1. General User Policies

   1. Overview

      The Center for Computationally Assisted Science and Technology (CCAST) computing facility is a part of the North Dakota State University (NDSU) research infrastructure. The policies defined in this document help ensure that CCAST computing facilities are secure, available equitably to all eligible users, and used efficiently.  Owners of the CCAST accounts must read, understand, and consent to the CCAST User Policies defined in this document before accessing CCAST computers for the first time.

   2. Authorized Use

      Owners of CCAST accounts are authorized to use the CCAST computing facility for academic purposes only. Use of the facility for anything other than academic research and instruction (e.g. commercial purposes) must be approved by CCAST administration prior to such use. Application software used by the owners of CCAST accounts must be properly licensed for use at NDSU CCAST.  Owners of the CCAST accounts must comply with the applicable license agreements.  CCAST account owners are prohibited from modifying, altering or in any way interfering with any layer of the CCAST computers’ operating system software, including system libraries.

   3. Unacceptable Use and Misconduct

      Using CCAST computing facility in a way that obstructs its operations, compromises the stability of the computer systems, and/or violates other CCAST account owners’ privacy are considered unacceptable, and may lead to the suspension of CCAST account. Any misconduct that is in violation of local, state or federal law will be addressed accordingly.

   4. Reporting

      During the first 2 weeks of each new fiscal year, all Account Sponsors (please refer below for the definition of an Account Sponsor) must provide to CCAST administration information about research derivatives and teaching and outreach activities enabled by use of CCAST computing facilities in the previous fiscal year. Fiscal years run from July1 to July 30. This information must include list of publications (journal articles, book chapters, conference presentations and other significant publications), list of submitted patent applications and awarded patents, list of submitted proposals (with information whether the proposals were successful, not successful or were still pending), list of completed MS and PhD theses/degrees and list of courses and outreach activities for which CCAST computing resources were used. In addition, CCAST requests that the same type of information be provided in the first two weeks of October of each year for the prior period from September 29 of a previous year to September 28 of the current year. Failure to provide this information by an Account Sponsor will result in suspension of all accounts sponsored by this Account Sponsor. Sponsors must consent to this reporting requirement at the time of sponsoring the CCAST accounts.

   5. Acknowledgements

      Please acknowledge the use of CCAST computing facility in any publications or reports resulting from its use. Please contact CCAST administration for appropriate language.

   6. Login nodes

      Users access specific CCAST cluster resources through the cluster resources’ login nodes.  Login nodes are servers through which users may submit, query or delete jobs. Running jobs on login nodes is prohibited. Nodes allocated by the queuing system are the only computing resources granted for users to run jobs. CCAST reserves the right to delete, without warning, jobs running on login nodes for more than 10 minutes.

   7. Data Confidentiality and Intellectual Property

      Although CCAST provides technology to protect CCAST account owners’ data, it cannot guarantee that this data will not become compromised due to inappropriate access controls set by owners of CCAST accounts. It is the CCAST account owners’ responsibility to protect their data from exposure.

   8. Owners of CCAST accounts are solely responsible for setting and maintaining permissions for their files and directories and must understand Linux file system permissions before accessing CCAST computing resources.  Owners of CCAST accounts are advised not to change the default file system permissions without consultation with CCAST.  CCAST will not be responsible for any security breaches, including those affecting compliance with U.S. export control laws, resulting from misuse or uninformed use of file system permissions on CCAST computing resources.

   9. CCAST will not access CCAST account owners’ data without CCAST account owners’ consent except under exigent circumstances that require immediate action. In such cases, CCAST will notify CCAST account owners that such action has taken place.

   10. With CCAST account owner permission, CCAST may also access CCAST account owner data for providing support or to diagnose and investigate problems.

   11. CCAST reserves the right to access CCAST account owners’ data and monitor CCAST account owners’ activity in cases of suspected security violations, suspicious activities, and/or to share data with local, state, and/or federal governmental agencies when required by law.

   12. Intellectual property (IP) developed will be governed by NDSU Policy 190. This policy states that NDSU will own any IP invented or created solely by its employees and students, any private sector partner will own IP invented or created solely by the private sector partner employees, and any IP invented or created jointly by NDSU employees and students and private sector partner employees will be jointly owned. For sponsored research resulting in IP solely funded by the private sector partner, NDSU can grant the private sector partner a first option to negotiate on commercially reasonable terms an exclusive or non-exclusive license to NDSU solely owned IP or to NDSU’s undivided interest in jointly owned IP resulting from that sponsored research project.

   13. Penalties

       Failure to comply with CCAST policies may result in account suspension, permanent account revocation, or other administrative or legal actions.

   14. Contact

       Important notices from CCAST staff to the CCAST account owners will be sent via email and/or posted on the CCAST website: www.ccast.ndsu.edu. Support requests must be initiated by sending an e-mail to support@ccast.ndsu.edu.

2. CCAST Accounts

   1. Account Eligibility

      NDSU faculty, staff, postdoctoral researchers and students with valid Bison ID are eligible to obtain a CCAST account.  Outside collaborators of NDSU faculty and staff physically residing and present in the U.S. and who are affiliated with a U.S. academic, government or other institution may apply for CCAST accounts provided they work on a project whose Principal Investigator (PI) is a member of NDSU faculty or staff.  In such case, the NDSU PI is the Account Sponsor of an outside collaborator whose eligibility to obtain a CCAST account is vetted by CCAST administration.  CCAST reserves the right to decline a CCAST account application from an outside collaborator.  Normally, access to CCAST computers is limited to NDSU network. Requests to access CCAST computers from outside the NDSU Campus need to be routed through our website at www.ccast.ndsu.edu/users/remote_access_application and will be assessed on an individual basis.  Logging in to the CCAST computer infrastructure from locations outside of the continental U.S. is strictly prohibited.   

   2. All prospective CCAST account owners must have an Account Sponsor.  NDSU faculty members and certain staff members can be sponsors for other persons (and themselves), including NDSU staff, postdoctoral researchers, students, and outside collaborators.

   3. CCAST account owners are responsible for promptly reporting to CCAST any changes in their status at NDSU, department affiliation, institutional affiliation (for outside collaborators) and/or name of the Account Sponsor.  Similarly, Account Sponsors must report to CCAST any changes in the status of their sponsored CCAST account owners.

   4. Account Expiration

      CCAST accounts will be re-validated twice a year, usually at the beginning of the fall and spring academic semesters.  The re-validation procedures will be communicated to CCAST account owners prior to the re-validation time window.  CCAST account owners who do not re-validate accounts within the re-validation time window will have their CCAST accounts suspended and then removed after 6 months from the date of suspension.  At this time, data associated with the removed accounts will be permanently deleted from CCAST computer systems.  Preserving data from invalidated or otherwise suspended accounts is the sole responsibility of the corresponding CCAST account owner.

   5. CCAST account owners and their sponsors are responsible for immediately notifying CCAST when CCAST account owners terminate their relationship with NDSU or with NDSU projects (in case of outside collaborators).  Two weeks after a CCAST account owner terminates his/her relationship with NDSU or with the NDSU projects (in case of outside collaborators), his/her CCAST account(s) will be suspended. Suspended accounts and associated data will be deleted from CCAST computer systems after 6 months from the suspension of the account(s).

   6. Password

      Passwords must be strong and comply with following guidelines:

      • Use 8 to 32 characters
      • Use characters from all four of the following character classes: lowercase letters (a, b, c, uppercase letters (A, B, C, …), numbers (0, 1, 2, …), special characters (!,@,#,$,%...)
   7. Security and Compliance

      CCAST account owners are solely responsible for all activities conducted in their accounts. CCAST account owners must use SSH protocol to access CCAST computing resources. CCAST account owners must not share their accounts or their account passwords with anyone. CCAST account owners must promptly inform CCAST staff if the account is compromised or if they notice any suspicious activity in their account.

   8. CCAST account owners are solely responsible for setting and maintaining permissions for their files and directories and must understand Linux file system permissions before accessing CCAST computing resources (cf. Section (1)(g) above).

   9. The use of CCAST’s facilities may implicate export controls.  Adherence to, compliance with, and liability related to, CCAST policies and U.S. export control laws is the sole responsibility of each CCAST account owner.  For more information about export controls, please visit www.ndsu.edu/research/export_controls, or contact NDSU’s Export Control Office (ECO) at ndsu.exportcontrols@ndsu.edu.

   10. In general, CCAST policies prohibit CCAST account owners from placing any export controlled data, source code, software, any other export controlled technology or items, on CCAST computing resources.  In the event that a CCAST account owner must utilize CCAST computing resources for any export controlled material, they must request, in writing, an exception to this controlled technology prohibition from the CCAST’s Director.  All requests will be reviewed on a case-by-case basis by the CCAST Director and NDSU’s Export Control Officer.  Final approval must be provided by the CCAST Director before such export controlled material may be placed on CCAST computing resources. In the event that other export control issues or concerns arise during the use of a CCAST account, users must notify CCAST’s Director immediately.

   11. CCAST account owners must NOT store or process any other sensitive, private, or classified material, including information subject to HIPAA or FERPA, on CCAST computing resources.

   12. CCAST Account Owner and Account Sponsor Requirements

       CCAST account owners must read the introduction and other documentation relevant to the computing resource they intend to use before logging into that resource for the first time.

   13. CCAST account owners (both new and re-validating) must attest that they have read and agree to the CCAST user policies.  In particular, they must agree to comply with CCAST user policies regarding the use of the CCAST HPC facilities as related to U.S. export controlled material (cf. Section (2)(i) & (2)(j)) and that they will not store or process any other sensitive, private, or classified material, including information subject to HIPAA or FERPA, on CCAST computing resources.

   14. CCAST Account Sponsors must attest that they have read and agree to comply with CCAST user policies regarding the use of the CCAST HPC facilities as related to U.S. export controlled material (cf. Section (2)(i) & (2)(j)).  Sponsors must further attest that they have discussed the NDSU rules and regulations related to U.S. export controls with the prospective CCAST account owners who they sponsor, and that they have referred the users to the NDSU Export Control Officer, as appropriate, for training.

   15. Prospective CCAST account owners must indicate whether they are affiliated with NDSU, i.e. possess valid Bison ID, or whether they are applying for the CCAST accounts as collaborators of an NDSU PI.

3. Storage Allocation and Data Management Policy

   1. Overview

      CCAST provides several directories for CCAST account owners to store and manage their research data.  CCAST account owners are solely responsible for following the guidelines of NDSU's Record Management Program (c.f. www.ndsu.edu/recordsmanagement) with respect to data stored on CCAST computers.  CCAST account owners are also responsible for selecting appropriate directories for the most effective use of CCAST storage infrastructure.

   2. Directory Structure

      Home: Home directory (/home/username) is intended for storing relatively small files such as source codes, executables, input files, etc. The Home directory is not a directory designed to keep the output from CCAST account owners’ job executions. Running jobs in the Home directory is prohibited.  While the default Home directory permissions are initially set by CCAST systems administrators, the owners of CCAST accounts are solely responsible for subsequently setting and maintaining permissions for their files and directories under the …/home/username and must understand Linux file system permissions before accessing CCAST computing resources (cf. Section (1)(g) above).  CCAST will not be responsible for any security breaches, including those affecting compliance with U.S. export control laws, resulting from misuse or uninformed use of directory and file permissions on CCAST computing resources.

   3. Projects: Projects directory (/projects/username) is intended for sharing data within one research group. Each Principal Investigator (PI) has his/her own directory under the …/projects directory. This directory is accessible to all group members.  While the default Projects directory permissions are initially set by CCAST systems administrators, the owners of the CCAST accounts are solely responsible for subsequently setting and maintaining permissions for their files and directories under …/projects/username and must understand Linux file system permissions before accessing CCAST computing resources (cf. Section (1)(g) above).  CCAST will not be responsible for any security breaches, including those affecting compliance with U.S. export control laws, resulting from misuse or uninformed use of directory and file permissions  on CCAST computing resources.

   4. Global Scratch: Global Scratch directory (/gpfs1/scratch) is intended for storing temporary data from CCAST account owners’ job runs. CCAST account owners may only choose to keep their data on this file system temporarily and are encouraged to move their data to another location. CCAST account owners’ data kept in Global Scratch will be automatically purged after 30 days from its last access. It is the CCAST account owners’ responsibility to transfer the data they want to keep to their Home or Projects locations or to a location outside of the CCAST computing facility.

   5. Local Scratch: Each node’s Local Scratch directory (/scratch) is intended for storing temporary data generated from the CCAST account owners’ jobs running on a set of nodes. The CCAST account owner’s data in this directory is automatically deleted when the corresponding PBS script terminates.

   6. Default Allocations

      CCAST account owners are allocated 10GB (on Cluster2&3) or 200GB (on Thunder) of storage space in the Home directory when their CCAST account is created. In addition, each PI and his/her research group have access to 50GB (on Cluster2&3) or 500 GB (on Thunder) of space under the projects directory. There is no individual disk quota on the Global Scratch and Local Scratch directory. CCAST account owners’ data in these directories will be purged automatically according to the policies described in Section (3)(b). It is the CCAST account owners’ responsibility to transfer the data prior to automatic purges.

   7. Backup

      Home and Projects directories are backed up on a daily basis. The Global Scratch and Local Scratch directories are not backed up.  Only a file's most recent 150 versions are retained in the backup.  Backups of deleted files will be retained for a period of 6 months after the files are deleted.

4. Application Software Installation Requests and Application Software Licenses

   1. Single User/Single Project Application Software Installations

      Installations of single user application software in CCAST account owners’ /home or /projects directories are the responsibility of the CCAST account owners. This software must be properly licensed and must be approved for use by NDSU. It is CCAST account owners’ responsibility to procure such proper licenses. Owners of the corresponding CCAST accounts must fully comply with the respective license agreements and are solely responsible for maintaining such application software.

   2. System-wide Application Software Installation Requests

      All system-wide application software installation requests must be approved by CCAST administration prior to the purchase of the corresponding software licenses by the interested parties. Multiple-seat or site-licensed software is generally installed in a system-wide location and maintained by CCAST. Users of the system-wide application software in CCAST computing facility must comply with the terms of applicable license agreements. CCAST reserves the right to decline a request for installation of any particular application software deemed unsuitable for its environment.

5. Queues

   1. Overview

      CCAST employs a queuing system to ensure efficient and fair use of its computing resources. All computing jobs must be submitted through the queuing system.  Users have access to all of the queues listed below and must use queues which are most suitable for their workflows. Using shorter queues increases job turnaround, scheduler backfilling opportunities, fair share score, and priority.

   2. Queues

      The following types of queues are valid on CCAST’s computing resources in order to support a wide variety of research activities:

6. User-procured Condominiums

Users are encouraged to partner with CCAST on the procurement of "condominium resorts". The “condominium” model for building HPC facilities is defined as the addition of a certain number of nodes and/or other equipment to a base facility by individual users who are allowed to maintain a higher level of queue policy control in their “resorts” in exchange for contributing a certain, mutually agreed upon, percentage of the purchased equipment to the common pool subject to general queuing policies. Prospective “condominium” owners must contact CCAST staff well in advance in order to budget “resorts” into their grant proposals. A Memorandum of Understanding (MOU) between a “condominium” owner and CCAST, describing the rules and bylaws, which govern the ownership and use of the "resort", must be signed before the purchase of the “condominium” equipment.