This page explains the bwIDM entitlements required to use bwCloud-OS and their impact on access, resources, and operating rules. Entitlements are currently under revision and might change soon.

Every member of an institution (university, college, PH, HAW, etc.) in Baden-Württemberg has a personal account to log in to and use the IT services provided by the institution. If the institution is a member of the federated identity management of Baden-Württemberg universities bwIDM, then associates of this institution can apply for further IT services offered by other institutions.

To enable these external IT services to identify the user, certain personal data is transmitted during registration and/or use of the service. The federated Identity management also ensures through the mutual trust model that the external IT service knows that the user really exists at the respective institution (validation of the account).

Within the context of the bwIDM Federation, the participating institutions have agreed on a minimum data set, which is transmitted to the external IT service. This data record includes, for example Attribute like eduPersonalPrincipalName, mail or givenName. These are so-called "standard attributes".

However, some IT services require specific information, such as whether a home institution is permitted to use a foreign IT service at all. This specific information can be added to the personal account of the user(s) through the assignment of an additional special attribute (eduPersonEntitlement).

To use the bwCloud-OS you need a bwCloud entitlement. A detailed overview of the current regulations on entitlements can be found here.

'''Note:''' The specific bwCloud-OS entitlements are currently under review and may be subject to change.

To find out which Entitlements are linked to an account, you can for example log into the "RegApp". When logging into a RegApp, an overview of the data to be transmitted is displayed. This overview also includes the supplied Entitlements (see screenshot).

The assignment of the entitlement is the sole responsibility of the respective home institiution. The bwCloud-OS team cannot add or remove entitlements to user accounts! In this case, please contact the central IT service department (computer center, IT service center, service center, ...) and request the assignment of the desired entitlement.

bwCloud-OS currently consists of four different operating sites = regions, which can be selected and administered via a common interface (dashboard). Each of the four operating sites acts as an independent region. This means: running instances in the Mannheim region receive an IP address according to the configuration of the Mannheim region. The IP address is specific to Mannheim and cannot move to another region. The region selection can be changed as described here.

Each user in the bwCloud-OS is initially assigned a home region during the setup. For users from the four operating locations this assignment is of course trivial. For users from other locations we have oriented ourselves to the network topology of the BelWü. The goal of the current assignment is the shortest possible connection of the respective location to one of our operating sites.

For users, the assignment is usually not relevant. A table with the assignment can be found here.

In the left half of the top navigation bar in the dashboard you can click on a drop-down menu to display the regions. The currently selected region is marked with a tick. A click on the respective region switches there.