Birthright Cloud User Policy

Oak Ridge National Laboratory's (ORNL) Compute and Data Environment for Science (CADES) now provides eligible customers with an OpenStack cloud computing solution with customizable virtual machines (VM). This new resource, called "Birthright Cloud," enables customers in science and technology directorates to leverage self-service portals to rapidly request these VMs for production, testing, and development.

Cloud computing provides an efficient pooling of on-demand, self-managed virtual infrastructure, consumed as a service. The OpenStack platform used here is an open-source cloud computing software solution that allows the creation of individual "Project" allocations for each user. Users can then fill these Project allocations with their own VMs without further intervention from CADES administrators—a true self-service implementation.

The CADES OpenStack Birthright Cloud allocations provide:

• Self Service – Through the Horizon web interface, users can create, manage, and delete VMs.
• Portability – Operations can be performed using any local system that provides a Bash terminal and SSH functionality.
• Elasticity – Users can create VMs on demand and delete them when they are no longer needed.

Disclaimers

If a concept or feature is not explicitly described within this policy, then it is not explicitly supported by the CADES team.

The only official copy of this document is this online electronic version found on http://support.cades.ornl.gov.

This policy is subject to change.

Acceptable Use

Computers, software, and communications systems provided by CADES are to be used for work associated with, and within the scope of, an approved project. The use of CADES resources for personal or non-work-related activities is strictly prohibited. All computers, networks, email, and storage systems are property of the US Government. Any misuse or unauthorized access is prohibited and is subject to criminal and civil penalties. CADES systems are provided to users without any warranty. CADES will not be held liable in the event of any system failure or data loss or corruption for any reason, including, but not limited to: negligence, malicious action, accidental loss, software errors, hardware failures, network losses, or inadequate configuration of any computing resource or ancillary system.

User Responsibilities

All Birthright Cloud users must comply with ORNL security rules and with the following:

• All operating system patches must be applied according to ORNL patching requirements.
• If user-sourced software images are uploaded, the user is responsible for keeping a copy of the image in case of accidental deletion or corruption.
• No moderate/confidential data should be mounted or copied to the VMs. Open science only.
• VMs should be removed from your OpenStack Project when they are no longer needed.
• VM operating systems must be updated or migrated before they reach an end-of-life development status.

Application for Resources

Birthright Cloud allocations are available to ORNL research and technical staff, by request, through CADES. The request is made through the ORNL XCAMS portal and requires your UCAMS ID. An activation notice will be sent when your resources are ready for use. CADES reserves the right to throttle access to Birthright Cloud allocations as resource constraints require.

📖   How to: Request Your CADES Birthright Cloud Allocation

Authentication and Authorization

Users can access their Birthright Cloud allocation using a web-based GUI called "Horizon.” See the Birthright Cloud user guide for details.

📖   How to: Manage Your OpenStack Project in Horizon

Users are prohibited from changing or circumventing access controls to allow themselves or others to perform actions outside of their authorized privileges. In the event that an account is compromised, users must notify the CADES support team (cades-help@ornl.gov) immediately.

Users should also promptly inform the CADES cloud support team of any changes in their contact information (email, phone, affiliation, etc.). For Cloud-specific help requests, meaning those conserning the OpenStack VMs, ORNL staff should use the Service Now form, and external Cloud users, who do not have access to ORNL’s internal networks, should send cloud help requests via email to orcloud@ornl.gov.

The CADES team reserves the right to terminate accounts if any terms of this policy are violated.

Note: DO NOT share your credentials, passwords, private keys, or certificates, with anyone.

Account Access Maintenance

ORNL staff who have been granted a Birthright Cloud allocation have indefinite access to these resources for the duration of their time at ORNL and/or for as long as these resources are made available through CADES.

As underlying technologies and platforms change, users may be required to perform account access maintenance as needed.

Access at the End of a Project

When a user leaves ORNL, their Birthright Cloud allocation will close out, which results in the termination of account access and deletion of any remaining VMs running in their allocation. The user should move or save any data that he or she wishes to keep before leaving ORNL.

Computing Policy

CADES provides public VM images for Birthright Cloud customers. These images have been customized for better integration into both the ORNL environment as well as the user's scientific workflow, and are the only images fully supported by CADES. CADES will not provide support for user-provided images. If you still want to run a custom cloud image, or if you would like to inquire about migrating an image from an existing VM resource, please contact the CADES support team. For Cloud-specific help requests ORNL staff should use the Service Now form, and external Cloud users, who do not have access to ORNL’s internal networks, should send cloud help requests via email to orcloud@ornl.gov.

Because of the highly heterogeneous hardware architecture of CADES resources (in terms of processors, network interconnects, and disk technologies), and the fact that some of these resources are shared or may be overcommitted, CADES provides no guaranteed minimum performance level. However, if your application requires a certain level of performance that you have not been able to obtain using your Birthright Cloud allocation, please contact the CADES cloud support team. For Cloud-specific help requests, ORNL staff should use the Service Now form, and external Cloud users, who do not have access to ORNL’s internal networks, should send cloud help requests via email to orcloud@ornl.gov.

Storage Policy

The Birthright Cloud allocations, like other cloud solutions available on the market, provide a fungible resource that is subject to certain reliability constraints. Valuable data should be stored on a secondary storage solution, not exclusively on a user’s Birthright Cloud VM Instance.

No moderate/confidential data should be mounted or copied to your Birthright Cloud VM Instance. Birthright Cloud VM Instances are for open science.

Storage Allocation

From inception, each Birthright Cloud allocation has a set storage quota. CADES reserves the right to change this storage quota at any time. See the Birthright Cloud User Documentation for details.

If a user requires more storage for their allocation, he or she can submit a proposal to the CADES Resource Utilization Council to request a storage quota increase. This proposal should describe the amount of storage desired and the scientific goal and merit of the work being performed using the CADES Birthright Cloud allocation. These requests will be reviewed by the council on a case-by-case basis.

Data Retention

When a project ends and a Birthright Cloud allocation is closed out, account access is terminated, and any remaining VMs and their associated data are deleted. Users are responsible for moving or saving any data that they would like to keep before their project ends and their allocation is closed out.

Backups

The Birthright Cloud allocations, like other cloud solutions available on the market, provide a fungible resource that is subject to certain reliability constraints. Valuable data should be stored on a secondary storage solution, not exclusively on a user’s Birthright Cloud VM Instance.

At this time, there are no CADES-supported provisions for automatic backups of the VMs or their data. The user is responsible for backing up data and instances to their desired secondary storage solution.

Purge Policy or Quota

From inception, each Birthright Cloud allocation has a set quota, and CADES reserves the right to change this storage quota at any time. See the Birthright Cloud user documentation for details.

📖   How to: View your OpenStack Project Quota

If a user requires more resources for their allocation, he or she can submit a proposal to the CADES Resource Utilization Council to request a quota increase. This proposal should describe the resources desired (RAM, CPUs, storage) and the scientific goal and merit of the work being performed using the CADES Birthright Cloud allocation. These requests will be reviewed on a case-by-case basis.

Special Requests and Policy Exemptions

Users can request policy exemptions by contacting the CADES cloud support team: ORNL staff should submit cloud exemption requests to Service Now form, and external cloud users, who do not have access to ORNL’s internal networks, should send cloud requests via email to orcloud@ornl.gov. Requests are subject to review by the CADES Resource Utilization Council.

Acknowledging CADES

The following acknowledgment should be included in publications and presentations that contain work performed using CADES resources.

This research used resources of the Compute and Data Environment for Science (CADES) at the Oak Ridge National Laboratory, which is supported by the Office of Science of the U.S. Department of Energy under Contract No. DE-AC05-00OR22725.