Components Overview¶

This is a brief overview of the four main components of Scyld Cloud Workstation. Each has its own detailed section later in this guide.

Scyld Cloud Portal¶

The Scyld Cloud Portal presents a web-based interface available to users and administrators. The Cloud Portal is a consumer of the public APIs for the other Scyld Cloud components. This means that all of the functionality of the Cloud Portal can also be accomplished by developers consuming the APIs directly.

The Cloud Portal has two different modes:

The regular user mode is available to all users except the superuser. Using this mode, registered users can create and manage their VMs, storage, secure shell (SSH) keys, and run reports on themselves and any managed users they have.
The superuser can also log into the Cloud Portal and then has full visibility into SCM: all users and their VMs, with administrative authority over their VMs. The superuser account is always a local account. It is not tied to LDAP (Lightweight Directory Access Protocol) or Active Directory (AD), even if that integration is enabled. The initial superuser login name is admin, and the password is Penguin. For security purposes, you will want to change these defaults at some point; see the Changing User Passwords section later in this Guide.

Scyld Cloud Auth¶

This is the authorization and authentication component of SCM. It uses the OAuth protocol to issue tokens for authenticated users, and presents those tokens to other SCM components as needed for API access. Users not using the SCM APIs directly may never need to interact with Cloud Auth or understand the use of tokens.

With each API request to an SCM component, a valid token is required. The SCM component will validate the token with Cloud Auth, and also confirm the user’s authorization to make the specified API call. Cloud Auth verifies this using Role Based Access Control (RBAC), whereby users are assigned one or more roles that include one or more specific permissions.

Scyld Cloud Controller¶

The Scyld Cloud Controller handles the actual creation and manipulation of VMs. It does this by interfacing with OpenStack, and by using Ansible to modify packages and configuration files within VMs.

The Scyld Cloud Controller has optional capabilities that can be configured, including:

Modify and create local users and groups to be shared to a wider audience via network information service (NIS). This capability is not used when LDAP/AD integration is enabled.
Create and manage user storage volumes that are global to an HPC cluster, and used as user $HOME directories. This typically takes the form of mounting and exporting NFS shares, or integrating with a cluster file system like Panasas, Lustre, or Ceph.
Managing SSH keys in user $HOME storage volumes.

Scyld Cloud Accountant¶

The Scyld Cloud Accountant serves as the bookkeeper for SCM. It collects, summarizes, and makes available detailed usage metrics for all of its configured resources. For virtual machines, it collects server-hours, or how long a VM has been powered on and available for use. When the Cloud Controller is configured to manage user $HOME directories, the metric collected is the maximum daily allocated storage amount.

When HPC cluster integration is present, the Cloud Accountant collects metrics from the HPC job scheduler. Currently, PBS, Sun Grid Engine (SGE), Univa Grid Engine (UGE), and Slurm Workload Manager are supported. Using these metrics, the Cloud Accountant can present summarized data on core-hours: the amount of wall-clock time cluster jobs have used, expressed in terms of equivalent hours on one core. For example, a job taking one hour on one core would be one core-hour, but a job taking one hour and using 12 cores would be 12 core-hours.