Release note 04.29.21

Network access control per Project available on CAVATICA

CAVATICA has added another layer of security protecting your data. Researchers can now choose from two options for controlling network access for each Project. This feature defines the network access permissions for both Tasks (tools and workflow executions) and Data Cruncher analyses (interactive analysis environments).

When setting up a project, users can choose to deny network access for all executions, thus ensuring even higher security and compliance standards in the execution environment provided by Seven Bridges. This restricted option will be the default selection for all new Projects. This additional security feature will enhance the safety of data during analysis in the cloud for all apps and notebooks. This change will not affect pulling of externally hosted Docker images or access to project files that point to externally hosted datasets, which means that access to common public datasets such as KidsFirst will not change. Access to the CAVATICA API will also be available from the execution environment.

For Projects that may not benefit from the highest security, you can choose to allow all network access. Examples of activities where open network access would be preferred include running an execution that requires access to an external network endpoint for file upload/download, installing additional libraries, contacting a licensing server, or pulling scripts from github.

The settings for network access can be updated at any time by the Administrator for the Project. These settings can be accessed through both the visual interface and the API.