The MPCDF HPC-cloud is a shared responsibility Infrastructure as a Service (IaaS) offering which the MPCDF provides for MPI projects. The HPC-Cloud opens up opportunities for rapid development and innovation but also requires a strong commitment from both MPI and MPCDF teams w.r.t the maintenance and operation of the cloud and the projects housed within it. Three roles cover the management and usage of cloud based projects. - MPCDF Cloud team - MPI Cloud Project admins - Research Users
MPCDF Cloud team: Administrators of the HPC-Cloud and MPCDF project enablers who consult with MPI Cloud Project Admins to provide HPC-Cloud based solutions.
MPI Cloud Project admins: Administrators appointed by the MPIs to manage their cloud project; deploy services in cloud, VMs, storage etc and act as first level support for the Research End Users
Research End Users: Generic users of the services put in place by the MPI Cloud Project admins. The researcher users may be from within the associated MPI or external users from collaborating partners (universities etc).
For each project the responsible MPI names one or more Cloud Project admins who take over the operational responsibilities for this project. The MPCDF Cloud team provides operational support for the cloud infrastructure and enabling support for cloud projects.
This leads to a shared responsibility model, the cornerstones of which are outlined below.
The usage of the HPC-Cloud requires that MPI project admins agree to the standard MPCDF/MPG terms of usage  and ensure that users of the cloud based services will equally comply with these standard terms.
The MPI project admins are responsible for several aspects of the cloud, these are outlined here and described in more depth below as well as in the general MPCDF Service Maintenance Agreement 2. - Security and Service maintenance - Backup and Recovery - Data Privacy and management of Sensitive Data - Obtaining Licenses for proprietary software - Managing the Cloud project including decommissioning the cloud resource and any associated migration at the end of the project - Providing first level support for Researcher End Users
Each MPI Cloud Project admin is required to agree to the terms and responsibilities which are detailed in this document.
Security and Service Maintenance The MPCDF cloud team is responsible for the security and maintenance of the cloud infrastructure.
The MPI Cloud Project admins are responsible for servers (Virtual Machines) and services which are deployed within the cloud. This includes tasks such as performing prompt and regular security patches as well as ensuring that services are scanned for possible security issues.
In addition to the general maintenance of the VMs and services MPI cloud project admins are advised to follow cloud management best practices e.g. follow the principle of least access privileges, and also to delete / decommission resources that are no longer needed.
Each MPI Cloud Project Admin will have full access to the cloud resources and the ability to create, modify and destroy them. Moreover, each researcher that is granted root access to a VM deployed within the cloud has elevated rights on the VM and is capable of installing and modifying software on the VM as well as accessing any attached data (filesystem). The MPI Cloud Project admins are responsible for providing and managing access to VMs.
Backup and Recovery
The HPC Cloud does not provide any automated backup of VMs, their associated data, or the object storage (buckets).
Data Privacy and Sensitive Data
The MPCDF HPC-Cloud does not provide services to manage sensitive data. Projects which aim to manage sensitive data will need to provide a project specific solution.
The MPI Cloud Projects admins are responsible for obtaining and managing licenses for any proprietary software, including operating systems, which is deployed within the cloud. In some cases licenses are available from the MPCDF or via the central software licensing service of the MPG (SOLI) 3.
Service Interventions and Scheduled Down times
The HPC-Cloud is provided in a manner which is analogous to the Linux clusters hosted at MPCDF. General maintenance activities will be announced in advance. However, short term interventions may occur, for instance when critical security related patching is required and when security incidents occur or preventative action is needed.
The HPC Cloud has been designed to support flexible and scalable computing and data solutions on a large scale. For services which depend on shared resources, including network, storage and “shared” compute, there are no performance commitments. However, while shared resources are the standard offered in the HPC Cloud a “dedicated” compute model is available for compute sensitive applications.
Support from the MPCDF cloud team is available during working hours via the helpdesk (https://helpdesk.mpcdf.mpg.de) or by email: email@example.com. To ensure timely responses can be made to support requests clear communication channels are to be set up for each project between the MPCDF cloud team and the MPI Cloud Project admins. The MPI Cloud admins are to act as first level support for their Research End Users.
Failure to observe any of the listed points or other actions that endanger the security and/or proper operations of the MPCDF infrastructure or other third-parties can result in a temporary or permanent suspension of the service.