SNIC Science Cloud; Service Description

Status of Document: This document describes the service SNIC Science Cloud, henceforth also referred to as SSC.

Resource webpage: https://cloud.snic.se 

1. The service

1.1 Overview

SNIC Science Cloud is a large scale, geographically distributed OpenStack cloud Infrastructure as a Service (IaaS), intended for Swedish academic research. SNIC Science Cloud is funded by the Swedish Research Council (Vetenskapsrådet) through SNIC, and is available free of charge to researchers at Swedish higher education institutions through open application procedures. Other research infrastructures are also welcome to join SSC with a co-funding model with dedicated capacity. Platforms may be added to SSC in order to support the Swedish research community as seen fit by SNIC (PaaS).

1.2 Regions

SNIC Science Cloud consists of three regions that are geographically separated from each other (Umeå university/HPC2N, Uppsala university/UPPMAX and WEST-1 at Chalmers/C3SE). Users by default have accounts in all locations and are in principle free to choose which region to use at their discretion. A user can access the regions through the Dashboard or by sourcing a credentials file that uses the appropriate region (API users). The regions are physically separated but harmonized to provide a consistent user experience. This means that robust services can be built by spreading redundant resources making up your system over different regions.  

1.3 Foundation services

The service is based on the OpenStack cloud suite. OpenStack provides a large ecosystem of possible services, and not all of them are available in SSC. The Infrastructure services currently offered, henceforth referred to as the base services, are:

  • Keystone (Identity)
  • Horizon (Dashboard) 
  • Neutron (Networking) 
  • Glance (Image)
  • Nova (Compute)
  • Cinder (Block storage)
  • Swift (Object storage) 
  • Heat (Orchestration) 

The base services are offered in all regions with a harmonized user experience. Base services are offered at the service level described in Section 2, and supported as described in Section 4.

1.4 Productions services

Higher level services or platforms, PaaS, may be added at the discretion of the service provider, or after requests from other infrastructures.

1.5 Experimental services

In addition to the base service, some regions may offer experimental services to test new functionality or to support local user groups. In this case, these services are to be considered experimental, and maintenance and support will be provided only subject to availability and time.

1.6 Backup

There is no backup of user data or resources created by users, including but not limited to Virtual Machines (VMs), data stored on VMs, in volumes or in object storage, automation workflows and network configuration. Any important/critical data (such as code, scripts or results) has to be continuously exported to another storage medium or online backup facility.

1.7 Authentication

All authentication of users is done via SAML2 with SUPR as the identity provider. This means that any user authentication mechanism supported by SUPR can be used to access the Dashboard. 

API access to the resources are handled using normal username / password via the identity manager. API user credentials are set separately via a self-service mechanism provided by SSC, and again SUPR is used to authenticate the user for setting passwords.

1.8 Authorization

All authorization is handled by the project PI in SUPR following standard procedures outlined in SUPR. 

1.9 Accounting

Usage accounting is available in the SUPR portal (https://supr.snic.se).

1.10 Architecture

The cloud architecture is designed according to current OpenStack best practices.

1.11 Service provider

This service is provided by SNIC, the Swedish National Infrastructure for Computing.

2.  Service provider responsibilities

2.1 Opening hours

The service is offered as follows:

  • Technical support is available between 9am – 3pm on business days except public holidays and bridge days.
  • All other times: the service operates without technical support.
  • Exclusions: service maintenance carried out during the announced maintenance period or unannounced downtimes in case of emergency security issues.

2.2 Support

User Support is provided, as described in Section 4.

2.3 Availability

Scheduled maintenance is announced at https://cloud.snic.se/ at least five business days in advance. We reserve the right to do emergency maintenance with shorter notice if deemed necessary by the service provider. Other information of general interest in relation to the service, e.g. unplanned outages, is also available at the same place.

2.4. Service Dependencies

The cloud is designed for the regions to be autonomous and can operate independent of each other. An outage in one SSC region will not impact running instances in other regions.

The management layer of the cloud has dependencies on SUPR for the login functionality.

Malfunction of SUPR will prevent access to the Dashboard, and disable the password reset functionality, but will not affect API users or running services.  

2.5 SLA

It is intended, as far as is possible, to maintain service availability for base services at all times apart from exclusions listed under 2.1. However, there are no formal targets.

2.6 Disaster Recovery

This service is classified as non-critical and will be recovered as soon as possible after all critical services have been recovered. Note that active resources such as Virtual Machines, and data, is not backed up. Although reasonable efforts to restore user data and active resources will be made, we do NOT guarantee that they can be recovered. If one region goes down, you may restart your service in another region, provided that you have the necessary information about your resource to install it there.

2.7 Backups

There is no backup of user data (Virtual Machines, Volumes, Workflows, Object Store et cetera). The OpenStack database is backed up on a daily basis to SNIC:s backup system in order to be able to restore functionality in case of a control plane failure. 

2.8 Termination

Should the current SNIC Science Cloud service as a whole at some point in the future be terminated, the grace period defined in the current SNIC User Agreement applies.

3. Service user responsibilities

3.1 Suitability

Users are responsible for ensuring that this service is suitable for their needs; in particular that the service offers adequate security when transferring confidential or other private data, and that the service is sufficiently reliable for the intended use case. Explicitly, this service is not intended for data classified as personal data according to GDPR. If you need to handle sensitive information or personal data, please use the SNIC services set up for that purpose.

3.2 Regulations

Use of this service is subject to, and implies, acceptance of any applicable regulations, including but not limited to:

  • Public Access to Information and Secrecy Act (OSL), 
  • The General Data Protection Regulation (GDPR) 
  • Law on Ethical Review of Research
  • SNIC User Agreement
  • Any local policy defined by the unit from which you use this service. 

3.3 Reporting

Users should report  any defect, malfunction, or performance degradation of the service promptly via SUPR (https://supr.snic.se/support/) to enable remedial action to be taken.

3.4 Legality

Users must ensure that any submission of content to this service is legal and does not infringe any copyright applicable to the content.

3.5 Security

Users must adhere to security best practices. An up-to-date guide is maintained on the SSC resource web page

3.6 Intended use

This service is intended only for scientific research not fit to run on traditional HPC-hardware. Some examples of this but not limited to are HTC-applications, container pipeline workflows, interactive compute jobs or simple post processing and visualization tools. 

This service is not supposed to be used as research data backup service, research data repository service, long-term storage for research data, research data archiving service or research data preservation service, unless agreed differently. 

3.7 Project expiry

When a project in SSC expires, the PI is responsible for removing active resources, including virtual machines and any stored data, within the time frame communicated to the PI through the SNIC User Agreement. After this grace period, the service provider has the right to remove resources, including stored data, belonging to the expired project. Active resources (e.g. virtual machines) may be turned off as soon as the project has expired after due warning to the PI.

4. User Support

4.1 Procedures

User support for the service is provided by the SNIC Cloud Operation Team with the service levels outlined in Section 2. Up-to-date routines for operations and support are documented on the resource webpage. 

4.2 Communication channels

For technical support and help on using SSC, users should submit requests via the support form in SUPR (https://supr.snic.se/support/). In the case that this is not possible, requests can be sent to support@cloud.snic.se. All requests are tracked by the SNIC support system.

4.4 Information

Up-to-date information on the system status, information about new services and trainings, and general information, will be communicated at the SSC web site.

4.5 FAQ

Many questions can be answered by the information provided on the SSC resource webpage, in the official OpenStack user documentation, or through a global web search.

5.Document Review 

This document is to be reviewed annually, and can be updated if the need arises.
A contemporary version of  this Service Description is available on the SSC resource page.

Glossary

API        Application Programming Interface

C3SE        Chalmers Centre for Computational Science and Engineering

HPC2N    High Performance Computing Center North

IaaS        Infrastructure as a Service

PaaS        Platform as a Service

PI        Principal Investigator

SAML2    Security Assertion Markup Language, standard for security data exchange

SAMS        SNIC Accounting and Metrics System

SNIC        Swedish National Infrastructure for Computing

SSC        SNIC Science Cloud

SUNET    Swedish University Network

SUPR        SNIC User and Project Repository

SWAMID    SWedish AcadeMic IDentity federation–säker identifiering

UPPMAX    Uppsala Multidisciplinary Center for Advanced Computational Science

VM        Virtual Machine