Skip to main content

Prepare for deployment

Before deploying Linksight, organizations need to complete several important preparation steps to ensure a successful installation and deployment. This guide walks you through the essential prerequisites and planning considerations needed to set up Linksight in your organization.

The preparation process involves two main phases:

  1. Organization Setup: Setting up your organization's presence on the Linksight platform
    • Create an organization in the Governance Hub (if not already done)
    • Set up appropriate access permissions for system administrators
  2. Deployment Planning: Planning the technical deployment of the required components
    • Understand the Linksight Platform architecture and its distributed nature
    • Choose the appropriate deployment method based on your organization's infrastructure and requirements
    • Review network connections, firewall rules, and security requirements
    • Arrange TLS certificate for the Analysis Hub
    • Configure firewall rules for peer-to-peer connections between data stations

Following these steps will help ensure a smooth deployment process and proper integration with your existing infrastructure.

Organization Setup

  1. Create an organization on the Linksight platform
    • Check with peers whether an organization has already been created on the Linksight platform.
    • If your organization doesn't already have an organization on the Linksight platform, an organization administrator needs to create one. This can be done in the Governance Hub: https://linksight.network.
  2. Set up organization access permissions
    • Ensure the system administrator responsible for deployment receives an invitation to join the organization.
    • The system administrator needs to be granted one of the following roles:
      • IT Administrator role
      • Organization Administrator role
    • Either of these roles will provide the required permissions to manage and register new data stations and Analysis Hubs.

Deployment Planning

  1. Understand the Linksight Platform architecture
    • The Linksight platform consists of three primary components:
      • Governance Hub (hosted at https://linksight.network): Allows Data Stewards to oversee data collaborations and governance, ensuring secure and compliant data sharing.
      • Data station: Handles datasets and executes protocols in collaboration with other data stations across organizations, ensuring data privacy.
      • Analysis Hub: Offers an interface for Data Scientists to interact with the Data station, allowing them to securely run and monitor data analyses.
    • The data station and Analysis Hub need to be deployed by your organization
  2. Choose your deployment method
  3. Network configuration (Docker/Kubernetes)
    • The system and/or network administrator should review the network connections documentation
    • This documentation covers critical aspects such as:
      • Necessary network connections and their specifications
      • Firewall setup and configurations
      • Implementation of mutual TLS for secure peer-to-peer connections between data stations
      • Suggested network configurations for environments utilizing SSL Offloading, Deep Packet Inspection, or Web Application Firewalls
      • Using forward proxies
    • Understanding these requirements is crucial for proper network setup and security
  4. TLS certificate for the Analysis Hub
    • The Analysis Hub frontend should be reachable internally and can be secured with a TLS certificate (recommended, not required)
    • The TLS certificate can be self-issued or automatically issued using Let's Encrypt (Docker only)
    • If your organization plans to use its self-issued TLS certificate, ensure that this is arranged before the deployment
    • Read more about TLS certificates for your deployment method:
  5. Firewall configuration for peer-to-peer connections
    • For enhanced security, network administrators should consider implementing IP-based firewall restrictions
    • These restrictions limit peer-to-peer connections exclusively to known partner organizations' data stations
    • The IP addresses of legitimate peers can be identified through:
      • The Network Status page in the Governance/Analysis Hub interface, which displays all trusted peers with their IP addresses
      • Connection log lines in the data station's logs, which record IP addresses of new incoming connections and failing outgoing connections
    • For detailed configuration instructions, refer to the network connections documentation

Next Steps

After completing these preparation steps, you can proceed with the actual deployment. Make sure to:

  • Have all necessary credentials and access rights ready as a system administrator
  • Ensure your infrastructure meets the minimum requirements
  • Have a clear understanding of your chosen deployment method
  • Have network configurations planned according to the documentation