Quick Guide: Difference between revisions
Jump to navigation
Jump to search
m Sia moved page Quick Quide to Quick Guide without leaving a redirect |
No edit summary |
||
| Line 2: | Line 2: | ||
* Access to bwCloud-OS requires an active account from a '''bwIDM'''-participating institution. | * Access to bwCloud-OS requires an active account from a '''bwIDM'''-participating institution. | ||
* Your account must include a valid '''bwCloud entitlement''', assigned by your '''home institution'''. This is usually automatic. If missing, contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements. | * Your account must include a valid '''bwCloud entitlement''', assigned by your '''home institution'''. This is usually automatic. If missing, contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements. | ||
* Log in once to the Dashboard to activate your profile. Setup is automated via bwIDM. | * Log in once to the [https://dashboard.bw-cloud.org/ Dashboard] to activate your profile. Setup is automated via bwIDM. | ||
* After login, select your '''home region''' as described [[Registration#What is a "home region"?|here]] to begin using bwCloud-OS. | * After login, select your '''home region''' as described [[Registration#What is a "home region"?|here]] to begin using bwCloud-OS. | ||
| Line 23: | Line 23: | ||
* Some ports are '''centrally filtered''' in certain regions and cannot be opened manually; details are listed in the [[Reference: Network – blocked/allowed ports.|port overview]]. | * Some ports are '''centrally filtered''' in certain regions and cannot be opened manually; details are listed in the [[Reference: Network – blocked/allowed ports.|port overview]]. | ||
* '''SSL certificates''' are not provided by bwCloud-OS, but can be obtained via services like '''Let’s Encrypt'''. | * '''SSL certificates''' are not provided by bwCloud-OS, but can be obtained via services like '''Let’s Encrypt'''. | ||
* If you suspect a '''security incident''', stop the affected VMs and open a support ticket immediately. | * If you suspect a '''security incident''', stop the affected VMs and open a [https://bw-support.scc.kit.edu/ support ticket] immediately. | ||
== Storage == | == Storage == | ||
| Line 33: | Line 33: | ||
== (Group-)Projects & Quota == | == (Group-)Projects & Quota == | ||
* Each bwCloud-OS project has predefined '''quotas''' for vCPU, RAM, storage, and networks. Quota increases can be requested via the | * Each bwCloud-OS project has predefined '''quotas''' for vCPU, RAM, storage, and networks. Quota increases can be requested via the [https://bw-support.scc.kit.edu/ bwSupportPortal]. | ||
* '''Group projects''' allow shared access to resources. Members can manage instances collaboratively. Quotas can be assigned in multiple regions. Every group project requires a named '''owner''' as the primary contact. | * '''Group projects''' allow shared access to resources. Members can manage instances collaboratively. Quotas can be assigned in multiple regions. Every group project requires a named '''owner''' as the primary contact. | ||
* Instances cannot be '''moved between projects''' directly. Use snapshots and volume transfer as described [[Storage#Download Volumes or Images|here]]. | * Instances cannot be '''moved between projects''' directly. Use snapshots and volume transfer as described [[Storage#Download Volumes or Images|here]]. | ||
Revision as of 15:36, 16 October 2025
Registration
- Access to bwCloud-OS requires an active account from a bwIDM-participating institution.
- Your account must include a valid bwCloud entitlement, assigned by your home institution. This is usually automatic. If missing, contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements.
- Log in once to the Dashboard to activate your profile. Setup is automated via bwIDM.
- After login, select your home region as described here to begin using bwCloud-OS.
Instances (VMs)
- Instances can be created via the Dashboard wizard, select: name → image → flavor → network → SSH key → launch.
- Existing instances can be resized to larger flavors. Always back up important data beforehand, as the VM will reboot during the process.
- To access your bwCloud-OS virtual machines, you must register an SSH key pair and assign it when creating instances.
Network
- Each bwCloud-OS instance automatically receives a public IP address, valid for its entire lifetime (until deletion).
- Instances are also assigned a persistent FQDN based on their UUID and region.
- Domain hosting is not provided, but you can point your own domain to the instance’s FQDN using a CNAME record.
Security
- By default, VMs in bwCloud-OS are only accessible via SSH (port 22); all other ports are initially closed for security reasons.
- Additional ports (e.g. HTTPS/443) can be opened via Security Groups in the Dashboard — changes take effect immediately without a reboot.
- Some ports are centrally filtered in certain regions and cannot be opened manually; details are listed in the port overview.
- SSL certificates are not provided by bwCloud-OS, but can be obtained via services like Let’s Encrypt.
- If you suspect a security incident, stop the affected VMs and open a support ticket immediately.
Storage
- If you need more storage, create and attach additional volumes — root disks cannot be enlarged. Using a larger root disk via special flavors is also not recommended in general.
- All data is stored redundantly (e.g., 3× replication in Ceph), but no automatic backups are performed — you are responsible for your own data protection.
- Back up your data regularly using snapshots or by downloading volumes/images via the OpenStack client as explained here.
(Group-)Projects & Quota
- Each bwCloud-OS project has predefined quotas for vCPU, RAM, storage, and networks. Quota increases can be requested via the bwSupportPortal.
- Group projects allow shared access to resources. Members can manage instances collaboratively. Quotas can be assigned in multiple regions. Every group project requires a named owner as the primary contact.
- Instances cannot be moved between projects directly. Use snapshots and volume transfer as described here.
Automation & Tools
- Experienced users can create Application Credentials (tokens) to enable CLI or programmatic access.
- Automation tools like Ansible or Terraform can be used to streamline instance deployment and configuration.