The European Weather Cloud (EWC) is connecting cloud environment of ECMWF and EUMETSAT into a larger entity, providing seamless access to online data, functions, and services from both organisations. The key assets of the EWC are to provide data proximate computing facilities and the meteorological community to boost the development.
The EWC is available for Member States (NMHS and nominated organisations, for Official Duties), EUMETSAT SAFs, European meteorological organisations (e.g., EUMETNET), and research entities aligned with EUMETSAT's mission and EUMETSAT Member State.
The service consists of cloud resources provided by EUMETSAT and ECMWF and controlled by cloud management software Morpheus. Users can deploy and manage virtual machines (VM) and the application environment to the both clouds (EUMETSAT and ECMWF) regardless of their tenancy location.
Users deploy their own applications and are responsible of the maintenance and the application environment operated in the EWC. Terms and Conditions including eligibility to use the service, roles, and responsibilities are available at:
Cloud Management Services
EWC also offers services for cloud management. These are provided via Morpheus API/GUI.
Virtual environment provisioning
All resources can be deployed via Morpheus UI and via CLI / Rest API. The offered features may evolve along with Morpheus service offering development.
- Tenant Provisioning: EWC allows a provisioning a set of resources to a tenant administrator (in the remaining referred only as tenant).
- Virtual Machines: Tenants can deploy VMs and have full control over the deployed VMs on the resources allocated to them. The resources used by this infrastructure are taken from the ones allocated to the organization (billing unit budget & quota). Users also have the option of cloning VMs, which provides them with an identical deployment to one already running.
- Virtual Private Networking: Tenants can deploy virtual networks inside their tenancy, to isolate traffic between VMs. EWC offers, as part of this service, virtual routing, security groups, floating IPs and DNS services.
- Load Balancer: EWC tenants can also deploy a load balancing service between their VMs, which balance traffic between two or more VMs.
- Block Storage provisioning: Users can provision block storage volumes, which can be mounted to a single VM at the time.
- Object Storage provisioning: Tenants can deploy object storage capacity as buckets and store their data into the buckets. Tenants can create access keys with read-only or read-write permissions and control the access on bucket level (using bucket policies) and object level (using ACL). The access can be restricted to the tenancy or specific IP-address/range, accessible from internet or the buckets or objects can be made public. The object storage supports SWIFT- and S3-interface and public buckets also https-interface.
- Shared File System provisioning: Users can provision Shared File System (SFS) storage, which can be mounted to several VMs simultaneously within the tenancy.
Tasks and workflow management
Users can define tasks containing shell scripts and ansible playbooks. This functionality enable users deploying infrastructure as code, including software provisioning, configuration management, and application deployment functionality. The tasks can include runtime and provisional workflows. Tasks and workflows can be executed in the running VMs or during deployment respectively. The workflow execution can be triggered from the UI and from the CLI / Rest API. The tasks and workflows can be fetched from user defined GIT repository via integrations.
Secret management (Cypher)
Morpheus can store secrets, through a built in functionality that also integrated with the shell and ansible scripts described in the previous section. Morpheus offers this functionality through Cypher. The stored secrets can be revoked either manually or automatically after a timeout.
Cypher supports the following types of data:
- Secret: Secure storage for sensitive values like passwords and API keys.
- Password: Dynamically generate a password of configurable character length.
- UUID: Dynamically generate a universally unique identifier.
- Encryption key: Dynamically generate a symmetric key pair.
Backups
Morpheus can take and restore snapshots of VMs used as backups. This solution, which is built-in for Morpheus, provides VM, Volume and Storage Provider Backup, Snapshot and Replication capabilities. Backups can be automatically configured during provisioning or manually created at any time, including custom Execution Schedules and retention counts. The backups can be restored over current Instances (restoring a snapshot) or as new Instances (replicating a VM), and downloaded or deleted from the system. EWC uses the existing S3 object storage to store the snapshots.
Blueprints and Instance types
Morpheus provides capability to create applications defined as ‘blueprints’ containing one or more VMs with possibly pre-installed software, pre-defined provisional workflows, network setup, and other resources. Users can create their own blueprints and instance types and/or use the catalogue. Notably, users are responsible for the maintenance and updates of all deployed instances and applications regardless of their origin (e.g. instance selected from the catalogue). Updates on the applications in the catalogue are not applied to the already running applications.
Monitoring (MON)
Morpheus (Cloud broker) provides monitoring features. Anything provisioned within Morpheus automatically gets a check created in the monitoring service.
Reporting (REP)
Reports show the tenancies in the system, including the resources assigned to each tenancy and its utilization, and have customized time ranges in this visualization.
Metering and Accounting Service
The European Weather Cloud Accounting and Metering Service (hereafter referred as Accounting Service) provides cross-cloud overview of resource usage of tenancies and Member States.
The accounting tool provides visualization tools including metrics, time series, graphs, and dashboards of all the accounting data gathered for end users, in the form of a GUI.
Expected service level
Following service level objectives are expected:
Service Element | Description | Target | Notes |
---|---|---|---|
Expected availability of tenants’ deployments and reachability of the VM/service | Reachability of the very simple service (e.g. ping) deployed into the EWC, probed from Internet. | 99% | Measured over a month, excluding planned service interruptions |
Availability of operational EWC services (see above) | The EWC (provisioning portal, storage services, etc.) shall be available at least 99% of the time (excluding the scheduled maintenance windows), measured over a month, excluding planned service interruptions. | 99% | |
Time to first response | Lead time to respond to the ticket and start the task | 1d on business hours | |
Time to resolution of service request | 8 business days | ||
Time to resolution of incident | 1 business day for blocking, 3 business days for major | ||
Lead time to on-board | 3 business days (after approval) |