SEAD administrators instruction guide

The SEAD administrator interface is the primary platform for all SEAD administrators. Depending on the provisioned level of the person accessing SEAD (i.e. Pod Owner, Administrator, Read-Only Administrator), the navigation objects available will look slightly different as each role enables varying levels of accessibility to certain functions (e.g. Pod Owners will also have a Banner Messages and Administrators tab). 

To access the SEAD portal, follow the instructions provided in the user guide. 

As an administrator, your interface will enable you access to information about the various operational objects in the system: Projects, Products, Users, Virtual Machines, Packages, Organisations, Desktop Sessions and Tags. The Projects page is the default starting page. 

You can view the actions performed in the user interface by clicking the ‘Action Log’ tab from the navigation panel. You can also download CSV reports for each object page (Indicated above).

Note: The Package Manager is read only to SEAD administrators, as this is managed by the ABS. For more information refer to Code and Package Loads.

NOTE: An organisation must be created before new projects are created, or new users can be registered in SEAD.

To create a new Organisation, select the ‘Organisations’ tab from the side navigation panel. 

  From the Organisations page, click on the ‘NEW ORGANISATION’ button presented at the top of your screen

This will direct you to the New Organisation Form. All fields are mandatory, with the exception of tags. 

Once you have completed the New Organisation Form, click on the green ‘SUBMIT’ button presented on the bottom of your screen. 

Once you have pressed ‘SUBMIT’, you will be asked to confirm that you wish to create a new organisation, proceed by clicking ‘Yes’. 

The system will then begin to create your new organisation. You can view the progress of the task via the Action Log. 

To delete an organisation, locate the organisation from the Organisations page then click the Actions icon (three dots) along the same row as the organisation you are wanting to remove and select 'Delete'.

You will be asked to confirm the action. If deleting the organisation is your intention, proceed by clicking ‘Yes’ on the following window.

To edit an organisation, locate the organisation from the Organisations page then click the Actions icon (three dots) along the same row as the organisation you are wanting to update and select 'Edit'.

This will redirect you to the Update Organisations page. You can change the organisations name, ABN, and the associated tags. Once you have made your updates, click ‘Submit’. 

You will be asked to confirm the action, proceed by clicking ‘Yes’. 

As an administrator, you can register new users in SEAD. Administrators should create the user organisation before beginning this step. Start by clicking on the ‘Users’ tab from the side navigation panel on your left.

You will be presented with the Users page which showcases all registered users within your SEADpod. You can also download a CSV report of all registered users by clicking Export (circled red). To continue to the registration process, you will need to click on the ‘NEW USER’ button presented at the top of your Users screen. 

You will be re-navigated to the new User Registration Form. All fields within the form are required to be populated with the exception of Tags. It is recommended to use a standardised format for the username i.e. firstname.lastname. A username cannot be used across multiple SEADpod's. If a user does require access to more than one SEADpod, they will need to be allocated a separate username. Once you have populated the registration form with the new user’s details, click ‘Submit’. 

NOTE: Any leading or trailing spaces may cause the registration to fail.

Once you have pressed ‘Submit’, you will be asked to confirm that you wish to create a new user. If creating a new user is your intention, proceed by clicking ‘Yes’. 

NOTE: The user registration form provides the opportunity to ‘opt out of emails’ , these emails are system generated emails that notify users of failed actions, impending rebuilds and other system related tasks. By default, users will receive these system emails.

After confirming that you are intending to create a new user, you will be met with a pop-up notification advising that the user creation is in progress and the users login details will be emailed to them via automated system notification. The user will shortly receive an email which contains their SEAD username and a temporary single use password that they will need to change on their initial login.

NOTE:  If the 'Welcome Email' box is not selected during account creation, an email will not be generated. To send the welcome email to the user manually, administrators can navigate to the users profile and select the 'SEND WELCOME EMAIL' button. This email can only be delivered once.

After confirming that you are intending to create a new user, the task will immediately begin initiating. You will be presented with a notification banner at the top right of your screen advising that the new user creation is in progress. You can follow the progress of this task by clicking the ‘LOGS’ button within the notification. 

The ‘LOGS’ button will redirect you to the Action Log which showcases all actions undertaken within the SEADpod. As you can see below, the create user action was successful after a few moments.

NOTE: Login credentials are automatically delivered to new users. To access the system, users will need these details, and the supported multifactor authentication app, Microsoft Authenticator.

The details of an existing user can be edited. All registration details for a user can be modified, with the exception of the username. This includes the user's name, email, contact number, organisation, and associated tags. To edit these details, navigate to the Users page by selecting the ‘Users’ tab from the side navigation panel. Once you are on the Users page, you will be able to select the user you wish to edit by clicking on their hyperlinked username. If the user is not immediately available, type their name into the search bar.

TIP: If you are having difficulty finding a user that has an existing account, try deselecting the ‘Status not equals ‘INACTIVE’’ search filter from beneath the search bar. By doing so, all users, irrespective of whether or not they are active will appear in your results. 

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To edit this information, click on the ‘Edit’ button on the centre/top right of the page.

Clicking on the Edit button will redirect you to the Update User page which follows the same template as the user registration form. As mentioned previously, all fields can be modified with the exception of the username. Make your updates, then click ‘Submit’. 

Once you’ve pressed ‘Submit’, you will be asked to confirm that you wish to update the user. If this is your intention, proceed by clicking ‘Yes’. 

Just like all actions undertaken within SEAD, a  notification banner will appear in the top right advising that the requested task is in progress. In this instance, the task was completed instantly, and therefore, the notification advises that the task was successful. You can click the ‘Logs’ button within the notification to view the task in the Action Log.

Within the Action Log, you can view the changes made to the User by looking at the ‘Remarks’. You can also view the changes to the User’s information by navigating back to the User’s information page.

As an administrator, you can disable a user’s account. This removes their access to the SEAD environment and the user interface, while retaining the account information itself. Disabled accounts can be enabled later if needed (refer to Restore users). To disable a user’s account, navigate to the Users page by selecting the ‘Users’ tab from the side navigation panel. Once you are on the Users page, you will be able to select the user you want to disable by clicking on their hyperlinked username or typing their name in the search bar.

NOTE: A disabled account will still incur a license charge. It is therefore recommended that users are evicted (refer to Evict Users) rather than disabled. To understand the difference, refer to Frequently Asked Questions.

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To disable the user’s account, click on the ‘DISABLE’ button at the top/centre of the page.

Once you have pressed ‘DISABLE’, you will be asked to confirm that you wish to disable the user. If disabling the user is your intention, proceed by clicking ‘Yes’. 

Just like all actions undertaken within SEAD, you will be presented with a notification banner on your top right advising that the requested task is in progress followed by a notification advising the completion status of the task.

Once a user account has been disabled, the user’s status will show as ‘DISABLED’ from the User’s page. 

As an administrator, you can evict a user. Evicting a user removes their access and closes their account. The account can be restored by the administrator, but the user will be required to go through account setup processes again i.e. password and authentication. To evict a User, navigate to the Users page by selecting the ‘Users’ tab from the side navigation panel. Once you are on the Users page, you will be able to select the user you want to evict by clicking on their hyperlinked username.

NOTE: A user must first be removed from all Projects before they can be successfully evicted from SEAD. To remove a user from all projects, refer to Removing users from a project.

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To evict the user, click on the 'EVICT’ button at the top/centre of the page.

Once you have pressed ‘EVICT’, you will be asked to confirm that you wish to evict the user. If evicting the user is your intention, proceed by clicking ‘Yes’. 

Just like all actions undertaken within SEAD, you will be presented with a notification banner on the top right of the screen advising that the requested task is in progress. In this instance, the task was completed instantly, and therefore, the notification advises that the task was successful. You can click the ‘Logs’ button within the notification to view the task in the Action Log.

Once a user account has been evicted, their account will no longer be immediately visible from the User’s page. However, this does not mean that the record of their account has been permanently deleted. You can still find records for evicted users by searching for that user's name in the search bar. Be aware that in order to find the evicted user’s information, you will need to deselect the ‘Status not equals ‘INACTIVE’’ search filter from beneath the search bar. 

The user account status will show as ‘INACTIVE’ from the User’s page. You can still view the user’s information by clicking on their hyperlinked username. 

As an administrator, you can restore the account of an evicted user. To restore an evicted user, navigate to the Users page by selecting the ‘Users’ tab from the side navigation panel. Once you are on the Users page, you can search for the evicted user via the search bar. In order to find the evicted user, you will need to deselect the ‘Status not equals ‘INACTIVE’’ search filter from beneath the search bar. 

Once you have located the evicted user, open their user information page by clicking on their hyperlinked username. 

From within the user information page, you will see a button on the top/centre of the page that says ‘RESTORE’. Click this button.

Once you have pressed ‘RESTORE’, you will be asked to confirm that you wish to restore the user. If restoring the user is your intention, proceed by clicking ‘Yes’. 

After confirming that you are intending to create a new user, you will be met with a pop-up notification advising that the user creation is in progress and the users login details will be emailed to them via automated system notification. The user will shortly receive an email which contains their SEAD username and a temporary single use password that they will need to change on their login.

Check that the restoration of the user account was successful by paying attention to the action status banners or checking the Action Log.

The user account status will now show as ‘ACTIVE’ from the User’s page. 

Accounts that have been disabled by the administrator (refer to Disable users), or automatically disabled following 45 days of inactivity, will need to be enabled by the administrator.

To enable a disabled account, navigate to the Users page by selecting the ‘Users’ tab from the side navigation panel. Once you are on the Users page, you can search for the evicted user via the search bar. Once you are on the Users page, you will be able to select the user you want to enable by clicking on their hyperlinked username or typing their name in the search bar.

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To enable the user’s account, click on the ‘ENABLE’ button at the top/centre of the page.

Once you’ve pressed ‘ENABLE’, you will be asked to confirm that you wish to enable the user. If enabling the user is your intention, proceed by clicking ‘Yes’. 

Just like all actions undertaken within SEAD, you will be presented with a notification banner on your top right advising that the requested task is in progress. The task was completed successfully and can be viewed from the Action Log by clicking the ‘Logs’ button within the notification. 

Administrators can reset passwords for SEAD users. Start by navigating to the Users page from the side navigation panel. Once you are on the Users page, you will be able to select the user whose password you want to reset by clicking on their hyperlinked username. If the user is not immediately available, type their name into the search bar.

NOTE: Pod Owners can reset administrator passwords using the following instructions but through the ‘Administrators’ tab rather than the ‘Users’ tab. 

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To reset their password, click on the ‘’Reset Password” button on the centre/top of the page.

Clicking on ‘Reset Password’ will prompt a confirmation window, click ‘Yes’ to proceed. 

You will then be met with a pop-up advising the password has been reset. The user will receive an email containing a temporary password which will need to be changed the next time they sign in.

NOTE: The temporary password is valid for 90 days 

Administrators can reset the Multi-Factor Authentication (MFA) for SEAD users. The 'RESET AUTH METHODS' action will reset all authentication methods for the user, including their MFA and self-service password recovery options. To do this, navigate to the Users from the side navigation panel. Once you are on the Users page, you will be able to select the user whose authentication methods you want to reset by clicking on their hyperlinked username. If the user is not immediately available, type their name into the search bar. Once this action is complete, users will need to re-register their MFA and self-service password recovery details.

Clicking on the hyperlinked username of your selected user will direct you to that specific user’s information page which showcases their basic attributes, virtual machines, account settings and associated tags. To reset their MFA, click on the ‘’RESET AUTH METHODS” button on the centre/top of the page.

Clicking on ‘Reset Auth Methods’ will prompt a confirmation window, click ‘Yes’ to proceed. 

Unlike the process for resetting a user password, the system does not automatically notify the user that their authentication methods have been reset. Administrators will be required to let the user know this action has been taken. It is up to the user to then go through the steps for setting up their MFA. 

If users encounter issues authenticating their MFA, ask them to undertake the following troubleshooting steps:

• Ensure the phone is connected to the internet
• Turn off battery optimisation
• Restart phone
• Ensure push notifications are enabled on the users mobile device
• Ensure the use has the latest App version installed
• Ensure the user has the latest OS version installed
• Clear phone cache

From the Projects page you can view a list of all projects ever created in the SEAD environment and basic details about them, such as their start and end dates, status, and a brief description of the project. You can adjust the filters (circled blue) to search for a specific project based on various criteria. You can also download a CSV report of all the listed projects by clicking Export (circled red). Clicking on a project ID (circled black) will take you to the project specific page where you can view the information about the project in more detail. 

NOTE: The Lead Researcher is simply a key contact for the project, they do not have different accesses, nor do they receive a VM. 

The project specific page also contains a Cost Analysis field. The Cost Analysis field should be considered indicative only (as per Microsoft advice) as final billing is subject to change and may be latent or include charges that are not displayed. Cost data available to SEADpod administrators is at the Project level only, at monthly granularity, split between general usage (storage, VMs, networking) and Databricks usage (if applicable) and does not include broader licensing costs. 

NOTE: ABS will also provide a 6 monthly summary snapshot, which will include system usage that is visible in the system, as outlined above (storage, VM’s, networking), along with broader licensing charges (inc. Microsoft & Azure Active Directory). Additional invoicing will be considered at this point, based on how you’re tracking with a final true-up invoice at the end of the year or credit carry over.

To create a new project, click on the ‘New Project’ button presented on the middle of the Projects page. 

This will direct you to the New Project Form. The form contains four pages of required information spanning from Basics, Users, Products and Review. (Administrators should create dependant users or products before beginning this step). Once you have populated each page, navigate to the next page by clicking the ‘Next’ button on the bottom right of the screen. You can also navigate back to the previous page by clicking the ‘Back’ button beside it. 

NOTE: Your Project ID should begin with your two or three letter (lowercase) SEADpod identifier (refer to Fig. 1.), followed by up to six spaces for your remaining numerical identifiers of choice (e.g. pb2332023)  

NOTE: The Project ‘End-date’ is for management information only and does not impact user access post end-date.

Once you have progressed through the New Project Form, click on the ‘FINISH’ button that is now presented on the bottom right of your screen. 

Once you have pressed ‘FINISH’, you will be asked to confirm that you wish to create a new project, proceed by clicking ‘Yes’. 

The system will then begin to create your new project, this may take up to 5 minutes to complete. You can view the progress of the task via the Action Log. 

NOTE: Project folders are backed up each night and kept for 14 days. 

You can modify a range of information about a project, including the default Virtual Machine size. To edit the information about a project, navigate to the projects tab and click on the hyperlinked project ID. 

Once you have clicked the hyperlinked project ID of the project you wish to edit, click on the green ‘EDIT’ button at the top of your screen.

This will take you to the Update Project page where you can modify information about the project. Once you have completed your edits, click the ‘Save’ button to action these changes and update the project.

To assign a user to a project, navigate to that specific project’s page by clicking on the hyperlinked project ID. 

Next, click the ‘ASSIGN USERS’ button at the top of the specific Project page.

This will take you to the Assign User page, where you can add users to the project by selecting their accounts from the first drop-down menu (circled red). You can assign multiple users at once using the drop-down arrow (circled black). You will also need to select the size and type of the virtual machine for this user via the first (circled red) and second (circled blue) drop-down menus. You can select different VM versions (circled orange) depending on user specifications. Click the (?) icon next to each of these menus (circled green) for more information about the available sizes and types of machines available.

NOTE: The appropriate Virtual Machine size will depend on the needs of the user and the broader project requirements (e.g. whether SAS is needed, the number and complexity of the data files the user will be working with, etc.) 

Once you have selected the user and the appropriate virtual machine size and type, click the ‘ASSIGN USER(S)’ button at the bottom of the page to add this account to the project.

To remove/unassign a user from a project, navigate to that specific project’s page by clicking on the hyperlinked project ID. 

To unassign a user from a project, click the ‘REMOVE USERS’ button at the top of the specific project page.

This will take you to a drop-down menu where you can select the user you want to remove from the project. You can select multiple users at once. Once you’ve selected the user(s), click the ‘REMOVE USERS’ button below to detach the selected user(s) from the project.

Once you have pressed ‘REMOVE USERS’, you will be asked to confirm that you wish to the user, proceed by clicking ‘Yes’. 

If a user is no longer required to have access to any projects, you can remove them from all projects. To do this, navigate to the Users page from the navigation panel on the left. A user must be removed from all projects before they can be evicted.

Locate the user from the existing list, or search from them using the search bar and clicking on the hyperlinked username which will direct you to that specific user’s information page.

To remove user from all projects, click on the ‘REMOVE FROM ALL PROJECTS’ button at the top/centre of the page.

Once you have pressed ‘REMOVE FROM ALL PROJECTS’, you will be asked to confirm that you wish to remove the user from all projects. If removing the user from all projects is your intention, proceed by clicking ‘Yes’. 

To close a project, navigate to that specific project’s page by clicking on the hyperlinked project ID. 

To close a project, click the ‘MORE…’ button next to the green ‘EDIT’ button at the top of the page and select ‘Close Project’. Ensure users on the project have requested clearance of all necessary files/data from their project before closing, refer to the note directly below regarding archiving and deletion.

NOTE: Closed Projects data will be archived after 30 days since their closed date and will continue to appear in Azure Storage Explorer during that time. After the 30 days, data from P: (Project) and O: (Output) file shares will be moved from the Project's storage account to a dedicated archive storage account. The Project's storage account will then be deleted, and the Project's status will be “ARCHIVED”.  The ability to restore a Project will no longer be available after the 30 days grace period but archived data after the 30 days can be restored at a cost. Recovering archived data can only be performed by ABS System Administrators. Databricks Blob Storage will not be archived.

You will be asked to confirm that you wish to close the project, proceed by clicking ‘Yes’. 

You can start a new project based on an existing one by cloning the details and contents of it to a new one, saving time and effort. To do this, navigate to the project you wish to clone by clicking on the hyperlinked project ID. 

To clone a project, click the ‘MORE…’ button next to the green ‘EDIT’ button at the top of the page and select ‘Copy details to a new Project’. 

This will direct you to a new project form which will be pre-filled with the selected project’s details. The only information that you will be required to update is the project ID, as the clone is simply a copy of an existing project, not a replacement. 

Once you have progressed through the new project form, click on the ‘FINISH’ button that is now presented on the bottom right of your screen. 

Once you have pressed ‘FINISH’, you will be asked to confirm that you wish to create this project, proceed by clicking ‘Yes’. 

The system will then begin to create a new project encompassing all the details and contents of the cloned project. This may take up to 10-20 minutes to complete. You can view the progress of the task via the Action Log. 

To view products available for linking to Projects in SEAD, you will need to open the Products page by clicking on the ‘Products’ tab from the side navigation panel on your left.

On the Products page you can view a list of products available for linking (refer to Linking Products to Projects). You can adjust the filters (circled blue) to search a specific product based on various criteria. You can also download a CSV report of all products by clicking Export (circled red).

To create a new product shell in order to link data to projects, you will need to open the Products page by clicking on the ‘Products’ tab from the side navigation panel on your left. 

To create a new product shell, click on the green 'NEW PRODUCT’ button at the top of the screen. 

This will take you to the New Product page. Fill in the required information including any necessary tags, for the product shell you wish to create (in order to link data to) in the spaces indicated. Be aware that the short name for your product may only contain lower case characters, hyphens and numbers. Hyphens cannot be at the start or end of the name, or adjacent to another hyphen. Once complete, click Submit. This will prompt a confirmation with a pop up, and a green confirmation message at the top right of the previous screen once confirmed this can take a few moments – the completed action will also appear in the action log.

NOTE: This step will not make any data available yet, you will still need to link the created product to a project and add the data through Azure Storage Explorer to this data product shell, refer to ’Linking Products to Projects’ for how to do this.

To delete a product, locate the product from the Products page then click the Actions icon (three dots) along the same row as the product you are wanting to remove and select 'Delete'. 

You will be asked to confirm the action. If deleting the product shell is your intention, proceed by clicking ‘Yes’ on the following window.

To edit a product, locate the product from the Products page then click the Actions icon (three dots) on the same row as the product you are wanting to edit and select 'Edit'. 

This will redirect you to the Update Product page. You cannot change the product short name or long name, only the associated tags. Once you have made your updates, click ‘Submit’. 

You will be asked to confirm the action, proceed by clicking ‘Yes’. 

If a user has a file open while an administrator is attempting to modify or delete the product, they will receive an error advising that the product is locked by a user. Administrators can unlock a product which means to force remove any file handles on the files within the product. 

To unlock a product, click the Actions icon along the same row as the product you are wanting to unlock and select 'Release file share locks'

This will present the following confirmation window. Be sure to warn the user ahead of unlocking the product as this will close their session. Once you are ready to proceed, click ‘Yes’. 

Tagging allows administrators to create searchable tags and link them to objects from within each object interface (User, Project, Product, Organisation). To create tags, go to the tag tab in the Administrators portal from the left-hand navigation bar. Tags can assist in the management and navigation of these objects. Tags are not a necessary tool if you organisation does not wish to use them.

NOTE: Tags are not visible to users/analysts and only appear within the administrators portal/user interface.

From the Tags page, you can view and search all current tags. You can also download a CSV report of all tags by clicking Export (circled red). To create a new tag, click on the ‘NEW TAG’ button presented at the top of your screen.

Add the required ‘Tag Name’ and ‘Tag Values’, hitting ‘add’ on the right after each value is entered. The values will then appear beneath the ‘Tag Values’ field. Add as many values as needed, however, this should be a focused few variables. Values can be removed/deleted by hitting the grey ‘X’ beside the newly added values. Once you are satisfied with the variables added, hit ‘Submit’ which will prompt a confirmation with a pop up, and a green confirmation message at the top right of the previous screen once confirmed.

Tags can then also be edited and deleted after this step, by selecting either 'Delete' or 'Edit' from the Actions icon on the main ‘Tags’ interface.

The created tag and desired values will then be available from either the ‘user’, ‘projects’, ‘products’ or ‘organisation’ objects tabs in the GUI when creating a new item or editing an item in each of the objects. Select the tag label created previously and select ‘Add’ on the right, similarly to when creating the tags to attach them to the object.

Once the object (user, project etc) has been created, when actually entering the particular object the tags will appear in the accompanying info.

Created tags can then be filtered and searched as a variable in each of the object interfaces (user, project etc) as below.

NOTE: Any Tags on an object will appear on the front page view of the Projects page, as well as the exported CSV list of that particular view.

NOTE: You can hover your curser over the Tag icons for a glance view of what the linked Tags represent.

The default method of loading data to SEAD is to use Microsoft Azure Storage Explorer, which will need to be setup and managed by your organisations ICT department. Ensure that when you are arranging access to Azure Storage Explorer that you have access to V1.36 or later available. To open Azure Storage Explorer, search for the application in the start menu of your virtual machine, then click open.

NOTE: If users/analysts are using Azure Data Lake containers with Databricks, Azure Storage Explorer is available inside user's VM's as an alternative to AzCopy to manage and transfer their files between your file share drives (output, project, etc) and blob storage. Users can refer to the 'Azure Storage Explorer User Guide' in the shared library drive for more information. Users/analysts do not have access to upload or download data via Azure Storage Explorer outside of their virtual machine. Data ingress and egress to SEAD is managed by data administrators only. 

Some organisations may require users to configure a proxy for web connections. Relevant organisation ICT support may need to provide the following to SEAD owners to configure the proxy settings in ASE:

• a proxy address and port to allow ASE to reach the internet.
• If the proxy requires authentication, the credentials that should be used to log in.

If unsure, contact your relevant organisation ICT support to assist. 

To configure proxy settings in ASE, from the options menu select 'Edit' and 'Configure Proxy':

From the proxy settings, depending on your organisations requirements you will need to select the Source, URL, Port, and if required, a username and password. Then select 'Done'.

If you are having issues authenticating or accessing the storage accounts after configuring the proxy settings you can try to configure the proxy through the settings menu, ensuring that the 'Auto manage proxy settings' option is disabled. 

To access proxy configuration from the settings menu, select the Settings cog and locate the Proxy details from the application settings:

Within the application, click on the person icon on the top left of your side menu bar and select ‘Add an account’.

On the following ‘Select Resource’ window, select ‘Subscription’.

On the following ‘Select Azure Environment’ window, select ‘Azure’ then press ‘Next’.

The system will redirect to a browser window.

Enter your mydata.abs.gov.au username/or select your account.

Log in, then return to Azure Storage Explorer. You will now have your account added and you can access the SEAD products and project files. 

The below message appears when you have been timed out of the system: 

Follow this path also if you can’t see any of the files/file containers after logging in, your session may have timed out and you need to re-authenticate.

To manage this, select ‘Manage Accounts’ from the reauthentication notification at the top of your screen.

Then select the profile (person icon) from the menu bar on the left and select 'Reauthenticate now' beneath the account you are reauthenticating.

Follow the prompts for username and password. 

Once authenticated, the browser will display the following message:

NOTE: In some cases, you may receive a notification stating that the page cannot be reached. If this occurs, close the window and return to Azure Storage Explorer where your account will be active. If it is not active, refresh your view. 

NOTE: It is the responsibility of the SEADpod Project Owner to ensure compliance with the Project Owner’s legal requirements, rules and obligations pertaining to data input and outputs. 

Storage Accounts are accessible under the 'DataLab-Prod' subscriptions to authenticated administrators. There may be multiple DataLab subscriptions visible to SEAD Administrators Azure Storage Explorer, each containing different storage accounts. Storage accounts are spread across multiple subscriptions as a result of load-balancing mechanisms in place to manage Azure limitations. SEAD administrators do not have permission to move projects to specific subscriptions.

There are three different types of 'Storage Accounts' in Azure:

• Product storage account, identified by the storage accounts starting 'prdct'. There will only be one Product storage account per SEADpod. This storage account lists all available products in the SEADpod. Users are not able to write to this drive in their VM.
• Project storage, identified in Azure starting with the ProjectID. There will be one storage account in ASE per Project created in the SEAD portal. The Project storage account allows access to the Projects and Outputs Drive for that project.
• Library drive, which is only accessible to ABS administrators.

NOTE: Depending on the number of storage accounts in your SEADpod, it may be easier to use the search function in ASE to locate the storage account you are wanting to access.

Firstly, you must create a product shell from the SEAD administrator interface (refer to Creating Products). Creating the product shell from the SEAD web portal will enable an Access Control List (ACL). ACL's specify who can access a resource and the actions they are able to perform. Users will have to log out and back in again for new linked products and subsequent files to become available and access control lists to refresh. Product shells made directly in Azure Storage Explorer are not configured with ACL protection and will not be accessible to end users.

Return to Azure Storage Explorer after creating your product shell, ensuring your Azure account is activated (refer to Setting up Azure Storage Explorer) and locate the Product storage account, open ‘File Shares’ and select the products container.

Tip: Right-click on the product folder and select 'Pin to Quick Access' to allow you to quickly locate the product folder instead of searching through the list of folders.

Locate the product shell you created in SEAD previously by inputting the short name in the top right corner search box or scrolling to it.

Click on the folder. This opens the folder you created in SEAD.

NOTE: Depending on what is being loaded, you may need to open additional folders. Review the data load request form for further information on what files are to be loaded. 

Select the relevant Upload button ensuring it is corresponding with the correct product. You will then see the options to Upload Folder or Upload Files. 

On the following window, Select the three dots to locate your folders/files.

Select the product folder or file name and press ‘Select Folder’.

On the following window, check the upload paths are correct and at the appropriate file/location level.  If correct, select Upload.

NOTE: Only provisioned data administrators within your SEADpod can view objects in Azure Storage Explorer. Azure denies authentication to administrators who do not have the data administrator role within the SEADpod.

At the bottom of the screen from your Azure Storage Explorer app, the Activities box will indicate if the upload has been successful. If the upload has failed, retry the above steps.

Next, quality check the data upload by ensuring the number of files in the upload mirrors the source location. For this example, the number of cache items at the bottom left-hand corner should equal the number of sub-folders in the directory.

In order to download data/egress it from SEAD, use the download function (beside the upload button) in Azure Storage Explorer to download data from azure storage explorer to your local organisations data store. 

Projects are created through the SEAD web portal before they are accessible in Azure Storage Explorer. Refer to 'Creating new projects'. Each project created through the SEAD web portal will have a corresponding Project storage container accessible in Azure Storage Explorer. The Project and Output drives accessible in the projects file share drives are linked with the users project workspaces. Data Administrators are able to view, add and export files that have been saved to either the Project or Outputs drive on the users virtual machines.

The same processes described above for 'Adding Data to Product Containers' also needs to be followed to upload and download files from the Project storage containers.

NOTES:

• Reminder, SEAD users/researchers are unable to load data or egress it from SEAD, as they do not have access to Azure Storage Explorer. Users do have read and write access to the files made available to them in the 'My Products' folder, and Project/Output folders that are linked to their project from their workspace, so they can delete files in these folders.
• If the folder in the Azure Storage Explorer directory is empty, it has not been loaded. Other forms of quality checking the data upload include making sure files have actual content (size should not be 0 KB). Also be aware that the size of files uploaded to SEAD are smaller, due to compression. For some files, the CONTENT-MD5 may be blank. This is because CONTENT-MD5 is specifically related to Azure Blob Storage and since the storage in SEAD is Azure Files/file share based, it is unused/blank.
• Blob containers are also accessible in Azure Storage Explorer as an alternative for file shares, primarily used with Azure Databricks enabled VM's.

Administrators can restore files that have been backed up within the last 14 days. To do this, navigate to the project share for the relevant project and click on the drop down ‘Current’ or ‘View Share Snapshots’ buttons. 

Here you can view backup snapshots for the last 14 days, the timestamps are in UTC time zone which equates to 5AM the following day AEST. E.g. 2023-05-01T18:47:05.0000000Z equates to 2023-05-02 4:47 AM AEST.

If the file you are restoring still exists in the Current snapshot and you don’t want to overwrite it from the restore point, create a backup folder and copy the file into it. 

Select the time of the backup to restore, right click the file and select Restore Snapshot.

Confirm the restore. 

NOTE: If you haven’t renamed or moved the Current version of the file into a folder it will be overwritten. 

Verify the restore completed successfully in the activity log. 

Downloadable CSV exports are available throughout the Administrator Interface for each of the system objects (Projects, Products, Users etc). 

NOTE: Exports are only available in CSV.

The CSV file will appear on the top right of your screen. Click to open.

Table. 1. Export information

Navigate to the Virtual Machines page by clicking on the tab from the left navigation panel. 

From the Virtual Machines page, you can view the list of all VMs in SEAD and view their power state, status, type, who they are assigned to and the name of the project they’re associated with. You can also adjust the filters (circled blue) to search for a specific VM based on various criteria or download a report of all the listed VMs by clicking Export (circled red). 

To view a specific VM, click on its hyperlinked name.

From that specific VM’s page, you can view information about it in more detail, such as how many days are remaining until its next rebuild, the local disk attached to it and its next scheduled shut down. From this page you can also Start, Stop, Bypass Automatic Shutdown, Resize the VM, or change the VM Type/Version by clicking on the labelled buttons.

NOTE: If a user requires a machine larger than XX-Large, administrators will need to remove the user from their project to destroy their current machine, as the system may not allow the selection directly from the Virtual Machine page. The user should be notified to save all work to the project/output folders. Once the removal process has completed, the administrator will need to update the projects standard VM size to the required VM size and re-add the user to the project.

SEAD uses Azure Virtual Desktop (AVD) to launch VMs. To view the methods for how users launch their VMs using AVD, refer to the SEAD user guide. 

It is the responsibility of the SEAD partner administrator to organise the relevant access through their IT department to enable users to access the Remote Desktop client version of AVD or the Windows App. For more information on AVD, please refer to Accessing your project workspace on the SEAD user guide.

Administrators are able to assign different VM types to users in SEAD. Each VM type determines the users access to certain features within SEAD.

Standard VM: By default, users are provisioned with a standard virtual machine, which includes access to all standard software available within the system.

SAS VM: SAS is available in SEAD as a non-standard product. Users with a SAS enabled Virtual Machine have access to all standard software available in SEAD, and SAS.

Discussant VM: This VM type is for SEAD users who do not require analysis functions within their VM as they do not provide access to the Project, Output, or Products network drives. 

Your organisation or area will have agreed to utilise a predetermined number of SAS licenses in SEAD. SEAD uses a pooled SAS licensing model based on the number of VM's that are in concurrent use, allowing administrators flexible allocation of licenses to their users. Additional SAS licenses can be provisioned, but this will incur additional costs. 

SAS VM's are allocated by modifying the users VM type which is located on the VM management page. To access this page, refer to Viewing virtual machines.

This can also be accessed at the user level, navigating to the 'User' page from the navigation panel, click the username hyperlink of the user you want to allocate a SAS VM to, and select the VM name hyperlink.

Once you are on the Virtual machine management page, the 'type and version' panel, select 'change VM type/version'

You will have the option of selecting a standard, SAS or discussant VM, select the SAS option and click 'Submit'. Once done, the VM will be complete a full rebuild. Ensure your users have saved all of their work prior to changing the VM type. 

NOTE: Future VM rebuilds will preserve the VM type until a different type is selected. SAS VM's can be deallocated by SEADpod administrators through this same process.

Users who work across multiple projects can request local disk space through their administrator. This will enable their VM to run jobs offline, however, there is a cost associated with this. Unlike the standard SEAD storage costs where users pay only for the storage they actively use, users will be charged for the amount of local disk space allocated, regardless of whether that storage ends up being used.

For indicative charging please refer to the below table:

The way local disk storage works is datasets are stored on a remote file share. Only the active machine has network access to this location, the inactive VM does not. When running jobs offline, the inactive machine can continue to run a program as it still has access to the data since it is no longer using the remote file share.

 To use local disk space, navigate to the Virtual Machine page and select the VM assigned to the user requesting local disk space.

From the user's specific VM page, scroll down to ‘Local Disk’ and select the ‘Attach Disk’ button. 

You will then be asked to select the disk size by expanding the drop menu. Once the disk size has been selected, click the ‘Submit’ button to continue.

NOTE: Be aware that larger disk sizes may incur additional charges.

You will then be asked to confirm whether you wish to attach a local disk to the VM. Ensure the user has saved their work to project/output folders.

The system will then attach the local disk. You can view the progress of the task via the Action Log. 

Databricks is a platform available in your SEADpod as a non-standard product for users to undertake data engineering, data science and analytics. Your organisation or area will have agreed to utilise a predetermined number of Databricks workspaces. Like Virtual Machines and storage, administrators can provision more workspaces, but this will incur additional costs. The following information is a basic guide to the capability and provisioning of Databricks in SEAD. There is extensive information about the actual use of Databricks online.

Databricks provides users with an integrated environment to work together on projects, from building and running virtual machine learning tools, to creating interactive dashboards. Databricks also offer a range of tools for data exploration, visualisation and analysis. It can be used to build pipelines for streaming data processing, as well as to create application that can be deployed in the cloud.

Use of Databricks is at the discretion of the business areas managing their projects. Organisations can choose to have Databricks workspaces allocated, however they are not a necessity in an organisations use of SEAD. SEAD has a range of standard tools that are available to users. If users need more storage space or compute power for data processing and analysis beyond what is provided as standard, Databricks is available as an option for SEAD partners to consider. 

There is a minimum cost of $2500 to reserve each Databricks workspace. Databricks usage that exceeds the initial $2500 reservation fee will be charged to the SEAD partner during the next invoicing period. The ABS will provide Databricks usage information if applicable, as part of the 6 monthly summary snapshot, or at an agreed interval requested by the SEAD partner.

To enable the Databricks workspace:

1. Open the Projects page by clicking on the ‘Projects’ tab from the side navigation panel on the left. 
2. From the Project page, Click on the hyperlinked project ID to go to the project specific page where you can view the information about it in more detail.
3. On the right of your Project page, you will see a Databricks field containing a button that states ‘Enable Databricks’. Click on this button to enable a Databricks workspace for the selected project. 

NOTE: Databricks workspaces can be deallocated by SEADpod administrators through this same process.

The SEAD Shared Library has the documentation required for users to setup Databricks. Users will also have access to the Databricks Academy training program, which is an online library of Databricks training guides. To access the Databricks Academy, users will need to register an account at https://customer-academy.databricks.com using their mydata.abs.gov.au email address.

The following Databricks cluster policies will be made available to provisioned Project Owner workspaces, utilising all available worker nodes (maximum 5 workers): 

Cluster policies are rules that govern how clusters are created and managed. Nodes are the individual machines that make up a cluster.

Each node has its own CPU, memory and storage resources. Nodes work together to process data in parallel, allowing for faster processing times. 

Additional cluster policies can be made available upon request to the ABS, and will be considered on a case-by-case basis. Administrators can monitor costs from the ‘Cost Analysis’ field within the Project page.

NOTE: The ABS provides additional information on appropriate Databricks cost management for end users in the shared library drive.

Safe management of user code and package requests is essential to maintaining a safe environment. The below provides guidance on the safe access and management of code and package loads by distinguishing the role of SEAD administrators from the ABS, in actioning these requests from users. SEAD users are not able to load code or packages themselves, this responsibility sits with administrators (both from the pod owner agency and ABS) as per SEAD security protocols.

References to ‘code’ throughout this section include libraries, compiled code, packages and their dependencies. Code from the ABS administered Shared Library (library drive) which holds a large volume of approved code from all primary software languages available (R, Python, STATA, SAS) is accessible to all users of the system.

Table 1 shows the ABS endorsed repositories (CRAN, Pypi, ideas) SEAD administrators can load requested packages from. These are endorsed based on their approach to security scanning, moderation, version control, vetting and are recognised as low risk to introducing malware to the system. Any code from these or simple self-written produced code can be loaded by SEAD administrators to project folders through Azure Storage Explorer. Ensure where possible there are no executables or malware present.

In order to maintain system security and integrity, SEAD administrators cannot load code from alternative repositories as outlined in Table 1, or directly from a researcher that has not been published or curated. These requests must be approved by the ABS via the sead.support@abs.gov.au address. Ensure the request contains a valid business case and is consistent with the software request template below.

Table 1. Code Management Responsibilities

To request additional software, please populate the Software Request Template on the SEAD contact us webpage and return it to sead.support@abs.gov.au.

Each request to ABS will be considered on a case by case basis. Despite the closed network cloud based nature of SEAD, this procedure will ensure efficient, safe and repeatable procedures in undertaking these loads in the case of potentially harmful malware/data contained in the code. 

Focusing on the Safe Settings aspect of the Five Safes, the following are seen as appropriate mitigation measures by SEAD administrators against key risks in regard to loading code and code packages:

• Utilising advised package repositories where possible (refer to the above table)
• Appropriate vetting and escalation, and clear roles (ensuring no executables, appropriate dependencies)
• Closed network system (SEADpod), Microsoft, and organisational firewalls
• Compensating Safe People controls

Software is not to be provided/or attempted to be loaded (i.e. Winmerge, Winzip, Excel or other executable file types such .exe files) until a software assessment is undertaken and prioritised amongst existing SEAD development work with the ABS, based on the business justification and benefit to broader user group (timing dependent on available resources). The user/client can be informed an assessment process is required and they will be informed if their software is rolled out.

To link or unlink a product to a project, you can navigate to the Projects Product Links page by clicking on the ‘Projects Product Link’ tab from the side navigation panel on the left. 

From the 'Products Project Links' page, you will be able to view a list of products and the projects they are attached to. Click on the hyperlinked Project that you are wanting to add products to. You are able to type in the name of the project to filter the results.

To link products you are also able to navigate to the Projects page by clicking on the ‘Projects’ tab from the side navigation panel on your left. 

Click on the hyperlinked project ID to view the project you’re wanting to link or unlink your product to, then click the ‘LINK/UNLINK PRODUCTS’ button at the top of the page.

Both options will direct you to the linking page where you can view currently linked products, as well as unlinked products available to link. The list on the left is where you can search for and link the desired data product to the current project. To link a product, click on the tick box next to the product name to select it (refer to the green tick box). Once you’ve ticked the product, press the ‘>’ symbol (circled blue) to move it across to the linked products list on the right. Once all desired products are linked, click the green ‘UPDATE’ button at the top centre of the page (circled red). This will prompt a confirmation with a pop up, and a green confirmation message at the top right of the previous screen once confirmed.

To unlink a product, click the tick box beside the selected product from the list on the right and click the ‘<’ symbol (refer to green ticked box) to deselect it, then click the green ‘UPDATE’ button at the top centre of the page (circled red). 

To link or unlink a project and a product, you can navigate to the Projects Product Links page by clicking on the ‘Projects Product Link’ tab from the side navigation panel on the left. 

From the Products Project Links page, you will be able to see a list of products and the projects they are attached to. Click on the hyperlinked product that you are wanting to link projects to. You are able to type in the name of the product to filter the results.

You are also able to navigate to the Products page by clicking on the ‘Products’ tab from the side navigation panel on your left. 

To update the linked projects, locate the product from the 'Products' page then click the Actions icon (three dots) on the same row as the product you are wanting to edit and select 'Update linked projects'. 

This will direct you to the linking page where you can view currently linked projects, as well as unlinked projects available to link. The list on the left is where you can search for and link the desired project to the current product. To link a project, click on the tick box next to the project name to select it (refer to the green tick box) Once you’ve ticked the project, press the ‘>’ symbol (circled blue) to move it across to the linked projects list on the right. Once all desired projects are linked, click the green ‘UPDATE’ button at the top centre of the page (circled red). This will prompt a confirmation with a pop up, and a green confirmation message at the top right of the previous screen once confirmed.

To unlink a project, click the tick box beside the selected project from the list on the right and click the ‘<’ symbol (refer to green ticked box) to deselect it, then click the green ‘UPDATE’ button at the top centre of the page (circled red). 

Pod owner administrators can publish a banner message which is immediately viewable across internal SEADpod owner, administrator and user interfaces. Banner messages are often used to communicate urgent or important messages and can be amended or published as frequently as necessary. To publish a banner message, navigate to the message icon from the side navigation panel. 

From the Banner Messages page, type the message you would like to publish in the text bar, then press ‘SUBMIT’. 

NOTE: Banner messages can contain up to 400 characters. 

Once you have submitted the banner message, you will be asked to confirm the action, click ‘Yes’ to proceed. 

Once the action initiation is shown as successful, the message banner will appear immediately across all internal SEADpod interfaces within your own SEADpod and is viewable from all pages. 

To clear your banner message, navigate back to the Banner Messages page and click the ‘CLEAR BANNER’ button. 

You will be asked to confirm this action, select ‘Yes’ to proceed. Once the action initiation is shown as successful, the banner message will immediately be removed from all internal interfaces within your SEADpod. 

The administrators tab shows a list of current administrators for the SEADpod as well as their current administrator roles.

As a pod owner, you can create new administrators in SEAD. Start by clicking on the ‘NEW ADMINISTRATOR’ button presented at the top of the Administrators screen.

You will be renavigated to the new Administrator registration form. All fields are required to be populated. You will also be able to select the user admin roles. NOTE: If the user email address already exists in the system, you will be unable to create them as an administrator.

Once you have pressed ‘Submit’, you will be asked to confirm that you wish to create a new user. If creating a new user is your intention, proceed by clicking ‘Yes’.

After confirming that you are intending to create a new administrator, you will be met with a pop-up notification advising that the admin creation is in progress and the administrators login details will be emailed to them via automated system notification. The administrator will shortly receive an email which contains their SEAD username and a temporary single use password that they will need to change on their initial login.

As a pod owner you can delete an administrator. This will remove their access to the SEAD environment and the user interface. Administrators can be recreated at any time. To delete an administrator, navigate to the Administrators page by selecting the ‘Administrators’ tab from the side navigation panel. Once you are on the Administrators page, you will be able to select the user you wish to Delete by clicking on the trash can icon. If the user is not immediately available, type their name into the search bar.

You will then be met with a pop-up asking if you wish to confirm deleting the administrator

Selecting 'Yes' will provide a confirmation that the administrator has been deleted.

The details of an existing administrator can be edited. To edit these details, navigate to the Administrators page by selecting the ‘Administrators’ tab from the side navigation panel. Once you are on the Administrators page, you will be able to select the user you wish to edit by clicking on the edit (pencil) icon. If the user is not immediately available, type their name into the search bar.

Clicking on the Edit button will redirect you to the Update Administrator page. All fields can be modified with the exception of the username. Make your updates, then click ‘Submit’. 

Once you’ve pressed ‘Submit’, you will be asked to confirm that you wish to update the administrator. If this is your intention, proceed by clicking ‘Yes’. 

Pod Owners can reset passwords for SEAD administrators. Start by navigating to the administrators tab from the side navigation panel. Once you are on the Administrators page, you will be able to select the administrator whose password you want to reset by clicking on the reset password (key) button. If the user is not immediately available, type their name into the search bar.

Clicking on ‘Reset Password’ will prompt a confirmation window, click ‘Yes’ to proceed. 

You will then be met with a pop-up advising the password has been reset. An automated email will be sent the administrator's email containing a temporary password which will need to be changed the next time they sign in.

NOTE: The temporary password is valid for 90 days 

Pod Owners can reset the multi-factor authentication (MFA) for SEAD administrators. Start by navigating to the administrators tab from the side navigation panel. Once you are on the Administrators page, you will be able to select the administrator whose MFA you want to reset by clicking on the reset authentication methods (locket) button. If the user is not immediately available, type their name into the search bar.

Clicking on ‘Reset authentication methods will prompt a confirmation window, click ‘Yes’ to proceed. 

The Pod Owner will not be required to forward on any additional information to the administrator once the MFA has been reset. It is up to the administrator to then go through the steps for setting up their MFA.