Onboarding Process for new services to Helmholtz Cloud¶
The Onboarding process describes how new services may be integrated into the Helmholtz Cloud.
The primary goal of this process is to integrate new services into the Helmholtz Cloud Service Portfolio in a structured and transparent way. The Onboarding of new services is performed continously - therefore service providers can apply for offering a service in Helmholtz Cloud at any time via Plony.
The roles involved in the Onboarding process are: the service provider (Helmholtz centre), the Service Portfolio Manager (HIFIS), the Service Integration Manager (HIFIS) and the Cloud Portal Manager (HIFIS). The main tool supporting the Onboarding process is Plony. However, there are also interfaces to the Helmholtz Cloud Portal.
In order to be able to evaluate whether a service can be integrated into the Helmholtz Cloud, an Application Form to gather some basic information about the potential service has been worked out. The first step for a service provider to start the Onboarding is to fill out this Application Form built in Plony. Based on the information given, the HIFIS Cloud Service Portfolio Management evaluates whether the service passes all Exclusion criteria defined for the corresponding Service Type (Fully integrated services, Pilot services, Helmholtz Cloud core services). If so, the service will be taken into the Helmholtz Cloud Service Portfolio. If not, the service provider will be given the chance to adapt their application using the feedback from HIFIS. Anyway, if the service provider cannot adapt the application (e.g. if adapting it would mean giving wrong information), they are free to withdraw their application and/or apply at a later point of time again. Withdrawn applications can be reactivated at any time.
The next step for the service provider is to give detailed service information via the Service Canvas. The Service Canvas is currently available as excel sheet but will soon be available in Plony. Based on the information given, the HIFIS Cloud Service Portfolio Management evaluates the Weighting criteria. The points reached through the Weighting criteria determines the service’s rank in the Service Integration List. Since the Service Portfolio of Helmholtz Cloud is continuously growing, the rank of a services in the Service Integration List may aggravate due to services which earned more points. However, once the Service Integration started, the service’s rank doesn’t change anymore (meaning integration is continuously driven once started).
When being on the first rank to be integrated into Helmholtz Cloud the service is handed over to the HIFIS Cloud Service Integration team. For the Service Integration process, please check the corresponding process visualization and step-by-step explanation.
After the Service Integration is completed, the newly available service will be publically announced at Helmholtz Cloud Portal.
For the full Onboarding process, please check Onboarding process visualization. You can also have a look at the explanation for each process step, thus including all details on the Onboarding process.
The service selection criteria¶
In order to identify the services fitting into Helmholtz Cloud Service Portfolio, a bunch of objective service selection criteria has been worked out.
The criteria are divided into three criteria types: Exclusion criteria, Weighting criteria and Information criteria. Whereas Exclusion criteria are required to be fulfilled (otherwise the service cannot become part of the Helmholtz Cloud Service Portfolio), services earn points through fulfilling Weighting criteria. Information criteria do not influence the selection of service but are only used for informational purpose. The points earned through fulfilling Weighting criteria determine the service’s rank in the Service Integration List. The information required to evaluate the service selection criteria are gathered during the Onboarding process: via the Application Form for Exclusion criteria and via the Service Canvas for Weighting and Information criteria.
Please remark that the applicability of service selection criteria may vary depending on the service type.
The following criteria list is currently handled as service selection criteria:
|#||Category||Criteria||Possible Answers||Required Value for Fully Integrated Service||Required Value for Pilot Service|
|1||Overhead||Service is provided for free||Yes/No||Yes||Yes|
|2||Overhead||Service is provided by a Helmholtz centre||Yes/No||Yes||Yes|
|3||Overhead||Service is ready to be integrated in less than one month||Yes/No||Yes||Yes|
|4||Overhead||Service is not offered with the intention of gaining profits||Yes/No||Yes||Yes|
|5||Overhead||Personal data which is necessary for service operation can be processed in compliance with GDPR||Yes/No||Yes||Yes|
|6||Overhead||Service is free of advertisement; use of the service is independent from the display or consumption of not earmarked content||Yes/No||Yes||Yes|
|7||Overhead||The service provider ensures the support for the service||Yes/No||Yes||Yes|
|8||Technical||Service is capable for cloud provisioning||Yes/No||Yes||Yes/No|
|9||Technical||Service is capable to use Helmholtz AAI||Yes (fully automatic provisioning)/Yes (only partly automatic provisioning)/No||Yes (fully automatic provisioning)||Yes (only partly automatic provisioning)|
|10||Technical||Service supports automatic user deprovisioning||Yes (fully automatic)/No (manual/partly automatic)||Yes (fully automatic)||No (manual/partly automatic)|
|11||Technical||Service provider has a backup strategy/process established||Yes/No||Yes||No|
|#||Category||Criteria||Possible Answers||Weight||Point Distribution|
|12||Overhead||Service is explicitely important for the scientific process||Phases of scientific process (“Plan/Research/Hypothesize” > “Acquire data (Experiment/Create or collect Data/Processing)” > “Analyze (Analyze/Conclude)” > “Publish” > “Store data” > “Organize data Access (FAIR/OpenAccess)” > “Evaluate data re-use”)||1,00||4: phases “Acquire data” and/or “Analyze”
2: other phase
0: no phase
|13||Overhead||High number of users or centres is interested in using the service||Number of interested centres or users||0,44||4: More than seven centres and/or more than 400 users
3: More than five centres and/or more than 150 users
2: More than three centres and/or more than 75 users
1: More than one centre and/or more than 40 users
0: Less/No estimation possible
|14||Overhead||Service Onboarding process was initiated by Incubator platform||Yes/No||0,19||4: Yes
|15||Technical||Service uses no proprietary data formats/ interfaces (no vendor lock)||Proprietary/no proprietary data formats/interfaces||0,63||4: No proprietary data formats/interfaces
0: Propriertary data formats/interfaces
|16||Technical||Service may be made available for external users||Yes (under conditions)/No||0,25||4: Yes (under conditions)
|17||Technical||Service has a promising long-term perspective||Planned service provision time||0,25||4: more than 3 years
2: 2-3 years
0: less than 2 years
|18||Technical||User effort to enable the service is as low as possible||Degree of Enablement activities required||0,75||4: No enabling needed
2: User can enable service
0: Admin can enable service
|19||Technical||Service is open source||Open source/ proprietary software||0,25||4: Open source
0: proprietary software
|20||Technical||Service supports FAIR data principles||Yes/No||0,75||4: Yes
|21||Technical||Service is accessible from an IPv6 client||Yes/No (only IPv4)|
For a detailed list on service selection criteria, please check here.
Application for becoming a Helmholtz Cloud Service¶
By filling out the Application Form in Plony a service provider can initiate the service Onboarding process for a potential Helmholtz Cloud Service. A service can only become part of the Helmholtz Cloud when fulfilling the Exclusion criteria defined for each Service Type. To keep the effort for the service providers as low as possible until the fulfillment of criteria is confirmed, the Application Form includes only rough information on the service as well as the information required to evaluate Exclusion criteria. The following information needs to be stated in the Application Form:
|Category||Field||Description||Required value (P= Pilot Service, F= Fully Integrated Service)|
|General Service Information||Service Name||Unique Service Name (will be created if not yet existing)||-|
|“||Short Description||General functionalities/features of the service||-|
|Service Provider Information||Contact Person||Person we can get back to in case of questions - probably Service Owner||-|
|“||Mail Address Contact Person||Mail address for contact||-|
|“||Service Provider (Helmholtz Center)||Name of providing Helmholtz Center||-|
|Criteria Evaluation Information||Service Maturity at Provider||Service Type Classification||-|
|“||Planned Provision Time||Timeframe for which a service will at least be provisioned in Helmholtz Cloud||-|
|“||Service Readiness||Ability to get service ready to be integrated into Helmholtz Cloud within 1 month||P&F: Yes|
|“||Free Provision Statement||Willingness to offer service for free||P&F: Yes|
|“||No profit-gaining Statement||Willingness to offer service without the intention of gaining profit||P&F: Yes|
|“||Free of Advertisement Statement||Willingness to offer service free of advertisement||P&F: Yes|
|“||Ensured Support Statement||Ensured support including processing of service disruptions and correction of errors in the service||P&F: Yes|
|“||Cloud Capability||Fulfillment of requirements for cloud capability||P&F: Yes|
|“||Helmholtz AAI Capability||Capability to use Helmholtz AAI||P: Partly automated Provisioning
F: Fully automated Provisioning
|“||User Deprovisioning||Support of automated user deprovisioning||P: Manual or partly automated deprovisioning
F: Fully automated derovisioning
|“||Backup Strategy||Existence of Backup Strategy + Description||P&F: Backup strategy is well established|
For the three points marked italisiced in the table, the following requirements were defined:
|Service Readiness||- Ability to accommodate additional users
- Clarity about current limitations
- Conditions for offering the service to external users are clarified (especially data protection & IT security aspects)
- Legal Framework signed (as soon as possible)
- Helmholtz AAI policies have been accepted by Service Provider
- Multi-tenant capability or ability to manage access rights according to different user groups
Service requiring more time should come back to us as soon as they are ready
|Cloud Capability||- Service generally supports automated user provisioning, independent from whether this is already technically implemented or not. “Automated user provisioning” means automated creation of user accounts in the service after successful Login via Helmholtz AAI and authorization. Possibly manual steps in course of the authorization or preceding application processes are not included here. If user accounts and their contingents are created automatically after authorization and Login via Helmholtz AAI is generally supported this requirement is fulfilled
- Service generally supports automated user deprovisioning, independent from whether this is already technically implemented or not. Please remark that it is possible to use Helmholtz Cloud Agent for automated user deprovisioning
- Session Management is implemented
Characteristics of a cloud service:
- on-demand self-service
(still fulfilled if preceding application process for authorization are necessary, as long as these application processes are easily accessible and intuitive in handling for users)
- broad network access
(which means accessibility from the internet, regardless of access regulations due to safety mechanisms)
- resource pooling
- rapid elasticity
(does not only include the physical scalability of resources but also the proactive and prompt management of available resources, thus resulting in resources being released for further usage as soon as not required anymore by previous users)
- monitored service
|Helmholtz AAI Capability||Partly automated provisioning:
- After authorisation to use a service (e.g. being added to a VO or providing the necessary entitlement), the user will not be able to log in to the service immediately. There are additional steps which need to be performed by the user and/or service admin, to ensure the creation of the user’s account on the service or to grant the user additional permission to log in to the service.
Fully automated provisioning:
- After authorisation to use a service (e.g. being added to a VO or providing the necessary entitlement), the user will immediately be able to enter their credentials and log in to the service. The users account on service side will be created automatically.
When having filled out the Application Form, service providers can validate whether their service will fulfill the defined Exclusion criteria. If the service does not fulfill any criterion, Plony gives back an information on which value is required for each field. Service providers can save their application draft without requiring to pass validation. Anyway, for sending the application it is required to pass validation - otherwise Plony won’t let service providers send the application.
Applications in all status’ can be overviewed in My Services. In order to support transparency on applications within each Helmholtz centre, members of the center can see all Applications in draft or sent by some other member of their center in “My Services” just under the header “Other Applications from my Helmholtz Center”. This functionality may also be used to review Application Forms from colleagues before they are sent to HIFIS.
For a full instruction on the Application Form in Plony, please check here.
Services in pipeline - planned Services¶
As soon as HIFIS evaluated a service application and verified that all Exclusion criteria are fulfilled, the service switches to status “Planned”. This is when service providers are asked to give more information on their service via the Service Canvas. The Service Canvas asks for both rather organisational information (e.g. responsibilities, Helpdesk information, service value) and (partly quite detailed) technical information (e.g. architecture, user enablement, data storage). It may depend on the Service Type which fields are mandatory and which ones are optional. Please check here for the full set of fields in the Service Canvas - it would be too much content to illustrate it here in a meaningful way.
Additionally, the service providers needs to work out general usage conditions for the service at this point. These general usage conditions are valid for all Helmholtz centres and are especially important for mass services regarding e.g. storage space or support times. The conditions are documented in the service description and are later displayed in Helmholtz Cloud Portal.
As soon as HIFIS receives the service information from the service provider, HIFIS will review the information regarding their completeness and consistency. It may be necessary to ask the service provider for clarification or extension of given information. Since the Service Canvas includes all information required to evaluate the Weighting criteria, HIFIS will do so and determine the service’s rank in the Service Integration List according to the points earned through Weighting criteria. Due to continuous service application (and therefore service evaluation) the service’s rank in the Service Integration List may change over time. However, as soon as Service Integration is started, it is conducted ceaselessly.
You find the current list of Services in Pipeline (as well as in Service Catalogue and Retired services) here.
The Service Integration process describes how services are integrated into Helmholtz Cloud Portal. Besides the preparation of technical integration this includes the transfer of dedicated service information from Plony to Cloud Portal. For more information on Service Integration, please get back to our Service Integration Team.
Go Live of Services¶
When Service Integration is completed, the service provider reviews the service’s entry in Helmholtz Cloud portal and give their final go for service publication. With go live in Helmholtz Cloud Portal and public announcement of this, the Onboarding process is completed.
The next process is the Follow Up Onboarding process which describes the steps required to actually enable an using centre to use a service.