Security Policy

Eligibility for an account: who may apply for a login ID

Any current UCLA student, faculty or staff member with a valid UCLA Logon ID may apply for access to the Hoffman2 Cluster.

Those who are affiliated with a research group may apply for access to that group’s own virtual cluster resources. Cluster access can be authorized for people not affiliated with UCLA by written request from a faculty member who has purchased hardware on the Hoffman2 Cluster or other cluster hosted by IDRE.

To access to the UCLA Grid Portal you must either have a login ID on a cluster which is participating in the UCLA Grid or be a current UCLA student, faculty or staff member with a valid UCLA Logon ID. UCLA Grid Portal access is not authorized for those not in these categories.

Safeguard your login IDs and passwords

Keep your UCLA Grid Portal username and password safe and do not allow anyone else to access the UCLA Grid Portal using your username.

Cluster login IDs are single user login IDs only. Do not let anyone else know or use your login ID and password. Any form of use of another person’s account, for example using an ssh public key to gain access, is a violation of this policy. If we suspect that a login ID is being used by more than one person, we will suspend access to the login ID until the matter has been resolved.

Do not leave your local machine unattended while you are logged in to any cluster hosted by IDRE. If you think that your password has been compromised, change your password immediately and contact

UCLA Policy 401: Minimum Security Standards for Network Devices

UCLA Policy 401: Minimum Security Standards for Network Devices specifies the minimum security standards for all electronic devices connected to the UCLA Campus Network, including those connected via the UCLA Virtual Private Network (VPN). Make sure you meet these minimum standards. See UCLA Policy 401, Attachment A.

Personal Information and Sensitive Data on Hoffman2

Personal information and other sensitive data, including statutory, regulatory, and contractually protected data — for example, human subjects research, restricted research, student and educational data, and PHI — are prohibited on Hoffman2. (See the UC Protection Level Classification Guide charts on Protection Level 3 and Protection Level 4 for details.)

Researchers using any data defined by UCLA Health as protected health data must contact UCLA Health IT. Such data are prohibited on Hoffman2.

UCLA Health defines ‘health data’ as “any information pertaining to the health, care, and treatment of UCLA Health patients or health plan members which: (1) results in a report used in treatment or monitoring of a patient; (2) generates a claim or a bill for services that are provided; and/or (3) is used for operations, financial management, population health activities or quality metrics.

Prospectively-collected clinical research data and related research results will not be considered Health Data if these data are collected/created exclusively for a sponsored research (“Sponsored Research Data”); however, Sponsored Research Data that appears in the patient’s medical record is Health Data. (The use of Sponsored Research Data may be subject to contractual and regulatory obligations; release of Sponsored Research Data to any entity other than the sponsor of the study must be reviewed in advance by the Clinical Trials Administration Office.) Non-health data is all other data collected at UCLA Health.”

Please contact the Director of the IDRE Research Technology Group if your research requires use of these types of data, or if you have any questions. More information about security requirements can be found at

Federal Export Controlled Software

Pursuant to federal export control regulations, certain export restricted software must be protected. Export restricted software which must be protected includes: (1) certain strong encryption software, (2) software controlled under the Department of Energy 10 CFR §810 regulations, (3) software controlled under the Department of State, International Traffic in Arms (ITAR) regulations 22 CFR §120-13.

If you are storing any of the above export restricted software, we strongly recommend you remove it immediately. If you do decide to keep it, you must inform the Director of the IDRE Research Technology Group, in writing, about the export restricted software in your account. If a security breach occurs, you, as the custodian of the software, are liable for the exposure and subsequent export control regulatory violations. If you have questions about how your software is controlled under export regulations, contact Claudia Modlin, Research Policy and Compliance Coordinator at

Secure access with SSH2

You must use the Secure Shell Protocol (SSH) version 2 to access a login node of any cluster hosted by IDRE. You can use nx, rsync, scp, sftp, ssh commands and local GUI interfaces, for example on Windows machines, that are based on SSH version 2. Compute nodes, including interactive compute nodes, can only be accessed from the login nodes.

Safety for other systems that you use

Although we make every attempt to ensure the security of the system, because the login nodes of the clusters hosted by IDRE are not behind fire walls, there is no guarantee that it cannot be compromised by a malicious attacker. For your own security and the security of other computing equipment that you use, do not ssh to or scp to other machines from any cluster hosted by IDRE. In the rare instance that the cluster is compromised, entering passwords or other authentication information for other machines may allow those other machines to become compromised as well.

Report Typos and Errors