Skip to content

Protected Network for Research (PNR) Overview

What is it?

The Protected Network for Research (PNR) is a computational and data storage environment housed within the Duke Protected Network. This environment is designed to provide Duke researchers with a secure enclave for the analysis and hosting of sensitive or regulated research data. Sensitive research data at Duke includes data that has proscriptive data security requirements due to regulatory requirements, privacy laws, proprietary agreements, or confidentiality requirements. The PN infrastructure and associated services are managed by the Duke Office of Information Technology (OIT) in accordance with standards and policies set by the Duke Information Technology Security Office (ITSO) for management of Sensitive data at Duke. We partner directly with OR&I and OARC to manage the administrative, risk, and audit/compliance requirements for accepted research projects. Data security is a shared responsibility between the research team, OIT, and ITSO.

Features for Researchers

Unified web portal through Research Toolkits for access and storage/computational resource management of all OIT Research Computing provided services.

  • Realtime visibility for project members and some of their key activities.
  • Self-service for results export (if allowed).
  • Self-service software installs from an approved software repository.
  • Simplified request process for technical help.
  • Streamlined project setup for approved sensitive research data projects

Responsibilities for Researchers

  • Complete basic user training for the environment (managed through Research Toolkits)
  • Use the system as designed. For example: maintain data in designated spaces, avoid screen shots, and avoid any activity that would share sensitive data with unintended recipients.
  • Never place sensitive data in file names or description, only within the contents of the files.
  • Maintain up to date protocols for all active projects.
  • Actively maintain project membership for users in accordance with approved protocols

Key Security Attributes

  • Data steward(s) (project PI) can define data managers (named project personnel) who are authorized to manage project resources.
  • User access to the computational and storage environment is provided through encrypted OIT-managed infrastructure that requires, use of centrally managed identities that meet Duke password and MFA standards, access control through the use of Grouper, and activity logging and monitoring to identify potential security issues.
  • Elevated privileges are strictly controlled and limited.
  • Data ingress and egress to the environment is restricted. Approved users must attest that requested files meet required project controls and use approved mechanisms which provide encryption in transit and implements activity logging and review.
  • Sensitive data acquisition: Project IT administrators and data acquisition facilitators may assist data stewards with the acquisition, transfer, and storage of sensitive data to ensure appropriate handling of transfer media and documentation of storage locations.
  • Access Restriction: Connections from project resources within the PN to external resources or systems are controlled and limited to pro-actively approved (safe-listed) resources.
  • Virtual machines are configured and maintained by OIT to comply with the ITSO security standards, requiring regular application of software updates, installation of Duke’s EDR solution, and logging to Duke’s log analysis infrastructure.
  • Data destruction is completed at the direction of the data steward(s) and managers with the assistance of an IT administrator who can verify data has been removed from all applicable systems.
  • The ITSO at Duke provides a security awareness and training program that covers relevant topics for users including topics around recognizing and handling sensitive data appropriately as well as reporting security incidents.
  • The project IT resources are housed in enterprise-grade data centers with specialized cooling, power, conditioning, and physical plant design focused on secure and reliable maintenance of computing services. Research Computing equipment is in the Fitzpatrick East Data Center, which has 7000 square feet of space, at 101 Science Drive in Durham, North Carolina. The data center is monitored 24/7/365, and access is limited to authorized personnel.

A full listing of controls are available in the PN for Research Systems Security Plan by request from security@duke.edu    For a full listing of relevant Duke policies and standards, including the Duke Data Classification Standard see: https://security.duke.edu/policies-procedures-and-standards/

Who can use it?

The PNR is available for Research Projects sponsored by Duke faculty/PIs with sensitive data that have been approved by relevant Duke offices (i.e. IRB, ITSO, OR&I). Any authorized user on a project that has a Duke netid may be added to the project by the project administrator.

How do I get it?

For sensitive data projects requested through the campus IRB, project setup will happen once the protocol is approved. For regulated data, project setup will happen as part of the DUA execution with OR&I.

Request a Regulated Data Research Project

Available Computational and Storage Resources

Every approved project receives 200GB of storage and individual user virtual machines with 4 cores and 8GB RAM at no-cost to Duke researchers.

What does it cost?

Similar to other Research Computing resources, there is no cost for researchers for the baseline services. Additional compute and storage will be charged at standard Research Computing rates.

Supported PNR Project Software

There is a lot of great software out there, but we can't support it all. We focus on open source and common Duke software that is available to everyone. Current software:

Additional software can be reviewed for installation, just place a ticket via the Request Help button and choose PNR Project Software Request: