This page gives a brief overview of LeoMed and describes how research groups can become LeoMed shareholders.

Table of Contents

What is LeoMed?

Leonhard Med (LeoMed) is a secure, powerful, and versatile scientific data and computing platform to transfer, store, manage and analyze confidential research data. Leonhard Med is provisioned and operated by the Scientific IT Services (SIS) of IT Services at ETH Zurich. At the national level, SIS with the Leonhard Med platform is part of the BioMedIT network, representing the BioMedIT node Zurich. Visit our website to find out more about our services for confidential research data or see this presentation.

Confidential data, per LeoMed Acceptable Use Policy refers to all personal data (either identifying or pseudonymized data, in particular, health-related or medical data) unless explicitly classified differently.

secure project space for data storage, management and analysis with command line and remote desktop access

secure and collaborative compute environment for data management and data analysis (bioinformatics, ML, etc.)

secure data transfer from distributed sources (Swiss hospitals and research facilities, international repos, etc.)

flexible and customizable (e.g., hosting specialized web-based applications, DBs, clinical data warehouses, containerized applications etc.)

Important roles on LeoMed

The Project Leader (PL) is accountable for the legally and ethically correct handling of all Confidential Data across the whole data lifecycle of a research project. The PL is responsible and accountable for the correct data classification within the project. The PL names the Users who are entitled to access and process sensitive data within the project (see LeoMed AUP Art. 9). The PL can delegate the user management to a Permissions Manager.
The Permissions Manager (PM) is designated by the PL and it is responsible for requesting user access or revocation of user access to a specific project space or research group space on Leonhard Med.
The Data Manager (DM) is often used in the BioMedIT context and is responsible for managing confidential data on Leonhard Med. The data manager's responsibilities include, but are not limited to, requesting data from external sources, decrypting confidential data transferred to Leonhard Med, and organizing data on the system.
The User is a person that has been authorized by a PL to access and use LeoMed tenants/project spaces. Users are responsible for the confidentiality of personal access data and identification mechanisms, such as passwords, PINs, private keys, tokens. The Users may not disclose or make available this access data to third persons, or give them access under their account name (see LeoMed AUP Art. 8).

LeoMed use cases

With LeoMed, many different use cases to securely work with sensitive data can be accommodated. These cases cover some workflows possible after a research group becomes a LeoMed shareholder and their project space has been configured according to their requirements:

A research group wants to store sensitive data.

Sensitive data is transferred to LeoMed, either as a service via the BioMedIT secure data transfer process, or on the user level.
The Data Manager can organize the data on LeoMed.
The data is backed up regularly.
After the project ends and the tenant is closed, the data can be securely destroyed or securely archived.

A research group wants to securely manage sensitive data using a data management solution.

Sensitive data is transferred to LeoMed (see use case above).
The Data Manager organizes the data using a data management solution (e.g., openBIS)
The Permissions Manager can add other lab members to the LeoMed tenant so that they can work with the data.

A research group wants to securely share the data with a collaborating research group.

Research group A transfers data that they collected to their LeoMed tenant.
Research group B wants to work with the data without transferring it to their own infrastructure
After the groups sign legal agreements, members from research group B can be added to the LeoMed tenant by the Permissions Manager.

A research group wants to securely work with sensitive data from multiple Swiss hospitals.

Sensitive data is transferred to LeoMed via the BioMedIT secure data transfer process
To initiate the process the Data Manager sends a Data Transfer Request BioMedIT, which will validate it and forward it to the Data Providers
The Data Providers encrypt the data and transfer it to the BioMedIT network
The data automatically arrives in the project's tenant on LeoMed and the Data Manager can decrypt and work with the data.

A research group wants to securely analyze sensitive data on a high-performance compute cluster.

Sensitive data is transferred to LeoMed (see use cases above).
Post Doc A analyzes the data using centrally provided software or software maintained by the research group; potentially run in a container
Post Doc A analyzes the data by submitting a job to a SLURM high-performance compute cluster, utilizing resources that the cluster can provide, such as, CPUs, GPUs, large memory.
Additionally, Post Doc A can collaborate on data analysis with Post Doc B

A research group wants to securely host a web application that aggregates and plots sensitive data.

Sensitive data is transferred to LeoMed (see use cases above).
A dedicated virtual machine running rootless docker will be deployed.
Ph.D. student A develops a data analysis pipeline, which aggregates sensitive data and plots it in an interactive R-Shiny app. S/he containerizes the app and transfers the container to the VM on LeoMed. Here s/he can configure and run the container.
Ph.D. student B wants to use the app. S/he logs in to LeoMed and works with the app in the web browser.

LeoMed in action

User accounts

Once a tenant is set up, users requiring access to LeoMed can be added. Users must be authorized by the tenant's Project Leader (PL) and the user account must be requested by the Permissions Manager (PM).

Access

Once the LeoMed user account has been set up and the user has configured the two-factor authentication (2FA), users are ready to access Leonhard Med either via remote desktop (via a web browser) or ssh (via the command line). Users enter the LeoMed platform on a login node. It serves as a jumping-off point for all services available on LeoMed, such as storage, the compute cluster, or locally hosted web services.

Data transfer and storage

Confidential as well as non-confidential data can be transferred to LeoMed. Non-confidential data can be transferred on the user level. Confidential data must be encrypted before transfer and can be transferred via the BioMedIT process, or in a user-driven way.

Users can store smaller, non-confidential data (such as analysis scripts) in their home directory and large amounts of confidential research data in a project directory.

Software and compute

From the login node, users can submit jobs to a SLURM compute cluster.

LeoMed centrally provides the Compute Canada software stack and users also can, under certain restrictions, install software themselves. Users can use data analysis tools, such as RStudio or Jupyter notebooks on LeoMed. Furthermore, software can be executed via containers.

Containers

Users can run containers to execute containerized data analysis workflows on the cluster or deploy containerized web-based services on LeoMed in dedicated virtual machines.

LeoMed layout

LeoMed is organized into tenants (distinct spaces). There are two types of tenant layouts on LeoMed: secure shared, and secure isolated tenants.

	Secure shared tenant	Secure isolated tenant
Security level	elevated (as compared to standard high-performance computing systems)	high
Features	Multiple customers are allowed per tenant The tenant is isolated by a logical network separation Within the secure shared tenant, the access to the data may be restricted (i.e., per research project) using UNIX file permission rules Data sharing between tenants is exclusively allowed based on explicit authorization (e.g. of the responsible Project Leader)	Only one customer per tenant is allowed A customer may have several tenants The tenant is isolated by a logical network separation Within the isolated tenant, only the resources purchased for it may be used (e.g. compute nodes, virtual machines)
Benefits	Sharing of compute resources between projects is possible.	High security level for data protection
Limitation	UNIX file permission rules offer elevated data security, however unauthorized data access within a secure shared tenant may be technically possible, for example when unauthorized actor obtains root permissions within a virtual machine.	No sharing of compute resources between projects is possible.
Recommendation	Consider this option when elevated security for data protection is sufficient and benefit from sharing a pool of compute resources available in the tenant.	Consider this option when high security level for data protection is required (e.g. research project with specific ethical approval) and when there is no need to use a pool of shared compute resources.

The multi-tenancy features in Leonhard Med: a secure shared tenant and secure isolated tenant are shown. Tenant resources are isolated from the rest of the cluster by logical network separation (red box). Within a secure shared tenant, UNIX file permission can further separate the data of customers (blue box), whereas a common pool of compute resources is shared. Users may have access to more than one tenant, however, data sharing between tenants is only allowed upon explicit authorization by the Project Leader responsible for the dataset to be shared.

Becoming a LeoMed shareholder

Research groups interested in becoming a LeoMed shareholder and in getting access to a LeoMed tenant should get in touch with SIS at leomed-support@id.ethz.ch
SIS will explain the process and the responsibilities
SIS and the potential shareholder - who will assume the Project Leader (PL) role - will discuss the requirements
The PL will identify initial users (Permissions Manager and Data Manager; can also be a single person).
- PL, PM, DM must sing the Leonhard Med Acceptable Use Policy
- initial users (PM, DM) need to provide relevant keys and information for user account creation (see Getting user access to LeoMed)
- ETHZ-members will access LeoMed from the ETHZ network (e.g., VPN). In order for ETHZ-externals to reach LeoMed from outside the ETH network, the LeoMed support team needs to whitelist (allow) your institutional IP address or the IP address range (see Whitelisting external sources for ETH-externals to get access to LeoMed).
Once all the requirements have been clarified, SIS will provide a quote for the initial purchase of a Leonhard Med tenant
PL will approve the quote and send a binding requests to SIS at leomed-support@id.ethz.ch

LeoMed documents

LeoMed Price Model 2022

Date: 11 Apr 2022

			ETH-internal			ETH-external
Code	Specifications	Price type	one time CHF	4 years CHF	1 year CHF	one time CHF	4 years CHF	1 year CHF
ST-SNT	Setup of a new tenant (one time fee)	fixed	1'000			2'000
ST-OPS	Tenant operation (up to 10 users) (valid for both secure isolated tenants and individual allocations inside a shared tenant)	fixed		8'000	2'000		16'000	4'000
ST-OPS-50	Tenant operation per additional user (11-50)	fixed		400	100		800	200
ST-OPS-M	Tenant operation per additional user (from 51 on)	fixed		200	50		400	100
ST-WK	Secure storage per TB (including Geo-redundant tape backup, encrypted)	fixed		200	50		400	100
ST-ARC	Secure archival operation (one time, per package)	fixed	1'000			2'000
ST-ARC10	Secure archival of data for 10 years, per TB		free of charge⁸			800
General Purpose Node
CA-VM-VF1	2 cores, 4 GiB RAM	fixed		500	125		1'000	250
CA-VM-VF2	4 cores, 8 GiB RAM	fixed		1'000	250		2'000	500
CA-VM-VF3	8 cores, 16 GiB RAM	fixed		2'000	500		4'000	1'000
CA-VM-VF4	16 cores, 32 GiB RAM	fixed		4'000	1'000		8'000	2'000
Compute Node
CN-HM-VF1	14 cores, 224 GiB RAM	indicative		5'000	1'250		10'000	2'500
CN-HM-VF2	28 cores, 450 GiB RAM	indicative		10'000	2'500		20'000	5'000
CN-HM-VF3	56 cores, 900 GiB RAM	indicative		20'000	5'000		40'000	10'000
CN-HM-VF4	124 cores, 2040 GiB RAM	indicative		40'000	10'000		80'000	20'000
Standard GPU Node (RTX2080Ti or equivalent)
GP-TR-VF1	4 cores, 46 GiB RAM, 1 GPUs	indicative		4'500	1'125		9'000	2'250
GP-TR-VF2	8 cores, 92 GiB RAM, 2 GPUs	indicative		9'000	2'250		18'000	4'500
GP-TR-VF3	16 cores, 186 GiB RAM, 4 GPUs	indicative		18'000	4'500		36'000	9'000
GP-TR-VF4	34 cores, 372 GiB RAM, 8 GPUs	indicative		36'000	9'000		72'000	18'000
High-end GPU Node (Titan RTX or equivalent)
GP-TR-VF5	14 cores, 56 GiB RAM, 1 GPUs	indicative		5'000	1'250		10'000	2'500
GP-TR-VF6	28 cores, 112 GiB RAM, 2 GPUs	indicative		10'000	2'500		20'000	5'000
GP-TR-VF7	56 cores, 224 GiB RAM, 4 GPUs	indicative		20'000	5'000		40'000	10'000
GP-TR-VF8	124 cores, 450 GiB RAM, 8 GPUs	indicative		40'000	10'000		80'000	20'000
Additional standard services
RDM-openBIS	RDM openBIS, on request¹	fixed	2'000	N/A	1'000	4'000	N/A	2'000
TR-GS	Half-day "Getting started" course, on request²	fixed	included⁶
BIT-BS	Base package BioMedIT, on request³	fixed	included⁶ - if BioMedIT eligible
BIT-SDT	Standard secure data transfer BioMedIT, on request⁴	fixed
BIT-FUM	Federated user identity management BioMedIT, on request⁵	fixed

ETH-internal

ETH-external

Code

Specifications

CHF/year

CHF/day

CHF/year

CHF/day

SS-ES

Subscription expert services (1 FTE for 1 year), on request⁷
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.

fixed

140'000 (1 FTE)
150'000 (< 0.8 FTE)

200'000 (1 FTE)

DR-ES

Daily rates expert services, on request.
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.