Status of Document: This document describes the service SNIC Science Cloud, henceforth also referred to as SSC.
Resource webpage: https://cloud.snic.se
1. The service
SNIC Science Cloud is a large scale, geographically distributed OpenStack cloud Infrastructure as a Service (IaaS), intended for Swedish academic research. SNIC Science Cloud is funded by the Swedish Research Council (Vetenskapsrådet) through SNIC, and is available free of charge to researchers at Swedish higher education institutions through open application procedures. Other research infrastructures are also welcome to join SSC with a co-funding model with dedicated capacity. Platforms may be added to SSC in order to support the Swedish research community as seen fit by SNIC (PaaS).
SNIC Science Cloud consists of three regions that are geographically separated from each other (Umeå university/NORTH-1, Uppsala university/EAST-1 and WEST-1 at Chalmers/C3SE). Users by default have accounts in all locations and are in principle free to choose which region to use at their discretion. A user can access the regions through the Dashboard or by sourcing a credentials file that uses the appropriate region (API users). The regions are physically separated but harmonized to provide a consistent user experience. This means that robust services can be built by spreading redundant resources making up your system over different regions.
1.3 Foundation services
The service is based on the OpenStack cloud suite. OpenStack provides a large ecosystem of possible services, and not all of them are available in SSC. The Infrastructure services currently offered, henceforth referred to as the base services, are:
- Keystone (Identity)
- Horizon (Dashboard)
- Neutron (Networking)
- Glance (Image)
- Nova (Compute)
- Cinder (Block storage)
- Swift (Object storage)
- Heat (Orchestration)
The base services are offered in all regions with a harmonized user experience. Base services are offered at the service level described in Section 2, and supported as described in Section 4.
1.4 Productions services
Higher level services or platforms, PaaS, may be added at the discretion of the service provider, or after requests from other infrastructures.
1.5 Experimental services
In addition to the base service, some regions may offer experimental services to test new functionality or to support local user groups. In this case, these services are to be considered experimental, and maintenance and support will be provided only subject to availability and time.
There is no backup of user data or resources created by users, including but not limited to Virtual Machines (VMs), data stored on VMs, in volumes or in object storage, automation workflows and network configuration. Any important/critical data (such as code, scripts or results) has to be continuously exported to another storage medium or online backup facility.
All authentication of users is done via SAML2 with SUPR as the identity provider. This means that any user authentication mechanism supported by SUPR can be used to access the Dashboard.
API access to the resources are handled using normal username / password via the identity manager. API user credentials are set separately via a self-service mechanism provided by SSC, and again SUPR is used to authenticate the user for setting passwords.
All authorization is handled by the project PI in SUPR following standard procedures outlined in SUPR.
Usage accounting is available in the SUPR portal (https://supr.snic.se).
The cloud architecture is designed according to current OpenStack best practices.
1.11 Service provider
This service is provided by SNIC, the Swedish National Infrastructure for Computing.
2. Service provider responsibilities
2.1 Opening hours
The service is offered as follows:
- Technical support is available between 9am – 3pm on business days except public holidays and bridge days.
- All other times: the service operates without technical support.
- Exclusions: service maintenance carried out during the announced maintenance period or unannounced downtimes in case of emergency security issues.
User Support is provided, as described in Section 4.
Scheduled maintenance is announced at https://cloud.snic.se/ at least five business days in advance. We reserve the right to do emergency maintenance with shorter notice if deemed necessary by the service provider. Other information of general interest in relation to the service, e.g. unplanned outages, is also available at the same place.
2.4. Service Dependencies
The cloud is designed for the regions to be autonomous and can operate independent of each other. An outage in one SSC region will not impact running instances in other regions.
The management layer of the cloud has dependencies on SUPR for the login functionality.
Malfunction of SUPR will prevent access to the Dashboard, and disable the password reset functionality, but will not affect API users or running services.
It is intended, as far as is possible, to maintain service availability for base services at all times apart from exclusions listed under 2.1. However, there are no formal targets.
2.6 Disaster Recovery
This service is classified as non-critical and will be recovered as soon as possible after all critical services have been recovered. Note that active resources such as Virtual Machines, and data, is not backed up. Although reasonable efforts to restore user data and active resources will be made, we do NOT guarantee that they can be recovered. If one region goes down, you may restart your service in another region, provided that you have the necessary information about your resource to install it there.
There is no backup of user data (Virtual Machines, Volumes, Workflows, Object Store et cetera). The OpenStack database is backed up on a daily basis to SNIC:s backup system in order to be able to restore functionality in case of a control plane failure.
Should the current SNIC Science Cloud service as a whole at some point in the future be terminated, the grace period defined in the current SNIC User Agreement applies.
3. Service user responsibilities
Users are responsible for ensuring that this service is suitable for their needs; in particular that the service offers adequate security when transferring confidential or other private data, and that the service is sufficiently reliable for the intended use case. Explicitly, this service is not intended for data classified as personal data according to GDPR. If you need to handle sensitive information or personal data, please use the SNIC services set up for that purpose.
Use of this service is subject to, and implies, acceptance of any applicable regulations, including but not limited to:
- Public Access to Information and Secrecy Act (OSL),
- The General Data Protection Regulation (GDPR)
- Law on Ethical Review of Research
- SNIC User Agreement
- Any local policy defined by the unit from which you use this service.
Users must ensure that any submission of content to this service is legal and does not infringe any copyright applicable to the content.
Users must adhere to security best practices. An up-to-date guide is maintained on the SSC resource web page.
3.6 Intended use
This service is intended only for scientific research not fit to run on traditional HPC-hardware. Some examples of this but not limited to are HTC-applications, container pipeline workflows, interactive compute jobs or simple post processing and visualization tools.
This service is not supposed to be used as research data backup service, research data repository service, long-term storage for research data, research data archiving service or research data preservation service, unless agreed differently.
3.7 Project expiry
When a project in SSC expires, the PI is responsible for removing active resources, including virtual machines and any stored data, within the time frame communicated to the PI through the SNIC User Agreement. After this grace period, the service provider has the right to remove resources, including stored data, belonging to the expired project. Active resources (e.g. virtual machines) may be turned off as soon as the project has expired after due warning to the PI.
4. User Support
User support for the service is provided by the SNIC Cloud Operation Team with the service levels outlined in Section 2. Up-to-date routines for operations and support are documented on the resource webpage.
4.2 Communication channels
For technical support and help on using SSC, users should submit requests via the support form in SUPR (https://supr.snic.se/support/). In the case that this is not possible, requests can be sent to firstname.lastname@example.org. All requests are tracked by the SNIC support system.
Up-to-date information on the system status, information about new services and trainings, and general information, will be communicated at the SSC web site.
Many questions can be answered by the information provided on the SSC resource webpage, in the official OpenStack user documentation, or through a global web search.
This document is to be reviewed annually, and can be updated if the need arises.
A contemporary version of this Service Description is available on the SSC resource page.
API Application Programming Interface
C3SE Chalmers Centre for Computational Science and Engineering
HPC2N High Performance Computing Center North
IaaS Infrastructure as a Service
PaaS Platform as a Service
PI Principal Investigator
SAML2 Security Assertion Markup Language, standard for security data exchange
SAMS SNIC Accounting and Metrics System
SNIC Swedish National Infrastructure for Computing
SSC SNIC Science Cloud
SUNET Swedish University Network
SUPR SNIC User and Project Repository
SWAMID SWedish AcadeMic IDentity federation–säker identifiering
UPPMAX Uppsala Multidisciplinary Center for Advanced Computational Science
VM Virtual Machine