(sysadmin_onboarding)= # System Administrator onboarding Start by following the {ref}`trusted_research_team_onboarding_guide`. ## Pre-requisite steps - Ensure you can connect to the Turing VPN via GlobalProtect (see Settings and choose the `vpnr.turing.ac.uk` portal) - If you don't have this installed or run into issues, email `ITServices@turing.ac.uk` - Set up your [Turing Azure account](https://mathison.turing.ac.uk/Interact/Pages/Content/Document.aspx?id=2432) following the steps on Mathison if don't already have one - Ask an existing member of TRESA to give you access to [TRESA Sharepoint](https://thealanturininstitute.sharepoint.com/sites/tresa/SitePages/Home.aspx) (it's probably a good idea to bookmark this) - Ask an existing member of TRESA to add you to the Azure `Safe Haven Production Admins` group on Azure after they are satisfied you have completed required training (see header below) - Install the [DSH pre-requisites](https://data-safe-haven.readthedocs.io/en/latest/deployment/index.html#requirements) but do not follow the rest of the installation guide ## Required training and user account details As an admin, you will have access to sensitive data held within the TREs deployed to production at the Turing. As such, we require that you complete the trainings needed to handle any kind of data that might include. In addition, it's useful to have set up non-privileged user account that you can use to log into deployed environments for testing purposes. - Add your details to the **{menuselection}`Documents --> information_governance --> all_users_and_projects`** spreadsheet in the TRESA Sharepoint, and assign yourself an `admin` role. - Complete all of the training guides below, and save your certificates to the `information_governance` -> `TRESA certificates` folder: - {ref}`training_gdpr` - {ref}`training_elfh` - {ref}`training_mrc` - Update the `all_users_and_projects` spreadsheet with the completion dates of these trainings - Upload the certificates to the **{menuselection}`information_governance --> TRESA certificates`** folder (shm_setup)= ## Getting set up with the Safe Haven Management Environment - Ask an existing member of TRESA to [create a Microsoft Entra ID administrator account](https://data-safe-haven.readthedocs.io/en/latest/deployment/configure_entra_id.html#create-additional-administrators) for you. - For this, you'll need to provide your phone number and institutional email address - Activate your Microsoft Entra ID admin account, by following [the user guide](https://data-safe-haven.readthedocs.io/en/latest/roles/researcher/new_user_setup.html#password-and-mfa) - Go to `entra.microsoft.com` and check you can log in with this account ## Create a test deployment and practice TRESA tasks - Ensure you are set up on the production SHM (`prod5`) by following the steps above - You should now be able perform all of the TRESA tasks during a project - In particular, we suggest to practice doing the following: - {ref}`process_project_initiation` - use the same Azure Subscription for your SRE as the production SHM (`prod5`) - {ref}`deploy_dsh_sre` - {ref}`process_user_account_creation` - add your own user account to the SRE you set up and check you can log in - {ref}`teardown_tre` - {ref}`delete_data` ## Prepare for Data Study Groups (DSGs) See the {ref}`dedicated DSG page ` for more details.