User policy and terms of use for the Rahti container cloud service

This section describes additional terms and examples specific to the Rahti container cloud service (hereafter referred to as "Rahti"). Please also read the General Terms Of Use for CSC's Services for Research ("TOU"). By using Rahti you are agreeing to both.

Terminology

  • Rahti container cloud service ("Rahti"): a cloud platform that can be used by Users to run their own User Applications.
  • Rahti User ("User"): a user of Rahti.
  • User Application: an application running in Rahti managed by one or more Users. Some of these applications can be used to provide a service for one or more End Users.
  • End User: a user of a User Application that is hosted in Rahti. An End User may also be a Rahti User.
  • User Content ("Content"): any data uploaded to Rahti or created using Rahti either by Users or End Users. This includes but is not limited to container images, snapshots, data on persistent volumes and data on any filesystem used by a User Application.

Providing services to End Users from Rahti

  • Users are reminded that Rahti must only be used for the purpose agreed on in their User/Resource application or other agreement concerning the use of Rahti.
  • Rahti can only be used to provide User Applications for academic research and higher education by Finnish universities, polytechnics and state research institutes, unless agreed otherwise.

Access for 3rd party technical assistance and support

Rahti Users may request additional CSC user accounts for technical specialists to operate, manage or configure their resources if it assists with the agreed purpose of the project.

Security responsibilities

  • User Applications launched by Users in Rahti can be directly connected to the Internet. The User is responsible for the security of their User Applications.
  • Users are responsible for managing their access control lists, user accounts and all other access control methods.
  • Users are responsible for maintaining application security within the User Applications they host in Rahti. We recommend applying all applicable security updates automatically or otherwise at regular and well managed intervals.

Content and data management responsibilities

  • Most Content is not backed up and it is the Users' responsibility to manage their own Content.
  • The places where Users or End Users can store Content including persistent volumes, container file systems and local storage are not backed up. It is the Users' responsibility to make backups of Content as needed.
  • The configuration of the Rahti service itself and metadata on resources created in Rahti are backed up in such a way that we can restore Rahti in case of failures.

Access to User Content

The General Terms of Use for CSC's Services for Science state that CSC can access User Content.

For Rahti this means that:

  • CSC has the right to scan or monitor User Content for security vulnerabilities, violations of our terms of use, or to perform anonymised analysis of workloads, for example by:
  • Scanning of container images for prohibited applications.
  • Scanning the User Applications running within Rahti.
  • CSC has the right to do passive network monitoring for intrusion detection (IDS) purposes. This monitoring can occur without suspicion of intrusion.
  • CSC has the right to disable any or all of a User's User Applications running in Rahti or network connections to or from Rahti if we suspect an ongoing security violation or a violation of our Terms of Use.

User risks

  • Users are reminded to consider the design and reliability of Rahti and plan accordingly.
  • As with any cloud service, User Applications in Rahti and their data can be lost or corrupted due to hardware failure, system error, administrator error or user errors.

Document revision

This document was last updated 30.4.2019