suggestions for helping maintain the security of your account.Back to Top
5.1. Password Management
- Do not write down your password where it can be easily found and/or associated with your account.
- Do not tell anyone your password, not even LONI support staff. Support staff will never need your password, will never ask for it, and will never send a password in e-mail, set them to a requested string, or perform any other activity which could reveal a password.
- If someone insists they need your password to do something, report it to the LONI helpdesk: firstname.lastname@example.org.
- Do not store your password(s) in unencrypted files or even in encrypted files if possible.
- Pick passwords that are difficult to guess. Birthdays, family names, and single dictionary words are examples of easily guessed passwords.
- Change your password periodically, even if you have no reason to believe that anyone else has it.
5.2. Reporting Suspicious Activity
5.2.1. Password Exposure
If you think your password may have been compromised or exposed, but have no reason to believe that your account has been used, change your password immediately.
5.2.2. Certificate Exposure
If you believe your certificate has been exposed, revoke your certificate and have a new one issued.
5.2.3. Account Compromise or Suspicious Activity
If you believe your account has been compromised or find signs of suspicious activity, take the following actions:
- notify the LONI helpdesk immediately (email@example.com)
- do not modify files found in your account
- do not execute unknown programs you might find
- if possible, do not use your account until the issue is resolved
Some indications of account compromise include:
- files in your home directory or project areas which you did not create
- alteration or deletion of your files not done by you
- discrepancies between your allocation balance and what you think you have used
The central point of contact for any problems and concerns with regards to this policy is the LONI help desk which can be reach at firstname.lastname@example.org. Other modes of contact are listed on the LONI web site help page.Back to Top