Hi
Does anyone have any experience with running educational Jupyter environments in secure settings (prisons)?
Or even any experience with trying to get permissions to do such a thing?
I’m trying to review the possible options, and if anyone’s been down this path before it’d be useful to learn from your experiences…
–tony
There is some ongoing work to make GitHub - nebari-dev/nebari: 🪴 Nebari - your open source data science platform (which includes JupyterHub) work in secure environments (including no internet access and internal mirrors for select resources). Whether that would be helpful for you depends on your timescales, I think if you deployed it today it would still require some manual configuration to make it work.
I’m running Jupyterhub inside a Docker container, in a Linux VM not connected to the internet. This involved:
Further, I am using conda-pack to add virtual environments to the offline Jupyterhub container. A bit clunky, but it works for ~20 users or so.
If you need I can give you more details
Thanks… will check it out…
Hi Luca
We currently use a Docker image for delivering a hosted environment as well as encouraging students to run the same image locally.
But VMs/Docker containers are not an option within the secure environments we are looking to support.
–tony
@psychemedia - I’m not sure I understand the problem: isn’t this just a case of a *nix box in their intranet, prebuilt with Juyterhub?
[yes, there are questions about user logins & boxen built externally being added to the intranet - but those issues must already exist & have solutions]
Jupyterhub would, on the surface, appear to be the solution you need?
The only real challenge I see is that the teaching/usage side would not allow users to to pip install BlackHatHackery [other packages are available]
Like @Luca_Schippa - The Noteable service provides jupyter notebooks as an on-line service… there’s very little that we use that’s difficult - it just requires [human] resources to manage: We have a platform to manage 1000’s of simultaneous users, and architecture to manage external authentication across multiple customers - but how much of that would apply to an Intranet?
@perllaghu Have you ever tried running things for students within arbitrary prison institutions In England & Wales, and in Scotland? If so, would be good to talk.
Not at all… I’m asking what I’m failing to appreciate as a challenge.
I guess one the basic questions is whether you know what the state of a prison intranet is* - without knowing the general restrictions of their internal network, any proposed solution would be just guesswork
[*] This is possibly informative: https://hansard.parliament.uk/commons/2024-02-26/debates/C8110F7E-4BF3-4562-B2F2-56397EA6C592/SocialMediaAccessInPrisons
… and NEW REPORT | Digital Technology In Prisons: Unlocking relationships, learning and skills in UK prisons - The Centre for Social Justice is from 2021
… finally, How the Content Hub is taking on accessibility – Justice Digital indicates there is a closed intranet, and a jupyter-esque service would need to be centrally provided.
If VM/Docker are not an option, Jupyterhub in the TLJH distribution is actually made to work on a “bare metal” machine. The problem is that the Jupyterhub server will occasionally need to have connection to the internet for first install, updates and installing new packages, as far as I know. Further, I don’t know what is allowed or not in a prison’s network environment.
My understanding is that the sys admins are very conservative with what can be installed, and very guarded on the ability of individuals being able to use machines to share anything with anyone.
For the small numbers of students in such environments, installing any new desktop application is a difficult process, and I imagine installing a web service, and particulalry one that supports the authoring and execution of arbitrary code, is another level of difficulty because of the perceived risk.
My edu institution runs an authenticated Moodle environment on its own subdomain that can be accessed from secure environments (SEs); we also host Jupyter notebook servers on another subdomain for the main body of our other students. To run that service for SE use requires three consultative battles, and convincing: 1) the notebook service admin; 2) central IT; 3) every separate SE IT admin (and probably, separately, every SE governor). Then there are the costs of securing and proving the security of the service and questions about who does what. In this context, the ripples of “just” do X spread a long way.
As well as the JupyerHub style webservice offering, three other things I am exploring are the possibility of:
Any install in the first instance would probably be from physical media (remember CD/DVD-ROMs??!