On-premise Cloud Computing
On This Page
The software ITS is using for Nebula, our on-premise cloud computing service, is Joyent Triton. This is a cloud-computing service similar to Amazon’s AWS. Unlike AWS, this service is based on servers and storage located in the Data Center at UCSC.
While designed to be robust, reliable, and secure, this service is not architected for high availability, or to house PII or HIPAA data. This service is best suited to group or department websites, self-managed developer sandboxes, and non-critical applications with relatively low processing, storage, security and resiliency requirements.
In this way, this new service is a complement to, and not a replacement for, the Virtual Hosting service.
Nebula uses operating-system virtualization to provide a high density of virtual machines that run SmartOS or container-native Linux. Non-container native operating systems like Windows, FreeBSD, and some Linux distributions are not supported.
Bronze: With bronze support, the customer is fully responsible for the management of the guests, including compliance with existing University policies such as those for acceptable use and minimum network connectivity. Customers on bronze support will be initially limited to eight virtual machines; additional virtual machines can be made available by individual arrangement. No central firewall filtering will be configured, but recommendations and instructions will be provided for Bronze customers for how to configure Host Based Firewalls.
Example: An IT specialist builds and manages guests for a department. Community support is available in case questions or issues arise.
Silver: With silver support, the customer has primary responsibility for management and maintenance of the guests, including policy compliance. Customers on silver support will be initially limited to eight virtual machines, and provided six professional system-administration support cases per year. These customers pay a flat monthly fee for support (one hour per month at the Managed Services rate). Additional virtual machines or support cases are available by individual arrangement, and may result in additional costs to the customer.
Example: An IT specialist builds and manages guests for a department. Community support is available, and the specialist has contracted with DCO for professional support to fall back on in case of security, performance, or other issues.
Gold: With gold support, the Data Center is responsible for managing the guests under the same “Managed Services” model as any other physical or virtual system. Customers adopting this model will not be provided with root access, but instead will be granted a user account and permissions (through sudo) by the DCO UNIX team. These customers pay a flat monthly fee for support; this fee is estimated for each customer and depends on complexity, number of guests, and scope of the applications.
Example: A department contracts with DCO to build servers and provide ongoing system-administration services. This provides the department with a platform to install and manage their own applications as needed.
Shared Security Model
Nebula has a "shared responsibility model" for information security and compliance. Because you're building systems on top of the Nebula infrastructure, the security responsibilities will be shared: the Data Center has secured the underlying infrastructure and you must secure anything you put on the infrastructure.
If you select the "silver" or "bronze" support model, there are several security decisions you need to make and controls you must configure. If you're not comfortable taking on these responsibilities, consult with your ITS Divisional Liaison or consider using the "gold" support model instead.
|UCSC Private Cloud Responsibilities||Customer Responsibilities|
Wiki - see notes and how-to information from Nebula users
Forum - ask questions and share answers with other Nebula users
The infrastructure that provides the Nebula is supported as a 24x7 service through the DCO UNIX team. Escalation is provided through Data Center Operations and the DCO UNIX team’s on-call rotation.
ITS reserves a maintenance window on the first Sunday of each month from 12Noon - 6PM. At least two weeks’ notice will be provided in the unlikely event that maintenance is expected to result in a service outage. For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar.
This service is not appropriate for confidential or restricted data.
Eligibility is limited to UCSC faculty and staff. Students with a faculty sponsor are also eligible for this service.
There are no costs associated with on-premise cloud computing.
Roles and Responsibilities
Responsibilities of the Data Center:
Monitor resource utilization for the private-cloud infrastructure components
Participate as members of the UCSC self-support community, provide best-effort support and advisement for users
Ensure compliance to UCSC policy and associated security requirements
Apply patches and upgrades as recommended for the private-cloud infrastructure
Monitor and tune the physical server and storage environment as needed
Manage permissions and security groups within the private-cloud infrastructure
Coordinate with vendors for licensing, maintenance and support requests
Perform medium-term capacity planning for the private-cloud infrastructure
If the customer has arranged for ‘silver’ or ‘gold’ support, serve as a point of escalation for server administrators managing guests in the private-cloud infrastructure
Customers are encouraged to participate in the UCSC self-support community.