Important Instructions and Resources regarding your ICPSR Restricted-use Data Access
We know that this is a challenging time to continue your work, including your critical research using ICPSR restricted data. You should have received an email with instructions for how to transition your restricted data from the physical location described in your Data Security Plan to a remote location. If you do indeed make this transition, you must adhere to the requirements outlined in that email.
If you have questions, please email us at ICPSR-help@umich.edu, although our response time may be delayed as we all adjust to these unusual circumstances. We will do our very best to help in a timely manner.
I currently have restricted data stored on an encrypted hard drive, non-networked computer, or private-network. How can I continue to access this data remotely?
- The storage device (e.g., the computer’s internal drive or separate attached external storage device) which currently holds the restricted data must be encrypted before it is moved from the current location specified in your existing agreement. The storage device must be encrypted, not only the data files.
- Store any encryption passwords securely and do not share them.
- If the data are stored on a computer’s internal drive and that computer cannot be moved, you may transfer the data to a removable storage device such as an external USB hard drive or thumb drive. Any removable storage device to which restricted data are transferred must be whole-disk encrypted before it is moved to a remote location.
- Prior to moving restricted data to a remote location, you must log into your existing agreement(s) to update your Confidential Data Security Plan and identify a single room in your remote location that meets the security protocols.
- If you transfer the computer holding the restricted data to your remote location, it must at all times remain isolated from any network connection (wired or wireless).
- If you transfer the restricted data to your remote location on an encrypted removable storage device, you may connect it to a computer at the remote location under the following conditions:
- The computer must be disconnected from all wired and wireless networks prior to connecting the remote storage device. Disabling the network interface(s) is the preferred method since this prevents the computer from automatically reconnecting to networks.
- The computer must remain disconnected from all networks while the external storage device is connected to the computer.
- Any software used to analyze the data should be configured to store temporary files and output to the encrypted device.
- You are not permitted to copy restricted data from the encrypted device to your personal computer (i.e., the local internal hard drive), to a cloud storage, or to any other storage medium.
- When not in use, the device must be stored securely.
How can I encrypt a storage device?
ICPSR has provided detailed encryption instructions using BitLocker, MacOS, and VeraCrypt, available here.
If you need additional assistance with device encryption, please reach out to your institution’s IT department.
I am currently accessing data via the Virtual Data Enclave. How can I continue to access the enclave remotely?
First, you must identify a certain room in your remote work location that meets the same physical security needs described in the VDE Data Security Plan. See your Data Use Agreement for more details.
You will need:
- The VMWare Horizon View client, available here.
- Traffic to 2fa.midesktop.it.umich.edu via TCP over ports 80 and 443 is required for authentication.
- Once authenticated, the Horizon View client will need to be able to use the PCoIP protocol over ports 4172 inbound and outbound for both TCP and UDP
- For some users still operating in restricted environments, you may also need to permit connections to specific servers, this includes:
- v7-2fa-a.midesktop.it.umich.edu 141.211.216.202
- v7-2fa-b.midesktop.it.umich.edu 141.211.31.174
VDE Troubleshooting
I can't reach 2fa.midesktop.it.umich.edu
This implies a network issue, most commonly a firewall issue. Please check the firewall on your computer, home network or if connecting via your institution's VPN service verify they have permitted the addresses, ports and protocol described above. Some institutions limit what is permitted over their VPN.
I can reach 2fa.midesktop.it.umich.edu, but I can't authenticate
This implies an account issue, possibly your password is incorrect, your account has been locked, or your account has lapsed. Please contact ICPSR-help@umich.edu
I can authenticate, but I don't see my pool
This implies your account, user license or data use agreement has lapsed. Please contact ICPSR-help@umich.edu
I see my pool and I attempt to connect, the window opens but remains black and eventually closes
This implies a firewall issue. Please check the firewall on your computer, home network or if connecting via your institution's VPN service verify they have permitted the addresses, ports and protocol described above. Some institutions limit what is permitted over their VPN.
Mar 20, 2020