This page gives a brief overview of the Leonhard Med platform, services and price model for existing and prospective customers.

Table of Contents

What is LeoMed?

Leonhard Med (LeoMed) is a secure, powerful, and versatile scientific data and computing platform to transfer, store, manage and analyze sensitive research data. Leonhard Med is provisioned and operated by the Scientific IT Services (SIS) of IT Services at ETH Zurich. At the national level, SIS with the Leonhard Med platform is part of the BioMedIT network, representing the BioMedIT node Zurich. Leonhard Med is secure by design (very high level of protection compared to normal IT infrastructures) and compliant with Swiss and ETH regulations for data protection.

Sensitive data requires special cybersecurity measures to protect the Confidentiality, Integrity and Availability of data and to protect the Privacy of individuals. Sensitive data usually classifies as: strictly confidential or confidential. An example of sensitive research data is biomedical patient data (pseudonymized or identified). See LeoMed Acceptable Use Policy.

Q: When to use LeoMed?

A: When data you work with are sensitive data i.e., strictly confidential or confidential (e.g., data access, transfer, storage, management, development and application of computational analysis, exploration of data via web apps (dashboards), controlled sharing of data with eligible recipients etc.).

LeoMed expert services:

Secure tenants as complete environments for data transfer, storage, management, exploration and computational analysis

Expert IT solution engineering and Research Data Management support

Expert consultancy on secure services for strictly confidential and confidential data

Gateway to the national secure BioMedIT network services

Added value: secure & customizable to fit various specific research use cases.

You bring in your use case and we support you in enabling it at Leonhard Med with either standard or non-standard service support (see Service Level Agreement)

Visit our website to find out more about our services for sensitive research data.

LeoMed use cases

LeoMed is a customizable research platform that can be tailored to specific research needs. You bring in your use case and we support you in enabling it at Leonhard Med with either standard or non-standard service support.

Leonhard Med is suitable for sensitive data from any research area (medicine, social and political sciences, economics, environmental sciences etc.). Specialized use cases (e.g. not related to research) may be supported and are subject to specific rules.

We show below a selection of common use case at LeoMed for working with sensitive data (strictly confidential or confidential):

A research group wants to store sensitive data.

Sensitive data is transferred to LeoMed, either as a service via the BioMedIT secure data transfer process, or on the user level.
The Data Manager can organize the data on LeoMed.
The data is backed up regularly.
After the project ends and the tenant is closed, the data can be securely destroyed or securely archived.

A research group wants to securely manage sensitive data using a data management solution.

Sensitive data is transferred to LeoMed (see use case above).
The Data Manager organizes the data using a data management solution (e.g., openBIS)
The Permissions Manager can add other lab members to the LeoMed tenant so that they can work with the data.

A research group wants to securely share the data with a collaborating research group.

Research group A transfers data that they collected to their LeoMed tenant.
Research group B wants to work with the data without transferring it to their own infrastructure
After the groups sign legal agreements, members from research group B can be added to the LeoMed tenant by the Permissions Manager.

A research group wants to securely work with sensitive data from multiple Swiss hospitals.

Sensitive data is transferred to LeoMed via the BioMedIT secure data transfer process
To initiate the process the Data Manager sends a Data Transfer Request BioMedIT, which will validate it and forward it to the Data Providers
The Data Providers encrypt the data and transfer it to the BioMedIT network
The data automatically arrives in the project's tenant on LeoMed and the Data Manager can decrypt and work with the data.

A research group wants to securely analyze sensitive data on a high-performance compute cluster.

Sensitive data is transferred to LeoMed (see use cases above).
Post Doc A analyzes the data using centrally provided software or software maintained by the research group; potentially run in a container
Post Doc A analyzes the data by submitting a job to a SLURM high-performance compute cluster, utilizing resources that the cluster can provide, such as, CPUs, GPUs, large memory.
Additionally, Post Doc A can collaborate on data analysis with Post Doc B

A research group wants to securely host a web application that aggregates and plots sensitive data.

Sensitive data is transferred to LeoMed (see use cases above).
A dedicated virtual machine running rootless docker will be deployed.
Ph.D. student A develops a data analysis pipeline, which aggregates sensitive data and plots it in an interactive R-Shiny app. S/he containerizes the app and transfers the container to the VM on LeoMed. Here s/he can configure and run the container.
Ph.D. student B wants to use the app. S/he logs in to LeoMed and works with the app in the web browser.
On request and contingent on a security review, certain web applications can also be exposed to the internet.

Important roles at LeoMed

The roles at LeoMed are described in the LeoMed Acceptable Use Policy (AUP).

The Project Leader (PL) is responsible and accountable for data hosted at Leonhard Med, for example: ensures legal and ethical handling of sensitive data, classifies data (e.g. strictly confidential and confidential data), authorized Users to access data. PLs are responsible for the whole project data lifecycle within Leonhard Med. PL roles are often assigned to professors, heads of administrative departments or of staff units). PLs may but are not required to have access to LeoMed as Users. The PL can delegate the user management to a Permissions Manager.

The Permissions Manager (PM) is delegated by the PL and is responsible for requesting, on behalf of Users, user access or revocation of user access to Leonhard Med. PMs may but are not required to have access to LeoMed as Users.

The Data Manager (DM) is often used in the BioMedIT context and is responsible for managing strictly confidential and confidential data on Leonhard Med, for example: requests data transfers, decrypts data, manages data with dedicates software tools (note that this role is specific and not included in the LeoMed Acceptable Use Policy). DMs are required to have access to LeoMed as Users.

The User is a person authorized by a Project Leader to access and process data in Leonhard Med. Users are responsible for the confidentiality of personal access data and identification mechanisms, such as passwords, PINs, private keys, tokens. The Users may not disclose or make available this access data to third persons, or give them access under their account name (see LeoMed AUP Art. 8).

Every User (User, PL, PM, DM) must comply with the Leonhard Med AUP and sign an agreement stating that they will follow the Leonhard Med AUP.

LeoMed in action

User accounts

Once a tenant is set up, users requiring access to LeoMed can be added. Users must be authorized by the tenant's Project Leader (PL) and the user account must be requested by the Permissions Manager (PM). For further information on how to request accounts and enable userrs on LeoMed, see User accounts.

Access

Once the LeoMed user account has been set up and the user has configured the two-factor authentication (2FA), users are ready to access Leonhard Med either via remote desktop (via a web browser) or ssh (via the command line). Users enter the LeoMed platform on a login node. It serves as a jumping-off point for all services available on LeoMed, such as storage, the compute cluster, or locally hosted web services.

Data transfer and storage

Sensitive data (strictly confidential and confidential) as well as non-confidential data can be transferred to LeoMed. Non-confidential data can be transferred on the user level. Strictly confidential and confidential data must be encrypted before transfer and can be transferred via the BioMedIT process, or in a user-driven way.

Users can store smaller, non-confidential data (such as analysis scripts) in their home directory and large amounts of Strictly confidential and confidential data research data in a project directory.

Software and compute

From the login node, users can submit jobs to a SLURM compute cluster.

LeoMed centrally provides the Compute Canada software stack and users also can, under certain restrictions, install software themselves. Users can use data analysis tools, such as RStudio or Jupyter notebooks on LeoMed. Furthermore, software can be executed via containers.

Containers and web applications

Users can run containers to execute containerized data analysis workflows on the cluster or deploy containerized web applications on LeoMed in dedicated virtual machines. On request, SIS can deploy web applications for users. By default, these applications can only be accessed from within the LeoMed tenant. On request and contingent on a security review, web applications can also be exposed to the internet, giving non-LeoMed users access to the tool. For example, this can be done for applications that aggregate sensitive data in a way that renders them non-sensitive, and then expose these non-sensitive aggregates through a web application. Users who are authorized to use the web application can log in to it from the internet using their SWITCH edu-ID account with two-factor authentication enabled, even if they don't have access to LeoMed.

eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkxpZW0gIEZyYW56aXNrdXMgKElEKSIsIm91dHB1dFR5cGUiOiJibG9jayIsImxhc3RNb2RpZmllck5hbWUiOiJMaWVtICBGcmFuemlza3VzIChJRCkiLCJsYW5ndWFnZSI6ImVuIiwiZGlhZ3JhbURpc3BsYXlOYW1lIjoiIiwic0ZpbGVJZCI6IiIsImF0dElkIjoiOTI4NjcxNDIiLCJkaWFncmFtTmFtZSI6Ikxlb01lZC1sYXlvdXQiLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiTGVvbmhhcmQgTWVkIEludHJvIGZvciBzaGFyZWhvbGRlcnMiLCJ0YnN0eWxlIjoidG9wIiwiY2FuQ29tbWVudCI6ZmFsc2UsImRpYWdyYW1VcmwiOiIiLCJjc3ZGaWxlVXJsIjoiIiwiYm9yZGVyIjp0cnVlLCJtYXhTY2FsZSI6IjEiLCJvd25pbmdQYWdlSWQiOjkyODY3MTM0LCJlZGl0YWJsZSI6ZmFsc2UsImNlb0lkIjo5Mjg2NzEzNCwicGFnZUlkIjoiIiwibGJveCI6dHJ1ZSwic2VydmVyQ29uZmlnIjp7ImVtYWlscHJldmlldyI6IjEifSwib2RyaXZlSWQiOiIiLCJyZXZpc2lvbiI6OSwibWFjcm9JZCI6ImE3M2I1ZjVmLTE4ZGItNDQxOC1iOGZhLWI0NDNlMjg0ZmUxNCIsInByZXZpZXdOYW1lIjoiTGVvTWVkLWxheW91dC5wbmciLCJsaWNlbnNlU3RhdHVzIjoiT0siLCJzZXJ2aWNlIjoiIiwiaXNUZW1wbGF0ZSI6IiIsIndpZHRoIjoiNDAwIiwic2ltcGxlVmlld2VyIjpmYWxzZSwibGFzdE1vZGlmaWVkIjoiSmFuIDE5LCAyMDIzIDE6Mzc6MTcgUE0iLCJleGNlZWRQYWdlV2lkdGgiOmZhbHNlLCJvQ2xpZW50SWQiOiIifQ==

LeoMed layout

Leonhard Med is a secure multi-tenant platform with two types of tenants: secure isolated and secure shared tenants.

Tenant: complete environment for data transfer, storage, management and analysis. Technically, a tenant consists of a completely isolated network space containing data, user access, computing and software applications resources. A secure shared tenant has several allocations: the resources (e.g. data or computing) purchased by a customer within a secure shared tenant in Leonhard Med.

	Secure isolated tenant	Secure shared tenant
Security level	Security level 2: very high security. All security controls of LeoMed are enabled	Security level 1: elevated to high security. All security controls of LeoMed are enabled
Features	only one Project Leader (PL) is allowed a secure isolated tenant is completely separated from other tenants in Leonhard Med, by a logical network isolation only the resources purchased for the tenant may be used (e.g. compute nodes, virtual machines)	several Project Leaders (PLs) are allowed PLs may use one or several allocations within a secure shared tenant. data in each allocation of a secure shared tenant are isolated by UNIX file permission rules computing resources of all allocations within a secure shared tenant form a common pool available to the tenant a secure shared tenant is completely separated from other tenants in Leonhard Med by a logical network isolation
Benefits	Very high security level for data protection.	Elevated to high security level for data protection. Sharing of compute resources between projects is possible
Limitation	Sharing of compute resources outside the tenant is not enabled.	UNIX file permission rules offer a high security level for data protection. However, due to potential higher impact of security vulnerability on getting unauthorized access to data, the administrative privileges of the users are more strictly controlled than in a secure isolated tenant. The change process is more rigid, often requiring approval of all the PLs.
Recommendation	Consider this option when very high security level for data protection is required (e.g. strictly confidential data) and when there is no need to use a pool of shared compute resources.	Consider this option when elevated to high security for data protection is sufficient and there is a need to use a common pool of shared compute resources available in the tenant.

Becoming a LeoMed Customer

Leonhard Med is provided as a service to Customers (e.g. professors) who offer it to their Users (e.g. researchers). Users require authorization to access LeoMed.

Good to know:

Customers: purchase LeoMed services. PL: authorize Users to access LeoMed. Customers and PL are often represented by the same person.

PMs: request user access.

Users: access and use LeoMed

What to do next:

researchers interested in using LeoMed, should get in touch with SIS at leomed-support@id.ethz.ch
SIS will explain the service options, analyze the requirements and prepare a service quote:
- explain standard and non-standard service configurations (e.g. tenant types, customizations)
- indicate options for 1 year or for 4 years initial service validity (can be followed by extension)
- explain roles and identify persons to be assigned to roles (e.g. Customer, Project Leader, User)
- prepare a draft service quote tailored to requirements
- assign an Account Manager at SIS as main point of contact responsible for managing the customer account (e.g. onboarding, further service purchases, analysis of new requirements, service customizations etc.)
The PL will identify initial authorized users (e.g., Permissions Manager - PM, Data Manager - DM, User)
- PL and each authorized User must sign the Leonhard Med Acceptable Use Policy
- initial authorized users need to provide relevant information for user account creation (see User accounts)
- ETHZ-members will access LeoMed from the ETHZ network (e.g., VPN). In order for ETHZ-externals to reach LeoMed from outside the ETH network, the LeoMed support team needs to whitelist (allow) your institutional IP address or the IP address range (see Whitelisting sources).
Once all the requirements have been clarified, SIS will provide a draft service quote for the initial purchase of a Leonhard Med tenant
The Customer will approve the quote and send a binding requests to SIS at leomed-support@id.ethz.ch

LeoMed documents

LeoMed Price Model 2022

Date: 11 Apr 2022

			ETH-internal			ETH-external
Code	Specifications	Price type	one time CHF	4 years CHF	1 year CHF	one time CHF	4 years CHF	1 year CHF
ST-SNT	Setup of a new tenant (one time fee)	fixed	1'000			2'000
ST-OPS	Tenant operation (up to 10 users) (valid for both secure isolated tenants and individual allocations inside a shared tenant)	fixed		8'000	2'000		16'000	4'000
ST-OPS-50	Tenant operation per additional user (11-50)	fixed		400	100		800	200
ST-OPS-M	Tenant operation per additional user (from 51 on)	fixed		200	50		400	100
ST-WK	Secure storage per TB (including Geo-redundant tape backup, encrypted)	fixed		200	50		400	100
ST-ARC	Secure archival operation (one time, per package)	fixed	1'000			2'000
ST-ARC10	Secure archival of data for 10 years, per TB		free of charge⁸			800
General Purpose Node
CA-VM-VF1	2 cores, 4 GiB RAM	fixed		500	125		1'000	250
CA-VM-VF2	4 cores, 8 GiB RAM	fixed		1'000	250		2'000	500
CA-VM-VF3	8 cores, 16 GiB RAM	fixed		2'000	500		4'000	1'000
CA-VM-VF4	16 cores, 32 GiB RAM	fixed		4'000	1'000		8'000	2'000
Compute Node
CN-HM-VF1	14 cores, 224 GiB RAM	indicative		5'000	1'250		10'000	2'500
CN-HM-VF2	28 cores, 450 GiB RAM	indicative		10'000	2'500		20'000	5'000
CN-HM-VF3	56 cores, 900 GiB RAM	indicative		20'000	5'000		40'000	10'000
CN-HM-VF4	124 cores, 2040 GiB RAM	indicative		40'000	10'000		80'000	20'000
Standard GPU Node (RTX2080Ti or equivalent)
GP-TR-VF1	4 cores, 46 GiB RAM, 1 GPUs	indicative		4'500	1'125		9'000	2'250
GP-TR-VF2	8 cores, 92 GiB RAM, 2 GPUs	indicative		9'000	2'250		18'000	4'500
GP-TR-VF3	16 cores, 186 GiB RAM, 4 GPUs	indicative		18'000	4'500		36'000	9'000
GP-TR-VF4	34 cores, 372 GiB RAM, 8 GPUs	indicative		36'000	9'000		72'000	18'000
High-end GPU Node (Titan RTX or equivalent)
GP-TR-VF5	15 cores, 60 GiB RAM, 1 GPUs	indicative		5'000	1'250		10'000	2'500
GP-TR-VF6	30 cores, 120 GiB RAM, 2 GPUs	indicative		10'000	2'500		20'000	5'000
GP-TR-VF7	60 cores, 248 GiB RAM, 4 GPUs	indicative		20'000	5'000		40'000	10'000
GP-TR-VF8	124 cores, 500 GiB RAM, 8 GPUs	indicative		40'000	10'000		80'000	20'000
Additional standard services
RDM-openBIS	RDM openBIS, on request¹	fixed	2'000	N/A	1'000	4'000	N/A	2'000
TR-GS	Half-day "Getting started" course, on request²	fixed	included⁶
BIT-BS	Base package BioMedIT, on request³	fixed	included⁶ - if BioMedIT eligible
BIT-SDT	Standard secure data transfer BioMedIT, on request⁴	fixed
BIT-FUM	Federated user identity management BioMedIT, on request⁵	fixed

ETH-internal

ETH-external

Code

Specifications

CHF/year

CHF/day

CHF/year

CHF/day

SS-ES

Subscription expert services (1 FTE for 1 year), on request⁷
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.

fixed

140'000 (1 FTE)
150'000 (< 0.8 FTE)⁹

200'000 (1 FTE)

DR-ES

Daily rates expert services, on request.
IT Solution Engineer, Research Data Manager, IT Security Engineer. Subject to specific rules set forth by the service provider.