whitepaper · whitepaper: deploying ceetron cloud private for storing, viewing, and sharing cae...

WhitepaperDeploying Ceetron Cloud Private for storing, viewing,and sharing CAE models.

Whitepaper for external distributionPrepared by Fredrik Viken, CTO

Whitepaper: Deploying Ceetron Cloud Private for storing, viewing, and sharing CAE models

storin

g view

ing sh

aring

Whitepaper: Deploying Ceetron Cloud Private for storing, viewing, and sharing CAE models2 | 14

Creating a system for storing, viewing and sharing CAE models has been a challenge for the CAE community. On one hand, there is a need for broad access, across disciplines, offices, organizational boundaries, and value chains. On the other hand, there is a need for security, from a number of perspectives, including authentication and model access control. On top of that, sharing, interactive performance and acceptable user experience are issues, with today’s model size of 100 GB+.

Several relevant alternatives exist, including desktop to desktop sharing; public clouds (like Dropbox and Ceetron Cloud); various SPDM solutions (though few of them have been designed for sharing and viewing); and window sharing using remote desktop access directly to/from the cloud (for cloud-based solvers). The latter would require server-side rendering capabilities which is costly and imposes significant additional HW requirements on the cloud servers.

In this whitepaper we present a solution based on Ceetron Cloud Private (CCP) from Ceetron. CCP is a private cloud solution for creating cross-solver CAE model repositories with storing, viewing, and sharing capabilities. It offers client-side WebGL-based rendering. It also offers a built-in light-weight post-processor, Analyzer Cloud. Its primary use case is for storing VTFx files, though it is possible to upload native solver files for post-processing.

CCP can be configured for within-firewall data centers. It can also be configured for most public cloud infrastructures, including AWS, SAP Hana Cloud, MS Azure, and bare-metal offerings.

CCP has been installed by a number of major engineering and manufacturing companies, including Dr. Techn. Olav Olsen (structural re-analysis system for Equinor), Transvalor (sharing portal for its customers), DNV GL (sharing portal for its customers), and of course Ceetron (in the form of our public cloud offering Ceetron Cloud).

The paper has been written to provide the necessary technical information for an IT organization to make an informed decision about whether to deploy CCP. We are of course available for additional technical discussions.

Please contact our CTO Fredrik Vikenat [email protected] you want to set up a technical web conference.

Abstract

VERSION

1.0 09/09/2019 Fredrik Viken for publication CCP for IT departments

DATE AUTHOR STATUS DESCRIPTION

Revision history

mailto:fredrik.viken%40ceetron.com?subject=


storin

g view

ing sh

aring


CONTENTS

Abstract

Revision history

1 | Purpose of this document

2 | About Ceetron Cloud Private (CCP)

3 | The business case for CCP

4 | Architecture

4.1 Works on any cloud infrastructure

4.2 Built with Ceetron Cloud Components

4.3 Same code base as Ceetron Cloud

4.4 CCP stateless server for scalable streaming of CAE data (NEW)

4.5 Analyzer Cloud: our full-featured cross-solver

post-processor for web

5 | Security

5.1 Architected for security: Authentication

5.2 Architected for security: Information access control

5.3 Tested for security: Penetration testing

6 | Upload alternatives for CCP

6.1 Upload from CAE tools with ‘send to cloud’ functionality

6.2 Upload from CAE tools using export to VTFx

6.3 Upload approaches for high-volume, automated workflows

6.4 Upload of non-VTFx files

7 | Deployment

8 | Future developments

9 | Recommended next steps

Appendix 1 : Getting started

PAGE

04

04

05

06

06

06

07

07

08

08

09

10

10

11

11

11

11

12

12

12

13

13


storin

g view

ing sh

aring


The intended reader of this document is an IT professional with responsibility for IT infrastructure for CAE computing and storage infrastructure.

The purpose of this document is twofold:

1. To describe the architecture of Ceetron Cloud Private. 2. To discuss and clarify the relationship between Ceetron Cloud Private and Ceetron Cloud, our public cloud CAE sharing portal.

1 | Purpose of this document

2 | About Ceetron Cloud Private (CCP)Ceetron Cloud Private (hereinafter “CCP”) is a private

cloud solution for creating cross-solver CAE model

repositories with storing, viewing, and sharing capabilities.

The term ‘private’ in this context means that the service is

installed and operated from an internal, on-site computer

infrastructure. CCP also offers a built-in light-weight post-

processor, Analyzer Cloud.

The primary use case for CCP is to store and view VTFx

files, though it is also possible to upload native solver

output files for post-processing.

Of course, it is possible to use the public service Ceetron Cloud for same purpose,

see https://cloud.ceetron.com/home. However, many organizations like the benefits of Ceetron

Cloud, but not that it is public cloud and owned by Ceetron. CCP was indeed created to respond

to such feedback.

More about the relationship with Ceetron Cloud: One may see it as an internal reference

installation of CCP. All capabilities of Ceetron Cloud are available for our customers in CCP, but

CPP offers the possibility of replacing certain components in Ceetron Cloud, including UI styles,

data storage and security components, with customer-specific implementations. (Ceetron Cloud

is much more than a reference installation, in the sense that it is and has been architected as a

commercial offering and is accessible for all users of Ceetron’s 3D visualization tools including

Analyzer, 3D Viewer and GLview Inova.)

CCP is an end user tool, not an SDK. If you want more customized functionality than what CCP

can offer, we recommend Ceetron Cloud Components, our SDK for developing cloud-based web

visualization apps, with which CCP is powered.

CCP has been installed by a number of major companies, including Dr. Techn. Olav Olsen

(structural re-analysis system for Equinor), Transvalor (sharing portal for its customers), DNV GL

(sharing portal for its customers), Migris AS (sharing portal for its customers) and of course Ceetron

(in the form of Ceetron Cloud).

https://ceetron.com/ceetron-cloud-private/

https://cloud.ceetron.com/home

https://ceetron.com/ceetron-analyzer-cloud/


storin

g view

ing sh

aring


3 | The business case for CCP

TO WHAT EXTENT SHARESIMULATION RESULTS ?

SUGGESTED ALTERNATIVE :

PRIVATE CLOUD WITH CLIENT-SIDE

RENDERING AND BASED ON CCP

FROM CEETRON

OTHER ALTERNATIVES : . DO NOT SHARE . SHARE AS PDF

OTHER ALTERNATIVES : . BY COPYING FILES FROM DESKTOP TO DESKTOP . IN A DROPBOX-LIKE REPOSITORY

OTHER ALTERNATIVES : . BY COPYING FILES FROM DESKTOP TO DESKTOP . IN A DROPBOX-LIKE REPOSITORY

OTHER ALTERNATIVES : . DEVELOPING SUCH SOLUTIONS IN HOUSE . USING SERVER-SIDE RENDERING . USING YOUR SPDM SYSTEM . USING CEETRON CLOUD

SUGGESTED ALTERNATIVE :AS INTERACTIVE MODEL

OUTPUT

SUGGESTED ALTERNATIVE :IN A CLOUD-BASED

CAE REPOSITORY WITH ADVANCED VEWING AND

SHARING CAPABILITIES

HOW TO SHARE SUCH OUTPUT FILES

HOW TO DEVELOP SUCH REPOSITORY

Investing in a cloud-based CAE model repository requires some serious thinking in most

organizations. To the left is a typical sequence of decisions that most organizations go through.

However, we believe that fundamentally, the business case for CCP is about:

Simple and predictable pricing: CCP is offered at a fixed rate of Euro 11 000 per year.

(Four Analyzer Desktop/Cloud licenses are included, more than that is Euro 149 per seat per

month.) Special pricing applies for ISVs.

Low threshold for getting up and running: If using a Docker-based deployment approach,

it is possible to get up and running in minutes. That said, a typical (small) CCP project will take

some days or weeks, due to the need for preparation, case extraction, integration with automated

workflows, various customizations, and proper deployment process (dev, test, prod).

On the end user side: No installation, no plug-ins, just WebGL-based rendering in the

browser: There is thus no end user support load.

Hassle-free sharing of simulation results, across offices, organizational boundaries,

disciplines, and solvers.

Single source of truth, no distribution of result databases, and no confusion about

consistency of simulation results.

Low risk. CCP is out of the box, or the container (pun intended), as essentially same as

Ceetron Cloud.


storin

g view

ing sh

aring


4 | Architecture4.1 Works on any cloud infrastructure

4.2 Built with Ceetron Cloud Components

USERINTERFACE

VIZ STREAMINGSERVER

CEETRONPROGRESSIVE

CEETRONDESKTOP COMPONENTS

AnalysisData

10 + GB

CEETRONVIZ STEAMINGCLIENT

3D OBJECTSTREAMER

WEB RENDER ENGINE

CEETRON

CCP can be configured for privately controlled resources on most public cloud infrastructures, including MS Azure, AWS, SAP Hana Cloud, and bare-metal offerings. It can also be configured for within-firewall data centers.

Figure 1: Typical Ceetron Cloud Components app architecture

Cloud Private is built on Ceetron Cloud Components, Ceetron’s SDK for developing CAE 3D viz web apps. Cloud Components is in use by a number of major CAE providers, including SimScale, nCode, ANSYS, and SAP.

Here is top-level structure :

Ceetron Cloud ComponentsCLIENT API

Ceetron Cloud ComponentsSERVER

https://ceetron.com/ceetron-cloud-components/

https://ceetron.com/ceetron-cloud-components/


storin

g view

ing sh

aring


4.3 Same code base as Ceetron Cloud

CCP stateless server forscalable streaming of CAE data (NEW)

4.4

You know what you get with CCP: essentially same functionality as Ceetron Cloud, with the exception of own cloud infrastructure, own security stack, and own skinning. Whenever Ceetron Cloud is upgraded with new functionality or graphics capabilities, these upgrades will also be available to CCP users for an up-to-date CAE data sharing portal.

CCP uses a new, stateless server for streaming CAE data with full element and result information. The load on the server is independent of the model size, and the model starts streaming immediately, even for huge (>50M cells) models. The stateless server is extremely cost efficient compared to competing solutions. It enables streaming of all kinds of CAE data and allows the user to query the model for result, element types, etc.

Figure 2: Screen dump of Ceetron Cloud.


storin

g view

ing sh

aring


4.5

Analyzer Cloud is a full-featured cross-solverpost-processor for FEA and CFD data, for engineering workflows in the cloud.Analyzer Cloud is the Web/Cloud version of the desktop application Ceetron Analyzer (Desktop).

See also https://analyzer.ceetron.com/.

Analyzer Cloud : our full-featuredcross-solver post-processor for web

Analyzer Cloud is an all-in-one solution to the multi-solver post-processing needs of the general simulation engineer working in the cloud: native reading of all major solver formats, FEA and CFD; high performance; stunning visual quality; all devices, from the smallest pad to the largest engineering workstation. Analyzer Cloud can be seamlessly integrated with CCP.

Whether an automotive manufacturer designing a new super-cool high-performance premium car model, an engineering specialist consultancy with a need to protect confidentiality of client material, or a software provider in SPDM space with a business imperative of guaranteeing the security of their cloud solutions to their blue-chip aerospace clients, protecting CAE data against intentional or unintentional release to an untrusted environment is imperative.

In this section, we will describe how Ceetron has designed and implemented different levels of security around data being stored in a CCP installation, and how a customer can replace parts of Ceetron’s security stack with a security stack of their own choosing. The reader is encouraged to make an independent assessment of the security level of Ceetron Cloud and their CCP installation.

5 | Security

https://ceetron.com/ceetron-analyzer-cloud/

https://analyzer.ceetron.com/


storin

g view

ing sh

aring


5.1 Architected for security : AuthenticationCeetron Cloud uses an OAuth2-based authorization framework. Ceetron Cloud uses Azure Active Directory B2C, but there is also an implementation for Auth0.

Ceetron can assist customers in creating adapters for company-specific authorization schemes. CCP has a default option to run with a simple username / hashed password scheme for easy to setup installations behind a company firewall.

A CCP installation can thus be configured with the following security policies :

Local Identity Management : A simpler solution for organizations not

requiring the bells and whistles of OAuth 2.0.

Login performed within the CCP portal.

Salted hashed passwords are stored in an on-premise

or cloud-based database.

Even though passwords are sent to the server in encrypted form,

it is strongly recommended that communication uses https.

Users grant applications upload access to their accounts

by providing them with their upload ID.

External Identity Management : Authentication is handled by an external service.

Currently Microsoft Azure Active Directory B2C and Auth0 are supported.

OAuth 2.0 is utilized, the industry-standard protocol for authorization.

Support for OAuth 2.0’s implicit and password grant types

Implicit grant type, which is the recommended flow for SPAs: To log

in, the user is redirected to the external identity management service’s

login portal. The sending and validation of user credentials happens

completely outside the bounds of CCP. Once authenticated, the user

is returned to CCP with an access token, which grants the user time-

limited access to the CCP API.

Password grant type : a simpler flow that can be used when redirection

to external login portal is not desired. CCP prompts the user for login

credentials and then securely sends them to the external identity

management service for authentication.

Other applications can use the same login portal to request the user

for restricted access to their CCP account to perform actions on their behalf.

For example, in order to upload models to user accounts, Analyzer Desktop

requests the user to login and grant it upload access to their account.

Once granted, Analyzer Desktop is only able to upload models to the user’s

account. Attempts to perform any other action are blocked.


storin

g view

ing sh

aring


5.2

5.3

Architected for security :Information access control

Tested for security :External vulnerability testing

CCP accommodates out of the box four standard levels of security :

Public : Public models can be found through browsing or searching on the CCP installation. They can be viewed by everyone with access to the CCP installation.

Shareable : Shareable models can be seen only by those who have the required link. The security is good, as the link is a GUID (RFC4122 v4 UUID, base64 encoded) that is virtually impossible to guess. If it were possible to make a billion guesses per second for the next hundred years, the chance of guessing correctly would still only be 50%. User must remember, however, that anyone intercepting the email/chat carrying the link can then look at the model.

Group : Users can create and share models to a group. In order to view a shared model, group members must be logged in to the CCP installation. Users outside the group have no access, even if they possess the model link.

Private : Access is restricted to the owner of the model, who must be logged in to the CCP installation. Nobody else can view the model, even if they possess the model link.

We generally recommend periodic external vulnerability testing of any cloud-based solution, including CCP.

BDO Cybersecurity, a leading Norwegian cyber-security firm, conducted such testing of the public service Ceetron Cloud (not CCP) August 2019. They gave us clean security assessment.

Though such testing has limited value as evidence for the security of a CCP installation (unless an exact replica of Ceetron Cloud), it suggests sound security concepts for CCP.


storin

g view

ing sh

aring


There are several alternatives for uploading data to CCP and or integrating CCP into existing CAE workflows. This chapter describes the most commonly used integrations mechanisms.

6 | Upload alternatives for CCP

6.1

6.2

6.3

Most Ceetron tools (incl. 3D Viewer, Analyzer Desktop and GLview Inova) have a ‘send to cloud’ button from within the tool. By using the send-to-cloud button, an exact replica of your visualization (model, result and visualization setting) is uploaded to CCP. A link (or QR code) to the uploaded file is returned for direct use or redistribution. This feature is also known as one-click sharing and offers a simple and efficient starting point for sharing and collaboration. All your uploaded models are stored on CCP and can be easily accessed for future use through the My Models page on CCP.

Virtually all Ceetron end-user tools (incl. 3D Viewer, Analyzer Desktop and GLview Inova) as well as non-Ceetron tools have export to VTFx as menu item. In such case, one can do an export and then upload the VTFx file to CCP. You are encouraged to ask for such export functionality from your CAE vendor; they may already have it or be willing to provide it.

For large-volume and automated workflows, converting to VTFx and uploading to CCP from a GUI-centric tool are impractical.

For such workflows, we recommend Ceetron Desktop Components with Python to script the setup and upload of models. The user decides in the script how to show the model (result selection, animation setup, part attributes, etc). We can provide example scripts to get you started quickly.

Ceetron offers also CAE2VTFx, a command line tool that takes a native simulation database (before post-processing) as input and exports a VTFx file of selected results. This is primarily of relevance for CCP use cases if wanting to post-process from CCP using Analyzer Cloud.

In all the above cases, models are uploaded to CCP via its REST API. So whatever automation workflow is in place, uploading VTFx files to CCP can be achieved with a simple cURL command.

Upload from CAE tools with‘send to cloud’ functionality

Upload from CAE toolsusing export to VTFx

Upload approaches for high-volume,automated workflows


storin

g view

ing sh

aring


6.4

It is possible to upload and post-process native CAE result databases using Analyzer Cloud. Most industry-standard formats are supported. However, uploading 10 GB+ simulation databases from desktop to CCP in the cloud is not practical, and we see upload to CCP of non-VTFx files as primarily relevant for co-located on-prem/in the cloud solvers and CCP installations.

We generally recommend deployment of CCP as a Docker container. For Docker-based deployment the only technical requirement is a server with Docker installed.

As an alternative, CCP can be directly installed on any server on which Node.js is installed. [email protected] will be able to provide the necessary assistance.

We assess hybrid architectures to be a major trend in engineering app space. Indeed, some of the most interesting projects that we have been seeing in the industry in 2018 and so far in 2019 are based on augmenting or combining desktop-based apps for pre and post with cloud-based compute components + web apps with client-side rendering for storing, viewing (incl. light-weight post-processing), and sharing (across disciplines and organizational boundaries, and along the value chain).

We assess CCP’s underlying architecture to be will aligned with such trend, and are working with major current customers to ensure that CCP supports such use cases.

Upload of non-VTFx files

7 | Deployment

8 | Future developments

mailto:support%40ceetron.com?subject=


storin

g view

ing sh

aring


9 | Recommended next steps

Appendix 1 | Getting started

Here is what you should do to get up and running :

1. Check technical requirements.

2. Install Docker on your server.

3. Download Docker image from dockerhub.

4. Follow the stepwise instruction in Appendix 1—Getting Started.

5. Do the necessary changes to logo etc.

6. Add your own authentication and model access control stack.

7. Contact [email protected] if issues.

See Appendix 1 — Getting started for technical info about how to get started.

The easiest way to install CCP is with Docker.

It can be downloaded here: https://hub.docker.com

(select Download Docker Desktop).

For Linux/Mac users, next steps are as follows:

1. Once Docker is installed, execute the following commands :

mkdir ceetronCloud

cd ceetronCloud

curl https://ceetron.com/wp-content/uploads/ceetron-cc/cc -O

chmod +x cc

./cc init

2. At this point, you can open config/config.env to configure some options,

such as the port. You can also specify the login details for the initial admin

user by setting ADMIN_EMAIL and ADMIN_PASSWORD.

3. Finally, run the following command to start CCP :

./cc up

4. After startup is complete, which on first run may take a minute or so,

CCP should be available at http://localhost : 5000.

5. You can either log in with the initial admin user (default login is email :

[email protected], password: admin), or you can sign up to create

a new user.

For Windows users, a Powershell version of the above will shortly be made available.

mailto:support%40ceetron.com?subject=

Prepared by Fredrik Viken, CTO

Fredrik [email protected]

Whitepaper: Deploying Ceetron Cloud Private for storing, viewing, and sharing CAE modelsWhitepaper: Deploying Ceetron Cloud Private for storing, viewing, and sharing CAE models14 | 14

www.ceetron.com

mailto:fredrik.viken%40ceetron.com?subject=

https://ceetron.com

https://www.facebook.com/ceetronas/

https://twitter.com/CeetronAS

https://www.linkedin.com/company/ceetron-as

whitepaper · whitepaper: deploying ceetron cloud private for storing, viewing, and sharing cae...

Documents