The European Weather Cloud (EWC) teams at ECMWF and EUMETSAT are pleased to invite you to the fourth thematic EWC webinar of 2024.
It will happen on Tuesday 10 September 2024 from 08:00 to 09:00 UTC.
These recurring thematic webinars are aimed at new or prospective users of the EWC service, provided by EUMETSAT and ECMWF, which is available to all ECMWF and EUMETSAT Member and Co-operating States. Our primary objective is to provide guidance to users on how to effectively use the different capabilites of the EWC.
While the first two webinars in 2023 focused on the basics to get you started (you can find more information, including the video recordings, here and here), in this series we explore various aspects of cloud utilisation through examples, with a specific emphasis on key functionalities and cloud skills. The previous EWC webinars and their recordings can be found here.
In this upcoming webinar, we will focus on the tenancy administration, from describing the role and responsibilities of the tenant administrator and covering different aspects that include the tenancy users management, permissions to access functionalities and blueprints, security, communications and accounting of the cloud resources consumption.
By the end of this 1-hour session, participants will have gained a better understanding of how to manage and administer an EWC tenancy, as well as the duties and responsibilities of the tenant administrator role.
Attendance
Please note that the main target audience of this webinar is existing and prospective tenancy administrators as well as Member and Co-operating States' Computing Representatives. However, the webinar remains open to anyone interested from an ECMWF or EUMETSAT Member and Co-operating States.
If you would like to attend the webinar, please complete the registration: https://events.ecmwf.int/event/424/registrations/280/
We will alert you of your acceptance to the webinar and send you all the joining information and Microsoft Teams meeting details in due course.
The webinar will be conducted in English.
Dear ,
EUMETSAT side of the EWC announced a maintenance on 15 July 2024 11:00 - 11:30 CEST to improve network performance.
During the maintenance, short disruption in resource management using Morpheus may be expected. Moreover, connections to the Data Store and EUMETView may suffer from short interruptions and may require a restart. For other workloads there should not be any interruptions.
In case of any questions or comments or issues, please contact us via support (https://jira.ecmwf.int/servicedesk/customer/portal/9/) or via Rocket.
Thank you for your patience and understanding.
Dear all,
EUMETSAT is improving the security of the default setup and harmonise the service with ECMWF by enforcing SSH key-based authentication for all new VMs. SSH key authentication provides a more secure alternative to password-based authentication.
From now on, all new VMs configured will only be authenticated with SSH keys for security.
Why Use SSH Key Authentication?
• Increased Security: SSH keys are much longer and more complex than passwords, making them harder to crack.
• No Password Management: With SSH keys, there are no passwords to remember or rotate, reducing administrative overhead.
How to create and use SSH keys?
For detailed instructions on setting up SSH key authentication for new VMs, please refer to this documentation: https://confluence.ecmwf.int/pages/viewpage.action?pageId=430705715.
How to improve the security of the existing VMs?
We want to remind that EWC tenants are responsible on the all VMs in the EWC and *we strongly recommend to change to SSH keys*. To retrospectively enforce the use of SSH-keys to existing VMs, please follow these steps:
• Navigate to the Morpheus dashboard and log in with your credentials.
• Go to Instances from the main menu.
• Choose the instance.
• Click on Actions and then select Run workflow.
• Choose the Enforce SSH Key Authentication workflow.
• Follow the prompts to complete the workflow.
If you have any questions or concerns, please don't hesitate to reach out to us.
We appreciate your understanding and cooperation as we work towards a more secure server environment.
Thank you,
EWC Team
ECMWF will upgrade the version of the CCI1 backend powering part of the European Weather Cloud service at ECMWF between Monday 8 to Friday 12 July 2024, following the successful upgrade of the CCI2 Openstack backend.
Does it affect me?
EWC tenancies at ECMWF may live on either CCI1 or CCI2 backends. Those tenancies based on the CCI2 backend will not be affected by this update.
In Morpheus, you can see what backend is used in the name of the "cloud". Only resources in cloud named "ecmwf-cci1-..." may be affected.
What is the impact?
The upgrade should be transparent for most workloads on CCI1, as it will be done gradually across the infrastructure over three days to minimise disruption.
All going well, existing standard instances should not suffer any downtime. GPU-powered instances, however, will unfortunately need to be rebooted during the update.
Short interruptions to the APIs are expected, which means you may not be able to provision new instances during brief periods of time throughout the upgrade process.
You may check https://status.ecmwf.int for all updates on the service status.
Make sure your instances are up to date!
An Important Security Vulnerability RegreSSHion has been discovered. Remember to check your instances and make sure they are up-to-date with all the security patches to keep them secure.
A new critical security vulnerability CVE-2024-6387, code-named as regreSSHion has been discovered affecting many Linux systems, including many in the European Weather Cloud. This vulnerability may allow unauthenticated remote code execution in OpenSSH’s server with full root access.
It is very important you check whether your instances in the European Weather Cloud are affected and if so take any remedial actions required:
| Operating System | Affected | Action Required |
|---|---|---|
| Ubuntu 22.04 | Yes | Although the update should have been applied automatically, make sure your system is completely up to date with: sudo apt update && sudo apt upgrade You may check the version of OpenSSH with: $ dpkg -l openssh-server Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-===================-============-================================================================= ii openssh-server 1:8.9p1-3ubuntu0.10 amd64 secure shell (SSH) server, for secure access from remote machines It must be 8.9p1-3ubuntu0.10 or above. |
| Rocky 9.X | Yes | UPDATED 2024-07-04: Patch available A patched OpenSSH has been released in the official repositories. If you have already applied any mitigation, it is recommended you revert it after updating. See https://rockylinux.org/news/2024-07-01-rocky-linux-9-cve-2024-6378-regression for more information sudo dnf upgrade You may check the version of OpenSSH with: $ rpm -q openssh-server openssh-server-8.7p1-38.el9_4.1.x86_64 It must be openssh-server-8.7p1-38.el9_4.1.x86_64 or above. |
| Rocky 8.X | No | None |
| Centos 7.x | No | None for this issue, though Centos 7 is end of life and should be cautiously replaced soon. |
| Ubuntu 18 LTS | No | None for this issue, though Ubuntu 18 LTS is end of life and should be cautiously replaced soon. |
| Ubuntu 20 LTS | No | None for this issue. |
Following our Terms and Conditions for the Use of European Weather Cloud Pilot Service, any vulnerable instances remaining beyond Friday 12 July 2024 may be isolated and become unaccessible for security reasons. Please ensure yours are up-to-date before then.
Further info: