VM Updates

  1. Keep Your VMs Up to Date
    Regularly update your virtual machines (VMs) to ensure they have the latest security patches and performance improvements. This helps protect against vulnerabilities and enhances overall system stability.

  2. Turning On/Off Automatic Updates 
    By default, EWC VMs have automatic security updates turned on, to ensure the installation of security patches. While you can disable the automatic updates it's recommended to keep them on. In all cases, make sure to monitor the installation of the critical updates. 

  3. Private IPs and Security Groups 
    Assign only private IP addresses to VMs where public access is not required. This minimises exposure to potential threats. Additionally, configure security groups to open only the necessary ports, reducing the attack surface and enhancing security.

  4. Follow Security Guidelines 
    Adhere to the security guidelines provided (to be published). These guidelines will offer comprehensive advice on maintaining a secure and resilient VM environment.

Deployment

  1. Infrastructure as Code 
    Implement infrastructure as code practices to manage and provision your deployment environments. This ensures consistency and allows you to reproduce environments easily, reducing the risk of configuration drift.

  2. Log Management 
    Keep detailed logs of your deployment processes and system activities. Logs are crucial for troubleshooting issues, monitoring system performance, and maintaining compliance with regulatory requirements.

Backups

  1. Data backup
    In order to keep the data safe, especially the most critical ones, it is a good practice to make them redundant and store them in multiple places, also leveraging the different storage solutions provided by EWC. For instance: data could be synced across multiple volumes attached to different VMs; data could be also saved on the object storage in S3 buckets; where needed it is also possible to replicate on multiple clouds within EWC (e.g. at both ECMWF and EUMETSAT clouds); finally a copy of the data could also be stored externally to EWC, e.g. in local premises or other infrastructure providers. 
  2. Applications backup
    When requiring a resilient and faults tolerant application, select a design and deployment that allows to run it in a high availability mode, so that if an instance is down, the overall service is not impacted and the application remains available to the end users. When it is not possible to implement an active high availability setup, take a regular backup of the application and relevant data, to allow a fast service recovery in case of outage or redeployment.   
  3. Virtual Machines backup
    Beside the above mentioned backups, users of the EWC should take a backup of the deployed Virtual Machines by following the steps described in VM Backups in Morpheus .
    However the VM backup is just an additional tool, it shall not be the primary and neither the only one to rely on. It is meant to be used in conjunction with data/application backups and automated deployment.

Resource management

  1. Delete unused VMs
    Regularly review your Virtual Machines, and delete unused ones. Note that switched off VMs will still be counted, in both your quota and your consumption. If a VM is only needed for a fixed period of time, set a reminder to delete it.
  2. Keep eye on budget vs. consumption
    Regularly look at your EWC Accounting Dashboard to ensure you're spending your allowance at the right speed. Your resource allowance is per year and is not a hard limit, so it's fine to spend more one month and less the next month. 
  3. Be aware of your quotas
    The quotas on the other hand are technical limits, so they will block you from using more resource. There are default limits for the number of VMs, the amount of RAM, etc. But they are primarily implemented to prevent you from using too much by mistake. Ask support to increase a quota if you need it.

Communications

The tenant administrator is the primary point of contact from EWC support and the corresponding Computing Representative, and should act as a bridge to the rest of the tenancy users.
As tenant administrator, you may be contacted by the Computing Representative or the EWC support to discuss any matters relevant to your tenancy.
You should also make sure all users in the tenancy are kept informed about relevant news, important updates, and events that may be of their interest. It is also very important to make sure their contact details are up to date.

User management

  1. Review active users and their permissions
    You must ensure that only the users that require access to the tenancy have an active account, and review periodically their level of access and permissions. Any users that leave the project or organisation, or who do not require access any longer, should be disabled or deleted. This way you help keep your tenancy secure. This applies to both the access to the EWC portals to manage the infrastructure and resources, and to the resources such as Virtual Machines.

  2. Identity provider integration
    You may choose to integrate your own organisation identity provider into the Morpheus portal, to simplify the management of the tenancy users.

  3. User provision in the virtual resources
    Choose the best strategy for your use case when it comes to user account management in the virtual Machines of the tenancy. Morpheus Linux Users or Local users in VMs and LDAP users serve specific purposes and require different account creation methods.

    • Local users are local to the VMs and they do not exists in other VMs. If you need to add others users, they need to be created manually using linux commands.

    • LDAP users instead rely on a central user management VM that creates LDAP users in all VMs in your tenancy, therefore this type of users exists in all VMs and can access all of them by default (RBAC and policies can be added in order to reduce access or privileges on certain machines)

  • No labels