On-premise Cloud Computing

The software ITS is using for Nebula, our on-premise cloud computing service, is Joyent Triton. This is a cloud-computing service similar to Amazon’s AWS. Unlike AWS, this service is based on servers and storage located in the Data Center at UCSC.

While designed to be robust, reliable, and secure, this service is not architected for high availability, or to house PII or HIPAA data. This service is best suited to group or department websites, self-managed developer sandboxes, and non-critical applications with relatively low processing, storage, security and resiliency requirements.

In this way, this new service is a complement to, and not a replacement for, the Virtual Hosting service.

Nebula uses operating-system virtualization to provide a high density of virtual machines that run SmartOS or container-native Linux. Non-container native operating systems like Windows, FreeBSD, and some Linux distributions are not supported.


Support Levels

Bronze:  With bronze support, the customer is fully responsible for the management of the guests, including compliance with existing University policies such as those for acceptable use and minimum network connectivity. Customers on bronze support will be initially limited to eight virtual machines; additional virtual machines can be made available by individual arrangement.  No central firewall filtering will be configured, but recommendations and instructions will be provided for Bronze customers for how to configure Host Based Firewalls.
Example:  An IT specialist builds and manages guests for a department.  Community support is available in case questions or issues arise.

Silver:  With silver support, the customer has primary responsibility for management and maintenance of the guests, including policy compliance. Customers on silver support will be initially limited to eight virtual machines, and provided six professional system-administration support cases per year.  These customers pay a flat monthly fee for support (one hour per month at the Managed Services rate).  Additional virtual machines or support cases are available by individual arrangement, and may result in additional costs to the customer.
Example:  An IT specialist builds and manages guests for a department.  Community support is available, and the specialist has contracted with DCO for professional support to fall back on in case of security, performance, or other issues.

Gold:  With gold support, the Data Center is responsible for managing the guests under the same “Managed Services” model as any other physical or virtual system. Customers adopting this model will not be provided with root access, but instead will be granted a user account and permissions (through sudo) by the DCO UNIX team. These customers pay a flat monthly fee for support; this fee is estimated for each customer and depends on complexity, number of guests, and scope of the applications.

Example:  A department contracts with DCO to build servers and provide ongoing system-administration services.  This provides the department with a platform to install and manage their own applications as needed.


More Information About Nebula

Shared Security Model

Nebula has a "shared responsibility model" for information security and compliance. Because you're building systems on top of the Nebula infrastructure, the security responsibilities will be shared: the Data Center has secured the underlying infrastructure and you must secure anything you put on the infrastructure.

If you select the "silver" or "bronze" support model, there are several security decisions you need to make and controls you must configure. If you're not comfortable taking on these responsibilities, consult with your ITS Divisional Liaison or consider using the "gold" support model instead.

UCSC Private Cloud Responsibilities                      Customer Responsibilities
  • Facilities
  • Physical Security
  • Physical Infrastructure
  • Network Infrastructure
  • Virtualization Infrastructure
  • Certifications for the above
  • Server Account Management
  • Application Security
  • Host-based Firewalls
  • Certifications for your applications

Resources for Nebula Users

Here are two resources for Nebula users:

Wiki - see notes and how-to information from Nebula users

Forum - ask questions and share answers with other Nebula users


Availability

The infrastructure that provides the Nebula is supported as a 24x7 service through the DCO UNIX team. Escalation is provided through Data Center Operations and the DCO UNIX team’s on-call rotation.

ITS reserves a maintenance window on the first Sunday of each month from 12Noon - 6PM. At least two weeks’ notice will be provided in the unlikely event that maintenance is expected to result in a service outage. For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar.


Data Security

This service is not appropriate for confidential or restricted data.


Eligibility

Eligibility is limited to UCSC faculty and staff. Students with a faculty sponsor are also eligible for this service.


Costs

There are no costs associated with on-premise cloud computing.


Roles and Responsibilities

Responsibilities of the Data Center:

  • Monitor resource utilization for the private-cloud infrastructure components

  • Participate as members of the UCSC self-support community, provide best-effort support and advisement for users

  • Ensure compliance to UCSC policy and associated security requirements

  • Apply patches and upgrades as recommended for the private-cloud infrastructure

  • Monitor and tune the physical server and storage environment as needed

  • Manage permissions and security groups within the private-cloud infrastructure

  • Coordinate with vendors for licensing, maintenance and support requests

  • Perform medium-term capacity planning for the private-cloud infrastructure

  • If the customer has arranged for ‘silver’ or ‘gold’ support, serve as a point of escalation for server administrators managing guests in the private-cloud infrastructure

Customers are encouraged to participate in the UCSC self-support community.


Request this Service


Get Help