Entitlements in bwCloud-OS

From bwCloud-OS
Revision as of 10:31, 15 December 2025 by As1844 (talk | contribs)
Jump to navigation Jump to search
⚠️ Please Note: This page is currently under development.
This page is about the entitlements for the bwCloud-OS NG. Please visit entitlements for bwCloud-SCOPE for the legacy information.

In a Nutshell
  • is a information string, given by the home organization
  • a customer can use the entitlements to allow their members to consume in the bwCloud-OS and to control eventual costs.

Entitlements in bwCloud-OS define who can access the platform (Access Control), how many resources they may use (Quota flavors), and under what conditions (Eligibility).

Every member of a higher education institution in Baden-Württemberg has a personal account. If the institution participates in the federated identity management system (bwIDM), its members can also apply for the external service bwCloud-OS, by providing additional information. This is handled through the assignment of eduPersonEntitlement, to the user's account.

All entitlements are issued and managed by the user’s home institution and play a central role in how the platform is used and funded. These decisions are made exclusively by the user's home institution. The bwCloud-OS team has no authority to grant access or resources without an official entitlement.

Motivation

Access Control

Accessing the bwCloud-OS requires a registration in advance. The entitlement bwcloudos_access determines, besides other criteria, whether a user is allowed to access / register for the bwCloud-OS at all.

Automated Registration

Registration is streamlined through entitlements:

  • Entitlements are automatically evaluated during registration.
  • Users receive immediate access and resources once their entitlement is confirmed. No manual activation is required.

Cost Allocation and Funding Model

Entitlements also help define who is financially responsible for resource usage. To ensure sustainable operation and future hardware/software upgrades, bwCloud-OS is moving toward a cost allocation model.

  • The user’s institution is responsible for:
    • Verifying users have access to funding.
    • Covering the collective costs for all users from that institution.
  • bwCloud-OS will generate aggregated usage reports and invoices per institution—no individual billing.

Entitlement structure

An entitlement persists out of two parts, the Quota flavors and optionally the Eligibility: 

urn:geant:bwcloud-os.de:group:QUOTA_FLAVOR[:ELIGIBILITY]

bzw. 

urn:geant:bwcloud-os.de:group:<quota_flavor>[:<cost_center_id>:<first_day_valid>:<last_day_valid>:<max_booking_units>]

The valid syntax is described in the sections below.

Example Entitlements

Example 1

Granting a user to request quota for a project up to the medium flavor. 

urn:geant:bwcloud-os.de:group:bwcloudos_medium_1

Example 2

Allow a user to request quota for a large project, but this is terminated up to the end of 2026 and can maximally produce 5000 booking units. All generated booking units will be charged under the bill position student. 

urn:geant:bwcloud-os.de:group:bwcloudos_large_1:student::2026-12-31:5000

Example 3

A tiny project can be requested. The consumed booking units will aggregate under the position for the technical_faculty. 

urn:geant:bwcloud-os.de:group:bwcloudos_xtiny_1:technical_faculty:::

Special Entitlements

There is also the Entitlement bwcloudos_access that is further described in Access Control via Entitlements.

Entitlement Note
bwcloudos_access Allows the registration for the bwCloud-OS via RegApp

Quota flavors

The supported quota packages are described in the table below.

List of supported quota flavors
quota flavor Note
bwcloudos_empty Default case. User can’t generate costs.
bwcloudos_tiny_1
bwcloudos_xtiny_1
bwcloudos_medium_1
bwcloudos_xmedium_1
bwcloudos_large_1
bwcloudos_xlarge_1
bwcloudos_custom User can choose the quota to be requested.

Each quota flavor is associated with resources granted to Projects.

Resources associated with each quota flavor
Entitlement instances cores ram_gb volumes volumes_gb backups backups_gb networks subnets routers floating_ips
bwcloudos_empty 0 0 0 0 0 0 0 0 0 0 0
bwcloudos_tiny_1 1 1 1 10 100 30 300 10 10 1 0
bwcloudos_xtiny_1 2 2 2 10 100 30 300 10 10 1 0
bwcloudos_medium_1 4 4 4 20 200 60 600 10 10 1 1
bwcloudos_xmedium_1 8 8 8 20 200 60 600 10 10 1 1
bwcloudos_large_1 16 16 16 40 400 120 1200 20 20 2 2
bwcloudos_xlarge_1 32 32 32 40 400 120 1200 20 20 2 2
bwcloudos_custom * * * * * * * * * * *

Eligibility

Structure

Optionally, the following structure for Eli may be used to provide further information and define conditions for the quota flavor. 

<cost_center_id>:<first_day_valid>:<last_day_valid>:<max_booking_units>

This JSON needs to be utf-8 and base64 encoded.

Detailed

⚠️ Attention: Comments are not allowed by JSON and must be removed to provide a valid data structure! 
{
  # Optional: Define eligibilities
  "eligs":
  [
    # First eligibility
    {
      # Optional: The ID/ name of your cost center. The fallback is to address this to the
      #           'home organization' of the entitlement owner.
      "cc_id": "COST_CENTER_ID",
      
      # Optional: Day with that, this eligibility starts to be valid. Default behavior is
      #           valid from day one.
      "first_val": "YYYY-MM-DD",
      
      # Optional: Day after which this eligibility is no longer valid. Default behavior is
      #           valid until removed from the entitlement of the owner.
      "last_val": "YYYY-MM-DD",
      
      # Optional: Number representing consumable booking units, after which this
      #           eligibility is no longer debitable for this user. Default behavior is
      #           unlimited.
      "max_bu": "INTEGER"
    },

    # Next eligibility
    {
    ...
    }
  ]
}
Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Entitlements_in_bwCloud-OS&oldid=1550"