1. FAQ: Pixiu#

1.1. What is Pixiu?#

Pixiu is the object storage platform of VUB dedicated to host research data. It is high capacity with more than 2 petabytes of storage and flexible by being based on a software-defined storage platform.

Pixiu is owned and hosted by VUB, ensuring the security and privacy of the data stored in it. All parts of the system are located in our own data centres on VUB premises and administered by VUB IT staff. It has been approved by the Chief Information Security Officer (CISO) of VUB for the storage of personal data, confidential data, and highly sensitive data (additional user-level encryption might be needed in certain cases).

1.2. Who can use Pixiu?#

Pixiu is first and foremost available to VUB researchers and research support staff.

People external to VUB (other universities or research centres, funding bodies, …) may be added as Pixiu users on the initiative of a VUB research staff member. For this, you need to contact VUB-IT Support.

1.3. What are the usage purposes of Pixiu?#

Pixiu is both meant for usage on a project basis or structurally. It can be used to store data linked to either a project or a research group.

Warning

Pixiu is not meant as a storage system for preserving research data long-term (beyond the completion of the project). For more information about storing data after the active research phase, see Data Preservation (sharepoint.com).

1.4. How safe is my data on Pixiu?#

Pixiu has been designed to keep your data very safe by means of:

  • Regular snapshotting of the bucket contents, creating read-only instances of the data sets that can also be consulted or restored by their end users; snapshots are retained for a while whereby the oldest ones are automatically removed. More information in File recovery.

  • Data synchronization across two VUB data centres, which protects against a major catastrophe on one of the sites.

1.5. How secure is Pixiu?#

Pixiu has been designed to keep your data secure as:

  • All data are stored exclusively in VUB data centres.

  • Data written on the internal storage media of Pixiu are automatically disk-level encrypted, which counters media theft.

  • Object uploads and downloads are carried out via the secured HTTPS protocol with sophisticated content signing, protecting from in-transit network eavesdropping.

  • End-user access to Pixiu is logged, with date, hour and user identity coupled to the actions executed.

1.6. What happens if I lose my access credentials?#

New users receive a combination of Access Key (AK) and Secret Key (SK) to be able to access Pixiu. You may never share your access credentials. You will never need to, anyway.

User credentials can be inactivated or changed by VUB IT staff after creation (e.g. when they have been compromised in some way) without the data created by that user being altered. IT staff can also create new credentials for a user (but cannot pass you your previous credentials once again).

1.7. Can I access Pixiu from other applications provided by VUB?#

No, this is not possible. The Pixiu world is totally disjoint from any other application or software in VUB, such Microsoft OneDrive or Outlook.

A specific software component known as an S3 browser or S3 client must be downloaded, installed and configured by yourself (e.g. VUB Pixiu Drive or Cyberduck)

The credentials that will be provided to you in the Pixiu provisioning process consist of a machine-generated Access Key (AK) and a Secret Key (SK).

1.8. Can I directly access Pixiu from anywhere on the globe?#

Your S3 client must run on a computer system connected inside the VUB network (with IP address starting with 134.184 or another IP network prefix routed within the VUB network, the public UZ Brussel IP address range 144.248 is also allowed) OR connect via the VUB Virtual Private Network (VPN).

To use the VPN of VUB, users of Pixiu from VUB and non-VUB are required to request VPN access through the VUB ServiceNow portal. Non-VUB users must apply for an external/partner VPN account. If you have both a VUB and an external identity, we recommend using the VUB identity.

1.9. How do I know if I have proper network access to Pixiu?#

To verify whether you can access Pixiu, use your regular Web browser to surf to https://pixiu.vub.be.

You should see an XML-formatted error response containing the error code “AccessDenied” and error message “Anonymous access is forbidden for this operation”.

../../../_images/image20.png

If your Web browser is not showing this message but encountering a timeout or other network problem, you are not able to connect to Pixiu yet and your network situation needs to be fixed.

Capture whatever you see and communicate this to VUB-IT Support so we can help you more readily.

1.10. What is a bucket and how do I get one?#

Storage spaces in Pixiu are called buckets, they are your private spaces on the platform.

The standard procedure is that you get access to the main bucket of your research group (RG). If that bucket does not exist yet, it will be created the moment the first member of that research group asks for access.

Buckets can be created by anyone in the RG. Therefore, it is best to inform the Chair of your RG about any new bucket being created on Pixiu for your group. Other members of the RG will be assigned to this same bucket by default as they gain access to Pixiu.

Important

The name of the bucket should start with the name of the RG, followed by a dash - and a descriptive name (e.g. abcd-all).

You can control in detail the permissions to your files/folder in the bucket. You can give read-only or read-write rights to some users and also restrict the access to somebody else. Hence, you do not need to have a separate bucket if you want to control access to certain files or folders.

The Chair of the RG (or whoever is responsible for your group’s bucket) can control the access of each member to the folders inside it. The Chair should have access to your restricted files and will be able to also set the aforementioned permissions on them. Please discuss the permissions in your bucket with the Chair of your Research Group beforehand.

Limitations of buckets in Pixiu:

  • Note that bucket names cannot be changed after creation.

  • The maximum volume of a bucket can be increased or reduced after its creation.

  • A bucket name must be unique within the whole of Pixiu.

  • A bucket name should be short, consisting of lower-case letters, numbers, and the dash - character.

1.11. Do I still need to encrypt my data at the user-level?#

This may be necessary depending on the data. If you are working with hypersensitive data (e.g. military/dual use potential, criminal records, crime against minors, etc.), you need to encrypt your data on top of storing them on Pixiu. You can find more information on the following guide from Open Science.