Status of Document: This document describes the service Swedish Science Cloud, henceforth also referred to as SSC.
Resource webpage: https://cloud.naiss.se
1. The service
1.1 Overview
Swedish Science Cloud is a large scale, geographically distributed OpenStack cloud Infrastructure as a Service (IaaS), intended for Swedish academic research provided by NAISS. Swedish Science Cloud is funded by the Swedish Research Council (Vetenskapsrådet) through NAISS, and is available free of charge to researchers at Swedish higher education institutions through open application procedures. Other research infrastructures are also welcome to join SSC with a co-funding model with dedicated capacity. Platforms may be added to SSC in order to support the Swedish research community as seen fit by NAISS (PaaS).
1.2 Regions
Swedish Science Cloud consists of three regions that are geographically separated from each other (Umeå university/NORTH-1, Uppsala university/EAST-1 and WEST-1 at Chalmers/C3SE). Users by default have accounts in all locations and are in principle free to choose which region to use at their discretion. A user can access the regions through the Dashboard or by sourcing a credentials file that uses the appropriate region (API users). The regions are physically separated but harmonized to provide a consistent user experience. This means that robust services can be built by spreading redundant resources making up your system over different regions.
1.3 Foundation services
The service is based on the OpenStack cloud suite. OpenStack provides a large ecosystem of possible services, and not all of them are available in SSC. The Infrastructure services currently offered, henceforth referred to as the base services, are:
- Keystone (Identity)
- Horizon (Dashboard)
- Neutron (Networking)
- Glance (Image)
- Nova (Compute)
- Cinder (Block storage)
- Swift (Object storage)
- Heat (Orchestration)
The base services are offered in all regions with a harmonized user experience. Base services are offered at the service level described in Section 2, and supported as described in Section 4.
1.4 Productions services
Higher level services or platforms, PaaS, may be added at the discretion of the service provider, or after requests from other infrastructures.
1.5 Experimental services
In addition to the base service, some regions may offer experimental services to test new functionality or to support local user groups. In this case, these services are to be considered experimental, and maintenance and support will be provided only subject to availability and time.
1.6 Backup
There is no backup of user data or resources created by users, including but not limited to Virtual Machines (VMs), data stored on VMs, in volumes or in object storage, automation workflows and network configuration. Any important/critical data (such as code, scripts or results) has to be continuously exported to another storage medium or online backup facility.
1.7 Authentication
All authentication of users is done via SAML2 with SUPR as the identity provider. This means that any user authentication mechanism supported by SUPR can be used to access the Dashboard.
API access to the resources are handled using normal username / password via the identity manager. API user credentials are set separately via a self-service mechanism provided by SSC, and again SUPR is used to authenticate the user for setting passwords.
1.8 Authorization
All authorization is handled by the project PI in SUPR following standard procedures outlined in SUPR.
1.9 Accounting
Usage accounting is available in the SUPR portal (https://supr.naiss.se).
1.10 Architecture
The cloud architecture is designed according to current OpenStack best practices.
1.11 Service provider
This service is provided by NAISS, National Academic Infrastructure for Supercomputing in Sweden.
2. Service provider responsibilities
2.1 Opening hours
The service is offered as follows:
- Technical support is available between 9am – 3pm on business days except public holidays and bridge days.
- All other times: the service operates without technical support.
- Exclusions: service maintenance carried out during the announced maintenance period or unannounced downtimes in case of emergency security issues.
2.2 Support
User Support is provided, as described in Section 4.
2.3 Availability
Scheduled maintenance is announced at https://cloud.naiss.se/ at least five business days in advance. We reserve the right to do emergency maintenance with shorter notice if deemed necessary by the service provider. Other information of general interest in relation to the service, e.g. unplanned outages, is also available at the same place.
2.4. Service Dependencies
The cloud is designed for the regions to be autonomous and can operate independent of each other. An outage in one SSC region will not impact running instances in other regions.
The management layer of the cloud has dependencies on SUPR for the login functionality.
Malfunction of SUPR will prevent access to the Dashboard, and disable the password reset functionality, but will not affect API users or running services.
2.5 SLA
It is intended, as far as is possible, to maintain service availability for base services at all times apart from exclusions listed under 2.1. However, there are no formal targets.
2.6 Disaster Recovery
This service is classified as non-critical and will be recovered as soon as possible after all critical services have been recovered. Note that active resources such as Virtual Machines, and data, is not backed up. Although reasonable efforts to restore user data and active resources will be made, we do NOT guarantee that they can be recovered. If one region goes down, you may restart your service in another region, provided that you have the necessary information about your resource to install it there.
2.7 Backups
There is no backup of user data (Virtual Machines, Volumes, Workflows, Object Store et cetera). The OpenStack database is backed up on a daily basis in order to be able to restore functionality in case of a control plane failure.
2.8 Termination
Should the current Swedish Science Cloud service as a whole at some point in the future be terminated, the grace period defined in the current NAISS User Agreement applies.
3. Service user responsibilities
3.1 Suitability
Users are responsible for ensuring that this service is suitable for their needs; in particular that the service offers adequate security when transferring confidential or other private data, and that the service is sufficiently reliable for the intended use case. Explicitly, this service is not intended for data classified as personal data according to GDPR. If you need to handle sensitive information or personal data, please use the NAISS services set up for that purpose.
3.2 Regulations
Use of this service is subject to, and implies, acceptance of any applicable regulations, including but not limited to:
- Public Access to Information and Secrecy Act (OSL),
- The General Data Protection Regulation (GDPR)
- Law on Ethical Review of Research
- NAISS User Agreement
- Any local policy defined by the unit from which you use this service.
3.3 Reporting
Users should report any defect, malfunction, or performance degradation of the service promptly via SUPR (https://supr.naiss.se/support/) to enable remedial action to be taken.
3.4 Legality
Users must ensure that any submission of content to this service is legal and does not infringe any copyright applicable to the content.
3.5 Security
Users must adhere to security best practices. An up-to-date guide is maintained on the SSC resource web page.
3.6 Intended use
This service is intended only for scientific research not fit to run on traditional HPC-hardware. Some examples of this but not limited to are HTC-applications, container pipeline workflows, interactive compute jobs or simple post processing and visualization tools.
This service is not supposed to be used as research data backup service, research data repository service, long-term storage for research data, research data archiving service or research data preservation service, unless agreed differently.
3.7 Use of GPU:s
There are multiple variants of GPU:s available.
The T4 and A2 GPU:s are designed primarily for fast machine learning will produce high single-precision performance and are ideal for your AI training or if you need high inference performance.
If you need double-precision or if you have the need for large memory mapping we also have a few A100 GPU:s available in the cloud.
Please note that the GPU:s can not be shared between instances and even a shut off instance with a GPU-flavor will allocate and reserve the GPU so that no one else can use it.
Therefore it is important that you only assign the GPU-flavors to your instance when you actually are using the GPU, as described in Section 3.8.
3.8 Proper sizing of instances
The computing needs of your instances can vary over time and you should change the size of your instances depending on your needs to save resources and coins.
Worth noting is that the resources assigned to your instance are always reserved and will consume coins even if the instance is idle or shut off.
To prevent consumption of an unnecessary amount of coins you should always size your instance properly for the intended use.
You can very easy change the size of your instance at any time to add more cores, memory or add a GPU. All it takes is to resize the instance is to choose another flavor size and then reboot the instance.
There is a special flavor called “ssc.parked” that can be used if you intend to have instances shut down for longer periods that will set the reserved resources to a minimum, and when you have the need for the instance again you can resize it accordingly.
Resizing instances can also be completely automated using scripts, contact the support if you want more information on how to automate the cloud using the OpenStack API.
3.9 Project expiry
When a project in SSC expires, the PI is responsible for removing active resources, including virtual machines and any stored data, within the time frame communicated to the PI through the NAISS User Agreement. After this grace period, the service provider has the right to remove resources, including stored data, belonging to the expired project. Active resources (e.g. virtual machines) may be turned off as soon as the project has expired after due warning to the PI.
4. User Support
4.1 Procedures
User support for the service is provided by the NAISS Swedish Cloud Operation Team with the service levels outlined in Section 2. Up-to-date routines for operations and support are documented on the resource webpage.
4.2 Communication channels
For technical support and help on using SSC, users should submit requests via the support form in SUPR (https://supr.naiss.se/support/). In the case that this is not possible, requests can be sent to support@cloud.snic.se. All requests are tracked by the NAISS support system.
4.4 Information
Up-to-date information on the system status, information about new services and trainings, and general information, will be communicated at the SSC web site.
4.5 FAQ
Many questions can be answered by the information provided on the SSC resource webpage, in the official OpenStack user documentation, or through a global web search.
5.Document Review
This document is to be reviewed annually, and can be updated if the need arises.
A contemporary version of this Service Description is available on the SSC resource page.
Glossary
API Application Programming Interface
C3SE Chalmers Centre for Computational Science and Engineering
HPC2N High Performance Computing Center North
IaaS Infrastructure as a Service
PaaS Platform as a Service
PI Principal Investigator
SAML2 Security Assertion Markup Language, standard for security data exchange
SAMS Swedish Accounting and Metrics System
NAISS National Academic Infrastructure for Supercomputing in Sweden
SSC Sweidsh Science Cloud
SUNET Swedish University Network
SUPR Swedish User and Project Repository
SWAMID SWedish AcadeMic IDentity federation–säker identifiering
UPPMAX Uppsala Multidisciplinary Center for Advanced Computational Science
VM Virtual Machine