skip to primary navigationskip to content
 

Institutional File Storage service (IFS)

Institutional File Store (IFS) is a service for institutions to store and share everyday documents with colleagues. This gives desktop and laptop users access to the storage via a mapped drive on their computer. The data is safely stored on an industry standard hardware platform in the University’s central data centres to protect against data loss.

Audience 

The service is available to staff of University Departments and Colleges, through their local institution. 

Key service features and benefits

For end users

For IT staff

  • Don’t have the expense of running your own infrastructure
  • Easy to add more storage as you need it
  • UIS takes responsibility for service availability
  • Federated management so you can administer your own storage space and use your own Active Directory for authentication/authorisation
  • Site resilience
  • Automated backups and snapshots

Typical use 

The IFS service is suitable for standard files opened and closed by applications on Windows, Apple Mac, and Linux systems. On a Windows computer this would be the items you store in My Documents, My Photos and My Videos etc. 

     NOTE: It is not suitable for higher performance workloads such as databases or video editing.

Access to the files is via a file share mapped to your computer. Local IT support staff will configure access for most users.

 

Costs

Storage is charged for on a per-TB per-year basis.

Free quotas for Schools

Each School was given a free quota at the launch of the service, in perpetuity, based on staff head-count, which they can divide among their Departments.

Introductory 1TB quota for Colleges

All Colleges have been given a 1TB quota at no charge for one year so that they have an opportunity to evaluate the service. If they wish to adopt the service after the trial period, all storage utilised will be charged for.

Buying additional storage (beyond the quotas)

Beyond the free quota, any additional storage space will be subject to an annual charge of £150 per TB with VAT charged where applicable. To reduce administration, we recommend that purchases be made in 10TB increments where possible.

 

How to get the service

Institutions: IFS Data Owners and Data Managers can use the Self-Service Gateway portal to buy and administer storage space.

Individuals: Speak to your institutional Data Owner, who has overall responsibility for user management and creating Data Managers. 

 


Technical information for IT staff

Technical features

  • SMB file shares
  • Encrypted transport of data
  • Each institution can manage their own storage
  • Quotas for institutions (see below)
  • Redundant hardware within each site, including redundant power, RAID 6, multiple head nodes and multiple network paths. 
  • Backups stored on a different site from the primary service
  • Cross-site failover (managed by UIS and manually initiated for the whole system as a DR mechanism)
  • Resilience against ransomware attacks (such attacks cannot spread through snapshots or offsite backups)
  • Procured and configured via the Self-Service Gateway

Institutional quotas

Each School, Department or College can create storage areas each with a separate quota. The quota can be increased by purchasing additional storage via the Self-Service Gateway. Purchased increases in size will be available for immediate use. 

Note: User level quotas are not provided by IFS.

Data Protection/Backup

A snapshot feature allows users to restore previous versions of files to assist with recovering files after accidental deletion. Snapshots are kept for 28 days unless otherwise agreed.

Behind the scenes, the system makes an independent copy of the data to a second data centre every 15 minutes (this uses the snapshot quota for each volume). This may be used for disaster recovery. In addition, volumes that are deleted via the Self-Service Gateway are archived for 28 days before being deleted entirely.

Access

Access is via a file share mapped to your computer. This will be a CIFS share which Windows, Apple Mac, and UNIX systems can connect to. NFS shares for Linux/UNIX users will be available in the future. 

Authentication will be either via your University password or your local department’s password, authenticated via an Active Directory. This is likely to be the same as you currently use to log on to your computer. Local IT staff will configure access for most users and give guidance on which password to use. 

Users must be on the University Data Network (UDN) using either a wired or wireless connection within Cambridge to access their files. 

Note: Machines connected to the eduroam wireless service are considered part of the UDN. Access from other locations will require use of the relevant University VPN service.

Data Security

Each tenancy, managed by a School, Department or College, can have multiple storage areas (known as 'storage projects') set up. Permissions for individual storage projects are controlled by an institutional Data Owner and the Data Managers they can create. These roles will be able to choose which people have access, and set their permissions.

The service is currently suitable for data up to and including level 2 (Confidential Information) as defined here:

https://help.uis.cam.ac.uk/service/security/data-sec-classes

Data classified as level 3 (personal and strictly confidential information) can currently be stored on IFS provided the institution managing the tenancy use document-level encryption (for instance password protection) for such documents.  The use of document-based encryption would mean that IFS administrators and departmental administrators would be unable to see the contents of the document unless they were authorised to do so. The responsibility for the storage of keys or passwords used for such files is the responsibility of the end user, since IFS administrators will not have access to their contents.

The IFS hardware resides within University data centers with restricted access.  Access is encrypted in transit unless explicitly disabled for a volume, by a Data Manager, in order to support Windows 7. The ability to set up un-encrypted access to volumes will be removed after the end of life (EOL) date of Windows 7 on January 14 2020. 

Availability and support

The service has been categorised as 'Standard'. The system is designed for continuous running 24x7, but in the event of a disaster such as total power failure, staff will be required to manually transfer service to a second site. 

Support is available during standard office hours on working days – Monday to Friday, 09:00–17:00.

Protocol support

  • SMB v3
  • NFS v4 (being developed)
  • Mixed SMB and NFS shares will not be available
  • iSCSI will not be available – IFS does not provide block storage.

Performance

  • The system has been designed to keep the cost of the storage low, whilst offering the necessary level of resilience. It comprises spinning disks with a small amount of NVMe cache. To prevent overload of the system and give predictable performance, each tenancy has a proportionate bandwidth cap.
  • The storage system is connected to the UDN via 40Gb/s links. 
     IMPORTANT: You must ensure you have adequate connectivity to the UDN.


Further information

If you want to know more about this service, please contact your institutional Data Owner.

User Support

User Guide

IFS User Guide v1.1 (April 2019)

 

Feedback and technical support

Email: