The European Weather Cloud (EWC) is connecting cloud environment of ECMWF and EUMETSAT into a larger entity, providing seamless access to online data, functions, and services from both organisations. The key assets of the EWC are to provide data proximate computing facilities and the meteorological community to boost the development.
The EWC is available for Member States (NMHS and nominated organisations, for Official Duties), EUMETSAT SAFs, European meteorological organisations (e.g., EUMETNET), and research entities aligned with EUMETSAT's mission and EUMETSAT Member State.
The service consists of cloud resources provided by EUMETSAT and ECMWF and controlled by cloud management software Morpheus. Users can deploy and manage virtual machines (VM) and the application environment to the both clouds (EUMETSAT and ECMWF) regardless of their tenancy location.
Users deploy their own applications and are responsible of the maintenance and the application environment operated in the EWC. Terms and Conditions including eligibility to use the service, roles, and responsibilities are available at:
Cloud Management Services
EWC also offers services for cloud management. These are provided via Morpheus API/GUI.
Virtual environment provisioning
All resources can be deployed via Morpheus UI and via CLI / Rest API. The offered features may evolve along with Morpheus service offering development.
- Tenant Provisioning: EWC allows a provisioning a set of resources to a tenant administrator (in the remaining referred only as tenant).
- Virtual Machines: Tenants can deploy VMs and have full control over the deployed VMs on the resources allocated to them. The resources used by this infrastructure are taken from the ones allocated to the organization (billing unit budget & quota). Users also have the option of cloning VMs, which provides them with an identical deployment to one already running.
- Virtual Private Networking: Tenants can deploy virtual networks inside their tenancy, to isolate traffic between VMs. EWC offers, as part of this service, virtual routing, security groups, floating IPs and DNS services.
- Load Balancer: EWC tenants can also deploy a load balancing service between their VMs, which balance traffic between two or more VMs.
- Block Storage provisioning: Users can provision block storage volumes, which can be mounted to a single VM at the time.
- Object Storage provisioning: Tenants can deploy object storage capacity as buckets and store their data into the buckets. Tenants can create access keys with read-only or read-write permissions and control the access on bucket level (using bucket policies) and object level (using ACL). The access can be restricted to the tenancy or specific IP-address/range, accessible from internet or the buckets or objects can be made public. The object storage supports SWIFT- and S3-interface and public buckets also https-interface.
- Shared File System provisioning: Users can provision Shared File System (SFS) storage, which can be mounted to several VMs simultaneously within the tenancy.
Tasks and workflow management
Users can define tasks containing shell scripts and ansible playbooks. This functionality enable users deploying infrastructure as code, including software provisioning, configuration management, and application deployment functionality. The tasks can include runtime and provisional workflows. Tasks and workflows can be executed in the running VMs or during deployment respectively. The workflow execution can be triggered from the UI and from the CLI / Rest API. The tasks and workflows can be fetched from user defined GIT repository via integrations.
Secret management (Cypher)
Morpheus can store secrets, through a built in functionality that also integrated with the shell and ansible scripts described in the previous section. Morpheus offers this functionality through Cypher. The stored secrets can be revoked either manually or automatically after a timeout.
Cypher supports the following types of data:
- Secret: Secure storage for sensitive values like passwords and API keys.
- Password: Dynamically generate a password of configurable character length.
- UUID: Dynamically generate a universally unique identifier.
- Encryption key: Dynamically generate a symmetric key pair.
Backups
Morpheus can take and restore snapshots of VMs used as backups. This solution, which is built-in for Morpheus, provides VM, Volume and Storage Provider Backup, Snapshot and Replication capabilities. Backups can be automatically configured during provisioning or manually created at any time, including custom Execution Schedules and retention counts. The backups can be restored over current Instances (restoring a snapshot) or as new Instances (replicating a VM), and downloaded or deleted from the system. EWC uses the existing S3 object storage to store the snapshots.
Blueprints and Instance types
Morpheus provides capability to create applications defined as ‘blueprints’ containing one or more VMs with possibly pre-installed software, pre-defined provisional workflows, network setup, and other resources. Users can create their own blueprints and instance types and/or use the catalogue. Notably, users are responsible for the maintenance and updates of all deployed instances and applications regardless of their origin (e.g. instance selected from the catalogue). Updates on the applications in the catalogue are not applied to the already running applications.
Monitoring
Morpheus (Cloud broker) provides monitoring features. Anything provisioned within Morpheus automatically gets a check created in the monitoring service.
Reporting
Reports show the tenancies in the system, including the resources assigned to each tenancy and its utilization, and have customized time ranges in this visualization.
Metering and Accounting Service
The European Weather Cloud Accounting and Metering Service (hereafter referred as Accounting Service) provides cross-cloud overview of resource usage of tenancies and Member States.
The accounting tool provides visualization tools including metrics, time series, graphs, and dashboards of all the accounting data gathered for end users, in the form of a GUI.
Expected service level
Following service level objectives are expected:
Service Element | Description | Target | Notes |
---|---|---|---|
Infrastructure | |||
Expected availability of deployments and reachability of the VM/service | The availability of the deployed resources including the whole virtual environment explained above. This availability also includes reachability of the VM/service from Internet. | 99% | Measured over a month, excluding planned service interruptions |
Availability of Cloud Management Services services (see above) | The EWC tools such as the provisioning portal, metering and accounting services, etc. | 99% | Measured over a month, excluding planned service interruptions |
Support | |||
Time to first response | Lead time to respond to the ticket and start the task | 1 day on business hours | |
Time to resolution of service request | Time to the resolution of the service request including support requests and service change requests | 8 business days | |
Time to resolution of incident | Time to the resolution of the incidents | 1 business day for blocking incidents 3 business days for major incidents | |
Lead time to on-board | Lead time to on-board new user counted from the approval by Computing Representative / R&D project and Special Project acceptance | 3 business days (after approval) |