Any IN2P3 laboratory or experiment, provided a valid CC-IN2P3 user account, is eligible to public cloud usage. In a broader manner, any CNRS laboratory, experiment, institute, and national or international academic research organisations may demand an access to the service. The user request has to be addressed to CC-IN2P3 user support.
Cloud hosting service provides users with high-end CC-IN2P3 datacenter infrastructure (energy and cooling management, hardware and networks) through a self-service IAAS model in order for them to build their own IT services on top of it. Once he is provided access grants and a quota for resources usage, the user may deploy virtual servers, storage and networking by the mean of web UI, CLIs or APIs. He is able to deploy a whole software stack of his choice (OS and softwares) and delegate administration privileges as needed.
Security and responsabilities¶
User commits to the current regulatory and legal prescriptions, specially those related to IT, data storage, individual liberties, copyright protection and third parties rights. User declares full acceptance of legal obligations ensued by the existence of the services he deploys on the cloud. CC-IN2P3 declines any liability upon the implemented services infringement of laws and regulations. Non-compliance to the above, and in particular any activity likely to give rise to civil and/or criminal liability, will entitle CC-IN2P3 to interrupt without delay and without further notice the access to user resources and services.
The user commits to undertake all necessary measures to guarentee security and data integrity of the hosted services (software updates, firewalls, HIDS and so on...). CC-IN2P3 will not be held liable for security flaws due to user’s defective resources management.
CC-IN2P3 staff will assist the user in learning using the cloud platform and handling incidents, or in optimizing the interaction between the implemented services and the other services provided by CC-IN2P3. It will not manage and provide support for the services deployed by the user himself on the cloud.
In order to establish a privileged communication channel between with users, users collaborations are requested to provide an email alias to contact people in charge of managing the cloud resources on behalf of the collaboration. That channel is used for specific communications about planned maintenance or incidents.
HA type resources (High Availability - cf Proposed instances) are guaranted to reach the minimal following requirements :
- 25 random small block (4k) IOPS, 80% writes, 20% reads
- 0.2 hyper threaded cores
- 340Mbps network bandwidth
Virtual resources can though benefit of much larger peak capacities. R&D type resources have no minimal guaranted performance. A dedicated SLA may be established for a project to provide specific performances.
CC-IN2P3 engages to restore cloud service as soon as possible, an incidental interruption should occur. Observed availability over past years demonstrates a 99.89% availability (less than 10h shutdown per year including both scheduled maintenance and incidents impacting the service provision). There are three types of planned maintenances:
- Cloud service shutdown : those are maintenances requiring the cloud service to be shut down (an upgrade of the cloud platform for instance). That kind of maintenance do not affect the deployed resources and services but only the cloud platform itself (the ability to create new resources for instance). Users are noticed of such maintenance in advance by support usual channels.
- Transparent maintenance with unlikely impact on users resources : this kind of maintenance allows cloud administrators to perform online maintainance on the cloud. It is theorically transparent (without impact to the user). Online live migrations from a server to another are typical operations of this kind. In rare cases, those operations may trouble user’s production. CC-IN2P3 commits to restore impacted resources as soon as possible and notify the event to users. CC-IN2P3 will not notify those maintenances in advance.
- Shutdown of user resources : in some exceptionnal cases, maintenance requires a complete shutdown of the cloud. That may happen conducting heavy operations on vital components of the facilities such as power distribution or network backbones… CC-IN2P3 commits to notify a month in advance such operations and limit the intervention in time to a maximum of 2 days. These outages will take place on a predetermined schedule (one per trimester) publicly available on the Users portal.