SCA-OPS
Backing up our software development and project management services, SCA provides a strong operational background to ensure these services are reliable, performant, and secure. We, under the SCA-OPS (DevOps) umbrella, operate several dozen systems running on our own on-premises physical hardware (both physical and QEMU/KVM virtual machines), as well as IU Intelligent Infrastructure and Google Cloud VMs. To support the user-facing elements of our services, SCA Operations provides a number of backend components and operational tools:
Nginx webservers with load-balancing and reverse proxy setups where needed Centralized MongoDB and MariaDB database servers, as well as a number of project-local database servers where a centralized solution would be impractical Message passing services like RabbitMQ A namespaced Squid proxy service for secured systems with local-only network access Custom Docker containers to deploy and sandbox custom and legacy code and an Docker container utilization when applicable Centralized syslog-ng for storage of system logfiles ELK for auditing and insight into system access patterns and anomalies Sensu monitoring of real-time server status, including custom network checks for firewall holes from a remote subnet Extensible LVM-based storage on all Linux systems A custom IPTables wrapper with multiple failsafes and reduced configuration overhead Centralized configuration management via Ansible and Puppet, providing a stable base deployment shared among all systems We strive to balance security and reliability with ease-of-use. In collaboration with the IU Center for Advanced Cybersecurity Research (CACR), we have developed a comprehensive set of security controls based on NIST-800-53. We support projects that work with electronically Protected Health Information (ePHI), and the bulk of these same controls are in place on all systems we operate