MOC Kaizen Terms & Best Practices

Welcome! This page outlines some of the basic terms of your account on the MOC’s OpenStack cluster. Please make sure you are familiar with this information, particularly the security practices. If you have any questions or something isn’t clear, send us an email at kaizen{at}massopen{dot}cloud.

Securing your project

Users are responsible for ensuring and maintaining the security of their instances. In particular, we expect that users will adhere to the following guidelines:

  1. Don’t enable remote password login
  2. Use strong passwords for your OpenStack account and other applications
  3. Don’t expose things to the public internet unnecessarily
  4. Keep your OS and software up-to-date with the latest security patches

Please read our page on Security Best Practices to understand our expectations in greater detail, and for tips on securing any customized images, you upload to your account.

We will shut down compromised instances without notice

Any VM that appears to be compromised will be shut down immediately with notice. This includes (but isn’t limited to) VMs that exhibit any of the following behaviors:

  • outgoing SSH scans
  • engaging in DDOS attacks
  • traffic that appears to exploit a known vulnerability

Depending on the severity of the incident, we may also disable projects and/or user accounts until the situation can be resolved.

Instance Passwords

For security, the default user accounts on the cloud images we provide do not have a login password. This is why you must provide a public SSH key to log in. We recommend that you create an OS password immediately after logging into a VM for the first time, in case you need to access the console via the OpenStack web dashboard. Please choose a secure password – we have some tips for generating a secure password on our Security Best Practices page.

Note: Setting a password is not the same thing as enabling remote password login, which you should not do. The password should only be used to log in via the Console option in the web interface, usually in a troubleshooting situation.

New Project Quotas

By default, every new project is created with the following resource quotas. We can often make adjustments to meet the requirements of your research, so if any of these limits are a problem, please follow the instructions on this page to let us know what you need.

Resource Limit
Instances 10
VCPUs 20
RAM 51200 MB
Floating IPs 2
Storage 1000 GB
Volumes 10
Snapshots 10
Networks 5
Ports 10
Subnets 10
Routers 10
Security Groups Unlimited
Security Group Rules Unlimited
Injected File Content (Bytes) 10240
Metadata Items 128

Back up your data

Our cluster is backed by Ceph Storage, which is a reliable, replicated storage solution. However, we do not currently maintain any disaster-recovery backups outside of our Ceph cluster. We recommend that you make separate backups of any critical data somewhere outside of your project.

Reporting Problems

If you have any issues with your account or project, or even if you just need help figuring out how something works, please send us an email at kaizen{at}massopen{dot}cloud. Include a brief description of your problem or question, the name of your project, and any other relevant information, such as the names/public IPs of affected VMs.

Useful links

MOC OpenStack Login Page
MOC OpenStack Tutorial
MOC OpenStack Tutorial Videos
Official OpenStack End User Guide