The Rapid Access Cloud

Cybera operates the Rapid Access Cloud, an OpenStack-based cloud providing Infrastructure-as-a-Service (IaaS), which allows users to create and manage virtual servers in any configuration desired. The virtualized cloud environment supports several operating systems (e.g. Ubuntu, Windows) and makes it easy to scale up and down resources. It also offers object and volume storage, accommodating further use cases.

The cloud consists of two geographically distinct regions, hosted in Calgary and Edmonton. The high speed Research and Education Network (R&E Network) links the two regions through a 30Gbps connection providing excellent network performance and low latency. 

For frequently asked questions regarding RAC, please see here.  

Instances / VMs

"Instances" are another word to describe a virtual machine (VM) that runs in the Rapid Access Cloud. It is provisioned with a set of specifications not unlike traditional bare-metal hardware, with processors, memory, and storage being the primary configurable elements. The Rapid Access Cloud utilizes "flavors" – or pre-configured templates – that determine the number of virtual CPU (vCPU), available memory (RAM), and disk space to determine the size of an instance.

OpenStack

OpenStack is a free and open-source software platform for cloud computing, composed of interrelated components and services. The two most heavily used OpenStack services in the Rapid Access Cloud are:

Compute Service

The OpenStack compute service (referred to as "Nova'' by OpenStack) is responsible for scheduling and launching the virtual firewall instances on dedicated Cybera VFS hypervisors in the Rapid Access Cloud. The underlying hypervisor technology used by Nova is Linux-KVM (Kernel-based Virtual Machine).

Networking Service

The OpenStack networking service (referred to as "Neutron" by OpenStack) connects the virtual firewalls to software-defined networks and then to the physical Cybera network and beyond. 

Single Root Input/Output Virtualization or SR-IOV is one of the key technologies that distinguishes Cybera VFS from the rest of the Rapid Access Cloud. SR-IOV allows a physical network card to be virtualized and “passed-through” to the virtual machine, with much less overhead and better network performance than a traditional virtualized network card.

For more information regarding the basic use of RAC, please see here. For more resources about RAC, follow the additional links at this page.

IP addresses

Once a VFS instance is created, it will have three ports (also known as virtual NICs):

• Trust: A virtual NIC connected to the internal network.

• Untrust: A virtual NIC providing connectivity to the public internet.

• Management:  A virtual NIC specific to the Rapid Access Cloud which provides a private IP and public IPv6 address.  

The private address, called a fixed-ip in OpenStack, is not publicly routable (that is, not reachable from the public internet; though see the Proxy section for more on this) and is used by OpenStack to create and provision the instance. The private address can also be used to communicate between instances without the need of routing traffic out on the internet and back again. The private addresses are assigned from a range of 10.1.0.0 - 10.2.254.254.

The public address given to the instance automatically is an IPv6 address. The ability to connect to an instance via IPv6 will be limited by the network the connection is coming from; unfortunately many schools, workplaces, or home internet providers do not have IPv6 capable networks.

Create a Rapid Access Cloud account

Access to the Rapid Access Cloud is provided by third-party Federated identity providers: Google Identity Platform and Canadian Access Federation.

If you already have an existing Google account, proceed to creating a Rapid Access Cloud account at rac-portal.cybera.ca and click Sign in using Google, otherwise create an account with Google at accounts.google.com/SignUp.

Canadian Access Federation: Canadian Access Federation (CAF) permits member institutions a single sign-on (SSO) solution for access to network and network resources across Canada. Please check the list of participating institutions to see if you can use the “Federated Single Sign-On” option at rac-portal.cybera.ca.

VFS users, during the onboarding process, will be assigned to either the Edmonton or the Calgary Rapid Access Cloud region. To log in to their account, users can choose either the Edmonton or Calgary region at cloud.cybera.ca, depending on which region has been assigned to them as primary.