Computing & Cloud
This Section covers all commercial IaaS services available in the CREODIAS Platform. We discuss all services, the relevant Price List, comparison to other leading commercial IaaS platforms, most common use cases with their budgeting. CREODIAS operates on two independent public cloud regions, CF2 and WAW3-1 with plans to expand to two more location in the coming year. Each region has its own set of services and prices.
Summary of servicesWe offer several main categories of commercial services:
- Computing services comprise: cloud based Virtual Machines (VMs), dedicated baremetal servers, containers, operating system and software images; The size of the resources will be increased with the Users’ needs;
- Storage related service comprise: volume storage (divided into magnetic HDD storage, solid state fast SSD storage, HDD storage placed in remote locations (Warsaw, Frankfurt), backup solution (in remote locations), image service (OpenStack Glance), snapshots, object storage and free access to Earth Observation (EO) big data storage with satellite data and additional data services like data disk upload and download;
- Data related services comprise: free CREODIAS Data Offer interface and EO Browser, extended OGC WMS processing of EO Data (as opposed to basic OGC WMS service which is a part of a free CREODIAS Data Offer), and Catalogue Services.
- Virtual networking services comprise: virtual networks, virtual routers, Internet connectivity, public IP numbers, Load Balancer as a Service virtual (LBaaS) appliance, fixed bandwidth Internet connectivity;
- Security services comprise: authentication and authorization service (OpenStack Keystone), access groups, Firewall as a Service (FWaaS) virtual appliance, VPN as a Service (VPNaaS) appliance, software upgrades.
- Additional services comprise currently: cloud orchestration solution, general reporting and monitoring services, direct data connections to the platform, data marketplace application, elements of application marketplace, engineering support and engineering consulting and project implementation
CREODIAS offers services in many public Openstack based cloud instances. Although each of these clouds is fully separated and can operate independently they share the same billing and user management. All public cloud instances have the same level of access to EODATA. In each cloud user can run similar services but they may have different prices depending on instance location.
All services are offered to Tenants/Users/Third Parties (TPs). Every Tenant/TP obtains his own Service Environment which is fully separated from other Tenants/TPs. In the framework of his Environment a Tenant at service start-up obtains predefined Projects and basic Users. A Tenant is free to create his own additional Projects and Users. In this sense – a Tenant is usually related to an organization, Users are physical persons within this organization and Projects are related to projects run by the organization. This model provides on one hand full security of Tenant data and application on the other hand a high flexibility when realizing needs.
Services can be managed interactively via the so called Cloud Dashboard (OpenStack Horizon) and the User Portal. Simultaneously services can be configured and managed via an extensive REST API mechanisms (OpenStack API, Finder API, billing API).
The rich API management together with modularity of the service offer make our platform ideal as building blocks for other organizations. These building blocks can be connected together to build many complicated processing and web service environments.
All services are offered on 24/7 basis.
Data and ICT building blocks
ICT and Data Services together with EO data available from the CREODIAS Data offer make up convenient building blocks for Third Party Users who want to create and offer their own Front End services on the CREODIAS Platform. All ICT service elements are based on the OpenStack open standard. ICT services include a rich set of resources such as Virtual and Bare Metal Machines, Storage Volumes, Virtual Networking and other cloud resources organized in separate secure customer environments.
They can be managed via a rich API and additionally organized using script orchestration. Data Services include tools and API-s to search, aggregate, dynamically process and access earth observation data in a variety of ways including object access API (Swift), filesystem interface and OGC standard WMS/WMTS/WCS web services.
Applications and services built on the basis of these blocks can communicate with one another with the use of html REST APIs or any other means selected by the application developers. Data Collections supplied or created by Third Party users can be published in the CREODIAS data catalog and made available to other Users using the same mechanisms as the standard CREODIAS Data Collections.
All these elements provide a secure, interoperable environment for the buildup of new services by Third Party Users. Such new services are again available via REST APIs and can be again used as complex building blocks. With the use of such environment not only Third Party services can be constructed but they can be connected into more complicated value chains.
The general elements (building blocks) of the platform from the point of view of the Third Party User are presented in the picture below:
Figure 1 - CREODIAS Services overview
Detailed service description
Resource provisioning, Environment administration and User management
The CREODIAS Platform administration is managed by two different web applications: the CREODIAS Platform Customer Portal and the Cloud Dashboard.
In order to receive access and use CREODIAS Platform services, a customer company/organization must be registered on the CREODIAS Platform Customer Portal. Registration can be performed online or by making an offline request to CloudFerro. During registration, a customer account is created in the Customer Portal and an Administrative Domain is created for the customer in the Cloud Dashboard (OpenStack Horizon). A Domain Administrator account is also created in the Cloud Dashboard. Some initial (free) resources (like initial Project, Private Network, Internet Network) are also created to ease the initial setup of the services for the Tenant.
The Administrator can access the Customer Portal to get access to services in Fixed Term mode. The Customer Portal also allows the administrator to browse the service catalogue, check the pricing and billing information. The Tenant can also manage his administrative data, contact the support, check billing and invoices. The Tenant can also login to the Cloud Dashboard to create Projects, manage Users, Roles and Resources within his Administrative Domain.
Each Project encompasses a separate virtual environment composed of different Resources such as VM-s, Volume Storage, etc. Accounts are attributed to individual Users (persons). There may be several User accounts within a Project. The same User can participate in many Projects. Users who were given appropriate Roles by the Domain Administrator can access Resources (such as VMs, Volume Storage, Virtual Networks) within their Projects and perform certain actions on them (such as provisioning a new Virtual Machine, attaching a Storage Volume to a VM, performing Snapshots, backups etc). The scope of actions a User is allowed to perform depends on his Role(s). Roles can be assigned with a Project or Domain scope.
User authentication is being performed by the OpenStack Keystone standard authentication mechanism which can be interfaced to the mechanisms of ESA and Third Parties. This way a single sign-on functionality can be provided. User’s credentials and identity information is managed with Customer Portal while the Roles and access to Domains and Projects is managed within the Cloud Dashboard.
The CREODIAS Platform architecture allows the connection of a different authentication backends for every Administrative Domain. This functionality could allow different customers (such as TEPs) to use their own authentication mechanism.
All the administrative functionality available in the Dashboard is also available through Openstack’s REST API and associated command line tools. This allows for easy scripting and automation of service provisioning.
More detailed information on identity, User and service management can be found in OpenStack administration guide.