Using the Silo RD Environment

Silo is the SSCC's restricted data environment. It's actually made up of two environments with different levels of security. Silo LDS is appropriate for data sets classified as "Limited Data Sets" under HIPAA and other data with similar security requirements. Silo RD is appropriate for data sets classified as "Protected Health Information" under HIPAA and other data with similar requirements. Each environment consists of an isolated file system and servers for running analysis with statistical software installed. This article will discuss using Silo RD. A similar article on Silo LDS can be found here.

Silo RD has a Windows server farm called WinRD which is very similar to Winstat and a Linux server called LinRD which is very similar to Linstat. To log into WinRD you will use the Citrix Receiver installed on your computer. To log into LinRD you will use SecureCRT on WinRD (you cannot log into LinRD directly from your computer). You can also use SecureFX on WinRD to transfer files from your computer to the Silor RD file system.

Computers which log into Silo RD must be specially monitored by SSCC staff. Each Silo RD user will have a designated computer for use with Silo RD. Do not attempt to log in to Silo RD from any other computer.

If you are interested in using Silo, please contact the SSCC Help Desk. Depending on the nature of your data you may still need to get explicit approval from your IRB, the UW-Madison Office of Cybersecurity, or other relevant authorities before you can store data in Silo, but using Silo will expedite that process because it has already been approved for other projects.

This article has the following sections:

Using WinRD

Using WinRD is very similar to using Winstat, but the process of logging in is different and requires some additional setup.

Installing the Citrix Receiver

To use WinRD you'll need to have the Citrix Receiver installed on your computer. Just click on the appropriate link below and then run the installer after it finishes downloading. If you've already installed the Citrix Receiver on your computer in order to use Winstat you do not need to install it again.

See Using Winstat for more information about using the Citrix Receiver.

Setting Up Two-Factor Authentication

Logging into WinRD requires "two-factor authentication." When you log in you'll first be asked for your SSCC username and password and then for a code that appears in Google Authenticator, a free app for your smartphone or tablet. If you do not have a smartphone or tablet, you can purchase a hardware token that will do the same thing for about $15. Contact the Help Desk for details.

To set up two-factor authentication, log into Winstat, click on the Start/Windows logo button, and type sms2 in the search box. This will locate the SMS2 Administrative Console for you, which is the tool you'll use to set up the server side of two-factor authentication. It will start with your name and some other information already filled in but you don't need to fill in anything else on the main screen.

Click on Authentication Options. Set Token generation type to TOTP (time-based). Set Authenticator to Google Authenticator. Then click on Generate Shared Secret and Save Configuration. The shared secret is a alphanumeric code that needs to be entered on your phone, but the program will also generate a QR code that your phone can scan to read it in for you.

Setup for two-factor authentication

Next you'll need to install the Google Authenticator app on your phone. On an iPhone go to the App Store, or on an Android phone go to Google Play. Search for Google Authenticator and then install it and open the program. Tap Begin Setup and then Scan Barcode. Allow Authenticator to access your phone's camera if asked. Then point it at your computer screen until it reads the QR code successfully. (We have seen Authenticator have difficulty with some laptop screens. If it fails to read the code try again on a desktop computer or another laptop, or enter the information manually.) Authenticator should then show a six digit number which will change every thirty seconds. You are now set up to use two-factor authentication.

Logging In

To log in to WinRD, you will need go to the web site silo.ssc.wisc.edu. On a Windows PC use Internet Explorer, and on a Mac use Safari. The web browser may not recognize that the Citrix Receiver is installed and prompt you to install it; you can bypass that by clicking Log in. If you're asked to give permission for programs to run, do so.

At the login screen, first give your SSCC username and password as usual. You'll then be asked for a Message challenge. Open the Authenticator app on your phone and type in the number you see there. It's okay if the number changes while you're typing it: there's a "grace period" during which the server will accept a number after it has expired on your phone.

The Silo File System

Silo RD uses a Linux-based file system. It is separate from the SSCC's main Linux file system, but we've given the drives the same names. Thus Z: is your home directory on WinRD, and project folders are found on V:.

Unlocking a WinRD Session

A WinRD session will automatically lock after 15 minutes of idle time. You can't unlock it by pressing Ctrl-Alt-Del as usual because that will affect your computer rather than your session on the server. Instead, expand the Citrix Receiver control bar at the top of the screen and click Ctrl+Alt+Del there. You will then be asked to give your username and password.

Controls for the Citrix Receiver, including Ctrl+Alt+Del

Using LinRD

Using LinRD is very much like using Linstat, especially if you're used to using SecureCRT to log into Linstat. You will need to run SecureCRT on WinRD rather than your own computer.

Setting up SecureCRT

Start SecureCRT. If you get an initial window asking you to set a configuration passphrase, choose the Without a configuration passphrase option and click OK.

Dialog for choosing not to use a configuration passphrase

This will give you a "Quick Connect" window. Click Cancel to get the Session Manager instead so you can set up a permanent session for connecting to LinRD rather than entering its information every time. If you don't see the Session Manager window, click on the Session Manager tab on the left side of the window.

Click the plus sign (+) right under Session Manager to create a new session.

Session manager

On the first screen just click Next, because the default protocol, SSH2, is what you want to use.

Choosing the protocol

In the Hostname box type linrd.ssc.wisc.edu. If you type your SSCC username in the Username box you won't have to type it every time you log in.

Setting the hostname

In the next window you can enter a more user-friendly name for this session if you like, or just click Finish and it will be called linrd.ssc.wisc.edu.

Setting the session name

When you return to the Session Manager you can log into LinRD by double-clicking on the new session.

The Silo File System

Silo RD uses a Linux-based file system. It is separate from the SSCC's main Linux file system, but we've given the directories the same names. Thus your home directory is /home/{first letter of your username}/{username} and project directories are under /project just like on Linstat.

Using Secure FTP to Transfer Files

You can use Secure FTP to transfer files from the Silo RD file system to the Silo LDS file system or from your computer to the Silo RD file system. If you're comfortable using command-line SFTP, you can run it on LinRD. If you prefer a graphical user interface, use SecureFX on WinRD.

Setting Up SecureFX

Start SecureFX. If you get an initial window asking you to set a configuration passphrase, choose the Without a configuration passphrase option and click OK.

Choosing not to use a configuration passphrase

This will give you a "Quick Connect" window. Click Cancel so you can set up a permanent connection rather than entering the necessary information every time. Then click the Connect button on the far left.

Clicking the connection button

Click the plus sign (+) to create a new connection. If you need to transfer files both to the Silo LDS file system and from your computer, you'll need to carry out the this process twice, once for each process.

Creating a new session

If you are transferring files to the Silo LDS file system, set Protocol to SFTP. If you are transferring files from your own computer, set the Protocol to FTP/TLS (explicit). Then click Next.

Choosing the protocol

Next enter the name of the computer you want to transfer files to or from. To transfer files to the Silo LDS file system, enter linlds.ssc.wisc.edu. To transfer files from your computer, enter the full name of your computer, including .ads.ssc.wisc.edu. If you don't know your computer's name, right click on Computer and choose Properties. It will be near the bottom.

Setting the hostname

In the next window you can enter a more user-friendly name for this session if you like, or just click Finish and the name will be the full name of the computer it connects to.

Choosing a session name

Unfortunately you're not quite done. Right-click on the new session and choose Properties, then uncheck the box for Use outgoing data connections (PASV) and click OK.

Unchecking PASV

Now it's ready for use.

Working in the Silo RD Environment

Once you've logged in, WinRD behaves just like a regular Winstat server and LinRD behaves just like a regular Linstat server, with a few important exceptions:

  • They cannot access the Internet. This can affect programs in unexpected ways: for example, Stata's findit command takes much longer to run than usual and then only gives partial results, because it tries to reach Stata's web server and does not display any results until that attempt times out. Fortunately the results it does give are the ones you're most likely to need.
  • Stata ado files and R packages must be installed by the system administrators. Send requests to the Help Desk. Unlike on Winstat and Linstat, ado files and packages will be installed such that everyone can use them and must be updated by SSCC staff when new versions are released.
  • You cannot copy and paste between WinRD and your own computer.
  • WinRD cannot access disk space on your computer except via Secure FTP.
  • You cannot print from WinRD or LinRD.
  • WinRD and LinRD do not have as much software installed as Winstat and Linstat, but let us know if there is any additional software you need.

Silo Downtime

Silo has a downtime from 7:00am-9:00am on the first Wednesday of the month for security updates.

If you have any questions about using Silo, feel free to contact the Help Desk.

Last Revised: 10/26/2016