UCloud logo UCloud logo UCloud
v2026.3.0
  1. UCloud/Core
  2. 1. Introduction
  3. 2. Projects
  4. 3. Accounting
  5. 4. Orchestration
  6. 5. Frontend
  7. UCloud/IM for Slurm-based HPC
  8. 6. Installation
  9. 7. Architecture and Networking
  10. 8. User and Project Management
  11. 9. Filesystem Integration
    1. 9.1. Inter-provider file transfers
  12. 10. Slurm Integration
    1. 10.1. Application Management
    2. 10.2. Built-in Applications
  13. 11. Reference
    1. 11.1. Configuration
    2. 11.2. CLI
  14. 12. Appendix
    1. 12.1. Built-in Application Index
  15. UCloud/IM for Kubernetes
  16. 13. Installation
  17. 14. Architecture and Networking
  18. 15. Filesystem Integration
  19. 16. Compute Jobs
    1. 16.1. Public Links
    2. 16.2. Public IPs
    3. 16.3. License Servers
    4. 16.4. SSH Servers
    5. 16.5. Job Audit Log
    6. 16.6. Virtual machines
  20. 17. Integrated applications
    1. 17.1. Syncthing
    2. 17.2. Integrated terminal
  21. 18. UCX applications
    1. 18.1. Hello world
    2. 18.2. Data binding
    3. 18.3. UI events
    4. 18.4. Component reference
    5. 18.5. API reference
  22. 19. Reference
    1. 19.1. Configuration
    2. 19.2. CLI
  23. Branding for UCloud
  24. 20. Branding and identity for UCloud
  25. H: Procedures
  26. 21. H: Procedures
  27. 22. H: Introduction
  28. 23. H: Auditing
  29. 24. H: Auditing scenario
  30. 25. H: GitHub actions
  31. 26. H: Deployment
  32. 27. H: 3rd party dependencies (risk assesment)
  1. Links
  2. Source Code
  3. Releases

Architecture and Networking

In this article we will go through the overall architecture and networking modes of UCloud/IM for Slurm. We will start by explaining the overall architecture, followed with a discussion on networking requirements.

Overall Architecture

Overall architecture of UCloud/IM for Kubernetes. This diagram depicts a production-like setup.

In the architecture above, we have several actors. We have summarised the role of each actor in the table below:

Actor Purpose
End-user

The end-user is a user of the UCloud platform and of the service provider. As we have discussed in the introduction chapter, the end-user primarily communicates with UCloud/Core, and in rare cases directly with a service provider.

UCloud/Core

The UCloud platform itself. This is the service hosting the user-interface and core APIs. It is not part of the provider’s deployment. You can read more about the role of UCloud/Core here.

The core will to a large extent, forward requests to service providers after performing validation, authentication and authorization.

K8s deployment

The UCloud/IM is deployed as a Kubernetes deployment. It will communicate with Kubernetes to deliver the filesystem and compute services.

UCloud/IM (Gateway)

The gateway is a publicly accessible web-server and is part of the integration module. It accepts all traffic destined to the integration module. In then forwards to either the UCloud/IM server instance or one of the user applications.

UCloud/IM (Server)

The server instance of the integration module. This server is responsible for handling server-to-server traffic which is not related to an end-user request. For example, this server instance will tell UCloud/Core about which services it exposes. In addition to this, it is also responsible for keeping track of jobs and reporting the state back to UCloud/Core.

Networking Requirements

In this section, we will recap the requirements listed from the section above.

DNS and Certificates

In this section we will list DNS entries and accompanying TLS certificates required for your service. All certificates must be signed by a trusted root CA. DNS entries must resolve through public DNS servers. In the table below we use my-provider.example.com as a placeholder representing your provider, please replace this with whichever domain you control (for example hippo.cloud.sdu.dk).

MandatoryHostnameResolves toPurpose
Yesmy-provider.example.comGateway IPAccepting general IM traffic (user and server)
No*.my-provider.example.comGateway IPTraffic destined for interactive applications

The gateway IP refers to the IP address on which the UCloud/IM gateway listens. This must be a publicly routable IP address.

Firewall Configuration

ProtocolPortSourceDestinationPurpose
TCP80AllGateway IPRedirecting to HTTPS (443)
TCP443AllGateway IPAccepting IM traffic and interactive application traffic
TCP443Gateway IPUCloudSending messages to UCloud/Core
Previous Installation
Next Filesystem Integration