Architecture and Networking

The end-user is a user of the UCloud platform and of the service provider. As we have discussed in the introduction chapter, the end-user primarily communicates with UCloud/Core, and in rare cases directly with a service provider.

In this diagram, we assume that the user has already gone through the connection procedure (TODO link) and has established a mapping from a UCloud identity to a local identity with uid 41231.

The UCloud platform itself. This is the service hosting the user-interface and core APIs. It is not part of the provider’s deployment. You can read more about the role of UCloud/Core here.

The core will to a large extent, forward requests to service providers after performing validation, authentication and authorization.

UCloud/IM is hosted on the HPC’s frontend node (or a similar node). This node is capable of consuming the services of the HPC environment.

The gateway is a publicly accessible web-server and is part of the integration module. It accepts all traffic destined to the integration module. In then forwards to either the UCloud/IM server instance or one of the user instances. It does this based on routing information from UCloud/Core or the end-user. Traffic which is related to a user action almost always goes to a user instance matching the UID of the end-user.

The server instance of the integration module. This server is responsible for handling server-to-server traffic which is not related to an end-user request. For example, this server instance will tell UCloud/Core about which services it exposes.

The server instance consumes some of the HPC services. This includes keeping track of Slurm jobs and reporting the state back to UCloud/Core. This also includes the creation of filesets, user identities, projects and Slurm accounts.

It is the job of the server instance to start new user instances. The server instance is capable of doing this through sudo. The configuration of sudo was covered in the previous section.

One of the integration module server instances. These instances are launched by the UCloud/IM server instance on demand. Any end-user action through UCloud/Core will trigger the automatic launching of such an instance. This instance runs with the same privileges as if the user had logged in through other means. All authorization checks are enforced directly by the operating system.

The user instance consumes HPC services via the normal means. This is done through the same mechanisms that your users would normally access your systems.

The HPC services are the services that make up your actual HPC environment. This includes systems such as:

• Your filesystem
• Identity management and group management
• Slurm

UCloud/IM does not require these services to be deployed in any specific way. The diagram show these on a single node solely for illustrative purposes. The services can be deployed on any number of nodes.