INFO: Azure Enclave FAQs and Tips

Purpose

This document serves as the first point of reference for prospective and current users of the Azure Enclave Platform. As a living publication, it is updated as new or additional information become available.

If you would like to learn more about the Enclave Platform, please contact the Azure Enclave Team at MGBAzureEnclave@partners.org.

Many thanks to the on-prem Enclave team for creating the structure of these KB articles.


Table of Contents


About the Azure Enclave

What is the Azure Enclave Platform?

The Azure Enclave platform provides researchers a dedicated environment and tools configured to meet their needs. Leveraging cloud technologies, environments can be right-sized and tuned for optimal value and performance. Each Enclave can have a custom dataset and technology tools to help researchers work effectively with project team members.

What are the benefits of using the Enclave Platform?

Portable: The Azure Enclave Project Workspace VM is accessible anytime, anywhere, on Windows and MAC OS.

Secure: The controlled and protected environment offers authorized users a dedicated, centralized, safe, and secure space for collaboration on highly confidential or sensitive data. In this way, the strict compliance oversight is maintained while minimizing the likelihood of unauthorized access to data.

Computational reproducibility: The computational environment can be replicated and research results can be shared or reproduced seamlessly.

Scalable: Each project has adjustable storage space to accommodate different use cases.

Dedicated resources: The Azure Enclave Project Workspace VM and resources therein are dedicated to each.

Customizable: Offers on-demand software delivery based on your analytics needs.

Sensitive data repository: Currently, the Azure Enclave pulls data from PDSR (Patient Data Science Repository), a repository mirroring RPDR (Research Patient Data Repository) data but converted to i2b2 format. i2b2 is the industry-standard format for storing patient medical information. Additional i2b2 information is found on the i2b2 website and i2b2 community website (database model)

How secure is the Enclave Platform?

You can only access the Enclave Platform from within the MGB domain. Access to the Azure Enclave Platform is controlled by Active Directory groups.

You can work with sensitive data and run applications within the Azure Enclave Platform without worrying about potential integrity, confidentiality, or security breaches.

A description of the information security standards is available here.

Is there a cost associated with the use the Enclave Platform?

At present, a fee is applied for use of the Azure Enclave Platform by MGB research community and external collaborators. A chargeback process will be implemented in due course.


Using the Azure Enclave Platform

How do I access the Azure Enclave Platform to do my research/data analysis?

There is an onboarding process to setup your Project Workspace in the Azure Enclave. Below are the steps involved:
1. Contact MGBAzureEnclave@partners.org to inquire about accessing the Azure Enclave.
2. Work with RISC Cloud Data Solutions team to determine your research project workspace requirements:

a. Identify your patient cohort
b. Identify your project workspace needs – space, compute, tools
c. Determine upfront costs and Project Workspace budget

3. Implement your Project Workspace in Azure Enclave
4. Apply for access to your Project Workspace using the ServiceNow Access Request Form.

How would I typically use the Azure Enclave Platform? 

1. You can use the Azure Enclave Platform for analysis of your research project data.

2. You can collaborate on a research project within the Azure Enclave environment. For each project, authorized team members can use the virtual shared workspace (F: Drive) to analyze data and create reports within the Enclave Platform.

Can I import outside files or data into the Azure Enclave Platform?

Yes. All users can upload files or data from their endpoint devices into their project-assigned workspaces in their Azure Enclave Project Workspace. Review the article on HOWTO: Azure Enclave Project Workspace Import & Export Files

Can I export files or data from Azure Enclave Platform?

Only the project’s PI and project lead can download the files or data from the Azure Enclave Project Workspace to their endpoint (local) devices. Review the article on HOWTO: Azure Enclave Project Workspace Import & Export Files

What data analytics tools are available for use in the Enclave Platform?

A Project Workspace in the Azure Enclave Platform is an Azure data science VM (Windows Server 2019 DSVM. There is a baseline offering of common data analytics software programs and applications such as SSMS, Python, VSCode, Azure Data Studio, RStudio, Jupyter, Weka, and Node.js.

You can customize your environment with additional tools during the onboarding process. Please send an email to MGBAzureEnclave@partners.org for assistance.

What operating system do I need to use to access my Azure Enclave Project Workspace? 

Your Project Workspace within Azure Enclave Platform is remotely accessed from your computer using Remote Desktop Communication (RDC) running on either Windows or MAC OS.


Storing Files or Data in the Enclave Platform

In the Azure Enclave Platform, each Project Workspace has a local computer drive, the C: Drive and a temporary drive, the D: Drive. Both are best utilized for temporary storage of files or data that you are working on and should not be used for long term storage.

Whenever other members of the project need access to shared files or data, the use of the F: (Project) drive is recommended. The intended use is for storing shared project-related files.

The F: Drive belongs to the team and not an individual member of the team i.e., the F: Drive is a collaboration space where project members can readily store, share, and analyze data. The size is 128 GB of space by default. This can be customized to suit your needs.

You also have access to a database scratchpad work area using SQL Server Management Studio. For more information, review the article HOWTO: Access SQL Server Management Studio (SSMS) in Azure Enclave Project Workspace

How do I access the C: drive, D: drive, or F: Drive?

The C: drive, D: drive and F: drive are automatically mapped and should be visible on your Azure Enclave Project Workspace and when saving or accessing files from within an application. Remember: You should be connected to the MGB VPN to access your workspace in the Azure Enclave Platform.

What kind of data is hosted in the Enclave Platform? 

As part of the onboarding of a research project into the Azure Enclave, project members provide a patient cohort to be studied. This could be a list of MRNs (with MRN Type), a list of EMPIs, or an RPDR query which identifies a specific cohort. All data for the patient cohort is subsequently pushed to an Azure SQL database attached to a dedicated research project data science workspace (VM) in the Azure Enclave.

All PDSR source data for the patient cohort is pushed to an Azure SQL database attached to your Azure Enclave Project Workspace. Review the article on INFO: Azure Enclave Data/Database FAQs and Tips


Collaborating within the Azure Enclave Platform 

How many people can access an Azure Enclave Project Workspace concurrently? How much workspace does a Project Workspace have?

Currently an Azure Enclave Project Workspace accommodates 2 users at the same time. In the near future, a Project Workspace will accommodate all MGB staff members accessing concurrently. More than 2 POIs accessing concurrently requires additional cost due to Azure licensing.

Each project’s shared workspace F: Drive has 128 GB of storage by default.


Consultation and Troubleshooting Services

At your first login, make sure to complete all steps outlined in HOWTO: Access the Azure Enclave using Remote Desktop Connection (RDC) on Windows OS or HOWTO: Access the Azure Enclave using Remote Desktop Connection (RDC) on MAC OS depending on your computers OS.

  • Ensure that you have established a MGB VPN connection. Review the ServiceNow article on HOWTO: Connect to VPN (KB0023967).

If you are still facing challenges with logging in to your Azure Enclave Project Workspace:

    • MGB users, please contact Azure Enclave Team at MGBAzureEnclave@partners.org
    • For members of Industry Sponsored Research projects, please email your RISC Industry team contact for assistance.

Please always include your unique Project Workspace IP Address on all communications.

I need technical assistance with the Azure Enclave Platform. What should I do?

The Azure Enclave Team can assist with access, configuration, and environment issues. We do not provide technical support with specific tools. Researchers utilizing tools are expected to have experience and expertise in using said tools.

Please always include your unique Project Workspace IP Address on all communications.

For MGB users assistance with troubleshooting or technical support with your Azure Enclave Project Workspace environment, please email the Azure Enclave Team at MGBAzureEnclave@partners.org.

For members of Industry Sponsored Research projects, please email your RISC Industry team contact.

I have a feature request or suggestion. How do I submit it?

The Azure Enclave Team welcomes your suggestions and feedback. Please send an email to MGBAzureEnclave@partners.org.

I have a question on the source data hosted in my Project Workspace on the Azure Enclave Platform. Who should I contact?

Please always include your unique Project Workspace IP Address on all communications.

For MGB employees assistance with questions related to source data, please email MGBAzureEnclave@partners.org.

For members of Industry Sponsored Research projects, please email your RISC Industry team contact.

Go to KB0038993 in the IS Service Desk

Related articles