Prepare for deployment
Before deploying Linksight, organizations need to complete several important preparation steps to ensure a successful installation and deployment. This guide walks you through the essential prerequisites and planning considerations needed to set up Linksight in your organization.
The preparation process involves two main phases:
- Organization Setup: Setting up your organization's presence on the Linksight platform
- Create an organization in the Governance Hub (if not already done)
- Set up appropriate access permissions for system administrators
- Deployment Planning: Planning the technical deployment of the required components
- Understand the Linksight Platform architecture and its distributed nature
- Choose the appropriate deployment method based on your organization's infrastructure and requirements
- Review network connections, firewall rules, and security requirements
- Arrange TLS certificate for the Analysis Hub
- Configure firewall rules for peer-to-peer connections between data stations
Following these steps will help ensure a smooth deployment process and proper integration with your existing infrastructure.
Organization Setup
- Create an organization on the Linksight platform
- Check with peers whether an organization has already been created on the Linksight platform.
- If your organization doesn't already have an organization on the Linksight platform, an organization administrator needs to create one. This can be done in the Governance Hub: https://linksight.network.
- Set up organization access permissions
- Ensure the system administrator responsible for deployment receives an invitation to join the organization.
- The system administrator needs to be granted one of the following roles:
- IT Administrator role
- Organization Administrator role
- Either of these roles will provide the required permissions to manage and register new data stations and Analysis Hubs.
Deployment Planning
- Understand the Linksight Platform architecture
- The Linksight platform consists of three primary components:
- Governance Hub (hosted at https://linksight.network): Allows Data Stewards to oversee data collaborations and governance, ensuring secure and compliant data sharing.
- Data station: Handles datasets and executes protocols in collaboration with other data stations across organizations, ensuring data privacy.
- Analysis Hub: Offers an interface for Data Scientists to interact with the Data station, allowing them to securely run and monitor data analyses.
- The data station and Analysis Hub need to be deployed by your organization
- The Linksight platform consists of three primary components:
- Choose your deployment method
- Linksight offers multiple installation options to suit different organizational needs:
- Self-hosted Deployment Options:
- Cloud Provider Deployment Options:
- Preferred Supplier Deployment:
- Get in touch with us and we will connect you to a preferred supplier
- Select the deployment method that best fits your organization:
- Infrastructure requirements
- Security policies
- Budget constraints
- Linksight offers multiple installation options to suit different organizational needs:
- Network configuration (Docker/Kubernetes)
- The system and/or network administrator should review the network connections documentation
- This documentation covers critical aspects such as:
- Necessary network connections and their specifications
- Firewall setup and configurations
- Implementation of mutual TLS for secure peer-to-peer connections between data stations
- Suggested network configurations for environments utilizing SSL Offloading, Deep Packet Inspection, or Web Application Firewalls
- Using forward proxies
- Understanding these requirements is crucial for proper network setup and security
- TLS certificate for the Analysis Hub
- The Analysis Hub frontend should be reachable internally and can be secured with a TLS certificate (recommended, not required)
- The TLS certificate can be self-issued or automatically issued using Let's Encrypt (Docker only)
- If your organization plans to use its self-issued TLS certificate, ensure that this is arranged before the deployment
- Read more about TLS certificates for your deployment method:
- Docker
- Kubernetes
- Azure Marketplace
- SURF Research Cloud: TLS is automatically configured.
- Firewall configuration for peer-to-peer connections
- For enhanced security, network administrators should consider implementing IP-based firewall restrictions
- These restrictions limit peer-to-peer connections exclusively to known partner organizations' data stations
- The IP addresses of legitimate peers can be identified through:
- The Network Status page in the Governance/Analysis Hub interface, which displays all trusted peers with their IP addresses
- Connection log lines in the data station's logs, which record IP addresses of new incoming connections and failing outgoing connections
- For detailed configuration instructions, refer to the network connections documentation
Next Steps
After completing these preparation steps, you can proceed with the actual deployment. Make sure to:
- Have all necessary credentials and access rights ready as a system administrator
- Ensure your infrastructure meets the minimum requirements
- Have a clear understanding of your chosen deployment method
- Have network configurations planned according to the documentation