PopMedNet Network Administration Best Practices
advertisement
PopMedNet Network Administration Best Practices With Melanie Davies and Kyle Erickson Our Networks • Mini-Sentinel: ~60 requests/month • NIH Collaboratory DRN: ~10 requests/month • Health Data Collaboration: ~15 requests/month • MDPHnet: ~20 requests/month • PCORnet DRN: ~15 requests/month Objective Discuss the standard governance processes/ role based structure used by most PopMedNet networks that ensures an efficient scalable environment. • Covering: • Entities, rights, security groups, roles, and their interactions in a PopMedNet network • Various pathways needed for appropriate user support • Advantages and disadvantages with using PopMedNet from a network administration perspective Network Administration Responsibilities • Setup and maintain network entities and access controls • Manage user credentials • Onboard users • Answer questions and troubleshoot Supporting Users • Manage network software updates • Report and manage bugs and issues PopMedNet Entities Organizations Organization = An entity that a collection of Users and DataMarts are assigned to that represents a real-world organization/site. May be standalone or linked with another Organization as a Parent or Child • An Organization may have multiple DataMarts and Users and may be a member of multiple Groups and Projects Parent and Child Organizations • • A Parent Organization may have multiple Children, but a Child Organization may only have one Parent • Child Organizations may also be Parents of other organizations, allowing for deeper hierarchies Parents and Children may have multiple DataMarts DataMart DataMart = represents a data source used to process requests • • A DataMart may only belong to one Organization A DataMart may be a member of multiple Projects Users User= a person participating in the network. • A User may only be a member of one Organization Groups Group = a sub-network • A Group may have multiple Organizations and Projects Projects Project = collection of DataMarts, Organizations, request types, and permissions used to delineate network activity • • A Project may contain multiple Organizations and DataMarts A Project may only belong to one Group PopMedNet Entities Health Data Collaboration Network IMEDS/Pfizer Group HMORN Group Production Query Project HMORNnet Project CRNnet Project Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Org K Org L Org M Org N PopMedNet Entities Health Data Collaboration Network IMEDS/Pfizer Group HMORN Group Production Query Project HMORNnet Project CRNnet Project Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Org K Org L Org M Org N PopMedNet Entities Health Data Collaboration Network IMEDS/Pfizer Group HMORN Group Production Query Project HMORNnet Project CRNnet Project Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Org K Org L Org M Org N PopMedNet Entities Health Data Collaboration Network IMEDS/Pfizer Group HMORN Group Production Query Project HMORNnet Project CRNnet Project Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Org K Org L Org M Org N PopMedNet Entities Health Data Collaboration Network IMEDS/Pfizer Group HMORN Group Production Query Project HMORNnet Project CRNnet Project Org A Org B Org C Org D Org E Org F Org G Org H Org I Org J Org K Org L Org M Org N Rights • Right: an individual permission allowing a single action on a PopMedNet network • Rights can be assigned at every entity level Rights • Right: an individual permission allowing a single action on a PopMedNet network • Rights can be assigned at every entity level Security Groups • Security Group: a collection of rights that can be assigned to a user • Users can have multiple security groups • Security group naming conventions consist of: “[Organization or Project]\[Role]” • Examples: Clinical Site 3\DataMart Administrator, Drug Surveillance Project\Observer Roles • A role is a defined position a user fulfills within a PopMedNet network • A single user may have multiple roles Our standard set of roles: • Observer • Enhanced Observer • Investigator • Enhanced Investigator • Results Reviewer • Request Reviewer • Organization Administrator • DataMart Administrator • Network Administrator • Everyone Managing User Credentials • Following processes for different network governances • Typically requires additional tracking outside of PopMedNet Supporting Users • Maintaining PopMedNet support email • Onboarding – Contacting to-be users with instructions to set up accounts and/or the DataMart Client • Troubleshooting and holding calls with users to diagnose difficult issues • Giving demos to current and to-be users • Receiving and managing bug reports and functionality requests Maintaining PopMedNet Support Email • Central location for network support • Onboarding new users • Troubleshooting with existing users • Enables easy, organized triaging Onboarding Users • Identifying and contacting appropriate users for each role • Walking through PopMedNet setup • Providing additional instructions where necessary Troubleshooting • ~95% of issues are resolved via PopMedNet support email • ~5% require calls with users and/or technical teams at Lincoln Peak • Frequently requires testing and replication Summary • Very granular access control scheme – enables flexibility but requires establishing standards to remain organized • High learning curve, difficult to learn every intricacy • Supporting users requires a significant amount of time – dependent on size of the network and experience of users • Maintaining a single organized support contact helps facilitate communication • Having access to more technical support (e.g. Lincoln Peak) helps to resolve most difficult problems • Online documentation (PopMedNet wiki) is frequently referenced Questions
