Frequently Asked Questions (FAQ)#

What is Pixiu?#

Pixiu is the object storage platform of VUB dedicated to host research data. It is high capacity with more than 2 petabytes of storage and flexible by being based on a software-defined storage platform.

Pixiu is owned and hosted by VUB, ensuring the security and privacy of the data stored in it. All parts of the system are located in our own data centres on VUB premises and administered by VUB IT staff. It has been approved by the Chief Information Security Officer (CISO) of VUB for the storage of personal data, confidential data, and highly sensitive data (additional user-level encryption might be needed in certain cases).

Who can use Pixiu?#

Pixiu is first and foremost available to VUB researchers and research support staff.

People external to VUB (other universities or research centres, funding bodies, …) may be added as Pixiu users on the initiative of a VUB research staff member. For this, you need to contact VUB-IT Support.

What are the usage purposes of Pixiu?#

Pixiu is both meant for usage on a project basis or structurally. It can be used to store data linked to either a project or a research group.

Warning

Pixiu is not meant as a storage system for preserving research data long-term (beyond the completion of the project). For more information about storing data after the active research phase, see Data Preservation (sharepoint.com).

How safe is my data on Pixiu?#

Pixiu has been designed to keep your data very safe by means of:

  • Regular snapshotting of the bucket contents, creating read-only instances of the data sets that can also be consulted or restored by their end users; snapshots are retained for a while whereby the oldest ones are automatically removed. More information in File recovery.

  • Data synchronization across two VUB data centres, which protects against a major catastrophe on one of the sites.

How secure is Pixiu?#

Pixiu has been designed to keep your data secure as:

  • All data are stored exclusively in VUB data centres.

  • Data written on the internal storage media of Pixiu are automatically disk-level encrypted, which counters media theft.

  • Object uploads and downloads are carried out via the secured HTTPS protocol with sophisticated content signing, protecting from in-transit network eavesdropping.

  • End-user access to Pixiu is logged, with date, hour and user identity coupled to the actions executed.

What happens if I lose my access credentials?#

New users receive a combination of Access Key (AK) and Secret Key (SK) to be able to access Pixiu. You may never share your access credentials. You will never need to, anyway.

User credentials can be inactivated or changed by VUB IT staff after creation (e.g. when they have been compromised in some way) without the data created by that user being altered. IT staff can also create new credentials for a user (but cannot pass you your previous credentials once again).

Can I access Pixiu from other applications provided by VUB?#

No, this is not possible. The Pixiu world is totally disjoint from any other application or software in VUB, such as Microsoft OneDrive or Outlook.

A specific software component known as an S3 browser or S3 client must be downloaded, installed and configured by yourself (e.g. VUB Pixiu Drive or Cyberduck)

The credentials that will be provided to you in the Pixiu provisioning process consist of a machine-generated Access Key (AK) and a Secret Key (SK).

Can I directly access Pixiu from anywhere on the globe?#

Your S3 client must run on a computer system connected inside the VUB network (with IP address starting with 134.184 or another IP network prefix routed within the VUB network, the public UZ Brussel IP address range 144.248 is also allowed) OR connect via the VUB Virtual Private Network (VPN).

To use the VPN of VUB, users of Pixiu from VUB and non-VUB are required to request VPN access through the VUB ServiceNow portal. Non-VUB users must apply for an external/partner VPN account. If you have both a VUB and an external identity, we recommend using the VUB identity.

How do I know if I have proper network access to Pixiu?#

To verify whether you can access Pixiu, use your regular Web browser to surf to https://pixiu.vub.be.

You should see an XML-formatted error response containing the error code “AccessDenied” and error message “Anonymous access is forbidden for this operation”.

../../../_images/image20.png

If your Web browser is not showing this message but encountering a timeout or other network problem, you are not able to connect to Pixiu yet and your network situation needs to be fixed.

Capture whatever you see and communicate this to VUB-IT Support so we can help you more readily.

Why do I see a Windows pop-up about copying files without their attributes when transferring data to Pixiu?#

When transferring files to Pixiu using Windows File Explorer, you may encounter a pop-up stating that some file attributes cannot be copied (see screenshot below).

Windows File Explorer pop-up about copying without attributes

This message comes from Windows itself. It appears when the source storage system (such as a Windows file server or NAS) has stored extra information with the files, but not in the files. For example, the “file creator application.”

Pixiu is an object storage system accessible via the S3 protocol. It supports attaching metadata to files, but there is no full one-to-one mapping between Windows attributes and Pixiu metadata.

You have three options:

  1. Click “Yes”: the copy continues without these attributes. File contents remain intact.

  2. Contact the source system administrator: they may be able to remove or clean up unneeded attributes before transfer.

  3. Use another tool instead of Windows File Explorer: the issue should not trigger if you use Cyberduck directly.

Are there limits to names in Pixiu?#

In principle any Unicode character can be used for files and directories in Pixiu but experience learns that not every client can handle this. The following set of characters are considered safe:

  • Letters in the English alphabet (a to z)

  • Western Arabic numerals (0 to 9)

  • The following symbols: !, -, _, ., *, ', ( and )

Warning

We are aware of issues with the + and @ symbols on Pixiu and we recommend to avoid those.

The length of the full path (for example /a/b/c/d/file.txt) on Pixiu is limited to 1024 bytes. This is not equivalent to 1024 characters as some characters require multiple bytes to store. In general we recommand to avoid such long paths.

What is a bucket and how do I get one?#

Storage spaces in Pixiu are called buckets, they are your private spaces on the platform.

The standard procedure is that you get access to the main bucket of your research group (RG). If that bucket does not exist yet, it will be created the moment the first member of that research group asks for access.

Buckets can be created by anyone in the RG. Therefore, it is best to inform the Chair of your RG about any new bucket being created on Pixiu for your group. Other members of the RG will be assigned to this same bucket by default as they gain access to Pixiu.

Important

The name of the bucket should start with the name of the RG, followed by a dash - and a descriptive name (e.g. abcd-all).

You can control in detail the permissions to your files/folder in the bucket. You can give read-only or read-write rights to some users and also restrict the access to somebody else. Hence, you do not need to have a separate bucket if you want to control access to certain files or folders.

The Chair of the RG (or whoever is responsible for your group’s bucket) can control the access of each member to the folders inside it. The Chair should have access to your restricted files and will be able to also set the aforementioned permissions on them. Please discuss the permissions in your bucket with the Chair of your Research Group beforehand.

Limitations of buckets in Pixiu:

  • Note that bucket names cannot be changed after creation.

  • The maximum volume of a bucket can be increased or reduced after its creation.

  • A bucket name must be unique within the whole of Pixiu.

  • A bucket name should be short, consisting of lower-case letters, numbers, and the dash - character.

Do I still need to encrypt my data at the user-level?#

This may be necessary depending on the data. If you are working with hypersensitive data (e.g. military/dual use potential, criminal records, crime against minors, etc.), you need to encrypt your data on top of storing them on Pixiu. You can find more information on the following guide from Open Science.

On this page