This page gives a brief overview of the Leonhard Med platform, services and price model for existing and prospective customers.

Table of Contents

What is LeoMed?

Leonhard Med (LeoMed) is a secure, powerful, and versatile scientific data and computing platform to transfer, store, manage and analyze sensitive research data. Leonhard Med is provisioned and operated by the Scientific IT Services (SIS) of IT Services at ETH Zurich. At the national level, SIS with the Leonhard Med platform is part of the BioMedIT network, representing the BioMedIT node Zurich. Leonhard Med is secure by design (very high level of protection compared to normal IT infrastructures) and compliant with Swiss and ETH regulations for data protection​.

(lightbulb)Sensitive data requires special cybersecurity measures to protect the Confidentiality, Integrity and Availability of data and to protect the Privacy of individuals. Sensitive data usually classifies as: strictly confidential or confidential. An example of sensitive research data is biomedical patient data (pseudonymized or identified). See LeoMed Acceptable Use Policy.

Q: When to use LeoMed?

A: When data you work with are sensitive data i.e., strictly confidential or confidential (e.g., data access, transfer, storage, management, development and application of computational analysis, exploration of data via web apps (dashboards), controlled sharing of data with eligible recipients​ etc.).

LeoMed expert services:

Secure tenants as complete environments for data transfer, storage, management, exploration and computational analysis

Expert IT solution engineering and  Research Data Management support

Expert consultancy on secure services for strictly confidential and confidential data

Gateway to the national secure BioMedIT network services

Added value: secure & customizable to fit various specific research use cases.

(thumbs up) You bring in your use case and we support you in enabling it at Leonhard Med with either standard or non-standard service support (see Service Level Agreement)

(info) Visit our website to find out more about our services for sensitive research data.

LeoMed use cases

LeoMed is a customizable research platform that can be tailored to specific research needs.  You bring in your use case and we support you in enabling it at Leonhard Med with either standard or non-standard service support.

(lightbulb)Leonhard Med is suitable for sensitive data from any research area (medicine, social and political sciences, economics, environmental sciences etc.). Specialized use cases (e.g. not related to research) may be supported and are subject to specific rules.

We show below a selection of common use case at LeoMed for working with sensitive data (strictly confidential or confidential):

A research group wants to store sensitive data.

  • Sensitive data is transferred to LeoMed, either as a service via the BioMedIT secure data transfer process, or on the user level.
  • The Data Manager can organize the data on LeoMed.
  • The data is backed up regularly.
  • After the project ends and the tenant is closed, the data can be securely destroyed or securely archived.

A research group wants to securely manage sensitive data using a data management solution.

  • Sensitive data is transferred to LeoMed (see use case above).
  • The Data Manager organizes the data using a data management solution (e.g., openBIS)
  • The Permissions Manager can add other lab members to the LeoMed tenant so that they can work with the data.

A research group wants to securely share the data with a collaborating research group.

  • Research group A transfers data that they collected to their LeoMed tenant.
  • Research group B wants to work with the data without transferring it to their own infrastructure
  • After the groups sign legal agreements, members from research group B can be added to the LeoMed tenant by the Permissions Manager.

A research group wants to securely work with sensitive data from multiple Swiss hospitals.

  • Sensitive data is transferred to LeoMed via the BioMedIT secure data transfer process
  • To initiate the process the Data Manager sends a Data Transfer Request BioMedIT, which will validate it and forward it to the Data Providers
  • The Data Providers encrypt the data and transfer it to the BioMedIT network
  • The data automatically arrives in the project's tenant on LeoMed and the Data Manager can decrypt and work with the data.

A research group wants to securely analyze sensitive data on a high-performance compute cluster.

  • Sensitive data is transferred to LeoMed (see use cases above).
  • Post Doc A analyzes the data using centrally provided software or software maintained by the research group; potentially run in a container
  • Post Doc A analyzes the data by submitting a job to a SLURM high-performance compute cluster, utilizing resources that the cluster can provide, such as, CPUs, GPUs, large memory.
  • Additionally, Post Doc A can collaborate on data analysis with Post Doc B

A research group wants to securely host a web application that aggregates and plots sensitive data.

  • Sensitive data is transferred to LeoMed (see use cases above).
  • A dedicated virtual machine running rootless docker will be deployed.
  • Ph.D. student A develops a data analysis pipeline, which aggregates sensitive data and plots it in an interactive R-Shiny app. S/he containerizes the app and transfers the container to the VM on LeoMed. Here s/he can configure and run the container.
  • Ph.D. student B wants to use the app. S/he logs in to LeoMed and works with the app in the web browser.
  • On request and contingent on a security review, certain web applications can also be exposed to the internet.

Important roles at LeoMed

(info) The roles at LeoMed are described in the LeoMed Acceptable Use Policy (AUP).

  • The Project Leader (PL) is responsible and accountable for data hosted at Leonhard Med, for example: ensures legal and ethical handling of sensitive data, classifies data (e.g. strictly confidential and confidential data), authorized Users to access data. PLs are responsible for the whole project data lifecycle within Leonhard Med. PL roles are often assigned to professors, heads of administrative departments or of staff units).​ PLs may but are not required to have access to LeoMed as Users. The PL can delegate the user management to a Permissions Manager.

  • The Permissions Manager (PM) is delegated by the PL and is responsible for requesting, on behalf of Users, user access or revocation of user access to Leonhard Med​. PMs may but are not required to have access to LeoMed as Users.

  • The Data Manager (DM) is often used in the BioMedIT context and is responsible for managing strictly confidential and confidential data on Leonhard Med, for example: requests data transfers, decrypts data, manages data with dedicates software tools ​(note that this role is specific and not included in the LeoMed Acceptable Use Policy). DMs are required to have access to LeoMed as Users.

  • The User is a person authorized by a Project Leader to access and process data in Leonhard Med​. Users are responsible for the confidentiality of personal access data and identification mechanisms, such as passwords, PINs, private keys, tokens. The Users may not disclose or make available this access data to third persons, or give them access under their account name (see LeoMed AUP Art. 8).

(warning) Every User (User, PL, PM, DM) must comply with the Leonhard Med AUP​ and sign an agreement stating that they will follow the Leonhard Med AUP.

LeoMed in action

User accounts

Once a tenant is set up, users requiring access to LeoMed can be added. Users must be authorized by the tenant's Project Leader (PL) and the user account must be requested by the Permissions Manager (PM). For further information on how to request accounts and enable userrs on LeoMed, see User accounts.


Once the LeoMed user account has been set up and the user has configured the two-factor authentication (2FA), users are ready to access Leonhard Med either via remote desktop (via a web browser) or ssh (via the command line). Users enter the LeoMed platform on a login node. It serves as a jumping-off point for all services available on LeoMed, such as storage, the compute cluster, or locally hosted web services.

Data transfer and storage

Sensitive data (strictly confidential and confidential)  as well as non-confidential data can be transferred to LeoMed. Non-confidential data can be transferred on the user level. Strictly confidential and confidential data must be encrypted before transfer and can be transferred via the BioMedIT process, or in a user-driven way.

Users can store smaller, non-confidential data (such as analysis scripts) in their home directory and large amounts of Strictly confidential and confidential data research data in a project directory.

Software and compute

From the login node, users can submit jobs to a SLURM compute cluster.

LeoMed centrally provides the Compute Canada software stack and users also can, under certain restrictions, install software themselves. Users can use data analysis tools, such as RStudio or Jupyter notebooks on LeoMed. Furthermore, software can be executed via containers.

Containers and web applications

Users can run containers to execute containerized data analysis workflows on the cluster or deploy containerized web applications on LeoMed in dedicated virtual machines. On request, SIS can deploy web applications for users. By default, these applications can only be accessed from within the LeoMed tenant. On request and contingent on a security review, web applications can also be exposed to the internet, giving non-LeoMed users access to the tool. For example, this can be done for applications that aggregate sensitive data in a way that renders them non-sensitive, and then expose these non-sensitive aggregates through a web application. Users who are authorized to use the web application can log in to it from the internet using their SWITCH edu-ID account with two-factor authentication enabled, even if they don't have access to LeoMed.

LeoMed layout

Leonhard Med is a secure multi-tenant platform with two types of tenants: secure isolated and secure shared tenants.

(lightbulb)Tenant: complete environment for data transfer, storage, management and analysis. Technically, a tenant consists of a completely isolated network space containing data, user access, computing and software applications resources. A secure shared tenant has several allocations: the resources (e.g. data or computing) purchased by a customer within a secure shared tenant in Leonhard Med.

Secure isolated tenant Secure shared tenant
Security levelSecurity level 2: very high security. All security controls of LeoMed are enabledSecurity level 1: elevated to high security. All security controls of LeoMed are enabled
  • only one Project Leader (PL) is allowed
  • a secure isolated tenant is completely separated from other tenants in Leonhard Med, by a logical network isolation
  • only the resources purchased for the tenant may be used (e.g. compute nodes, virtual machines)
  • several Project Leaders (PLs) are allowed
  • PLs may use one or several allocations within a secure shared tenant.
  • data in each allocation of a secure shared tenant are isolated by UNIX file permission rules
  • computing resources of all allocations within a secure shared tenant form a common pool available to the tenant
  • a secure shared tenant is completely separated from other tenants in Leonhard Med by a logical network isolation
BenefitsVery high security level for data protection.Elevated to high security level for data protection. Sharing of compute resources between projects is possible

Sharing of compute resources outside the tenant is not enabled.

UNIX file permission rules offer a high security level for data protection. However, due to potential higher impact of security vulnerability on getting unauthorized access to data, the administrative privileges of the users are more strictly controlled than in a secure isolated tenant. The change process is more rigid, often requiring approval of all the PLs.

RecommendationConsider this option when very high security level for data protection is required (e.g. strictly confidential data) and when there is no need to use a pool of shared compute resources.Consider this option when elevated to high security for data protection is sufficient and there is a need to use a common pool of shared compute resources available in the tenant.

Becoming a LeoMed Customer


Leonhard Med is provided as a service to Customers (e.g. professors) who offer it to their Users (e.g. researchers). Users require authorization to access LeoMed.

(lightbulb)Good to know:

Customers: purchase LeoMed services. PL: authorize Users to access LeoMed​. Customers and PL are often represented by the same person.

PMs: request user access​.

Users: access and use LeoMed​

What to do next:

  • researchers interested in using LeoMed, should get in touch with SIS at
  • SIS will explain the service options, analyze the requirements and prepare a service quote:
    • explain standard and non-standard service configurations (e.g. tenant types, customizations)
    • indicate options for 1 year or for 4 years initial service validity (can be followed by extension)
    • explain roles and identify persons to be assigned to roles (e.g. Customer, Project Leader, User)
    • prepare a draft service quote tailored to requirements
    • assign an Account Manager at SIS as main point of contact responsible for managing the customer account (e.g. onboarding, further service purchases, analysis of new requirements, service customizations etc.)
  • The PL will identify initial authorized users (e.g., Permissions Manager - PM, Data Manager - DM, User)
    • PL and each authorized User must sign the Leonhard Med Acceptable Use Policy
    • initial authorized users need to provide relevant information for user account creation (see User accounts)
    • ETHZ-members will access LeoMed from the ETHZ network (e.g., VPN). In order for ETHZ-externals to reach LeoMed from outside the ETH network, the LeoMed support team needs to whitelist (allow) your institutional IP address or the IP address range (see Whitelisting sources).
  • Once all the requirements have been clarified, SIS will provide a draft service quote for the initial purchase of a Leonhard Med tenant
  • The Customer will approve the quote and send a binding requests to SIS at


LeoMed Price Model 2022


CodeSpecificationsPrice typeone time
4 years
1 year
one time
4 years
1 year
ST-SNTSetup of a new tenant (one time fee)fixed1'000



Tenant operation (up to 10 users)

(valid for both secure isolated tenants and individual allocations inside a shared tenant)


Tenant operation per additional user (11-50)


Tenant operation per additional user (from 51 on)


Secure storage per TB

(including Geo-redundant tape backup, encrypted)

ST-ARCSecure archival operation (one time, per package)fixed1'000


ST-ARC10Secure archival of data for 10 years, per TB
free of charge8


General Purpose Node

CA-VM-VF12 cores, 4 GiB RAMfixed
CA-VM-VF24 cores, 8 GiB RAM fixed
CA-VM-VF38 cores, 16 GiB RAM fixed
CA-VM-VF416 cores, 32 GiB RAM fixed
Compute Node

CN-HM-VF114 cores, 224 GiB RAMindicative
CN-HM-VF228 cores, 450 GiB RAMindicative
CN-HM-VF356 cores, 900 GiB RAMindicative
CN-HM-VF4124 cores, 2040 GiB RAMindicative
Standard GPU Node (RTX2080Ti or equivalent)

GP-TR-VF14 cores, 46 GiB RAM, 1 GPUsindicative
GP-TR-VF28 cores, 92 GiB RAM, 2 GPUsindicative
GP-TR-VF316 cores, 186 GiB RAM, 4 GPUsindicative
GP-TR-VF434 cores, 372 GiB RAM, 8 GPUsindicative

High-end GPU Node (Titan RTX or equivalent)


15 cores, 60 GiB RAM, 1 GPUs


30 cores, 120 GiB RAM, 2 GPUs


60 cores, 248 GiB RAM, 4 GPUs


124 cores, 500 GiB RAM, 8 GPUs

Additional standard services

RDM-openBISRDM openBIS, on request1fixed2'000N/A1'0004'000N/A2'000
TR-GSHalf-day "Getting started" course, on request2fixedincluded6
BIT-BSBase package BioMedIT, on request3fixed

included6 - if BioMedIT eligible

BIT-SDTStandard secure data transfer BioMedIT, on request4fixed
BIT-FUMFederated user identity management BioMedIT, on request5fixed









Subscription expert services (1 FTE for 1 year), on request7
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.


140'000 (1 FTE) 
150'000 (< 0.8 FTE)9

200'000 (1 FTE)

DR-ESDaily rates expert services, on request.
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.




  • These specifications and prices are valid from 01/02/2022 until further notice.
  • Specifications and prices are indicative and may vary depending on supplier, product life cycle, technological changes, etc.
  • Value Added Tax (VAT) of 7.7% is not included in the pricelist. If applicable, it will be added in the invoice.
  • When not otherwise specified, prices include costs that are not covered by funding agencies like the ERC.
  • ETH-internal prices are subsidized by ETH and are therefore valid only for members of the ETH domain. ETH-external prices are valid for customers that are not members of the ETH domain.
  • Memory is expressed in binary units (1 GiB = 2^30 bytes), whereas storage is expressed in decimal units (1 TB = 10^12 bytes).               
  • 1 RDM openBIS price covers: instance setup for openBIS in a specified Leonhard Med tenant, openBIS technical maintenance, minimal openBIS data model, user training and support. The cost does not include infrastructure cost. Default openBIS instance allocation is: CA-VM-VF2
  • 2 courses are included free of charge in the service. Additional course sessions may incur a fee.
  • 3 BioMedIT base package (e.g., secure tenants, BioMedIT federated user identity management, standard secure data transfer process) are provisioned to eligible BioMedIT customers (i.e., all SPHN and PHRT projects funded in phase I and II) at no cost for the projects. GPU compute nodes are not covered by the BioMedIT base package.                                                            
  • 4,5 These service configurations are included per default the BioMedIT base package and may be requested by customers independent of BioMedIT, i.e., as non-standard service configurations.
  • 6 These service configurations are included free of charge in the service and are offered on request.
  • 7 Subscription expert services (e.g. customer-level SLA) are offered on request, for an initial period of 2 years with possibility of extension. A subscription must amount to a minimum of 20 % FTE per year.
  • 8 No steering tax will be charged for the LTS service from January 1st, 2020 for all ETH members.
  • 9 Starting with 01.01.2024 the following price will be charged for SS-ES ETH-internal (1 FTE for 1 year): 150'000 CHF
  • The following items are included per default and free of charge in the service: user support, access to centrally installed software and applications library (including workload manager and container technologies), option for secure data transfer at user level, option for data restoration from backup.
  • Due to a worldwide semiconductor shortage, it is not possible to say when we will be able to order new Standard and High-end GPU nodes, what type of GPUs they will contain, and how much they will cost.
  • For any questions regarding the Leonhard Med service configuration options and prices or different types of available expert services models (e.g. subscription or daily rates), please contact the Leonhard Med service desk (