logo fenix
In various places in this document, the following text is used to mark a limitation which is specific to the current release:
v1 limitation
All such marked limitations will be removed in the final release.

Fenix User and Resource Management Service (FURMS for short) is a central system responsible for the authorization of access and resource management across multiple research infrastructures.

FURMS is organized around three main concepts: sites, communities and projects:

  • Site represents a service provider. Site administrator defines resources offered by the site.

  • Community is an umbrella over a set of related research projects. Human Brain Project can be considered as an example of FURMS community.

  • Project, defined under a community, groups users who are working together. Project, and its members are consuming resources which are contributed by sites.

FURMS organizes the process of resources distribution offered by sites to communities and subsequently to individual projects. What is more FURMS aggregates and presents resource usage metrics.

Resource allocation process works as follows:

  1. Site administrator defines a resource.

  2. Site administrator creates one or more resource credits which define an amount of contributed resource usage units.

  3. Fenix administrator can see unallocated resource credits and assign them to communities. In majority of cases a single resource credit can be split across multiple communities.

  4. Community administrator can in turn distribute community resource credits to projects in the community.

  5. Project administrator can control which project users have access to individual resources which were granted to the project.

FURMS has dedicated UI modes for each type of its user. User who has only a single role in the system will simply see the only view matching her or his role. Users with multiple roles can switch the view mode with a dropdown situated in the top right corner of the screen.

In order to authenticate to FURMS user has to contain an account which is available for the Fenix Central Identity Provider.

Sign in and sign up

v1 limitation the final shape of the sign-up process will be implemented in the phase 4 of the project. The current version provides only a simplified signup mechanism, allowing for complete testing of other, already delivered functions. That said, the onboarding described below is tentative and will be changed in next versions.

Regular user sign in is handled via the Fenix Central IdP. After entering the FURMS public address (as configured during installation) user is redirected to the Central IdP and has to authenticate using his/her home identity provider.

Each user who can authenticate using Fenix Central IdP can access FURMS. Initially only access to User Settings view is granted, without access to any of the projects. Access to a project needs to be granted either by community or project’s administrator. User can be also added to Fenix, site, community or project administrators by other administrators.

Initial onboarding

Since initially every user authenticated with the Central IdP has no administrative privileges, the initial setup of the system has to be performed in special way.

During FURMS installation a local user account is created with configured user name and password. The created user is granted Fenix administrator privileges as well as Unity administrative privileges. To sign in as a local user, a special URL parameter needs to be added when entering FURMS Web UI, as follows:

https://FURMS-PUBLIC-HOST/?showSignInOptions

Entering FURMS web interface with the showSignInOptions parameter prevents FURMS to trigger automatic authentication with the Central IdP. Instead user can choose to authenticate locally. This authentication method must be used at least once to initially configure the system, and can be used at will later on.

Since the complete invitation mechanism is going to be delivered in future releases, currently inviting of users to become administrators or ordinary project users is limited to those Central IdP users who has signed into FURMS at least once.

Let’s consider an example where Local Fenix Admin wants to invite Mary — a Central IdP user — to become community admin:

  1. Local Fenix Admin has to sign in using the showSignInOptions parameter.

  2. Mary has to sign in into FURMS in a regular way. She won’t have access to anything besides her profile at this time. Mary can sign out now.

  3. Local Fenix Admin can now add Mary as a community admin as she signed into FURMS at least once.

  4. After Mary signs into FURMS next time she will have access to her community administrative functions.

Fenix federation management

Fenix administrator is responsible for:

  • creating sites,

  • creating communities,

  • distributing site provided resource credits to communities.

Managing sites

Fenix admin can create sites providing only the basic information: site name. Additional site attributes are supposed to be setup by the site admin.

v1 limitation Sites can be removed freely at this point. In the next versions removing a site will be subject to many constraints.

After creating a site, Fenix admin should provide at least a single administrator for the site. The appropriate view can be activated from the site’s context menu "Administrators". From there the Fenix admin can freely add and remove site administrators.

Site administrators can also themselves manage administrators of their site, so the Fenix admin is not the only person controlling the set of administrators. However, setting the initial site admin must be always performed by the Fenix admin.

v1 limitation Adding site administrators is currently limited to users who has signed in to FURMS at least once.

Managing communities

Fenix admin can create communities providing site name, description and logo. Community settings can be also changed subsequently by community admins and therefore only the name of a created community is mandatory.

v1 limitation Communities can be removed freely at this point. In the next versions removing a community will be subject to many constraints.

After creating a community, Fenix admin should provide at least a single administrator for it. The appropriate view can be activated from the community’s context menu "Administrators". From there the Fenix admin can freely add and remove community administrators.

Community administrators can also themselves manage administrators of their community, so the Fenix admin is not the only person controlling the set of administrators. However, setting the initial community admin must be always performed by the Fenix admin.

v1 limitation Adding community administrators is currently limited to users who has signed in to FURMS at least once.

Managing Fenix administrators

FURMS allows for having multiple users with the Fenix administrator role. Each Fenix admin can add (and remove) other administrators from the "Fenix administrators" view.

v1 limitation Adding Fenix administrators is currently limited to users who has signed in to FURMS at least once.

Distributing resources to communities

v1 limitation This functionality is not available yet.

Site management

FURMS site acts a resource provider. Site defines resources (which are always site specific in FURMS), and advertises amounts of those resources available to the Fenix infrastructure.

Additionally site can define policy documents which are need to be accepted in order to access the site or its resources.

Site settings

Under site settings menu entry, site administrator can provide details about the site. It is advised to fill up the form, as initially site definition consists of a minimal set of attributes (like name) only.

Policy documents

v1 limitation This functionality is not available yet.

Services

v1 limitation This functionality is not available yet.

Resource types

v1 limitation This functionality is not available yet.

Resource credits

v1 limitation This functionality is not available yet.

Site agent connection and requests

v1 limitation This functionality is not available yet.

Managing site administrators

FURMS allows for multiple users with the site administrator role. Each site administrator can add (and remove) other administrators from the "Site administrators" view.

v1 limitation Adding site administrators is currently limited to users who has signed in to FURMS at least once.

Community management

FURMS community groups closely related projects and organizes the process of allocating resources to them.

Managing projects

Community administrator can create projects providing set of initial project settings. Selected project settings can be also changed subsequently by project administrators.

When creating a project, community administrator needs to setup project leader, who will also become the initial project administrator. Additional administrators can be also setup after activating the "Administrators" option from the project’s context menu.

Project administrators can also themselves manage administrators of their project, and so community administrator is not the only person controlling the set of administrators.

v1 limitation Adding project administrators is currently limited to users who has signed in to FURMS at least once.

Managing community administrators

FURMS allows for having multiple users with the community administrator role. Each community administrator can add (and remove) other administrators from the "Community Administrators" view.

v1 limitation Adding community administrators is currently limited to users who has signed in to FURMS at least once.

Managing community metadata

Community name, description and logo can be modified at any time. It can be performed from the "Settings" view.

Distributing resources to projects

v1 limitation This functionality is not available yet.

Project management

FURMS project groups users who work on a common topic and consume resources provided by sites and assigned by communities.

Each project must have a project leader, who is a formal representative and a responsible person. Besides this formal role, project has one or more administrators, who can manage the project in FURMS.

Project management in FURMS consists of two main operations:

  • managing users who work within the project,

  • managing access of project users to resources allocated to the project.

What is more, FURMS collects resource usage information from sites on which resources are consumed. This information can be used to track budget consumption and its spread over time.

Managing users

Under the Users menu entry, project administrator can view, add and remove project users. Note that project administrator needs not to be (and does not become by default) a regular project user. Administrator can however assign him/her-self project user role with a dedicated action button.

Project settings

Under the Settings menu entry, project administrator can control project details. Some of the settings are under control of the parent community and therefore are presented as read-only values.

Resource access

v1 limitation This functionality is not available yet.

Resource allocations

v1 limitation This functionality is not available yet.

Defining alarms

v1 limitation This functionality is not available yet.

Managing project administrators

FURMS project can have multiple administrators. Each project administrator can add (and remove) other administrators from the "Site administrators" view.

Project must have a single project leader defined. Typically this is one of the administrators but this is not strictly necessary.

v1 limitation Adding project administrators is currently limited to users who has signed in to FURMS at least once.

End User support

Every user that signs into FURMS has access to her/his FURMS profile & settings view. For the users who have no additional roles, this is the only accessible view, others can activate it from the top-right view chooser.

User settings allows every FURMS user to check:

  • personal information which is exposed to FURMS by the Fenix infrastructure,

  • user’s projects list.

v1 limitation User settings will provide more functionality in subsequent FURMS releases, including management of personal SSH keys and site access details.