.. _opanabrid:

Anabrid Operations
==================

.. image:: redac-aso-logo.*
   :scale: 80%
   :align: right

This section is dedicated to the *REDAC1 Systems Operations Team*
at *anabrid GmbH*. The term *REDAC1* refers to the REDAC system with
serial number 1, which is build for the customer `DLR-QCI <https://qci.dlr.de/>`_.
During 2025, anabrid will operate the system on a transitional basis for
and in the interests of the customer. In particular, software solutions
that are *not* part of REDAC are provided and operated within this transitional
time. These are listed in this section and their use is documented. There is
no documentation regarding administration, as administration is carried out
by the Anabrid Systems Operations Team.

Within this transitional time, the system operated by anabrid is globally
reachable via the internet at https://redac.anabrid.com


.. _fig-anabrid-services:
.. figure:: drawings/anabrid-operations-services.png
   :alt: schema drawing

   Overview about the REDAC-internal services vs. the services operated by anabrid.


.. _opanabrid_services:

List of provided services
-------------------------

The following services are not part of REDAC but part of the operations
teams, next to the actual REDAC hardware and software maintenance. Similar
systems are supposed to be hosted by a REDAC customer. See also
figure :ref:`fig-anabrid-services` for an overview.

Systems Access to ``redac.anabrid.com``
  General system access is provided over anabrid paid 1gbit/sec symmetric
  internet fiber uplink which has a guaranteed uptime of certainly
  less then 99% (i.e. `14min downtime per day <https://uptime.is/99>`_).
Systems website landing page "User Interface" https://redac.anabrid.com/ui/
  This is a little static website (`Sveltekit <https://svelte.dev/docs/kit/introduction>`_)
  which is managed, amongst other static assets, via SFTP. The website itself,
  in particular, is a *goodie* and not part of the official
  :ref:`software infrastructure <dev_software>`
Status Page https://status.anabrid.net/status/redac1
  Anabrid operates a number of status services which allows to have a quick
  overview about the availability and reliability of the services. The
  reachability of the REDAC1 System is monitored on this website.
Grafana dashboard https://stats.redac.anabrid.com/
  For demonstrating/displaying temperature readout. Runs as a docker container
  on the SuperController.
JupyterHub instance https://jupyter.redac.anabrid.com/
  This is a Kubernetes cluster operated by the OPs team which has direct access
  to REDAC internal network. However, it is physically hosted and served not on
  SuperController but dedicated bare metal digital hardware.
Authentification https://auth.redac.anabrid.com/
  Anabrid transitionally operates the user authentification system for REDAC1.
  The underlying software system *Keycloak* is an official suggestion to be used
  also by the customer within the REDAC software infrastructure, cf. :ref:`opauth`.
User Helpdesk https://helpdesk.anabrid.com/
  Anabrid runs a ticketing system in order to provide help for REDAC1 users.
  This is a company wide ticketing system where anabrid employees help on improving
  the customers jorney. Users can open a ticket straight on the helpdesk or write
  a mail to `helpdesk@anabrid.com <mailto:helpdesk@anabrid.com>`_.
  Please insert the term ``REDAC1`` in the subject message of your tickets.
  Clearly, this ticketing system is not part of REDAC infrastructure.
Anabrid User Hotline ``0049 30 629 3047 20``
  Anabrid runs a telephone line which allows people to ask for help within
  regular office hours. There is no guarantee that support can be provided
  via telephone. However, the onsite team in Ulm is always happy to receive
  inqueries at a direct visit.

User account creation
---------------------

Self-Registration is enabled for all user accounts ending on ``@dlr.de``.
Otherwise, user accounts have to be manually activated by the operations staff.
Primary contact happens via the anabrid helpdesk.

.. note::

   REDAC has a standalone user account system (see :ref:`opauth`) which is
   by no means related to any institutional user managament systems by DLR
   or anabrid.

Profile user data policy
------------------------

Users who want to use the system up have to agree to the european General Data
Protection Regulation (GDPR). The following minimum amount of data is collected:

Technical Data
   * User IP address
   * technical browser/client identification information (for instance software versions)
   * Queries sent to the system and replies got
   
   Retention period: Logging and Performance evaluation, data is intentionally
   preserved only for a fixed period of time and never leaves the system (i.e. the
   :ref:`Super Controller <opsetup-server>`).

Organizational Data
   * Personal identification features (real name, business address, institutional
     affiliation, telephone number, e-mail address)
   * System Username
   * System Password (only stored in encrypted form according to common
     cryptographic industry standards)
   * A list of authorised security tokens such as a SSH public key or a JWT access token.
   * Given consent obtained for personal data processing in accordance with the GDPR
     (General Data Protection Regulation, legislation in Germany)

   Retention period: Data are preserved for the full period of operations, even after
   the user intentionally deleted his account. This is neccessary for project
   reporting and evaluation.

.. note::

  When using any services provided by anabrid, the general privacy policy by anabrid
  applies. It can be found at https://anabrid.com/privacy-policy. Furthermore, the
  general terms and conditions by anabrid apply. They can be found at
  https://anabrid.com/agb