skip to main contentskip to main menuskip to footer Universität Bielefeld Play Search

Bielefeld IT Service Centre

Logo vom BITS mit dem Schriftzug: BITS
Fibre optic cable in a data centre
Bielefeld University | BITS

Dracoon

Secure data exchange with external parties

Dracoon's primary purpose is the secure exchange of data across organisational boundaries. Dracoon has numerous certificates that confirm its security and qualify it for use with data with a high or very high level of protection.

-> To the Dracoon portal

Scope of services

  • Browser-based portal with various other interfaces if required.
  • Upload of sensitive files.
  • Activation of automatic expiry/deletion of files.
  • Secure data transfer to external parties via password-protected links.
  • Enables secure uploading of files by external parties without access to other data.
  • Additional data encryption can be set.
  • Transfer of larger files also possible.

Requirements

Target group

  • Employees

Access

Independent login (assigned upon application)

Application

We will be happy to create an account and a personal data room. Access automatically comes with a data room and all the functions you need to work with Dracoon. We are also happy to create project data rooms if they are required. These are worthwhile if you want to work collaboratively on the files, exchange data with a large number of users or share very large files.

Features

  • Each user is provided with their own data room. This has space for 5 GB of data and is usually sufficient for a normal level of data exchange.
  • This can be extended if necessary. To do so, we require a justification by email to servicedesk@uni-bielefeld.de.
  • The personal data room includes the same functions as a project data room, i.e:
    • Uploading files.
    • Sharing files with external parties by sharing.
    • External users can upload files to their own data room if they are authorised to do so.
  • Other people who are also registered in Dracoon can be authorised to their own personal data room (see FAQs).
  • We enter an "emergency admin" ("name") as the room admin for each data room. This person is only activated for emergencies. Such an emergency could be that the access data is lost, but control over the data must be retained. Admins can be deleted from the room authorisations themselves, but they can no longer be helped in an emergency.

Application for personal access

Please send the following data to the Service Desk(servicedesk@uni-bielefeld.de):

  • Surname, first name
  • e-mail address
  • Faculty / institution
  • Name of the IT supervisor / IT contact person
  • Cost centre

Features

  • This type of data room is suitable for collaborating with other users, exchanging data with a large number of people or sharing very large files.

  • It is advisable to find several administrators for the room so that access is not lost.

  • We enter an "emergency admin" ("name") as the room admin for each data room. This person is only activated for emergencies. Such an emergency could be that the access data is lost, but control over the data must be retained. Admins can be deleted from the room authorisations themselves, but they can no longer help in an emergency.

  • It is possible to extend data rooms. For this we need a justification and a ticket via servicedesk@uni-bielefeld.de

  • Further user authorisations must be distributed by the administrators themselves in Dracoon (see FAQs).

Application for project data room

A personal account for Dracoon isrequired .

Please send the following data to the Service Desk(servicedesk@uni-bielefeld.de):

  • Name of the data room
  • Usernames of the administrator(s) of the data room (can set authorisations for the data room and configure settings such as automatic data flow for the data room).
  • Required storage space. If the information is missing, we set 20 GB by default.

Costs

  • The cost is €189.92 per user per year including VAT.
  • Data rooms are free of charge and any number of data rooms can be created.
  • Sharing data with external parties (providing a download link, requesting an upload) does not incur any additional costs.
  • However, additional licences are required for collaboration (commenting, editing files, etc.).

Demarcation

The service is primarily aimed at data transfer and is not archive storage. It is not to be seen as a permanent storage facility for storing data.

BITS only provides an organisational framework for this service. Responsibility for the data and the associated licence costs must be borne by the institutions.

Data protection and terms of use

-> General data protection information

  • Confidentiality and data protection:
    users are obliged to comply with all data protection regulations and guidelines of the university. In particular, they must ensure that personal and confidential data is only stored and transmitted within the framework of the processes provided for this purpose and with appropriate security measures. If you have any questions, please contact the data protection coordinator (DISK) of the faculty/institution.
  • Access restrictions:
    users are responsible for keeping their access data safe and must not pass it on to third parties. If unauthorised access is suspected, they are obliged to report this immediately to the university's IT department.
  • Responsibility for data rooms:
    Users who manage a data room are responsible for regularly checking access authorisations and preventing unauthorised access. They must ensure that only authorised persons have access to the data.
  • Reporting security incidents:
    Any suspicion of security breaches or data protection incidents must be reported immediately to the responsible office within the university.

Support

For employees with a PC workstation provided by BITS
Service Desk
Mo.–Fr. 08:00–16:00 Uhr
Tel.: 0521 106-6000
E-mail: servicedesk@uni-bielefeld.de

For other employees
Decentralised IT support of the faculty or institution.

Instructions / FAQs

Personal settings

Two-factor authentication with common "Authenticator" apps is possible. To do this, "Two-step authentication" can be activated under "My account" → "Security".

This password is required to access encrypted data rooms. You can set it under "My account" → "Security".

If you have subscribed to data rooms, you will receive emails about newly uploaded files. If you have subscribed to files, you will receive emails about new comments.

These subscriptions can be cancelled under "My account" → "Subscriptions".

Data room settings

We always create every data room with 5 GB of storage. This can be expanded at any time. To do this, we ask that we are notified accordingly via "servicedesk@uni-bielefeld.de". However, the storage space depends on the number of licences held by the institution. Therefore, it cannot be increased at will.

Authorisations can only be set by the data room admin. To do this, the data room must be selected in the "All files" view and the three-dot menu clicked. Here you will then find the item "Authorisations". Search for and select the users to be added here. Each user can be assigned one of three levels:

  • "Room administrator":
    Can change configurations of the data room, as well as read, edit and delete everything, and manage shares.
  • "Edit":
    Can read, edit and delete, as well as manage shares.
  • "Read":
    Can read files and manage shares.

For more complex requirements, there is the "Advanced settings" context menu, which enables advanced settings.

Access rights can also be revoked here using the corresponding button.

This option specifies a standard that is initially set for all uploaded files in this data room. The data classification currently only has the effect that we specify in the system that a password must also be set from the "confidential" level and below when sharing with external parties. The other levels can help to organise the data.

Files can be deleted automatically by Dracoon. There are two ways to do this:

  • File by file:
    Each uploaded file can be given a separate expiry date. After expiry, the file is automatically deleted. To do this, the files must be selected and the expiry date selected on the right.
  • For the entire data room:
    Under the data room settings there is the item "Automatic file expiry". A standard deadline can be specified here, but this can be overwritten.

Attention: Every deletion in this way is permanent and irretrievable. There is no way for BITS to restore the data.

This point relates exclusively to files in the recycle bin and to old versions of documents. A default of 30 days is always set here. Please note that these files also count towards the storage limit until they have been deleted.

In principle, data rooms can only be encrypted on the client side (end-to-end) if they are empty. Once a file has been stored in a data room, the notice disappears and the data room can no longer be encrypted - even if the files are deleted. The data room must otherwise be created again.

If encryption is required, these options are available:

  • System-wide emergency password:
    In this case, BITS is able to decrypt the files if we are requested to do so by users.
  • Emergency password:
    In this case, users are asked to set an additional password to the personal decryption passwords for the entire data room. This additional password is used to ensure that the data can still be read even if all users of the data room lose their personal password or leave the facility.
  • Do not use an emergency password:
    In this case, no additional password is set to decrypt files.

Attention:
Shared, simultaneous working on files is not available if the data room has been encrypted end-to-end.

Files can be deleted automatically by Dracoon. There are two ways to do this:

  • File by file:
    Each uploaded file can be given a separate expiry date. After expiry, the file is automatically deleted. To do this, the files must be selected and the expiry date selected on the right.
  • For the entire data room:
    Under the data room settings there is the item "Automatic file expiry". A standard deadline can be specified here, but this can be overwritten.

Attention: Every deletion in this way is permanent and irretrievable. There is no way for BITS to restore the data.

Miscellaneous

Dracoon is particularly suitable for data with high or very high protection requirements. If you are unsure which data this applies to, take a look at this document: https://www.uni-bielefeld.de/verwaltung/informationssicherheit/regelungen/2020-10-19_Vorlage_Schutzbedarfsfeststellung.pdf [in German]

Section 4 contains a matrix that makes it easier to assess the situation. If you have any questions, the DISK can help.

As we only charge in licences, we are happy to offer a "flying change" (licence transfer). We are happy to delete existing users and invite new ones. However, the authorisations must be maintained by the data room admins.

If our "Emergeny Admin" is authorised to access the data room, we can restore access. If he is not, the data is lost and can no longer be accessed.

In principle, it is possible to use functional accounts. However, the following restrictions apply:

  • All persons participating in the functional account must be employed at Bielefeld University. External users need a separate account per person, otherwise we are in breach of the Dracoon licence conditions.
  • Functional accounts cannot use a second factor, as this verifies the personal identity.
  • There should be a balance between the level of data protection and the amount of people sharing an account. Therefore, please do not release entire departments for the account, but orientate yourself on activities.
back to top
Live chat