Getting Started






  • Claim: A statement made by an entity about the subject defined by an identity profile. From
  • Credential: A set of claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability. From
  • Entity: A thing with distinct and independent existence such as a person, organization, concept, or device. From
  • Identity: A set of information that can be used to identify a particular entity such as a person, organization, concept, or device. An entity may have multiple identities associated with it. From
  • Identity provider: A software service that manages one or more identities and their associated credentials on behalf of an entity. It typically handles requests to store credentials issued by an issuer and to retrieve credentials when requested by a credential inspector. From
  • Group: A group of users with some roles
  • User: A user map a subject like a CSI User, an application user. A user has some roles. A user can have some attributes.
  • Permission: A permission define an action that you can do over an object or a group of objects of a certain type
  • Role: A role is the entity used to set user permissions

Business Entities

  • Organization: It is the higher group hierarchical entity. Some example are CSI, a public authority like Regione Piemonte, a private company
  • Division: It is the first hierarchical child entity of an Organization. An Organization can have many Divisions. Each Division has a Wallet.
  • Account: It is the lower group hierarchical entity. An account is a division’s child. A division can have many accounts. An account contains many services.
  • Wallet: The wallet is the entity that manage the Division Owner capital and where you store the costs of use. Capital can be increased using new Agreements.
  • SubWallet: It is the account wallet. It contains a small part of the wallet capital.
  • Service: A service is an entity that offers some capabilities and has associated consumes. Some example of service are the Computational Service (classic Iaas), a Virtual Machine, a Network, a Database engine instance, … There are two main category of service:
    • core service: the main service that enable base ecosystem to use atomic service. Ex. compute service
    • atomic service: each final usable service that make something is an atomic service. Ex. virtual machine
  • Service Catalog: a list of service that user can instantiate
  • Service Tag: a label that you can assign to services and use as filter key.
  • Service Link: a link can connect two services. Use a link to create set services relation


Compute Service - cpaas

It is the main service that you must have in your Account to use all the other following services. It exposes basic capabilitie to manage virtual networking and security across multi availability zones environment.

Cloud computing resources are housed in highly available data center facilities in different areas of the Piedmont (for example Turin and Vercelli). Each data center location is organized in Sites and Regions. Each Site is logically divided in Availability Zones. An Account has an Availability Zones for each Sites pointed. Each Site is engineered to be isolated from failures in other Sites, and to provide inexpensive, low-latency network connectivity to other Availability Zones in the same region. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location.

Availability zones
  • compute-tag: Tags
  • image: Images define the template of operanting system you can use when create a new virtual machine.
  • securitygroup: Security group acts as a firewall for Nivola instances, controlling both inbound and outbound traffic at the instance level.
  • key: An ssh key used when create a virtual machine to enable ssh login.
  • virtual machine: Virtual Machine are virtual server you can use to run application workloads.
  • vpc: A virtual private cloud (VPC) is a virtual network dedicated to your Nivola account. It is logically isolated from other virtual networks in Nivola. You can launch your istances into your VPC. You can configure your VPC by modifying its IP address range, create subnets, and configure route tables, network gateways, and security settings.
  • subnet: A subnet is a range of IP addresses in your VPC. You can launch Nivola resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won’t be connected to the internet. To protect the Nivola resources in each subnet, you can use multiple security groups.

Database Service - dbaas

It is used to create instance of mysql, postgres and oracle engine.

  • instance: an instance of mysql, postgres and oracle engine.

Storage Service - staas

It is used to expose some virtual storage capability. Currently only the creation of share nfs and cifs is available

  • efs:
    • instance: instance of efs can be a cifs or a nsf share

Appengine Service - appeng

It is used to create an application platform like: apache+pgp, tomcat, composed by some servers, a share, a load balancing service, a public ip, …

  • instance: An instance of appengine is a a set of iaas resource (servers, a share, a load balancing service, a public ip, …) created and configured to work together.