OLCF Policy Guides

OLCF Acknowledgement

Users should acknowledge the OLCF in all publications and presentations that speak to work performed on OLCF resources:

This research used resources of the Oak Ridge Leadership Computing Facility at the Oak Ridge National Laboratory, which is supported by the Office of Science of the U.S. Department of Energy under Contract No. DE-AC05-00OR22725.


Software Requests

To request software installation, please contact help@olcf.ornl.gov with a description of the software, including the following details:

  • Software name.

  • Description of the software and its purpose. Is it export controlled?

  • How the software is obtained.

  • Explanation of why the software is needed. If OLCF provides equivalent software, what is different about this software? If requesting an upgrade, describe new features or bug fixes.

  • Who will be using this software? Approximately how many people will be using it? If possible, list individual users of this software.

Special Requests and Policy Exemptions

To request exemption to certain system policies, contact help@olcf.ornl.gov with an overview of the exemption you need. Example requests include:

  • Relaxed queue limits for one or more jobs (longer walltime, higher priority)

  • System reservation (a dedicated set of nodes at a specific date/time)

  • Increased disk quota

  • Purge exemption for User/Group/World Work areas

Special requests are reviewed weekly by the OLCF Resource Utilization Council. Please contact help@olcf.ornl.gov for more information.


Computing Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • Principal Investigators (Non-Profit)

  • Principal Investigators (Industry)

  • All Users

Title: Computing Policy Version: 12.10

Computer Use

Computers, software, and communications systems provided by the OLCF are to be used for work associated with and within the scope of the approved project. The use of OLCF resources for personal or non-work-related activities is prohibited. All computers, networks, E-mail, and storage systems are property of the United States Government. Any misuse or unauthorized access is prohibited, and is subject to criminal and civil penalties. OLCF systems are provided to our users without any warranty. OLCF will not be held liable in the event of any system failure or data loss or corruption for any reason including, but not limited to: negligence, malicious action, accidental loss, software errors, hardware failures, network losses, or inadequate configuration of any computing resource or ancillary system.

Data Use

Prohibited Data

The OLCF computer systems are operated as research systems and only contain data related to scientific research and do not contain personally identifiable information (data that falls under the Privacy Act of 1974 5U.S.C. 552a). Use of OLCF resources to store, manipulate, or remotely access any national security information is strictly prohibited. This includes, but is not limited to: classified information, unclassified controlled nuclear information (UCNI), naval nuclear propulsion information (NNPI), the design or development of nuclear, biological, or chemical weapons or any weapons of mass destruction. Authors/generators/owners of information are responsible for its correct categorization as sensitive or non-sensitive. Owners of sensitive information are responsible for its secure handling, transmission, processing, storage, and disposal on OLCF systems. Principal investigators, users, or project delegates that use OLCF resources, or are responsible for overseeing projects that use OLCF resources, are strictly responsible for knowing whether their project generates any of these prohibited data types or information that falls under Export Control. For questions, contact help@olcf.ornl.gov.

Confidentiality, Integrity, and Availability

The OLCF systems provide protections to maintain the confidentiality, integrity, and availability of user data. Measures include the availability of file permissions, archival systems with access control lists, and parity and CRC checks on data paths and files. It is the user’s responsibility to set access controls appropriately for the data. In the event of system failure or malicious actions, the OLCF makes no guarantee against loss of data or that a user’s data can be accessed, changed, or deleted by another individual. It is the user’s responsibility to insure the appropriate level of backup and integrity checks on critical data and programs.

Data Modification/Destruction

Users are prohibited from taking unauthorized actions to intentionally modify or delete information or programs.

Data Retention

The OLCF reserves the right to remove any data at any time and/or transfer data to other users working on the same or similar project once a user account is deleted or a person no longer has a business association with the OLCF. After a sensitive project has ended or has been terminated, all data related to the project must be purged from all OLCF computing resources within 30 days.

Software Use

All software used on OLCF computers must be appropriately acquired and used according to the appropriate software license agreement. Possession, use, or transmission of illegally obtained software is prohibited. Likewise, users shall not copy, store, or transfer copyrighted software, except as permitted by the owner of the copyright. Only export-controlled codes approved by the Export Control Office may be run by parties with sensitive data agreements.

Malicious Software

Users must not intentionally introduce or use malicious software such as computer viruses, Trojan horses, or worms.

Reconstruction of Information or Software

Users are not allowed to reconstruct information or software for which they are not authorized. This includes but is not limited to any reverse engineering of copyrighted software or firmware present on OLCF computing resources.

User Accountability

Users are accountable for their actions and may be held accountable to applicable administrative or legal sanctions.

Monitoring and Privacy

Users are advised that there is no expectation of privacy of your activities on any system that is owned by, leased or operated by UT-Battelle on behalf of the U.S. Department of Energy (DOE). The Company retains the right to monitor all activities on these systems, to access any computer files or electronic mail messages, and to disclose all or part of information gained to authorized individuals or investigative agencies, all without prior notice to, or consent from, any user, sender, or addressee. This access to information or a system by an authorized individual or investigative agency is in effect during the period of your access to information on a DOE computer and for a period of three years thereafter. OLCF personnel and users are required to address, safeguard against, and report misuse, abuse and criminal activities. Misuse of OLCF resources can lead to temporary or permanent disabling of accounts, loss of DOE allocations, and administrative or legal actions. Users who have not accessed a OLCF computing resource in at least 6 months will be disabled. They will need to reapply to regain access to their account. All users must reapply annually.

Authentication and Authorization

All users are required to use a one-time password for authentication. Tokens will be distributed to OLCF users. Users will be required to create a Personal Identification Number (PIN). This is used in conjunction with a generated token code as part of a two-factor authentication implementation. Accounts on the OLCF machines are for the exclusive use of the individual user named in the account application. Users should not share accounts or tokens with anyone. If evidence is found that more than one person is using an account, that account will be disabled immediately. Users are not to attempt to receive unintended messages or access information by some unauthorized means, such as imitating another system, impersonating another user or other person, misuse of legal user credentials (usernames, tokens, etc.), or by causing some system component to function incorrectly. Users are prohibited from changing or circumventing access controls to allow themselves or others to perform actions outside their authorized privileges. Users must notify the OLCF immediately when they become aware that any of the accounts used to access OLCF have been compromised. Users should inform the OLCF promptly of any changes in their contact information (E-mail, phone, affiliation, etc.) Updates should be sent to accounts@ccs.ornl.gov.

Foreign National Access

Applicants who appear on a restricted foreign country listing in section 15 CFR 740.7 License Exceptions for Computers are denied access based on US Foreign Policy. The countries cited are Cuba, Iran, North Korea, Sudan, and Syria. Additionally, no work may be performed on OLCF computers on behalf of foreign nationals from these countries.

Denial of Service

Users may not deliberately interfere with other users accessing system resources.


Data Management Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to or use of OLCF computational resources:

  • Principal Investigators (Non-Profit)

  • Principal Investigators (Industry)

  • All Users

Title: Data Management Policy Version: 20.02

Introduction

The OLCF provides a comprehensive suite of hardware and software resources for the creation, manipulation, and retention of scientific data. This document comprises guidelines for acceptable use of those resources. It is an official policy of the OLCF, and as such, must be agreed to by relevant parties as a condition of access to and use of OLCF computational resources.

Data Storage Resources

The OLCF provides an array of data storage platforms, each designed with a particular purpose in mind. Storage areas are broadly divided into two categories: those intended for user data and those intended for project data. Within each of the two categories, we provide different sub-areas, each with an intended purpose:

Purpose

Storage Area

Path

Long-term data for routine access that is unrelated to a project

User Home

/ccs/home/[userid]

Long-term data for archival access that is unrelated to a project

User Archive

/home/[userid]

Long-term project data for routine access that’s shared with other project members

Project Home

/ccs/proj/[projid]

Short-term project data for fast, batch job access that you don’t want to share

Member Work

/gpfs/alpine2/[projid]/scratch/[userid]
/lustre/orion/[projid]/scratch/[userid]

Short-term project data for fast, batch job access that’s shared with other project members

Project Work

/gpfs/alpine2/[projid]/proj-shared
/lustre/orion/[projid]/proj-shared

Short-term project data for fast, batch job access that’s shared with those outside your project

World Work

/gpfs/alpine2/[projid]/world-shared
/lustre/orion/[projid]/world-shared

Long-term project data for archival access that you don’t want to share

Member Archive

/hpss/prod/[projid]/users/$USER

Long-term project data for archival access that’s shared with other project members

Project Archive

/hpss/prod/[projid]/proj-shared

Long-term project data for archival access that’s shared with those outside your project

World Archive

/hpss/prod/[projid]/world-shared

For more information about using the data storage archiving systems, please refer to the pages on Data Storage and Transfers.

User Home

Home directories for each user are NFS-mounted on all OLCF systems and are intended to store long-term, frequently-accessed user data. User Home areas are backed up on a daily basis. This file system does not generally provide the input/output (I/O) performance required by most compute jobs, and is not available to compute jobs on most systems. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

User Archive

The High Performance Storage System (HPSS) is the tape-archive storage system at the OLCF and is the storage technology that supports the User Archive areas. HPSS is intended for data that do not require day-to-day access.

Note

Use of this directory for data storage is deprecated in favor of storing data in the User, Project, and World Archive directories. For new users, this directory is a “link farm” with symlinks to that user’s /hpss/prod directories. Data for existing users remains in this directory but should be moved into a User/Project/World Archive directory, at which time this directory will automatically convert to a link farm.

Project Home

Project Home directories are NFS-mounted on selected OLCF systems and are intended to store long-term, frequently-accessed data that is needed by all collaborating members of a project. Project Home areas are backed up on a daily basis. This file system does not generally provide the input/output (I/O) performance required by most compute jobs, and is not available to compute jobs on most systems. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

Member Work

Project members get an individual Member Work directory for each associated project; these reside in the center-wide, high-capacity scratch filesystems on large, fast disk areas intended for global (parallel) access to temporary/scratch storage. Member Work areas are not shared with other users of the system and are intended for project data that the user does not want to make available to other users. Member Work directories are provided commonly across all systems. Because of the scratch nature of the file system, it is not backed up and files are automatically purged on a regular basis. Files should not be retained in this file system for long, but rather should be migrated to Project Home or Project Archive space as soon as the files are not actively being used. If a file system associated with your Member Work directory is nearing capacity, the OLCF may contact you to request that you reduce the size of your Member Work directory. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

Project Work

Each project is granted a Project Work directory; these reside in the center-wide, high-capacity scratch filesystems on large, fast disk areas intended for global (parallel) access to temporary/scratch storage. Project Work directories can be accessed by all members of a project and are intended for sharing data within a project. Project Work directories are provided commonly across most systems. Because of the scratch nature of the file system, it is not backed up and files are automatically purged on a regular bases. Files should not be retained in this file system for long, but rather should be migrated to Project Home or Project Archive space as soon as the files are not actively being used. If a file system associated with Project Work storage is nearing capacity, the OLCF may contact the PI of the project to request that he or she reduce the size of the Project Work directory. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

World Work

Each project has a World Work directory that resides in the center-wide, high-capacity scratch filesystems on large, fast disk areas intended for global (parallel) access to temporary/scratch storage. World Work areas can be accessed by all users of the system and are intended for sharing of data between projects. World Work directories are provided commonly across most systems. Because of the scratch nature of the file system, it is not backed up and files are automatically purged on a regular bases. Files should not be retained in this file system for long, but rather should be migrated to Project Home or Project Archive space as soon as the files are not actively being used. If a file system associated with World Work storage is nearing capacity, the OLCF may contact the PI of the project to request that he or she reduce the size of the World Work directory. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

Member Archive

Project members get an individual Member Archive directory for each associated project; these reside on the High Performance Storage System (HPSS), OLCF’s tape-archive storage system. Member Archive areas are not shared with other users of the system and are intended for project data that the user does not want to make available to other users. HPSS is intended for data that do not require day-to-day access. Users should not store data unrelated to OLCF projects on HPSS. Users should periodically review files and remove unneeded ones. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

Project Archive

Each project is granted a Project Archive directory; these reside on the High Performance Storage System (HPSS), OLCF’s tape-archive storage system. Project Archive directories are shared among all members of a project and are intended for sharing data within a project. HPSS is intended for data that do not require day-to-day access. Users should not store data unrelated to OLCF projects on HPSS. Project members should also periodically review files and remove unneeded ones. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

World Archive

Each project is granted a World Archive directory; these reside on the High Performance Storage System (HPSS), OLCF’s tape-archive storage system. World Archive areas are shared among all users of the system and are intended for sharing data between projects. HPSS is intended for data that do not require day-to-day access. Users should not store data unrelated to OLCF projects on HPSS. Users should periodically review files and remove unneeded ones. See the section Data Retention, Purge, & Quotas for more details on applicable quotas, backups, purge, and retention timeframes.

Data Retention, Purge, & Quotas

Summary

The following table details quota, backup, purge, and retention information for each user-centric and project-centric storage area available at the OLCF.

User-Centric Storage Areas

Area

Path

Type

Permissions

Quota

Backups

Purged

Retention

On Compute Nodes

User Home

/ccs/home/[userid]

NFS

User set

50 GB

Yes

No

90 days

Read-only

User Archive [1]

/home/[userid]

HPSS

User set

2TB

No

No

90 days

No

User Archive [2]

/home/[userid]

HPSS

700

N/A

N/A

N/A

N/A

No

Project-Centric Storage Areas

Area

Path

Type

Permissions

Quota

Backups

Purged

Retention

On Compute Nodes

Project Home

/ccs/proj/[projid]

NFS

770

50 GB

Yes

No

90 days

Read-only

Member Work

/gpfs/alpine2/[projid]/scratch/[userid]

Spectrum Scale

700 [3]

50 TB

No

90 days

N/A [4]

Yes

/lustre/orion/[projid]/scratch/[userid]

Lustre HPE ClusterStor

700 [3]

50 TB

No

90 days

N/A [4]

Yes

Project Work

/gpfs/alpine2/[projid]/proj-shared

Spectrum Scale

770

50 TB

No

90 days

N/A [4]

Yes

/lustre/orion/[projid]/proj-shared

Lustre HPE ClusterStor

770

50 TB

No

90 days

N/A [4]

Yes

World Work

/gpfs/alpine2/[projid]/world-shared

Spectrum Scale

775

50 TB

No

90 days

N/A [4]

Yes

/lustre/orion/[projid]/world-shared

Lustre HPE ClusterStor

775

50 TB

No

90 days

N/A [4]

Yes

Member Archive

/hpss/prod/[projid]/users/$USER

HPSS

700

100 TB

No

No

90 days

No

Project Archive

/hpss/prod/[projid]/proj-shared

HPSS

770

100 TB

No

No

90 days

No

World Archive

/hpss/prod/[projid]/world-shared

HPSS

775

100 TB

No

No

90 days

No

Area - The general name of storage area.
Path - The path (symlink) to the storage area’s directory.
Type - The underlying software technology supporting the storage area.
Permissions - UNIX Permissions enforced on the storage area’s top-level directory.
Quota - The limits placed on total number of bytes and/or files in the storage area.
Backups - States if the data is automatically duplicated for disaster recovery purposes.
Purged - Period of time, post-file-access, after which a file will be marked as eligible for permanent deletion.
Retention - Period of time, post-account-deactivation or post-project-end, after which data will be marked as eligible for permanent deletion.

Important! Files within “Work” directories (i.e., Member Work, Project Work, World Work) are not backed up and are purged on a regular basis according to the timeframes listed above.

Footnotes

On Summit, Rhea and the DTNs, additional paths to the various project-centric work areas are available via the following symbolic links and/or environment variables:

  • Member Work Alpine2 Directory: /gpfs/alpine2/scratch/[userid]/[projid] or $MEMBERWORK/[projid]

  • Project Work Alpine2 Directory: /gpfs/alpine2/proj-shared/[projid] or $PROJWORK/[projid]

  • World Work Alpine2 Directory: /gpfs/alpine2/world-shared/[projid] or $WORLDWORK/[projid]

  • Member Work Orion Directory: /lustre/orion/scratch/[userid]/[projid] or $MEMBERWORK/[projid]

  • Project Work Orion Directory: /lustre/orion/proj-shared/[projid] or $PROJWORK/[projid]

  • World Work Orion Directory: /lustre/orion/world-shared/[projid] or $WORLDWORK/[projid]

Data Retention Overview

By default, there is no lifetime retention for any data on OLCF resources. The OLCF specifies a limited post-deactivation timeframe during which user and project data will be retained. When the retention timeframe expires, the OLCF retains the right to delete data. If you have data retention needs outside of the default policy, please notify the OLCF.

User Data Retention

The user data retention policy exists to reclaim storage space after a user account is deactivated, e.g., after the user’s involvement on all OLCF projects concludes. By default, the OLCF will retain data in user-centric storage areas only for a designated amount of time after the user’s account is deactivated. During this time, a user can request a temporary user account extension for data access. See the section Data Retention, Purge, & Quotas for details on retention timeframes for each user-centric storage area.

Project Data Retention

The project data retention policy exists to reclaim storage space after a project ends. By default, the OLCF will retain data in project-centric storage areas only for a designated amount of time after the project end date. During this time, a project member can request a temporary user account extension for data access. See the section Data Retention, Purge, & Quotas for details on purge and retention timeframes for each project-centric storage area.

Sensitive Project Data Retention

For sensitive projects only, all data related to the project must be purged from all OLCF computing resources within 30 days of the project’s end or termination date.

Transfer of Member Work and Member Archive Data

Although the Member Work and Member Archive directories are for storage of data a user does not want to make available to other users on the system, files in these directories are still considered project data and can be reassigned to another user at the PI’s request.

Data Purges

Data purge mechanisms are enabled on some OLCF file system directories in order to maintain sufficient disk space availability for job execution. Files in these scratch areas are automatically purged on a regular purge timeframe. If a file system with an active purge policy is nearing capacity, the OLCF may contact you to request that you reduce the size of a directory within that file system, even if the purge timeframe has not been exceeded. See the section Data Retention, Purge, & Quotas for details on purge timeframes for each storage area, if applicable.

Storage Space Quotas

Each user-centric and project-centric storage area has an associated quota, which could be a hard (systematically-enforceable) quota or a soft (policy-enforceable) quota. Storage usage will be monitored continually. When a user or project exceeds a soft quota for a storage area, the user or project PI will be contacted and will be asked if at all possible to purge data from the offending area. See the section Data Retention, Purge, & Quotas for details on quotas for each storage area.

Data Prohibitions & Safeguards

Prohibited Data

The OLCF computer systems are operated as research systems and only contain data related to scientific research and do not contain personally identifiable information (data that falls under the Privacy Act of 1974 5U.S.C. 552a). Use of OLCF resources to store, manipulate, or remotely access any national security information is strictly prohibited. This includes, but is not limited to: classified information, unclassified controlled nuclear information (UCNI), naval nuclear propulsion information (NNPI), the design or development of nuclear, biological, or chemical weapons or any weapons of mass destruction. Authors/generators/owners of information are responsible for its correct categorization as sensitive or non-sensitive. Owners of sensitive information are responsible for its secure handling, transmission, processing, storage, and disposal on OLCF systems. Principal investigators, users, or project delegates that use OLCF resources, or are responsible for overseeing projects that use OLCF resources, are strictly responsible for knowing whether their project generates any of these prohibited data types or information that falls under Export Control. For questions, contact help@olcf.ornl.gov.

Unauthorized Data Modification

Users are prohibited from taking unauthorized actions to intentionally modify or delete information or programs.

Data Confidentiality, Integrity, & Availability

The OLCF systems provide protections to maintain the confidentiality, integrity, and availability of user data. Measures include: the availability of file permissions, archival systems with access control lists, and parity/CRC checks on data paths/files. It is the user’s responsibility to set access controls appropriately for data. In the event of system failure or malicious actions, the OLCF makes no guarantee against loss of data nor makes a guarantee that a user’s data could not be potentially accessed, changed, or deleted by another individual. It is the user’s responsibility to insure the appropriate level of backup and integrity checks on critical data and programs.

Administrator Access to Data

OLCF resources are federal computer systems, and as such, users should have no explicit or implicit expectation of privacy. OLCF employees and authorized vendor personnel with “root” privileges have access to all data on OLCF systems. Such employees can also login to OLCF systems as other users. As a general rule, OLCF employees will not discuss your data with any unauthorized entities nor grant access to data files to any person other than the UNIX “owner” of the data file, except in the following situations:

  • When the owner of the data requests a change of ownership for any reason, e.g., the owner is leaving the project and grants the PI ownership of the data.

  • In situations of suspected abuse/misuse computational resources, criminal activity, or cyber-security violations.

Note that the above applies even to project PIs. In general, the OLCF will not overwrite existing UNIX permissions on data files owned by project members for the purpose of granting access to the project PI. Project PIs should work closely with project members throughout the duration of the project to ensure UNIX permissions are set appropriately.

Software

Software Licensing

All software used on OLCF computers must be appropriately acquired and used according to the appropriate software license agreement. Possession, use, or transmission of illegally obtained software is prohibited. Likewise, users shall not copy, store, or transfer copyrighted software, except as permitted by the owner of the copyright. Only export-controlled codes approved by the Export Control Office may be run by parties with sensitive data agreements.

Malicious Software

Users must not intentionally introduce or use malicious software, including but not limited to, computer viruses, Trojan horses, or computer worms.

Reconstruction of Information or Software

Users are not permitted to reconstruct information or software for which they are not authorized. This includes but is not limited to any reverse engineering of copyrighted software or firmware present on OLCF computing resources.


Security Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to or use of OLCF computational resources:

  • Principal Investigators (Non-Profit)

  • Principal Investigators (Industry)

  • All Users

Title:Security Policy Version: 12.10

The Oak Ridge Leadership Computing Facility (OLCF) computing resources are provided to users for research purposes. All users must agree to abide by all security measures described in this document. Failure to comply with security procedures will result in termination of access to OLCF computing resources and possible legal actions.

Scope

The requirements outlined in this document apply to all individuals who have an OLCF account. It is your responsibility to ensure that all individuals have the proper need-to-know before allowing them access to the information on OLCF computing resources. This document will outline the main security concerns.

Personal Use

OLCF computing resources are for business use only. Installation or use of software for personal use is not allowed. Incidents of abuse will result in account termination. Inappropriate uses include, but are not limited to:

  • Sexually oriented information

  • Downloading, copying, or distributing copyrighted materials without prior permission from the owner

  • Downloading or storing large files or utilizing streaming media for personal use (e.g., music files, graphic files, internet radio, video streams, etc.)

  • Advertising, soliciting, or selling

Accessing OLCF Computational Resources

Access to systems is provided via Secure Shell version 2 (sshv2). You will need to ensure that your ssh client supports keyboard-interactive authentication. The method of setting up this authentication varies from client to client, so you may need to contact your local administrator for assistance. Most new implementations support this authentication type, and many ssh clients are available on the web. Login sessions will be automatically terminated after a period of inactivity. When you apply for an account, you will be mailed an RSA SecurID token. You will also be sent a request to complete identity verification. When your account is approved, your RSA SecurID token will also be enabled. Please refer to our Systems for more information on host access. DO NOT share your PIN or RSA SecurID token with anyone. Sharing of accounts will result in termination. If your SecurID token is stolen or misplaced, contact the OLCF immediately and report the missing token. Upon termination of your account access, return the token to the OLCF in person or via mail.

Data Management

The OLCF uses a standard file system structure to assist users with data organization on OLCF systems. Complete details about all file systems available to OLCF users can be found in the Data Management Policy section.

Sensitive Data

Additional file systems and file protections may be employed for sensitive data. If you are a user on a project producing sensitive data, further instructions will be given by the OLCF. The following guidelines apply to sensitive data:

  • Only store sensitive data in designated locations. Do not store sensitive data in your User Home directory.

  • Never allow access to your sensitive data to anyone outside of your group.

  • Transfer of sensitive data must be through the use encrypted methods (scp, sftp, etc).

  • All sensitive data must be removed from all OLCF resources when your project has concluded.

Data Transfer

The OLCF offers a number of dedicated data transfer nodes to users. The nodes have been tuned specifically for wide area data transfers, and also perform well on the local area. There are also several utilities that the OLCF recommends for data transfer. Please refer to our Systems for information about the DTNs and available utilities.


INCITE Allocation Under-utilization Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • INCITE Principal Investigators

Title: INCITE Allocation Under-utilization Policy Version: 12.10

The OLCF has a pull-back policy for under-utilization of INCITE allocations. Under-utilized INCITE project allocations will have core-hours removed from their outstanding core-hour project balance at specific times during the INCITE calendar year. The following table summarizes the current under-utilization policy:

Date

Utilization to-Date

Forfeited Amount

May 1

< 10%

Up to 30% of remaining allocation

< 15%

Up to 15% of remaining allocation

September 1

< 10%

Up to 75% of remaining allocation

< 33%

Up to 50% of remaining allocation

< 50%

Up to 33% of remaining allocation

For example, a 1,000,000 core-hour INCITE project that has utilized only 50,000 core-hours (5% of the allocation) on May 1st would forfeit (0.30 * 950,000) = 285,000 core-hours from their remaining allocation.


Project Reporting Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • Principal Investigators (Non-Profit)

  • Principal Investigators (Industry)

Title: Project Reporting Policy Version: 12.10

Principal Investigators of current OLCF projects must submit a quarterly progress report. The quarterly reports are essential as the OLCF must diligently track the use of the center’s resources. In keeping with this, the OLCF (and DOE Leadership Computing Facilities in general) imposes the following penalties for late submission:

Timeframe

Penalty

1 Month Late

Job submissions against offending project will be suspended.

3 Months Late

Login privileges will be suspended for all OLCF resources for all users associated with offending project.


Non-proprietary Institutional User Agreement Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • Principal Investigators (Non-Profit)

  • All Users

Title: Non-proprietary Institutional User Agreement Policy Version: 12.10

Users of DOE-designated User Facilities must understand and agree to the following Institutional User Agreement clause: I understand that my institution has entered into a User Agreement with UT-Battelle, the management and operating contractor for the U.S. Department of Energy’s (DOE) Oak Ridge National Laboratory (ORNL), that governs my research ORNL’s DOE-designated User Facilities. I have read and understand my obligations under that Agreement, including the provisions summarized below. You may check with your institution or contact accounts@ccs.ornl.gov if you require a copy of your User Agreement.

Access

I understand that my access is limited to certain designated areas and/or systems, and my access may be revoked if I pose a security, safety, or operational risk.

Rules and Regulations

I will follow the applicable ORNL rules, regulations and requirements, including those requirements of the ORNL User Facility. I will follow the requirements set forth in training if assigned to me by the ORNL User Facility.

Safety and Health

I will take all reasonable precautions to protect the safety and health of others and comply with all applicable safety and health requirements.

Intent to Publish

I will use best efforts to publish the results from my use of the ORNL User Facility in an open scientific journal or significant industry technical journal or conference proceedings. I will acknowledge use of the ORNL User Facility in the publication and notify the ORNL User Facility of any publications that result from my use of the facility.

Export Control

I will comply with all U.S. Export Control laws and regulations and be responsible for the appropriate handling and transfer of any export controlled information, which may require advance U.S. Government authorization.

Intellectual Property

I will disclose any invention conceived as a part of the work at a ORNL User Facility and will protect the invention until a patent application can be filed. I understand that my institution may elect title to the invention and the U.S. Government retains rights to the invention.

HIPAA/ITAR Project Rules of Behavior Policy

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • Principal Investigators of HIPAA/ITAR Projects

  • Users on HIPAA/ITAR Projects

Title: HIPAA/ITAR Project Rules of Behavior Policy Version: 21.01

Portions of data and/or software used in your project require extra protections due to requirements for protecting HIPAA/ITAR or other sensitive or controlled information. There are countries from which citizens are restricted from accessing sensitive/controlled information and therefore cannot be a part of your project. When you request users to be added to your project, our user assistance center will check the nationality of those users for conflict.

In addition, to protect sensitive data and code identified by these export control restrictions, data and code must be handled in accordance with the following rules:

  1. HIPAA/ITAR regulated data is only allowed within the following directory:

Area

Path

Type

Project scratch

/gpfs/arx/[projid]

GPFS

This is your project’s scratch space on the “arx” filesystem. Only members of your project will have access.

2. Filenames, application names, job names, environment variables, batch job scripts, or any other unencrypted text must never contain sensitive or controlled information. Transfer of sensitive or controlled information must only take place through designated Data Transfer Nodes (DTNs) over an encrypted transport protocol.

3. Prior to your project being initialized, we must have source IP addresses for devices in your organization that are authorized to transfer sensitive/controlled information to/from your organization, or for use in accessing that information. Encryption is necessary for transferring sensitive and/or controlled information to and from the OLCF.

4. For codes being used, please make sure that the proper number of licenses have been obtained from the vendors of the respective software. It is also the responsibility of the PI to ensure that all project members have the appropriate authorization to access any sensitive data and/or codes used as required by relevant data use agreements.

5. The Principal Investigator (PI) has the responsibility to make sure that other project members follow the sensitive controls outlined in this policy and protect sensitive/controlled information. It is also the responsibility of the PI to alert us of any personnel changes on the project.

If you have security-related questions, contact us via email at: security-admins@ccs.ornl.gov. Other questions can be sent to help@olcf.ornl.gov.

User-Managed Software (UMS) Policy

More information about the UMS program can be found in the Software section.

Note

This details an official policy of the OLCF, and must be agreed to by the following persons as a condition of access to and use of OLCF computational resources:

  • Principal Investigators of UMS Projects

  • Points of Contact for UMS Projects

Title: UMS Project Policies Version: 21.08

Purpose

This document is intended to describe the agreement between the OLCF and the providers of user-managed software installations. User-managed software is built, maintained, and supported by OLCF users rather than as official offerings of the OLCF, but is exposed to all users through the module system.

Policies

Order is for convenience and no implication of priority is implied.

  • Products installed should be limited to those explicitly listed in the project application and approved by the OLCF.

    • The project application is reviewed by the Export Control Office. If you would like to install additional packages not listed in your original application, the Project PI must contact the OLCF at help@olcf.ornl.gov before making changes.

  • Products must provide appropriate modules for their software.

  • Products must provide a statement of support, to be displayed via the module system and in other appropriate contexts/locations.

    • The statement should clearly indicate that the product is not supported or maintained by the OLCF, but is supported by the UMS project applicant and/or the UMS project team.

    • The statement should clearly indicate the organization that is providing support and maintenance, and clearly indicate the preferred method(s) of reporting issues or requesting support.

  • Product modules will be grouped under project-level modules.

    • Users will be advised to do a module load <UMS project>, which will expose modules for the individual products associated with that project, accessed by a second module load <product>.

  • Project PI must ensure that support is provided for users of the product, as documented in the statement of support.

  • Project PI must ensure that the product is updated in response to changes in the system software environment (e.g. updates to OS, compiler, library, or other key tools) and in a timely fashion. If this commitment is not met, the OLCF may remove the software from UMS.

  • Project PI must ensure that installations are tested to ensure basic functionality before being released to users. These are expected to be at minimum basic function/unit tests to ensure that the build/install was successful.

    • The resources provided by the OLCF for UMS shall not be used for software development or for routine testing purposes beyond the installation testing as described above.

  • Products may be removed from UMS at the request of the Project PI by notifying the OLCF (help@olcf.ornl.gov) of their intent and cleaning up their directory space.

  • If a product is judged to be problematic for the OLCF, it may be removed by the OLCF staff, who will also notify the Project PI.