JASMIN Help Site logo JASMIN Help Site logo
  • Docs 
  • Guides 
  • Training 
  • Discussions   

  •   Search this site  

Can't find what you're looking for?

Try our Google custom search, across all JASMIN sites

Docs
  • getting started
    • get started with jasmin
    • generate ssh key pair
    • get jasmin portal account
    • get login account
    • beginners training workshop
    • how to contact us about jasmin issues
    • jasmin status
    • jasmin training accounts
    • tips for new users
    • how to login
    • multiple account types
    • present ssh key
    • reconfirm email address
    • reset jasmin account password
    • ssh auth
    • storage
    • understanding new jasmin storage
    • update a jasmin account
  • interactive computing
    • interactive computing overview
    • check network details
    • login servers
    • login problems
    • graphical linux desktop access using nx
    • sci servers
    • tenancy sci analysis vms
    • transfer servers
    • jasmin notebooks service
    • jasmin notebooks service with gpus
    • creating a virtual environment in the notebooks service
    • project specific servers
    • dask gateway
    • access from vscode
  • batch computing
    • lotus overview
    • slurm scheduler overview
    • slurm queues
    • lotus cluster specification
    • how to monitor slurm jobs
    • how to submit a job
    • how to submit an mpi parallel job
    • example job 2 calc md5s
    • orchid gpu cluster
    • slurm status
    • slurm quick reference
  • software on jasmin
    • software overview
    • quickstart software envs
    • python virtual environments
    • additional software
    • community software esmvaltool
    • community software checksit
    • compiling and linking
    • conda environments and python virtual environments
    • conda removal
    • creating and using miniforge environments
    • idl
    • jasmin sci software environment
    • jasmin software faqs
    • jaspy envs
    • matplotlib
    • nag library
    • name dispersion model
    • geocat replaces ncl
    • postgres databases on request
    • running python on jasmin
    • running r on jasmin
    • rocky9 migration 2024
    • share software envs
  • data transfer
    • data transfer overview
    • data transfer tools
    • globus transfers with jasmin
    • bbcp
    • ftp and lftp
    • globus command line interface
    • globus connect personal
    • gridftp ssh auth
    • rclone
    • rsync scp sftp
    • scheduling automating transfers
    • transfers from archer2
  • short term project storage
    • apply for access to a gws
    • elastic tape command line interface hints
    • faqs storage
    • gws etiquette
    • gws scanner ui
    • gws scanner
    • gws alert system
    • install xfc client
    • xfc
    • introduction to group workspaces
    • jdma
    • managing a gws
    • secondary copy using elastic tape
    • share gws data on jasmin
    • share gws data via http
    • using the jasmin object store
    • configuring cors for object storage
  • long term archive storage
    • ceda archive
  • mass
    • external access to mass faq
    • how to apply for mass access
    • moose the mass client user guide
    • setting up your jasmin account for access to mass
  • for cloud tenants
    • introduction to the jasmin cloud
    • jasmin cloud portal
    • cluster as a service
    • cluster as a service kubernetes
    • cluster as a service identity manager
    • cluster as a service slurm
    • cluster as a service pangeo
    • cluster as a service shared storage
    • adding and removing ssh keys from an external cloud vm
    • provisioning tenancy sci vm managed cloud
    • sysadmin guidance external cloud
    • best practice
  • workflow management
    • rose cylc on jasmin
    • using cron
  • uncategorized
    • mobaxterm
    • requesting resources
    • processing requests for resources
    • acknowledging jasmin
    • approving requests for access
    • working with many linux groups
    • jasmin conditions of use
  • getting started
    • get started with jasmin
    • generate ssh key pair
    • get jasmin portal account
    • get login account
    • beginners training workshop
    • how to contact us about jasmin issues
    • jasmin status
    • jasmin training accounts
    • tips for new users
    • how to login
    • multiple account types
    • present ssh key
    • reconfirm email address
    • reset jasmin account password
    • ssh auth
    • storage
    • understanding new jasmin storage
    • update a jasmin account
  • interactive computing
    • interactive computing overview
    • check network details
    • login servers
    • login problems
    • graphical linux desktop access using nx
    • sci servers
    • tenancy sci analysis vms
    • transfer servers
    • jasmin notebooks service
    • jasmin notebooks service with gpus
    • creating a virtual environment in the notebooks service
    • project specific servers
    • dask gateway
    • access from vscode
  • batch computing
    • lotus overview
    • slurm scheduler overview
    • slurm queues
    • lotus cluster specification
    • how to monitor slurm jobs
    • how to submit a job
    • how to submit an mpi parallel job
    • example job 2 calc md5s
    • orchid gpu cluster
    • slurm status
    • slurm quick reference
  • software on jasmin
    • software overview
    • quickstart software envs
    • python virtual environments
    • additional software
    • community software esmvaltool
    • community software checksit
    • compiling and linking
    • conda environments and python virtual environments
    • conda removal
    • creating and using miniforge environments
    • idl
    • jasmin sci software environment
    • jasmin software faqs
    • jaspy envs
    • matplotlib
    • nag library
    • name dispersion model
    • geocat replaces ncl
    • postgres databases on request
    • running python on jasmin
    • running r on jasmin
    • rocky9 migration 2024
    • share software envs
  • data transfer
    • data transfer overview
    • data transfer tools
    • globus transfers with jasmin
    • bbcp
    • ftp and lftp
    • globus command line interface
    • globus connect personal
    • gridftp ssh auth
    • rclone
    • rsync scp sftp
    • scheduling automating transfers
    • transfers from archer2
  • short term project storage
    • apply for access to a gws
    • elastic tape command line interface hints
    • faqs storage
    • gws etiquette
    • gws scanner ui
    • gws scanner
    • gws alert system
    • install xfc client
    • xfc
    • introduction to group workspaces
    • jdma
    • managing a gws
    • secondary copy using elastic tape
    • share gws data on jasmin
    • share gws data via http
    • using the jasmin object store
    • configuring cors for object storage
  • long term archive storage
    • ceda archive
  • mass
    • external access to mass faq
    • how to apply for mass access
    • moose the mass client user guide
    • setting up your jasmin account for access to mass
  • for cloud tenants
    • introduction to the jasmin cloud
    • jasmin cloud portal
    • cluster as a service
    • cluster as a service kubernetes
    • cluster as a service identity manager
    • cluster as a service slurm
    • cluster as a service pangeo
    • cluster as a service shared storage
    • adding and removing ssh keys from an external cloud vm
    • provisioning tenancy sci vm managed cloud
    • sysadmin guidance external cloud
    • best practice
  • workflow management
    • rose cylc on jasmin
    • using cron
  • uncategorized
    • mobaxterm
    • requesting resources
    • processing requests for resources
    • acknowledging jasmin
    • approving requests for access
    • working with many linux groups
    • jasmin conditions of use
  1.   For Cloud Tenants
  1. Home
  2. Docs
  3. For Cloud Tenants
  4. Introduction to the JASMIN Cloud

Introduction to the JASMIN Cloud

 

Share via
JASMIN Help Site
Link copied to clipboard

Introduction to the JASMIN Cloud

On this page
Cloud terminology   JASMIN Cloud Architecture   External Cloud patching policy   External vs. Managed - pros and cons   Getting a JASMIN Cloud Tenancy  

In addition to the traditional batch computing (LOTUS) and storage (Group Workspaces) services, JASMIN also provides a cloud computing service.

Many users will already be familiar with cloud services through the use of one of the large public providers (e.g. Amazon AWS or Microsoft Azure). The JASMIN Cloud is similar in that it allows an institution or project to consume compute resources as a utility, with no need to provision and maintain the associated physical infrastructure. Users can provision their own virtual machines (VMs) within the JASMIN infrastructure, allowing for greater flexibility. The JASMIN Cloud also allows users to provision clusters for Identity Management, Kubernetes, and Slurm clusters amongst others (see Cluster-as-a-Service).

The thing that makes the JASMIN Cloud unique is its colocation with the CEDA Archive and Group Workspaces. The JASMIN Cloud is ideally suited to projects that work with such data, and can enable novel solutions for the manipulation and presentation of data to end-users.

Cloud terminology  

Different cloud providers have different terms for the users within their cloud and the chunks of resource they have been allocated. In the JASMIN Cloud documentation, we will use the following terminology:

  • Tenancy: An allocation of resources, i.e. virtual CPUs, RAM and block storage, within the cloud.
  • Tenant: A group (institution or project) that has been allocated a tenancy in the cloud.
  • Tenancy Admin(istrator): The person designated as the administrator of a tenancy. There would usually also be a deputy administrator.

JASMIN Cloud Architecture  

In order to provide as much flexibility as possible for tenants while preserving the security of the system, the JASMIN Cloud is split into two parts (see the schematic below). Both parts of the JASMIN Cloud are administered through the same self-service portal, allowing tenancy admins to provision VMs as required, within the quota of their tenancy.

jasmin cloud achitecture
jasmin cloud achitecture

The JASMIN External Cloud is an Infrastructure-as-a-Service (IaaS) offering, and sits outside of the main JASMIN firewall. Tenants are allowed root access and have complete responsibility for all system administration tasks. This means that tenants are able to provision their own infrastructure (e.g. web portals, remote desktop services), but it also means that tenants are responsible for the security of their machines (e.g. patching, firewall configuration) and for managing their own users. Because it is outside of the JASMIN firewall, tenancies in the External Cloud cannot directly access the JASMIN storage (including PFS, and SOF), and so there is no filesystem level access to the CEDA Archive or Group Workspaces - all access to these data is via the usual external interfaces (i.e. the Object Store, FTP, OpenDAP, HTTP). We also have our Cluster-as-a-Service available to external cloud tenants which is a Platform-as-a-Service offering that tenants can use to deploy clusters including, an identity cluster, storage cluster (NFS), and a Kubernetes cluster.

External Cloud patching policy  

 
We expect tenants to react in a timely manner to any security vulnerabilities. This means critical vulnerabilities are patched within 7 days, and high vulnerabilities are patched within 14 days. This is following UKRI security policy. Failure to comply may result in tenancy access being revoked and machines powered down.

By contrast, the JASMIN Managed Cloud is a Platform-as-a-Service (PaaS) offering, sitting inside the main JASMIN firewall, meaning it can reach the JASMIN storage. In order to preserve security, this means that tenants are not allowed root access, and can only deploy VMs from a limited set of pre- approved templates. However, tenants are not responsible for the security of these machines, and users on VMs within the tenancy are JASMIN users. Currently, only two templates are available - an SSH bastion, or login machine, and a Scientific Analysis server with a similar configuration to the shared JASMIN Scientific Analysis servers. The Scientific Analysis servers have the CEDA Archive and Group Workspaces mounted.

Both offerings have a similar network structure. Each tenancy has its own local network, where machines have addresses in the 192.168.3.0/24 range - all machines in the tenancy can talk to each other on this network. In addition, each tenancy has an “edge device”, which is effectively a virtual router. Similarly to your home broadband router, this allows machines within the tenancy to talk to machines outside the tenancy, and ensures packets coming back into the tenancy are forwarded to the correct machine. These “edge devices” also provide a Network Address Translation (NAT)  facility, which allows machines to be allocated an IP address that is visible outside of the tenancy. In the Managed Cloud, this translates to an IP address that is visible on the JASMIN network. In the External Cloud, it translates to an IP address that is visible on the public internet.

External vs. Managed - pros and cons  

Attribute Managed Cloud External Cloud
Self-service provisioning Yes Yes
Filesystem level access to JASMIN Storage (PFS, SOF) Yes No
Root access No Yes
Provision custom infrastructure SSH bastion or Scientific Analysis server only Build from generic Ubuntu or CentOS templates
Security and patching Handled by infrastructure team Tenant’s responsibility
User management JASMIN users Tenant’s responsibility
Visibility to public internet No Yes (limited number of external IPs)
Ability to provision Cluster-as-a-Service No Yes

Getting a JASMIN Cloud Tenancy  

To start a conversation with us about getting a JASMIN Cloud Tenancy for your project, please contact JASMIN Support.

Last updated on 2024-02-12 as part of:  content updates (7af7be17f)
On this page:
Cloud terminology   JASMIN Cloud Architecture   External Cloud patching policy   External vs. Managed - pros and cons   Getting a JASMIN Cloud Tenancy  
Follow us

Social media & development

   

Useful links

  • CEDA Archive 
  • CEDA Catalogue 
  • JASMIN 
  • JASMIN Accounts Portal 
  • JASMIN Projects Portal 
  • JASMIN Cloud Portal 
  • JASMIN Notebooks Service 
  • JASMIN Community Discussions 

Contact us

  • Helpdesk
UKRI/STFC logo
UKRI/NERC logo
NCAS logo
NCEO logo
Accessibility | Terms and Conditions | Privacy and Cookies
Copyright © 2025 Science and Technology Facilities Council.
Hinode theme for Hugo licensed under Creative Commons (CC BY-NC-SA 4.0).
JASMIN Help Site
Code copied to clipboard