➡️ More information in the guide about Registration.

span id="bwIDM">

Every member of a higher education institution in Baden-Württemberg (university, college, PH, HAW, etc.) has a personal account for accessing the IT services provided by their institution. If the institution participates in the federated identity management system bwIDM, its members can also apply for additional IT services offered by other participating institutions.

To allow external IT services to identify users, certain personal data is transmitted via bwIDM to these services during registration and use of the service. Federated identity management ensures, through a model of mutual trust, that the external service can verify the user’s affiliation with their institution — confirming that the account is valid and the user is officially recognized. Within the bwIDM Federation, participating institutions have agreed on a minimum set of personal data that is transmitted to external IT services. This includes standard attributes such as eduPersonPrincipalName, mail, givenName or eduPersonEntitlement.

During the registration on bwIDM for the bwCloud-OS service, the following steps are streamlined:

1. A user registers himself*herself.
2. bwIDM requests the creation of a user account by the bwCloud-OS and forwards a set of user data.
3. The bwCloud-OS parses the user data, including given entitlements.
4. Based on these data, a user account and a start project is created. The quota flavor given in the entitlement defines the project quota. If more than one quota eligibilities are given, a random one is chosen. The eligibility can later on be changed.

📌 Note: The bwCloud(-OS) entitlement model is currently being restructured and subject to change.

➡️ More information in the guide about Entitlement & Eligibility.

• Flavor (or VM flavor) is a defined set of resources (core, RAM, storage) that be chosen as the size of an instance.
• Quota (or project quota) is the amount of resources (core, RAM, storage, network, volume, etc) a project ran consume or bind.
• Quota flavors is a defined set of project quotas that can be chosen as the size of a project.

• You need to set the access entitlement for all members.
• Every member needs a quota flavors to start using. It may be great to cover 95% of your use cases with this.
• For the other 5%, the power users, extra entitlements must be managed.

Not yet. You want a service where the owner of a cost center can define rules for rolling out eligibility? And you want to control who is allowed to manage which cost center and user group and is allowed to see what set of information? But this sounds like a complex service. You also would like to create rules based on information like the faculty of a student or if the employee is part of the library. But do you really want to forward all of this information to a service outside the scope of your institution?

There are plenty of questions the bwCloud-OS needs to address to their customers before it gets clear what kind of centralized service actually is needed and weather it will be accepted.

There is no entitlement required to become a member of an existing project. New project members can be added anytime.

No. A user with his eligibility can only be assigned to one project, {0,1}:1 mapping.

Only once, during the registration of a new user, automatically a (start-)project is created from a given eligibility. Afterward, a user needs to request a new project.

To inspect your personal data, open the bwIDM services and switch to the rider Shibboleth. Under urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement) you can see your entitlement.

The assignment of entitlements is exclusively managed by your home institution. The bwCloud-OS team does not have the authority to add or remove entitlements on user accounts. If your account lacks the necessary entitlement, please contact your institution’s central IT service department or service desk.

We are aware that you wish to budget, control, and manage your expenses. Therefore, we designed these features. However, currently we need to get used to a large set of new processes. If the bwCloud-OS accomplishes this, additional features will be supported.

In bwCloud-OS, a region refers to one of the four operating sites: Freiburg, Karlsruhe, Mannheim, and Ulm. Each region runs its own infrastructure but is accessible through a shared interface (Dashboard).

Resources such as virtual machines (VMs, instances), networks, and storage are bound to the region in which they are created. For example, an instance launched in the Mannheim region will receive an IP address from Mannheim’s specific IP range(s) — this address cannot be transferred to another region.

You can switch between regions in the Dashboard interface as described here.

In bwCloud-OS, each user is initially assigned a home region during account setup. For users from one of the four operating sites (Freiburg, Karlsruhe, Mannheim, Ulm), this assignment is straightforward. For users from other institutions, the assignment is based on the network topology of BelWue — aiming to route each user to the nearest operating site for optimal connectivity. However, you can apply for a project with resources (also) in other regions.

A table showing the current home region assignments can be found here.

You can select a region from the drop-down menu located on the left side of the top navigation bar in the Dashboard. The currently active region is marked with a checkmark. Simply click on a different region in the list to switch to it.