I Documentation
A. Introduction
A.1. NCL provides the following services:
(1) Leasing of bare-metal servers
(2) Leasing of Virtual Machines
(3) Customized auto-provisioning of host & network using DeterLab
(4) Customized auto-provisioning of host & network using OpenStack
(5) Environment (Hereinafter referred to as the “Services”)
A.2. Please contact NCL for the specifications of the service.
A.3. The charges and payment modes for each of the Services are described in the Order Form.
A.4. This Usage Policy shall govern the use of Services (1) to (5). Use of the Services shall also be subject to directives from NUS and/or its School of
Computing (“SoC”) directives concerning usage of its IT facilities.
B. Usage Policy
1. Scope
1.1 This Policy covers
(1) User Policy
(2) Resource Management Policy
(3) IP and Data Management Policy
(4) Pricing Model
(5) Hosting Service Policy
(6) Audit
1.2 NCL reserves the right to revise the policy.
User Policy
2. Users
2.1 Staff from an admissible organization may register as a user of the NCL testbed. The admissibility criteria of an organization are described in Paragraph 3.1.
2.2 There are two types of users:
Project Leaders
Project Members
2.3 A user could be a project leader in one project and a project member in another project.
2.4 All users need to read and accept the Documentation and Master Subscription Agreement upon registration.
Project Leaders
2.5 A user shall meet the following requirements to be eligible to be a project leader:
He/she is entrusted by his/her organization with the responsibility and accountability to lead the project.
2.6 The following users shall be deemed eligible:
Faculty members, or the equivalent R&D, teaching and management staff of the admissible organizations as stated in Paragraph 3.1.
2.7 Other staff from an organization may apply to create a project if he/she is able to provide NCL written assurance that he/she meets the requirements in Paragraph 2.5. His/her application will be dealt with on a case-by-case basis.
2.8 A project leader is eligible to apply for a new project with NCL and may invite the other users to join his/her project as project members.
2.9 A project leader is responsible and accountable for the project and all members in his/her project.
2.10 The project leader shall verify the identity of the team members and ensure that they will honor the agreement he/she has signed with NCL. NCL reserves the rights to perform further verifications whenever required.
2.11 In particular, the project leader shall provide NCL the assurance that:
(1) He/she and his/her team members will be carrying out only the activities described in the project;
(2) He/she and his/her team members will not misuse the resources of NCL, especially with respect to data resources with usage restrictions;
(3) He/she and his/her team members will not perform activities harmful to NCL resources and other projects using NCL;
(4) He/she and his/her team members agree to the IP and data management policy;
(5) He/she has sufficient funding for the project.
(6) He/she will endorse each member of his/her project.
Project Members
2.12 A user may join a project by accepting the invitation from a project leader.
2.13 A user may also browse projects which publish their information publicly in NCL and apply to join a project. He/she may join the project if the project leader accepts the application.
2.14 A project member shall give NCL the assurance that
(1) He/she will carry out only the activities described in the project.
(2) He/she will not misuse the resources of NCL, especially with respect to data resources with usage restrictions.
(3) He/she will not perform activities harmful to NCL resources and other projects using NCL.
(4) He/she agrees to the IP and data management approaches.
3. Admissible Organization & Activities
Admissible Organization
3.1 The following organizations shall be deemed as admissible:
(1) Local Research Institution (RI), Academic University (AU), Institute of Higher Learning (IHL), as registered under the Ministry of Education of Singapore.
(2) Singapore government agencies, which can be found in the Singapore Government Directory: https://www.gov.sg/sgdi/ministries
(3) Companies that are based in Singapore and registered under Accounting and Corporate Regulatory Authority (ACRA).
Admissible Activities
3.2 The following activities shall in general be deemed as admissible:
(1) Research and Development
(2) Testing,
(3) Experimentation,
(4) Cyber Range/Exercises,
(5) Teaching/training.
3.3 For companies, projects in general need to be in line with the themes of the National Cybersecurity R&D Programme of the National Research Foundation. The themes can be found on the National Research Foundation’s website: http://www.nrf.gov.sg/about-nrf/programmes/national-cybersecurity-r-d-programme
3.4 Activities for the sole purpose of supporting a company’s day-to-day operations such as the serving and hosting of data is inadmissible.
4. Project
Project Creation
4.1 The application by a project leader for project creation will be reviewed and approved by NCL if the project meets the following requirements:
(1) It is a project from an admissible organization,
(2) It performs admissible activities, and
(3) The user applying for the project is eligible to be a project leader.
NCL will perform verifications, prior to creating the project in the system. The verification process may involve counterchecking the user’s identity and his role in the organization with his department head or colleagues. It may also involve requesting the user to make declarations on, for example, the funding he is receiving. NCL reserves the discretion to reject an application.
4.2 The user warrants that he has to the best of his knowledge made all representations truthfully.
Project Monitoring & Closure
4.3 NCL will perform further verifications on a regular basis and reserves the right to terminate the project if the approval conditions of the project have changed. NCL will also monitor the projects regularly and highlight to the project leader if his/her project has not been active for a period of time.
4.4 The project leader shall close the project when there is no further activity required. NCL reserves the rights to close a project after 3 reminders to the project leader with no satisfactory response.
Resource Management Policy
5. Experiments & Classes
5.1. The project leader and the project members may conduct, or participate in, experiments in the project. For teaching/training purpose, the project leader and members may conduct classes or attend classes in the project.
5.2. An experiment or class may make use of the resources belonging to, or hosted by, NCL. The resources include the hardware, software, utilities, algorithm and data in the testbed.
5.3 Some resources owned by other entities may have their own terms and conditions for usage. For example, data owned by a company may be allowed for use only by the research community. The project leader or a project member shall abide by these terms and conditions.
5.4 NCL will provide a list of resources available for use in the testbed, whether they are available, and their usage restrictions.
5.5 A project leader or member may also bring in his own resources. For uncommon software/huge dataset that cannot be easily run in the nodes, or for hardware that requires integration with the testbed, NCL will make its best effort to facilitate usage.
5.6 The project leader shall ensure that the licensing requirement, or other usage conditions, is met when using their resources in the testbed.
5.7 If an experiment or class requires
(1) Internet access; or
(2) Access to NCL resources with usage restrictions, or
(3) Use of project leader/member resources with usage conditions,
The project leader conducting the experiment or class shall seek permission from NCL prior to its commencement.
5.8 The project leader shall also declare, for Para 5.7 (2), that the participants of the experiment/class meet the usage restrictions, and, for Para 5.7 (3), that the use of project leader/member resources will not incur liability on NCL. This is to keep NCL apprised of potential risks and issues.
5.9 As the project leader is responsible for the activities in his/her project, to facilitate monitoring, NCL will only accept declarations and requests made by the project leader.
5.10 NCL will provide protection mechanisms to prevent one experiment from affecting another experiment. The project leader shall ensure that his/her experiments will not affect other experiments, either by intentionally breaching the protection mechanisms or by other means.
5.11 NCL will monitor the experiments regularly and highlight to the project leader if his/her experiment has not been active for a period of time. The project leader shall end the experiment when there is no further activity required. NCL reserves the rights to end an experiment after 3 reminders to the project leader and receives no satisfactory response. NCL shall not be responsible for data lost in such a manner.
5.12 40% of computing nodes will be reserved for training purposes. NCL reserves rights to adjust the quota up to ±10% depending on the demand received.
6. Prioritization
6.1 There are two subscription modes to use the NCL resources:
(1) Long-Term Reservation: Reservation request is made more than one month prior to usage. The request will be prioritized by a committee. Cancellation and refund is allowed (subject to condition in Para 6.9).
(2) Short-Term Booking: Booking request is made less than one month but more than three days. The request is on a first-come-first-serve basis. Cancellation is not allowed and the user will be charged the full amount. There are further conditions when such booking, or an experiment from such booking, is in conflict with a reservation (see Para 6.10).
Long-Term Reservation
6.2 Users may make reservation of the Services through the Order Form. The Order Form will state the start and end dates, the duration of usage, the number of machines required, and the number of users involved. The Order Form will also allow users to state alternative dates and time to improve the chances of having a successful reservation.
6.3 Pre-allocation checks will be done on the first and second work day of each month.
6.4 Resource Allocation Meetings
Resource Allocation Meetings will be called on the third work day of each month. The meeting will:
(1) Confirm all the reservation cancellations made by the end of the previous month.
(2) Prioritize all the reservations made by the end of the previous month.
(3) Confirm all the reservations made by the end of the previous month.
(4) Check if reservations have been abused (i.e., make multiple bookings under different names to secure a large amount of resources.). NCL reserves rights to blacklist users who were found abusing the reservation system.
6.5 Notifications
The user will be informed on the fifth work day of each month on the status of the reservations. The resource booking will also be updated on the website.
6.6 Prioritization order
The prioritization will be done according to the following order:
Projects receiving grants from NRF
Projects that contribute to NCL (e.g. those that provides data useful to the community)
Projects from a company that invests in R&D, or has a R&D center, in Singapore
Other projects
6.7 First Day of Reservation
Reservations of resources for cyber exercises by the government agencies could be made 12 months in advance. Due to the nature of teaching/training classes by AU, RI and IHL, reservations of resources for such activities could be made 12 months in advance as well, but up to 10 nodes for 36 hours. Reservations for all other activities could be made 6 months in advance.
6.8 Last Day of Reservation
Reservation should also be made at least one month in advance. This is to give some of the users running existing experiments sufficient time to conclude their work. Further, as the Resource Allocation Meeting is held monthly on the third work day of each month, and the resource allocation confirmed on the fifth work day, the following reservations are not allowed:
(1) Reservations for resources for the first five work days on the month immediately after placing the Order Form.
6.9 Cancellation
Cancellation of reservations may be made one month prior to the reservation date. Users will also be charged a partial rate for cancellation made less than 3 months prior to reservation date as follows:
(1) More than, or equal to, 3 months prior to the reservation date – no charge will be incurred.
(2) Less than 3 months but more than, or equal to, 2 months prior to the reservation date – 30% of the charges will be incurred.
(3) Less than 2 months but more than, or equal to, 1 months prior to the reservation date – 60% of the charges will be incurred.
(4) Less than 1 month prior to the reservation date – full charge will be incurred.
Partial cancellations are allowed.
Short-Term Booking
6.10 Users may make short-term bookings of the resources less than one month but more than three days in advance, or use the resources on an ad-hoc basis without any reservation or booking. The three-day gap is to allow administrators to have sufficient time to inform existing users and close experiments that clash with the booking. These bookings/usages will be processed in a first-come-first-serve basis. Cancellation is not allowed and the user will be charged the full amount. Further, if a short-term booking, or an experiment from such booking, is in conflict with a reservation, NCL may request users to terminate the short-term booking or experiment. A note on upcoming booking status will be prompted to alert users about potential conflict in booking. Users will be given the full refund of the unused resources.
6.11 NCL will review this prioritization scheme on a regular basis and reserves the right to amend the prioritization system.
7. Scheduled Maintenance
7.1 NCL will conduct regular maintenance to provide the best possible services. During maintenance, NCL might need to reboot the system and some user activities might be affected.
7.2 Types of Maintenance Activities. Two types of maintenance activities are defined:
(1) Regular Maintenance – A monthly or otherwise scheduled downtime necessary for patches and more significant enhancements.
(2) Emergency Maintenance – A service affecting maintenance that is so severe it requires immediate attention.
7.3 Maintenance Schedule. The scheduled downtimes are as follows (Singapore Time, UTC/GMT +8 hours):
(1) Regular Maintenance – First Sunday of every month, 7am – 7pm or otherwise scheduled.
(2) Emergency Maintenance – Not scheduled and is only used in emergency circumstances.
7.4 Notification. NCL will notify users at least 2 weeks prior to the scheduled Regular Maintenance via users’ registered email address. A second notification email will be sent 1 week prior to the scheduled Regular Maintenance. For Emergency Maintenance, NCL will make the best effort to notify users. Users will be reminded to back up their data on NCL to avoid any data loss or disruption during Maintenance. NCL will also publish all Maintenance information on website.
IP and Data Management Policy
8. Intellectual Property (IP), Ownership & Usage
8.1 NCL will not own the IP created by the users in using NCL. In particular, NCL does not own the IP of the followings (including their implementations):
(1) Algorithms
(2) Protocols
The IP ownership of artefacts and ownership of data shall follow the users’ funding agreement and/or the organization’s policies.
8.2 For projects receiving funding from the government, with agreement that the government has the rights to use the artefacts or data created, the project leader shall check with the funding agency to allow hosting of artefacts or data in the testbed for re-use by the community and NCL.
8.3 For resource management and audit purposes, NCL will also be collecting users’ data and the meta-data of their projects and experiments. This information will be managed according to the Personal Data Protection Act. NCL will use commercially reasonable effort to ensure the security and integrity of the data.
8.4 For projects from the local RIs, AUs, IHLs, the project leader shall provide a description of project, a description of the possible data, software, algorithms, or other artefacts that may be re-used, and the contact (email addresses, phone numbers, websites) to inform other users of the potential usage. The project leader shall ensure that the contact is live for a period of 3 months.
8.5 If NCL deems that it will have substantial involvement in creating an artefact or producing data in an experiment, NCL will discuss with the user to ascertain the IP ownership of artefacts and ownership of data prior to the commencement of the experiment.
Pricing Model
9. Usage Charges
9.1 To ensure long term sustainability, and to discourage misuse, charges will be imposed for the use of NCL resources.
9.2 The prevailing rates can be found on the NCL website: https://v1.ncl.sg/pricing.html or https://ncl.sg/pricing.html
9.3 NCL reserves the right to waive charges, to the following users:
(1) Users who have no funding item or pending for funding approval for their grants
(2) AU, RI, or IHL who are using NCL’s infrastructure for their lessons
(3) Start-ups or Small and Medium Enterprises whose annual sales turnover is not more than S$100 million or employment size of not more than 200 workers.
9.4 NCL will review the charges annually.
Hosting Service Policy
10. Hosting of resources
10.1 Users may host the resources they own, (e.g. data they own) in NCL for use by the NCL users.
10.2 Resource owner may impose usage conditions on resources. This may include, for example, restrictions for use only by the academic community. NCL will make its best effort to facilitate usage but reserve the rights to turn down hosting if the system cannot support implementation of the conditions.
10.3 For avoidance of doubts, the ownership and the associated liability (if any) of the resources hosted shall remain with the resource owner.
10.4 Resource owners will be allocated usage time in NCL for the purpose of setting up/testing/maintaining the resources to be hosted. The amount of time shall be mutually agreed upon prior to the hosting arrangement.
10.5 NCL reserves the right to turn down hosting request, or to remove the resources, after informing the owner, if the resources are not deemed to be useful, or hosting them may incur substantial liability/complications to the system.
10.6 NCL may extend the hosting services to other non-users, e.g. a company which wishes to host a service in the testbed. NCL may accept such hosting to provide a richer testbed. The terms and conditions shall be mutually agreed upon, on a case-by-case basis, prior to hosting the service.
11. Audit
11.1 NCL will document several types of information, in physical and electronic forms, for audit purpose. The type of information that will be documented are:
(1) Experiment users’ data and the meta-data as defined in Para 8.3
(2) Users account information
(3) Payment information
12. Indemnity
12.1 While NCL makes the best effort to provide the facility to users, NCL does not bear the responsibility for any losses that users may suffer as a result of any delay, non-availability of services and loss of data. For detail information on indemnity, please refer to Section 9 of the Master Subscription Agreement.
Appendix 1
The derivation of the pricing formula is as follows.
1 The setup and operational cost of NCL broadly consists of the following components:
(1) The cost of testbed hardware and software;
(2) The manpower cost of running the testbed;
(3) Utility cost of running the hardware;
(4) The cost of enhancing the testbed (including manpower, hardware and software)
2 After the testbed is setup, for NCL to continue operating without further enhancement, only the costs in Items (2) and (3) are required. That is to say, in order to ensure that enough revenue is generated in the long run, NCL will need to generate revenue to cover the cost of Items (2) and (3).
3 Assuming further, for simplicity, that the utilization rate of the testbed remains constant at steady state of operations, and that there is no inflation, at every phase of operations, NCL will need to recover the cost incurred for Items (2) and (3).
4 The direct cost, DC, of using 1 node for 1 hour (inclusive of utility cost) is therefore equal to
Utility cost per hour + (Total manpower cost of running NCL for 3 years)/(Number of computing hours utilized in 3 years)
= Utility cost per hour + (Total manpower cost of running NCL for 3 years)/(300 nodes×24 hours ×365 days×3 years×% utilization)
5 In accordance to the charging model used by NUS, there will be an additional 20% of indirect cost being charged. In other words, the cost of using 1 node for 1 hour is equal to 1.2 × DC.
C. Acceptable Use
C.1 A summarized description of acceptable usage is set out below. Please refer to the Subscription Agreement for further details.
C.2 No Illegal, Harmful, or Offensive Use or Content
Users may not use, or encourage, promote, facilitate or instruct others to use, the Services or NCL Lab Environment for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive or would constitute a criminal offense or give rise to civil liability, or otherwise use the NCL Environment in a manner which is contrary to law, a violation of third party rights including, without limitation, copyright, rights to publicity and privacy, or would serve to restrict or inhibit any other user from using or enjoying the NCL Environment. Prohibited activities or content include:
|
a. Illegal Activities. Any illegal activities, including advertising, transmitting, or otherwise making available gambling sites or services or disseminating, promoting or facilitating child pornography.
b. Harmful or Fraudulent Activities. Activities that may be harmful to others, our operations or reputation, including offering or disseminating fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, Ponzi and pyramid schemes, phishing, or pharming), or engaging in other deceptive practices.
c. Infringing Content. Content that infringes or misappropriates the intellectual property or proprietary rights of others.
d. Offensive Content. Content that is defamatory, libelous, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts.
e. Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.
C.3 No Security Violations
Users may not use the Services to violate the security or integrity of any external System. Prohibited activities include:
a. Unauthorized Access. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.
b. Deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent is prohibited
c. Interception. Monitoring of data or traffic on a System without permission.
d. Falsification of Origin. Forging TCP-IP packet headers, e-mail headers, or any part of a message describing its origin or route. This prohibition does not include the use of aliases or anonymous remailers.
C.4 No Network Abuse
Users may not make network connections to any external System unless requisite permission from the NCL AND the party controlling access to that external System is obtained. Prohibited activities include:
a. Monitoring or Crawling. Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
b. Denial of Services (DoS). Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
c. Intentional Interference. Interfering with the proper functioning of any System, including any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
d. Operation of Certain Network Services. Operating network services like open proxies, open mail relays, or open recursive domain name servers.
e. Avoiding System Restrictions. Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
C.5 No E-Mail or Other Message Abuse
Users shall not distribute, publish, send, or facilitate the sending of unsolicited mass e-mail or other messages, promotions, advertising, or solicitations (like
“spam”), including commercial advertising and informational announcements. Users shall not alter or obscure mail headers or assume a sender’s identity without the sender’s explicit permission. Users are not to collect replies to messages sent from another internet service provider if those messages violate this Policy or the acceptable use policy of that provider.
C.6 Monitoring and Enforcement
NUS reserve the right, but do not assume the obligation, to investigate any violation of this Policy or misuse of the Services or NCL Site. NUS may:
(1) investigate violations of this Policy or misuse of the Services or NCL Site; or
(2) remove, disable access to, or modify any content or resource that violates this Policy or any other agreement which NUS has with the user for use of the Services or the NCL Site.
NUS may report any activity that that NUS suspects of violating any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties.
NUS reporting may include disclosing appropriate customer information. NUS may also cooperate with law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.