WireGuard and Sensitive Cloud

Motivation

The Baseline system is epxected to provide sharing of anonymized, but still sensitive patient data, especially genetic variants. To fulfill the requirements on managing such data, we decided to deploy Baseline in Sensitive Cloud, operated by CERIT-SC. As this Kubernetes cluster is tailored for deployment of secured applications, we (meaning Baseline developers) can offload the security from IT aspect to the Sensitive Cloud team.

At the same time, there is a price to pay for operating the system in such secure environment. Sensitive Cloud is only accessible via VPN tunnel (WireGuard), for both developers and users. Please see below for instructions on how to obtain WireGuard access.

Wireguard access

Obtaining VPN configuration file from E-INFRA team

Write an email to trusted@e-infra.cz and request WireGuard access. Provide som context, e.g., that you are a researcher at CEITEC and you need to access the Baseline application running on Sensitive Cloud. You should then receive a configuration file (if you are from MUNI, probably via Úschovna). Save this file somewhere on your PC.

Install and configure WireGuard

The instructions below should work for majority of operating systems, however, for MacOS, the required OS version is 12 and above. If your MacOs is a pre-12 version, please follow the instructions here.

This step is pretty simple and is well described in CERIT-SC documentation. Basically, you need to install the WireGuard application on your system and set it up using the configuration file obtained in the first step.

Accessing Baseline

If you have your VPN tunnel active, please go to Baseline page where you should see the login screen.

Initial login screen

Depending on whether or not you are from MUNI, please follow the relevant instructions below:

  1. If you are from MUNI, sign in with Masaryk University. After successful login you will be redirected to Baseline, however, you will not see any data in the system. This is standard - you will have to explicitly request access to Baseline. Please contact Karol or Milan with your request.

    IMPORTANT

    It is really important that you login before requesting the access from Baseline team. By logging in, we will get your MUNI account information which is crucial for providing you with Baseline access.

  2. If you are not from MUNI, please contact the Baseline team and request a new account.