The European Weather Cloud (EWC) connects the cloud environments of ECMWF and EUMETSAT into a larger entity, providing unified access to online data, functions, and services from both organisations. The key feature of the EWC is the provisioning of data proximate computing facilities to the meteorological community to boost their developments, ease access to large datasets and potentially support their operational services
The EWC is available for Member and Co-Operating States of EUMETSAT and ECMWF for Official Duty Use (NMHS, or groups of NMHSs, and other nominated organisations carrying official duties), as well as a number of identified purposes in support of EUMETSAT and ECMWF's mission (e.g. usage by the EUMETSAT Satellite Application Facilities, or in the context of specific annual R&D calls or calls for special projects).
The service consists of cloud resources provided by EUMETSAT and ECMWF and controlled by a cloud management portal hosted at both ECMWF and EUMETSAT. Users are given an account (tenancy) on one of these portals, and can deploy and manage their virtual resources and application environments to both cloud infrastructures (EUMETSAT and ECMWF) regardless of the home location of their tenancy.
Users deploy their own applications and are responsible for the maintenance and the application environment they operate in the EWC. Terms and Conditions including eligibility to use the service, roles, and responsibilities are available at: Terms and Conditions for the Use of European Weather Cloud Operational Service
Cloud Management Services
EWC offers services for cloud management. These are provided via the Morpheus API/GUI (see https://morpheusdata.com/ for general information).
Virtual environment provisioning
All resources can be deployed via Morpheus UI and via CLI / Rest API. The offered features may evolve along with Morpheus service offering development.
- Tenant Provisioning: EWC allows the provisioning of a set of resources to a tenant administrator (in the remaining referred only as tenant).
- Virtual Machines: Tenants can deploy VMs, and have full control over the deployed VMs, on the resources allocated to them. The resources used by this infrastructure are taken from the ones allocated to the organization (billing unit budget & quota). Users also have the option of cloning VMs, which provides them with an identical deployment to one already running.
- Virtual Private Networking: Tenants can deploy virtual networks inside their tenancy, to isolate traffic between VMs. EWC offers, as part of this service, virtual routing, security groups, floating IPs and DNS services.
- Load Balancer: EWC tenants can also deploy a load balancing service that allows them to balance the traffic between two or more VMs.
- Block Storage provisioning: Users can provision block storage volumes, which can be mounted to a single VM at the time.
- Object Storage provisioning: Tenants can deploy object storage capacity as buckets and store their data in these buckets. Tenants can create access keys with read-only or read-write permissions and control the access at bucket level (using bucket policies) and object level (using ACL). The access can be restricted to the tenancy or specific IP-address/range, accessible from the internet, or the buckets or objects can be made public. The object storage supports SWIFT- and S3-interface and public buckets with also https-interface.
- Shared File System provisioning: Users can provision Shared File System (SFS) storage, which can be mounted to several VMs simultaneously within the tenancy.
Tasks and workflow management
Users can define tasks containing shell scripts and Ansible playbooks. This functionality enables users to deploy their infrastructure as code, including software provisioning, configuration management, and application deployment functionalities. The tasks can include runtime and provisional workflows. Tasks and workflows can be executed in the running VMs or during deployment respectively. The workflow execution can be triggered from the UI and from the CLI / Rest API. The tasks and workflows can be fetched from user-defined GIT repository via integrations.
Secret management (Cypher)
Morpheus can store secrets, through a built-in functionality that is also integrated with the shell and Ansible scripts described in the previous section. Morpheus offers this functionality through Cypher. The stored secrets can be revoked either manually or automatically after a timeout.
Cypher supports the following types of data:
- Secret: Secure storage for sensitive values like passwords and API keys.
- Password: Dynamically generate a password of configurable character length.
- UUID: Dynamically generate a universally unique identifier.
- Encryption key: Dynamically generate a symmetric key pair.
Backups
Morpheus can take and restore snapshots of VMs used as backups. This solution, which is built-in for Morpheus, provides VM, Volume and Storage Provider Backup, Snapshot and Replication capabilities. Backups can be automatically configured during provisioning or manually created at any time, including custom Execution Schedules and retention counts. The backups can be restored over current Instances (restoring a snapshot) or as new Instances (replicating a VM), and downloaded or deleted from the system. EWC uses the existing S3 object storage to store the snapshots.
Blueprints and Instance types
Morpheus provides the capability to create applications defined as ‘blueprints’ containing one or more VMs with possibly pre-installed software, pre-defined provisional workflows, network setup, and other resources. Users can create their own blueprints and instance types and/or use the catalogue. Notably, users are responsible for the maintenance and updates of all deployed instances and applications regardless of their origin (e.g. instance selected from the catalogue). Updates on the applications in the catalogue are not applied to the already running applications.
Monitoring
Morpheus (Cloud broker) provides monitoring features. Anything provisioned within Morpheus automatically gets a check created in the monitoring service.
Reporting
Reports show the tenancies in the system, including the resources assigned to each tenancy and its utilization, and have customized time ranges in this visualization.
Metering and Accounting Service
The European Weather Cloud Accounting and Metering Service (hereafter referred as Accounting Service) provides a cross-cloud overview of resource usage of tenancies and Member States.
The accounting tool provides visualization tools including metrics, time series, graphs, and dashboards of all the accounting data gathered for end users, in the form of a GUI.
Expected service level
The following service level is expected:
Service Element | Description | Target | Notes |
---|---|---|---|
Infrastructure | |||
Expected availability of deployments and reachability of the VM/service | The availability of the deployed resources including the whole virtual environment explained above. This availability also includes the reachability of the VM/service from the Internet. | 99% | Measured over a month, excluding planned service interruptions. Maintenance windows are announced in EWC KB Blog |
Availability of Cloud Management Services (see above) | The EWC tools such as the provisioning portal, metering and accounting services. | 99% | Measured over a month, excluding planned service interruptions. Maintenance windows are announced in EWC KB Blog |
Support | |||
Time to first response | Lead time to respond to the ticket and start the task | 1 day on business hours | |
Time to resolution plan of service request | Time to assessment and to the resolution plan of the service request including support requests and service change requests | 8 business days | |
Lead time to on-board | Lead time to onboard an approved new user counted from the approval by the Computing Representative / R&D project and Special Project acceptance | 3 business days (after approval) |
Acronyms and definitions
Acronym | Definition |
---|---|
EWC | European Weather Cloud |
ECMWF | European Centre for Medium-Range Weather Forecasts |
EUMETSAT | European Organisation for the Exploitation of Meteorological Satellites |
NMHS | National Meteorological and Hydrological Service |
SAF | EUMETSAT Satellite Application Facility |
EUMETNET | https://www.eumetnet.eu/ |
VM | Virtual Machine |
API | Application programming interface |
GUI | Graphical user interface |
UI | User interface |
CLI | Command line interface |
DNS | Domain name server |
S3 | Simple storage system |
GIT | Version Control System |
Cypher | Secret Management System in Morpheus |
EWC KB | EWC Knowledge base |