1

ESSnet workshop

Eurostat Vision infrastructure project :

SICON - Secured Infrastructure or CONfidential data access and sharing

Jean-Marc Museux Eurostat Unit B2 – Methodology and research

2

VIP SICON (1)

The overall aim of the project is to develop and establish a pilot of infrastructure, services and documentation for accessing EU confidential datasets held in Eurostat by external partners, mainly NSIs in view of integrating MS and Eurostat processes.

Technological and security dimension

3

VIP SICON (2) – project dependencies

Main related projects for pilot phase• EGR Euro Group Register• DASP Decentralised Access for Scientific Purposes

Other possible uses• Transport Statistics Information System• Webservice for SAS based production system (GSAT)• Service for EU data validation (Eurostat Editing Building

Block, National Account production system)• Teleworking in Eurostat

4

VIP SICON (3) – projects constraints

Clients requirements - Analysis starts with detailed review of user needs and functional specifications

Legal constraints Use of coorporate tools and service at Commission

level Outsourcing IT technical expertise and service

(s)Testa

Secure GatewayTESTA 2

Secure GatewayTESTA 1

DMZ CITRIX TESTA

Other DMZ or SNET

Application ServerSINCOM

Application Server ESTAT

DMZ CITRIX - RCNET

Web InterfaceInternet 1

Web InterfaceInternet 2

Web InterfaceTESTA 1

Web InterfaceTESTA 2

XenAppServer 1

XenAppServer 2

XenAppServer 3

XenAppServer 4

Reverse ProxyTESTA

DMZ TESTA

Internet

Secure GatewayInternet 2

Secure GatewayInternet 1

DMZ CITRIX Internet

Reverse ProxyInternet

DMZ Internet

Agency X

https://citrixprod1.cec.eu-admin.net https://citrixprod1.ec.europa.eu

Commission corporate service

Commission SEC ETAT SEC

6

VIP SICON (4) – project status

Kick-off meeting in July 2011 Users Need analysis (mainly EGR technical

requirements) Proposed model and schema for the secure

infrastructure provides January 2012 : first test with EGR April 2012 : test with DASP

Proposed Model & Schema for SICON

IE/Firefox

IPSec

Apache

Web Logic

End user Internet Rachel

Firewall Restricted Data

Files

Database IPsec Server

Application Server

Proposed Model & Schema for SICON PRO & CONS

PROS– Mains security needs are satisfied– Use only existing commission software

CONS– Triple Identification– No Web services– Opening outgoing channels is not recommended– Maintance costs

Change of business process for confidential data access for research

10

NEW BUSINESS PROCESS

MS collect and send micro data to Eurostat Eurostat and MS prepare micro data for research use

----------------------------------------------------------------------- Eurostat receive and process request (MS custodians) Eurostat configure researcher environment on secured

server MS RDC establishes connection with Eurostat server Researcher performs statistical analysis MS RDC staff check output

11

Issues

Projects dependencies (EGR, DASP, …)

Dependence on local infrastructure

Coupling technology and business development through pilot

Information infrastructure still to be improved (-> role research projects DWB

Extension toward distributed architecture (the vision)