Terms and Conditions of Access
These Terms and Conditions of Access are presented to new users when they register using the JASMIN Accounts Portal.
These Terms and Conditions of Access are subject to modifications and additions, for example to reflect changes to JASMIN. However, we anticipate they will change rarely, if at all. You will be notified of any modifications to these conditions using your registered email address. Any modifications or additions to these conditions will be effective immediately. If you do not agree to the modified conditions, you should discontinue your use of JASMIN. Note that in all cases the Terms and Conditions include an undertaking by you as to your conduct, and an agreement by you as to what we can do with your personal data.
Please read these Terms and Conditions. If you do not agree to them, we will not be able to allow you to register and/or use the service requested. These Terms and Conditions are offered only in English.
The following classes of “JASMIN user” are covered in this document:
- Regular login user of the JASMIN Platform as a Service (including the LOTUS batch cluster).
- Service managers and nominated deputies with responsibility for approving or rejecting requests for access to a particular resource or service (e.g. a Group Workspace manager or primary tenancy owner).
- System administrator with privileges on a machine primarily managed by the JASMIN system administration team (also known as "in the managed infrastructure/cloud").
- The primary owner of, and system administrators within, a tenancy in the JASMIN "Infrastructure as a Service" zone of the JASMIN Community Cloud (also known as an external tenancy).
- General users in an external tenancy in the JASMIN Community Cloud.
All use of JASMIN requires users to agree the general terms and conditions, including the acceptance of the conditions under which the service is operated.
General Terms and Conditions
You agree:
- To observe the JISC Acceptable Use Policy for JANET..
- Not to disrupt the working of the service, for example by knowingly introducing malicious software into it, nor to try to breach its security or use resources which aren't assigned to you.
- Not to interfere with other users' work, corrupt their data or invade their privacy.
- Not to infringe copyright or other intellectual property rights.
- Not to take or access data from any database or dataset without explicit or implied license.
- Not to misuse JASMIN or the Internet, for example by sending spam or malicious software, by pretending to be someone else or by doing anything that might hinder or prevent someone else from using JASMIN or the Internet legitimately.
- Not to use the service for illegal or immoral purposes, such as theft, fraud, drug-trafficking, money-laundering, terrorism, pornography, violence, cruelty, incitement to racial hatred, prostitution, paedophilia, or for offensive, obscene, abusive, menacing, defamatory or insulting behaviour.
- Not to store data of a personal, confidential or sensitive nature within the service, which is provided for scientific use only.
- To observe any further requirements as laid down if you fall into one of the additional classes of JASMIN user.
You accept:
- That the service is provided "as is" and we can't guarantee 100% perfection. In legal terms, this means that we are excluding all warranties and conditions applying to the service, including those implied by law. We are not liable if things go wrong and you suffer damage as a result, although if our negligence results in anyone's death or personal injury we acknowledge that we cannot legally limit or exclude our liability for that.
- That services created or deployed by users (including but not limited to those in managed or external tenancies in the JASMIN Community Cloud) having the JASMIN service as a dependency, are beyond our control and as such we do not accept any liability whatsoever for those third-party services or any damage, injury or death resulting from them.
- That you are responsible for your use of any advice or information we may give you. We will take reasonable steps to ensure that it's true and useful, but we can't guarantee this. In legal terms, this means that we expressly disclaim any and all liability for all representations, statements, conditions or warranties to that or any other effect except to the extent that such liability may not be lawfully excluded.
- That we may make changes in the service.
- That you alone are responsible for what you do when using the service. If you break the law you alone must answer for it, and if you cause damage to anyone else, you alone are liable, not us.
- That you will acquire no intellectual property rights over the software or any information we provide.
- That the use of the service by nationals of certain countries is controlled by special regulations laid down by the UK Government in connection with the Wassenaar Arrangement.
- That we may make reasonable changes to these Terms and Conditions at any time, and, once we have posted those changes on our website and emailed you at the latest email address we have for you, the new version will then apply to you.
Regular Login
In addition to the general terms and conditions, you also agree:
- To provide us information about your work and yourself as and when requested so that we can make appropriate resource management decisions, and to let us know if this information changes (for example, you move institution).
- Only to use the service for the purposes for which you were given access, for example, to work on NERC funded projects.
- Not to use another person's account, nor to let other people use your accounts, except in ways allowed later in these terms and conditions.
- To comply with any special conditions that may apply to particular software packages.
- Users of SHARED accounts only as defined here and by specific arrangement with the JASMIN team may share the JASMIN account password of the shared account (NOT the passphrase of any of the SSH keys associated with the account) by secure, encrypted means between the named responsible users of that shared account only. In NO other circumstances may an account password be shared.
- To protect your SSH private key with a strong passphrase, and only use the SSH key pair you have uploaded into your JASMIN account to access JASMIN.
- NOT to store your JASMIN SSH private key anywhere on the JASMIN platform, or on any other multi-user platform to which you have access. The ONLY place you should store your SSH private key is on your local, end-user machine, using an SSH agent with "agent forwarding" to facilitate onward connections to other machines.
- To inform us if you believe your credentials have been compromised, or if you become aware that the security of our systems is compromised in any way.
You also accept:
- That data held in your user home directory is backed up according to policies laid out in relevant documentation, and that systems are in place to enable restoring from these backups, but that we accept no responsibility or liability resulting from the loss of such data. If the data are vitally important to you, you should ensure you have a copy elsewhere, outside of the JASMIN system.
- That data held in Group Workspaces is not backed up. Tools such as Elastic Tape and JDMA are provided for the movement of data between systems, but if you deem backup is necessary, you should make copies outside of the JASMIN system. We accept no responsibility or liability resulting from the loss of such data.
- That we will use the personal details which you supply to us, together with records of your use of the service, as described in our Personal Data and Privacy Policy.
- That we may suspend your access to the service if it seems to us that you are breaking these Terms and Conditions; that if it is necessary to protect the service or other users' work or data, we can halt the execution of any program which you start; and that we have the right to close your accounts.
- That we will keep your JASMIN home directory available only for the duration set out in our retention policy.
Service Managers and Nominated Deputies
JASMIN users may be designated as “service managers, for example Group Workspace managers or JASMIN Cloud tenancy primary owners. Service managers have responsibility for approving or rejecting requests for access to their service. They may choose to nominate one or more deputies who can also approve or reject requests.
In addition to the general terms and conditions, you also agree:
- Not to disclose the personal information of any JASMIN user to a third party.
- To make decisions in a fair and unbiased way, based solely on their eligibility to access the service or resource.
You also accept:
- Failure to comply with these terms and conditions may result in the withdrawal of service manager and/or deputy status.
Managed Infrastructure Administrators
In special circumstances, a JASMIN user may be granted the role of Virtual Machine (VM) Administrator, which will give them root or sudo access to a specific VM in the JASMIN Managed Infrastructure.
In addition to the requirements on Regular Login, you also agree:
- To provide the email address of your line manager to the JASMIN Team. You understand we will use this to provide your line manager with a copy of these conditions, so she/he is aware of the responsibility you have taken on.
- Not to add or modify any disk mount points on the VM.
- Not to create any user accounts on the system to enable others to access the VM.
- Not to modify the login credentials of any users on the directory, nor to access any personal data they hold on the system.
- Not to grant any other user root or sudo privileges on the VM.
- Not to open any ports on the VM.
-
Not to modify iptables rules on the VM or install any rules management
package (e.g.
system-config-firewall
) which modifies rules, silently or otherwise. - Not to modify any network settings or tuning.
- Not to facilitate third party access to any datasets visible on the VM beyond those for which explicit permission is granted.
-
Not to update all packages on the system at once without the express
permission of the JASMIN Team (e.g. by running
yum update
without specifying a specific package).
You also accept that:
- All use of root commands is logged.
- Failure to meet these terms and conditions will result in your access to the service being terminated, and your institution being informed as to why.
Primary Tenants and Administrators of External Tenancies in the JASMIN Community Cloud
This section applies to those who configure and manage external tenancies in the JASMIN Community Cloud (Infrastructure-as-a-Service) - the tenancy administrators.
In addition to the general terms and conditions, you also agree:
- That the Primary Tenant takes full responsibility for everything that happens inside their tenancy, including the actions of other tenancy administrators and users.
- That the Primary Tenant will provide the email address of their line manager to the JASMIN Team. You understand that we will use this to provide this person with a copy of these conditions, so she/he is aware of the obligations applying to both the Primary Tenant and their administrators.
-
To take all reasonable precautions to ensure the security of your virtual
machines, including but not limited to:
- Applying patches for any installed software (installed manually or via a package manager), according to the UKRI Patching Policy and the frequencies it sets out.
- Monitoring systems for unusual or suspicious activity.
-
Restricting SSH logins to a known domain in
/etc/hosts.allow
or a known IP address/range in the VM firewall, immediately after first remote access. - Configuring the VM firewall in a secure manner.
- To ensure that administrative access to the JASMIN Cloud Portal is not used by other people.
- To ensure that all users in your tenancy, including the end users of any public facing services, are subject to the same general terms and conditions that are listed above.
You additionally accept that:
- No support is provided for the software running within any virtual machine (including the operating system, system libraries and packages installed using the package manager).
- Infrastructure support requests are only accepted from the tenancy administrators, not from end users of any of the tenant's services.
-
In order to facilitate emergency support access by members of the
JAMSIN team to virtual machines in a tenancy, it is necessary to include in
the root
authorized_keys
file of cloud virtual machines the SSH public key of members of the JASMIN Team. If the membership of the JASMIN team changes such that keys of former members should be removed, we will do our best to contact the tenancy manager to this effect. It is the responsibility of the tenancy manager to effect removal of the key(s) from the file. We will do our best to keep VM templates up to date with only the keys of the current members of the JASMIN Team: this affects VMs deployed from that point on, but responsibility for the content of the file for previously-deployed VMs lies with the tenancy manager. If the key of essential JASMIN Team members is not present within theauthorized_keys
file, it may not be possible to provide assistance in the event of an emergency. - You are responsible for your own backup provision - JASMIN does not provide a cloud backup service.
- No explicit network bandwidth guarantees are given. The uplink to the JISC Point of Presence (POP) (and hence the internet) and to the rest of the JASMIN infrastructure is shared and hence contention can be expected at times.
- The number of external IP addresses for a tenancy is limited by a quota.
- Network traffic is logged and monitored by the JASMIN Team.
- The JASMIN Team reserves the right to disable network connections with no notice if suspicious network activity is detected.
- No explicit uptime guarantees are given, although uptime is expected to be consistently above 95%.
- Failure to meet these terms and conditions will result in the termination of the tenancy.
The JASMIN Team agrees:
- As far as we reasonably can, to provide a continuous service, it being understood that there will be times when the service is unavailable, for example as a result of unexpected failures, maintenance work or upgrades either within the JASMIN infrastructure itself, or that of JASMIN's host institution or network and utility services on which it depends.
- To take reasonable steps to protect your data from being lost or corrupted.
- To protect the security and privacy of the data we hold about you, as described in our Personal Data and Privacy Policy.
- That we will acquire no intellectual property rights over your software and data.
- To respond promptly to any complaints or suggestions you make about the service.
These Terms and Conditions are governed by the laws of England and the English courts.
If you have any questions about these Terms and Conditions, please contact us.