Diamond Annual Review 2019/20

106 107 D I A M O N D L I G H T S O U R C E A N N U A L R E V I E W 2 0 1 9 / 2 0 D I A M O N D L I G H T S O U R C E A N N U A L R E V I E W 2 0 1 9 / 2 0 Although public cloud providers offer low level resources, such as Virtual Machines as a service, there has been a strong trend towards containerisation as a method to provide a consistent software environment on which workloads run. This minimises changes users will need to make when using cloud and on-premise services. The dominant technology for running containers is Kubernetes, a project developed originally by Google. To extend this common layer to Diamond’s on-premise infrastructure, a recent deployment of a Kubernetes cluster has been undertaken. This enables software developers to experiment and adapt existing workflows to run in any cloud environment that offers Kubernetes as a service. Adopting cloud techniques and containerising applications enables workflows and applications to become decoupled from the underlying infrastructure. Whilst building or adapting workflows to be containerised requires a significant investment of time, it has the potential to allow future users to take both data and analysis software away from Diamond easily. In this way, users can leverage large scale cloud platforms for data analysis that are either provided by commercial cloud companies, or the increasing number of clouds within academia that are developing, without significant overhead. Controlling Helium Recovery Helium, although abundant in the universe, is a very rare and finite resource on earth. When helium gas is vented into the atmosphere it is lost as it eventually escapes earth’s gravity because it is such a light element. To help preserve this important resource, an extensive Helium Recovery System has been installed at selected beamlines and other areas that have a high usage of helium. The control system for this has been designed and supplied by the Electronic Systems Group to manage the whole process from collection, low pressure storage, purity selection, high pressure storage and ultimately transfer to the liquefaction plant. The system is more sophisticated than commonly installed as it checks the purity of collected gas to ensure suitability for liquefaction. It monitors purity at each collection point and only gathers gas of suitable quality, rejecting low grade gas automatically. The gas that passes this first check is then stored in a gas bag before being compressed and stored in local storage banks after a second purity assessment. This ensures that all gas collected is suitable for liquefaction, saving unnecessary energy costs associated with compression and storage of unsuitable gas. Control of collection and storage is all automatic, managed by a distributed system of Programmable Logic Controllers, and a local Human Machine Interface, all communicating over Ethernet. Software and computing graduate programme The SSCC graduate training programme provides a route to recruit recent university graduates and offer training in one of the highly specialized software engineering and computing roles at Diamond. Established in 2015, the programme has expanded to encompass all the software and computing groups. It is now well recognised, with an intake of five graduate engineers per year, from a variety of backgrounds in science, engineering, mathematics and computing. The programme consists of two years of training. In the first year, participants undertake four projects in different groups within SSCC, and occasionally elsewhere in Diamond. The second year is spent as a member of one team, in mentored, “on-the-job” training, building responsibility within that team. At the end of the two years, participants are equipped to operate independently at the level of experienced engineers. Participants build a broad base of knowledge and experience, and a network of contacts throughout the organisation, in turn bringing different perspectives and new ideas to the host groups.The first year projects consist of ameaningful piece of work which is owned by the host group, and many involve working across group boundaries, which promotes collaboration and breaks down organisational barriers. In total, 50 projects have been completed to date. To complement the practical experience, training is provided on a range of technical topics, through organised training courses and online learning. There is also a programme of informal talks on projects and topics of interest. In 2019, the first SSCC Graduate Away Day was held to promote the inclusion of the new starters and build strong links within the internal graduate community. Cyber Security and InformationManagement Diamond is on a journey to increase Cyber Security and Information Management maturity in order to protect and enhance the science programme delivery. During the past year Cyber Essentials certification was achieved. This focussed on demonstrating good practice in five technical controls: securing the internet connection, securing devices and software, controlling access to data and services, protecting fromviruses and other malware and keeping devices and software up to date. Information Governance (IG) is another crucially important part of the journey; during the year an IG Committeewas formed, an IG Corporate Statement agreed and an IG Framework endorsed. Information Management requires Diamond’s data, information, and knowledge (collectively‘information’) to be kept confidential when necessary, to have its integritymaintained and to be guaranteed to be available when needed. A further aspect of Diamond’s security journey is to improve access to information by providing relevant, performant and managed services. A project is underway to deliver a managed SharePoint Online service which will ensure Diamond’s information isheldsecurely, inoneplace,and isfindable-assomewoulddescribe it,‘a single point of truth’. The process to increase Diamond’s cyber security and information management maturity is well underway, and is expected to continue through 2020 and into 2021. The Role of the Business Applications Group The Business Applications group is a new grouping of components from a number of teams fromacross SSCC that deliver systems and services supporting Diamond in delivering science benefits. There are currently three main areas that the group supports which map across an external user’s journey while at Diamond. When a user first applies for access to Diamond’s facilities, they will do this using the User Administration System (UAS) which manages application, review and visit or session management. These systems ensure that time at Diamond is managed efficiently and effectively to deliver a good experience for users, reviewers and Diamond staff. Experiment management systems, such as, ISPyB, handle the users’ experience during the course of the experiment – it enables them to manage their experiments when on site or off site, and also ensure that experiment samples for external users are delivered to site speedily. Other systems are used to help manage assets and logging information. Finally, at the end of the data journey, data management systems ensure that the data created during the experiment is curated and archived in the data catalogue and repository called ICAT. At this point the data needs to be findable and retrievable by users, and, in due course, be made openly accessible. A key objective of the Business Applications group is to align the software systems and services a user utilises to provide a more coherent experience. It will look to embed good practice in terms of quality assurance and design throughout the systems. In addition to the systems described, the Business Applications group is also involved in a broad range of business IT Services, looking to provide new capabilities that will deliver greater efficiencies across Diamond, new systems to help reduce administrative burden, and to deliver services that can be accessed more widely.The overall aim is to improve services and help Diamond to continue to grow and thrive. Cyber Essentials Certificate. This is to certify that Diamond Light Source Limited Diamond House, Harwell Science and Innovation Campus, Fermi Ave, Didcot OX11 0DE Has been assessed by Yousef Abdulrahman for NCC Group PLC against the Cyber Essentials Scheme Test Specification Level of certification: Cyber Essentials Scope:Diamond LightSource LimitedExternal Infrastructure Certification date: November 21st, 2019 Recommended re-assessment date: November 20th, 2020 Certificate no.: 3724983103737082 This Certificate confirms that the organisation namedwas assessed against the Cyber Essentials Requirements dated i i i i i i l i June 2014, and at the time of testing, the organisation's ICT defenceswere assessed tomeet the Requirements. J , i f i , i i ' I f i . Cyber Essentials Certification indicates that the organisation has implemented a sensible baseline of organisational i l i i i i i i i l i l li f i i l cyber security only, and implies no guarantee of effective defence against commodity cyber attacks circumventing i l , i li f i f i i i i this baseline. Organisations are recommended to define and understand the risks to their organisation and take all i li . i i i i i i ll appropriate action tomitigate or reduce any issues, whichmay require a greater degree of rigour or technical i i ii i , i i f i i l investment than is required for Cyber Essentials alone. i i i f i l l . Recovered Helium quality checking instrumentation to select gas suitable for storage. Graduate Trainee Away Day: Year two cohort help induct the new starters.