A key feature of our Secure Data Environment (SDE), the computing environment in which ICPSR staff manage and process research data and documentation, is that it doesn't exist. At least not in the material world.
The SDE makes use of a University of Michigan system called the Virtual Desktop Infrastructure (VDI) service. According to the U-M web site the service is geared to lowering support costs for departments, and we have found that it is indeed a bit easier to manage virtual machines than physical machines. However, the real selling point for us was that we could centralize access to confidential (and potentially confidential) data in a single space that we could secure, manage, grow, shrink, etc. easily.
We restrict network access to our portion of the VDI using the Virtual Firewall service that I described in an earlier post. That limits the number of potential intruders dramatically. (Anyone who runs a server which is accessible via ssh from the general Internet will know what I mean.) We use University of Michigan-assigned credentials to grant login access to our pool of virtual machines. And because U-M is able to provision credentials from colleagues and associates who are outside of the U-M, we can also grant access to others as needed.
We've found the VDI service itself to be pretty solid overall, and since most of our use falls during the typical workday, we do not find maintenance windows during off-hours or the weekend to be terribly troublesome. There are a few things we'd like to do that are not part of the existing VDI service, and we've found the U-M to be a partner willing to work with us. For example, for a certain class of access we would like to use two-factor authentication and require someone to also enter a one-time passcode from a key fob. That isn't built into today's VDI service, but it may be available in the future.