Introduction to the Azimuth cloud portal

Azimuth is a self-service portal designed to simplify the management of cloud resources, particularly for high-performance computing (HPC) and artificial intelligence (AI) applications. It supports OpenStack clouds and can manage a range of platforms from single-machine workstations to entire Slurm clusters and Kubernetes-based platforms like JupyterHub.

Azimuth Science Platforms are designed to be flexible and high-performing computing environments tailored for scientific research. They offer a unified interface for managing both Kubernetes and Cluster-as-a-Service (CaaS) platforms, supporting multiple authentication methods like username/password, Keystone federation, and application credentials. Azimuth uses Zenith as an application proxy, allowing services to be exposed without consuming floating IPs or requiring SSH keys. It simplifies OpenStack management through automatic network detection, machine and volume management, and security group configuration.

These platforms are ideal for high-performance computing (HPC) tasks, enabling research in disciplines that demand significant processing power. Researchers have the flexibility to configure their environments to meet specific needs, including choice of operating system, software tools, and hardware. Cloud integration ensures scalability and accessibility, allowing researchers to access their environments from anywhere. Collaboration is facilitated through tools like Jupyter Notebooks for interactive data exploration and analysis. Ultimately, Azimuth Science Platforms aim to enhance the efficiency and effectiveness of scientific research by providing customisable and powerful computing resources.

A project, also known as a cloud tenancy, is an organisational unit in the cloud where users are assigned. Users can be part of multiple tenancies, and all resources within a tenancy are visible and editable by its members, or, if an external IP is attached (and firewall changes are requested), external users can also access it. To get a cloud tenancy or access an existing one, you currently need to contact JASMIN Support, but this may change in the future.

Using the JASMIN Azimuth Cloud Portal  

To access Azimuth, navigate to the JASMIN Azimuth Portal  , which will take you to the landing page shown in the image below.

Click “Sign in”, top right, then enter your JASMIN credentials as requested:

Click the “My Tenancies” button. You should then see a list of one or more tenancies that you belong to.

Select a tenancy from the list. The landing page for that tenancy will then be shown.

The Platforms section displays the associated platforms which have been deployed. Additional tabs include:

• Quotas shows resource quotas for the current tenancy
• Identity Provider displays the configured identity providers and their associated settings
• Advanced provides access to the advanced feature settings for the platform and associated resources. Within this:
  • Machines shows provisioned compute resources, referred to as “machines”
  • Volumes shows the provisioned storage volumes

Switch Tenancy enables users to transition between tenancies to which they have authorised access.

The Azimuth Identity provider employs a Keycloak-based identity provider to manage access control for platforms deployed within each tenancy. This identity provider, essentially a Keycloak realm, is tailored to each tenancy, controlling user accounts, roles, and groups for the platforms hosted there. By default, the realm is configured to allow users with Azimuth tenancy access to administer the realm itself. This grants them full control over the platforms deployed within the tenancy. To enhance security and control, administrators can use the Keycloak administration console to:

• Create Local Users by directly adding users to the realm without requiring external authentication, and
• Configure Federated Identity Providers like GitHub, Google, or institutional identity providers to enable single sign-on (SSO).

To further secure access, Azimuth uses Platform Access Control to control access to resources. Federated users cannot deploy platforms in Azimuth, however they can be granted access to existing platforms provisioned by others. This is achieved through role-based access control (RBAC) mechanisms within the Keycloak realm.

Creating Platforms  

The Platform page provides two equivalent methods for initiating the platform creation process. When you select Create Platform / New Platform on the landing page, you can choose a platform type, based on your project as shown in the image below.

When you select a platform, some configuration settings are required, including the platform name, size, and volume. When creating platforms, it is recommended that you choose descriptive and meaningful names.

The Azimuth portal allows you to deploy various platforms, these include:

Linux Workstation: a flexible Ubuntu 22.04 cloud instance with browser-based GUI and shell.

Slurm Cluster: a high-performance computing cluster using Slurm for resource management and job scheduling across multiple nodes. This platform is ideal for batch processing and computationally intensive tasks.

Kubernetes: a comprehensive container orchestration platform providing a robust environment for deploying and managing containerised applications. Please note that using other platforms may require an existing Kubernetes cluster.

JupyterHub: a multi-user JupyterHub deployment built upon Kubernetes, enabling collaborative and interactive computing with Jupyter Notebooks.

Jupyter Notebooks: provides interactive notebooks based on an existing notebook repository in a cloud environment, enhancing reproducibility. To launch a Jupyter Notebook, ensure your repository is repo2docker-compatible and hosted on a platform such as GitHub, GitLab, Zenodo, Figshare, or Dataverse. This platform, which functions similarly to Binder, supports any notebook repository adhering to the Reproducible Execution Environment Specification (REES). Additionally, the notebook instance includes a configurable cloud volume at /data, which is particularly useful for managing large datasets that cannot be included within the repository itself.

DaskHub: is a multi-user DaskHub deployment on Kubernetes, facilitating parallel computing in Python. It extends the capabilities of JupyterHub by providing a framework for distributed computing and scalable data analysis.

For details on some platforms please see: Slurm Cluster | Kubernetes | JupyterHub | Linux Workstations

Quotas  

Azimuth Quotas provide a comprehensive overview of resource allocation within the Azimuth platform. This functionality allows users to monitor both the total resources allocated to them and the proportion of those resources currently in use. Azimuth Quotas include the following:

• Machines: the number of allowed machines that can be created in the project/tenancy
• Volumes: the number of volumes that can be created in the tenancy/project
• External IPs: the number of external IPs assigned to the tenancy (note that the quota use is for the tenancy, not the IPs attached to machines/in use by platforms)
• CPUs: the total number of CPUs that can be defined for all platforms in the current tenancy
• RAM: the total amount of RAM that can be defined for all platforms in the current tenancy
• Volume storage: the total size of storage capacity that can be defined for platforms in the current tenancy

As shown below:

Advanced  

In the advanced tab there are two sections: the machine and the volume sections. Some actions you can perform on the machines include: view a list of existing machines, edit or delete machines, attach/detach external IPs, define firewall rules and Start/Stop/Restart machines. On the volume tab, users are able to view a list of volumes in the project, and create new volumes by providing the name and volume size. Additionally, users can delete and attach/detach volumes.

Note that altering any machines which have been deployed as part of platforms can (and probably will) break that platform.