diff --git a/app/__init__.py b/app/__init__.py
index 91de74f79..e62b69f26 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -85,7 +85,10 @@ def inject_settings():
             'FEATURE_PORTS_REQUEST') else "no",
         enable_s3creds=app.config.get('FEATURE_S3CREDS_MENU') if app.config.get(
             'FEATURE_S3CREDS_MENU') else "no",
-        s3_allowed_groups=app.config.get("S3_IAM_GROUPS") if app.config.get("S3_IAM_GROUPS") else []
+        s3_allowed_groups=app.config.get("S3_IAM_GROUPS") if app.config.get("S3_IAM_GROUPS") else [],
+        enable_access_request=app.config.get("FEATURE_ACCESS_REQUEST") if app.config.get(
+            'FEATURE_ACCESS_REQUEST') else "no",
+        access_request_tag=app.config.get("ACCESS_REQUEST_TAG")
     )
 
 
@@ -134,6 +137,9 @@ def inject_settings():
 from app.swift.routes import swift_bp
 app.register_blueprint(swift_bp, url_prefix="/swift")
 
+from app.services.routes import services_bp
+app.register_blueprint(services_bp, url_prefix="/services")
+
 if app.config.get("FEATURE_VAULT_INTEGRATION") == "yes":
     from app.vault.routes import vault_bp
     app.register_blueprint(vault_bp, url_prefix="/vault")
diff --git a/app/deployments/templates/createdep.html b/app/deployments/templates/createdep.html
index 3320b3c99..d85996916 100644
--- a/app/deployments/templates/createdep.html
+++ b/app/deployments/templates/createdep.html
@@ -220,7 +220,6 @@ <h4 class="font-weight-bold text-primary">
     //console.log("ok");
     port.removeClass("is-invalid");
   }
-
 }
 
 function validateCidr(input){
@@ -235,7 +234,20 @@ <h4 class="font-weight-bold text-primary">
     //console.log("ok");
     cidr.removeClass("is-invalid");
   }
+}
 
+function validateHostname(input){
+  var hostname = $(input)
+  //console.log("val: \"" + hostname.val() + "\"");
+  let val = hostname.val();
+  let re = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
+  if (!re.test(val)){
+    hostname.addClass("is-invalid");
+  }
+  else {
+    //console.log("ok");
+    hostname.removeClass("is-invalid");
+  }
 }
 
 function __attachValidationHandler(input) {
diff --git a/app/deployments/templates/input_types.html b/app/deployments/templates/input_types.html
index 3bd3647ea..c23c0aeb4 100644
--- a/app/deployments/templates/input_types.html
+++ b/app/deployments/templates/input_types.html
@@ -71,6 +71,12 @@
       <input type="hidden" class="form-control" data-type="{{value.type}}" id="{{key}}" name="{{key}}" value="{{value.default}}" >
     <!-- end hidden types -->
 
+    <!-- hostname type -->
+    {% elif value.type == "hostname" %}
+      <input type="text" class="form-control" onblur="validateHostname(this)" data-type="{{value.type}}" id="{{key}}" name="{{key}}" value="{{value.default}}" aria-describedby="help{{key}}" placeholder="{{value.placeholder}}" {% if value.required %}required{%endif%} {{mode}} />
+      <div class="invalid-feedback">Please provide a valid hostname</div>
+    <!-- end hostname type -->
+
     <!-- email type -->
     {% elif value.type == "email" %}
       <input type="email" class="form-control" data-type="{{value.type}}" id="{{key}}" name="{{key}}" value="{{ session['useremail'] }}" {% if value.required %}required{%endif%} {{mode}} >
diff --git a/app/home/routes.py b/app/home/routes.py
index 6e14ab0b2..388ed7745 100644
--- a/app/home/routes.py
+++ b/app/home/routes.py
@@ -141,19 +141,11 @@ def home():
 
         session['userrole'] = user.role  # role
 
-        # templates_info = {}
-        # tg = False
-        #
-        # if tosca.tosca_gmetadata:
-        #     templates_info = {k: v for (k, v) in tosca.tosca_gmetadata.items() if
-        #              check_template_access(v.get("metadata").get("allowed_groups"), user_groups)}
-        #     tg = True
-        # else:
-        #     templates_info = {k: v for (k, v) in toscaInfo.items() if
-        #      check_template_access(v.get("metadata").get("allowed_groups"), user_groups)}
+        services = dbhelpers.get_services(visibility='public')
+        services.extend(dbhelpers.get_services(visibility='private', groups=[session['active_usergroup']]))
         templates_info, enable_template_groups = check_template_access(user_groups, session['active_usergroup'])
 
-        return render_template(app.config.get('PORTFOLIO_TEMPLATE'), templates_info=templates_info,
+        return render_template(app.config.get('PORTFOLIO_TEMPLATE'), services=services, templates_info=templates_info,
                                enable_template_groups=enable_template_groups)
 
 
diff --git a/app/home/templates/base.html b/app/home/templates/base.html
index e2fef5c80..6a8be9ee2 100644
--- a/app/home/templates/base.html
+++ b/app/home/templates/base.html
@@ -28,6 +28,9 @@
     <!-- Toggle -->
     <link href="https://cdn.jsdelivr.net/gh/gitbrent/bootstrap4-toggle@3.4.0/css/bootstrap4-toggle.min.css" rel="stylesheet">
     <script src="https://cdn.jsdelivr.net/gh/gitbrent/bootstrap4-toggle@3.4.0/js/bootstrap4-toggle.min.js"></script>
+    <!-- include summernote css/js -->
+    <link href="https://cdn.jsdelivr.net/npm/summernote@0.8.20/dist/summernote-bs4.min.css" rel="stylesheet">
+    <script src="https://cdn.jsdelivr.net/npm/summernote@0.8.20/dist/summernote-bs4.min.js"></script>
     <!-- Latest compiled and minified JavaScript -->
     <script src="https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js"></script>
     <!-- FontAwesome-->
@@ -95,7 +98,7 @@
                 <ul class="navbar-nav mr-auto">
                     {% if session['username'] %}
                     <li class="nav-item dropdown">
-                        <a class="nav-link dropdown-toggle" data-toggle="dropdown" href="#">Deployments</a>
+                        <a id="depMenuItem" class="nav-link dropdown-toggle" data-toggle="dropdown" href="#">Deployments</a>
                         <div class="dropdown-menu">
                             <a class="dropdown-item" href="{{ url_for("deployments_bp.showdeploymentsoverview") }}">Overview</a>
                             <a class="dropdown-item" href="{{ url_for("deployments_bp.showdeployments") }}">List</a>
@@ -124,14 +127,20 @@
                     </li>
 		            {% endif %}
                     {% if session['userrole'] == 'admin' %}
-                    <li class="nav-item"><a class="nav-link" href="{{ url_for('users_bp.show_users') }}">Users</a></li>
+                    <li class="nav-item dropdown">
+			            <a class="nav-link dropdown-toggle" data-toggle="dropdown" href="#">Admin</a>
+                        <div class="dropdown-menu">
+			                <a class="dropdown-item" href="{{ url_for('users_bp.show_users') }}">Users</a>
+                            <a class="dropdown-item" href="{{ url_for('services_bp.list_as_admin') }}">Services</a>
+                        </div>
+                    </li>
                     {% endif %}
                     {% endif %}
                 </ul>
                 {% if session['username'] %}
                 <ul class="navbar-nav ml-auto">
                     {% if session['active_usergroup'] != None and 'gets3creds' not in request.path and 'overview' not in request.path %}
-                    <li class="nav-item dropdown">
+                    <li id="groupMenuItem" class="nav-item dropdown">
                         <a class="nav-link dropdown-toggle" data-toggle="dropdown" href="#">
                             {{ session['active_usergroup'] }}<span class="caret"></span>
                         </a>
diff --git a/app/home/templates/managed_services.html b/app/home/templates/managed_services.html
new file mode 100644
index 000000000..96b999fee
--- /dev/null
+++ b/app/home/templates/managed_services.html
@@ -0,0 +1,57 @@
+<p class="font-weight-bold" style="font-size:20px;font-variant:small-caps">Centralised Services: </p>
+{% for service in services %}
+{% if loop.index % 3 == 1 %}
+<!-- open card deck -->
+<div id="card-deck" class="card-deck">
+{% endif %}
+    <div class="card mb-4" style="max-width: 20rem; max-height: 25rem;">
+        <div class="card-body">
+            <h5 class="card-title text-center">
+                <strong>{{ service.name }}</strong>
+            </h5>
+        </div>
+        <div class="wrapper">
+            {% if service.icon != "" %}
+            <img class="card-img-bottom img-fluid" src="{{ url_for('services_bp.showimg', filename=service.icon) }}" alt="Card image cap">
+            {% else %}
+            <img class="card-img-bottom img-fluid" src="{{ url_for('services_bp.static', filename='images/default_service.png') }}" alt="Card image cap">
+            {% endif %}
+        </div>
+        <div class="card-img-overlay text-center" style="z-index: 1;">
+            <h5>
+                <strong>{{ service.name }}</strong>
+            </h5>
+            <div id="toscaDescription" class="card-text service-descr">
+                <small>{{ service.description | safe}}</small>
+            </div>
+            <div class="row justify-content-center mt-4">
+                <div class="col">
+                    <a class="badge badge-pill badge-info text-left read_more" tabindex="0" data-toggle="popover" title="Full description" data-trigger="focus" data-html="true" data-content="{{ service.description }}">Read More</a>
+                </div>
+                {% if session['userrole'] == 'admin' and 'admin' in request.path %}
+                <div class="col">
+                    <a href="{{ url_for('services_bp.edit', id=service.id) }}" class="badge badge-pill badge-warning">Edit</a>
+                </div>
+                <div class="col">
+                    <form action="{{ url_for('services_bp.delete', id=service.id) }}" method="post">
+                        <button type="submit" class="badge badge-pill badge-danger" style="border-width:0 !important;">Delete</button>
+                    </form>
+                </div>
+                {% endif %}
+                <div class="col">
+                    <a href="{{ service.url }}" target="_blank" class="badge badge-pill badge-primary">Go to service</a>
+                </div>
+            </div>
+        </div>
+        {% if service.visibility | enum2str == 'private' %}
+        <div class="card-footer" style="height: 40px;">
+            <small class="text-muted">Scope: {{ service.get_groups_list() | join(', ') }}</small>
+        </div> {% endif %}
+    </div>
+{% if loop.index % 3 == 0 %} <!-- close card deck if it contains 3 cards -->
+</div>
+{% endif %}
+{% endfor %}
+{% if services|count % 3 != 0 %} <!-- close card deck if last row contains less then 3 cards -->
+</div>
+{% endif %}
\ No newline at end of file
diff --git a/app/home/templates/portfolio.html b/app/home/templates/portfolio.html
index b97c18445..f483e22e1 100644
--- a/app/home/templates/portfolio.html
+++ b/app/home/templates/portfolio.html
@@ -1,93 +1,126 @@
 {% extends "base.html" %}
 {% block content %}
-
 <div class="container mt-2" id="cardsContainer" xmlns="http://www.w3.org/1999/html">
     <div class="input-group mb-4">
-      <div class="input-group-prepend">
-          <div class="input-group-text"><i class="fa fa-search"></i></div>
-      </div>
-      <input id="cardFilter" class="form-control py-2 border" type="text" onkeyup="cardFilter()" placeholder="Search...">
+        <div class="input-group-prepend">
+            <div class="input-group-text">
+                <i class="fa fa-search"></i>
+            </div>
+        </div>
+        <input id="cardFilter" class="form-control py-2 border" type="text" onkeyup="cardFilter()" placeholder="Search...">
+    </div>
+    {% if services|length > 0 %}
+    <div class="row">
+        <div class="col-md-12">
+        {% include 'managed_services.html' %}
+        </div>
+    </div>
+    <div class="row">
+        <div class="col-md-12">
+            <hr style="height:1px;border-width:0;background-color:Gainsboro">
+        </div>
     </div>
-
- {% for tosca_name, tosca in templates_info.items() %}
-    {% if loop.index % 3 == 1 %}
-    <div class="card-deck">
     {% endif %}
-
-        <div class="card mb-4" style="max-width: 20rem; max-height: 25rem;">
-            <div class="card-body">
-                <h5 class="card-title text-center">
-                    <strong>
-                    {% if tosca['metadata']['display_name'] is defined %}{{tosca['metadata']['display_name']}}{% else %}{{tosca_name}}{% endif %}
-                    </strong>
-                </h5>
-            </div>
-            <div class="wrapper">
-                <img class="card-img-bottom img-fluid" src="{{tosca['metadata']['icon']}}" alt="Card image cap">
-            {% if tosca['metadata']['access_locked'] %}
-                <div class="ribbon red"><span>LOCKED</span></div>
-            {% else %}
-		        {% if tosca['metadata']['tag'] is defined %}
-		        <div class="ribbon {{tosca['metadata']['tag_color']}}"><span>{{tosca['metadata']['tag']}}</span></div>
-                {% endif %}
+    <div class="row">
+        <div class="col-md-12">
+        <p class="font-weight-bold" style="font-size:20px;font-variant:small-caps">On-demand Services: </p>
+        {% for tosca_name, tosca in templates_info.items() %}
+            {% if loop.index % 3 == 1 %}
+            <!-- open card deck -->
+            <div class="card-deck">
             {% endif %}
-            </div>
-            <div class="card-img-overlay text-center" style="z-index: 1;">
-                <h5>
-                    <strong>
-                    {% if tosca['metadata']['display_name'] is defined %}{{tosca['metadata']['display_name']}}{% else %}{{tosca_name}}{% endif %}
-                    </strong>
-                </h5>
-                <div id="toscaDescription" class="card-text tosca-descr"><small>{{tosca['description'] | safe}}</small></div>
-                <div class="row justify-content-center">
-                    <div class="col-4">
-                        <a class="badge badge-pill badge-info text-left read_more" tabindex="0" data-toggle="popover" title="Full description" data-trigger="focus" data-html="true" data-content="{{tosca['description']}}">Read More</a>
-                    </div>
-                    {% if tosca['metadata']['access_locked'] %}
-                    {% set pre_tasks = tosca['metadata']['authorization_required'] %}
-                    <div class="col-4">
-                        {% if tosca['metadata']['display_name'] is defined %}{% set service_label = tosca['metadata']['display_name'] %}{% else %}{% set service_label = tosca_name %}{% endif %}
-                        <a role="button" data-id="{{ service_label }}" data-action="{{ url_for('home_bp.sendaccessrequest', service_type=service_label) }}" class="badge badge-pill badge-danger" data-toggle="modal" data-target="#requestAccess" > Request Access</a>
+                <div class="card mb-4" style="max-width: 20rem; max-height: 25rem;">
+                    <div class="card-body">
+                        <h5 class="card-title text-center">
+                            <strong> {% if tosca['metadata']['display_name'] is defined %}{{tosca['metadata']['display_name']}}{% else %}{{tosca_name}}{% endif %} </strong>
+                        </h5>
                     </div>
-                    {% elif tosca['metadata']['tag'] is defined and tosca['metadata']['tag']|upper == 'MAINTENANCE'   %}
-                       <!-- maintenance: do not show configure button -->
-                    {% else %}
-                    <div class="col-4">
-                        {% if enable_template_groups %}
-                        <a href="{{ url_for('deployments_bp.configure', selected_group=tosca_name) }}" class="badge badge-pill badge-primary">Configure</a>
+                    <div class="wrapper">
+                        <img class="card-img-bottom img-fluid" src="{{tosca['metadata']['icon']}}" alt="Card image cap">
+                        {% if tosca['metadata']['access_locked'] %}
+                        <div class="ribbon red">
+                            <span>{{ access_request_tag }}</span>
+                        </div>
                         {% else %}
-                        <a href="{{ url_for('deployments_bp.configure', selected_tosca=tosca_name) }}" class="badge badge-pill badge-primary">Configure</a>
+                            {% if tosca['metadata']['tag'] is defined %}
+                        <div class="ribbon {{tosca['metadata']['tag_color']}}">
+                            <span>{{tosca['metadata']['tag']}}</span>
+                        </div>
+                            {% endif %}
                         {% endif %}
                     </div>
-                    {% endif %}
+                    <div class="card-img-overlay text-center" style="z-index: 1;">
+                        <h5>
+                            <strong> {% if tosca['metadata']['display_name'] is defined %}{{tosca['metadata']['display_name']}}{% else %}{{tosca_name}}{% endif %} </strong>
+                        </h5>
+                        <div id="toscaDescription" class="card-text service-descr">
+                            <small>{{tosca['description'] | safe}}</small>
+                        </div>
+                        <div class="row justify-content-center">
+                            <div class="col-4">
+                                <a class="badge badge-pill badge-info text-left read_more" tabindex="0" data-toggle="popover" title="Full description" data-trigger="focus" data-html="true" data-content="{{tosca['description']}}">Read More</a>
+                            </div>
+                            {% if tosca['metadata']['access_locked'] %}
+                            {% if enable_access_request == "yes" %}
+                            {% set pre_tasks = tosca['metadata']['authorization_required'] %}
+                            <div class="col-4">
+                                {% if tosca['metadata']['display_name'] is defined %}
+                                {% set service_label = tosca['metadata']['display_name'] %}
+                                {% else %}
+                                {% set service_label = tosca_name %}
+                                {% endif %}
+                                <a role="button" data-id="{{ service_label }}" data-action="{{ url_for('home_bp.sendaccessrequest', service_type=service_label) }}" class="badge badge-pill badge-danger" data-toggle="modal" data-target="#requestAccess"> Request Access</a>
+                            </div>
+                            {% endif %}
+                            {% elif tosca['metadata']['tag'] is defined and tosca['metadata']['tag']|upper == 'MAINTENANCE'   %}
+                            <!-- maintenance: do not show configure button -->
+                            {% else %}
+                            <div class="col-4">
+                                {% if enable_template_groups %}
+                                <a href="{{ url_for('deployments_bp.configure', selected_group=tosca_name) }}" class="badge badge-pill badge-primary">Configure</a>
+                                {% else %}
+                                <a href="{{ url_for('deployments_bp.configure', selected_tosca=tosca_name) }}" class="badge badge-pill badge-primary">Configure</a>
+                                {% endif %}
+                            </div>
+                            {% endif %}
+                        </div>
+                    </div>
                 </div>
+            {% if loop.index % 3 == 0 %}
+            <!-- close card deck -->
             </div>
-        </div>
-    {% if loop.index % 3 == 0 %}
-    </div>
-    {% endif %}
-    {% endfor %}
-    {% if templates_info|count % 3 != 0 %}
-    </div>
-    {% endif %}
+            {% endif %}
+        {% endfor %}
+        {% if templates_info|count % 3 != 0 %}
+            <!-- close card deck -->
+            </div>
+        {% endif %}
+        </div> <!-- close col-12 -->
+    </div> <!-- close row -->
     <!-- Modal begin -->
     <div class="modal fade" id="requestAccess" tabindex="-1" role="dialog" aria-labelledby="requestAccess" aria-hidden="true">
         <div class="modal-dialog modal-lg" role="document">
             <div class="modal-content">
                 <div class="modal-header px-lg-5">
                     <h5 class="modal-title" id="listingModalLabel">Request Access</h5>
-                    <button class="close" type="button" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
+                    <button class="close" type="button" data-dismiss="modal" aria-label="Close">
+                        <span aria-hidden="true">×</span>
+                    </button>
                 </div>
                 <div class="modal-body">
                     <form id="requestform" action="#" method="post">
                         <div class="form-group">
-                            <label for="username"><strong>User</strong></label>
+                            <label for="username">
+                                <strong>User</strong>
+                            </label>
                             <div>
                                 <input type="text" class="form-control" name="username" id="username" value="{{ session['username'] }}" disabled>
                             </div>
                         </div>
                         <div class="form-group">
-                            <label for="email"><strong>Mail</strong></label>
+                            <label for="email">
+                                <strong>Mail</strong>
+                            </label>
                             <div>
                                 <input type="email" class="form-control" name="email" id="email" value="{{ session['useremail'] }}" data-toggle="email">
                             </div>
@@ -110,221 +143,21 @@ <h5 class="modal-title" id="listingModalLabel">Request Access</h5>
             </div>
         </div>
     </div>
-
     <!--  end Modal -->
-</div>
-
-<script>
-$(document).ready(function(){
-  $('[data-toggle="popover"]').popover();
-});
-</script>
-
-
-<script>
-
-//init dotdotdot
-$(".tosca-descr").dotdotdot({
-    ellipsis    : ' [...] ',
-    wrap        : 'word',
-    after       : "a.read_more",
-    watch       : true,
-    height      : 70,
-    callback    : function( isTruncated, orgContent ) {
-
-        if(isTruncated == true){
-            //$(".read_more").css("visibility","visible");
-        }
-        else {
-            $(this).parent().find('.read_more').css("display","none");
-            //$(".read_more").css("display","none");
-        }
-
-    }
-});
-</script>
-
-
-<style>
-
-.wrapper {
-  position: relative;
-  overflow: visible;
-  top: 5px;
-  right: -5px
-}
-
-.wrapper:after {
-  content: '';
-  display: block;
-  padding-top: 30%;
-}
-
-.wrapper img {
-  object-fit: contain;
-  height: 85%;
-  position: absolute;
-  top: 0;
-}
-
-.card-img-overlay {
-  //background-color: #3374FF;
-  background-color: #213752;
-  color: white;
-  //font-family: 'Abel', sans-serif;
-  //font-family: 'Roboto Condensed', sans-serif;
-  opacity: 0.90;
-}
-
-
-.popover {
-    border: 2px solid #5BC0DE;
-    max-width: 50%;
-}
-
-.popover-header {
-    background-color: #5BC0DE;
-    color: #FFFFFF;
-    margin: 2;
-    //font-size: 22px;
-    text-align:center;
-    //font-family: 'Abel', sans-serif;
-    //font-family: 'Roboto Condensed', sans-serif;
-}
-
-.popover-body {
-    //background-color: white;
-    //color: #FFFFFF;
-    padding: 25px;
-    //overflow-y: auto;
-    //max-height: 150px;
-}
-
-/* The ribbons */
-/* Default ribbon is green. */
-.ribbon {
-   position: absolute;
-   right: 0px; bottom: 0px;
-   z-index: 1;
-   overflow: visible;
-   width: 75px; height: 75px; 
-   text-align: right;
-   transform: rotate(-270deg);
-   -webkit-transform: rotate(-270deg);
-}
-
-.ribbon span {
-   border-radius: 0px 0px 16px 16px;
-   font-size: 10px;
-   color: #fff; 
-   text-transform: uppercase; 
-   text-align: center;
-   font-weight: bold; line-height: 20px;
-   transform: rotate(225deg);
-   width: 100px; display: block;
-   background: #79A70A;
-   background: linear-gradient(#79A70A 0%, #9BC90D 100%);
-   box-shadow: 0 -3px 10px -5px rgba(0, 0, 0, 1);
-   position: absolute;
-   top: 19px; right: -21px;
-}
-
-.ribbon span::before {
-   content: '';
-   position: absolute; 
-   right: 0px; bottom: 100%;
-   z-index: -1;
-   border-left: 3px solid #79A70A;
-   border-right: 3px solid transparent;
-   border-bottom: 3px solid transparent;
-   border-top: 3px solid #79A70A;
-   transform: rotate (180deg);
-   -webkit-transform: rotate(180deg);
-}
-
-.ribbon span::after {
-   content: '';
-   position: absolute; 
-   left: 0px; bottom: 100%;
-   z-index: -1;
-   border-right: 3px solid #79A70A;
-   border-left: 3px solid transparent;
-   border-bottom: 3px solid transparent;
-   border-top: 3px solid #79A70A;
-   transform: rotate (180deg);
-   -webkit-transform: rotate(180deg);
-}
-
-.green span {background: linear-gradient(#79A70A 0%, #9BC90D 100%);}
-.green span::before {border-left-color: #79A70A; border-top-color: #79A70A;}
-.green span::after {border-right-color: #79A70A; border-top-color: #79A70A;}
-
-.red span {background: linear-gradient(#8F0808 0%, #F70505 100%);}
-.red span::before {border-left-color: #8F0808; border-top-color: #8F0808;}
-.red span::after {border-right-color: #8F0808; border-top-color: #8F0808;}
-
-.blue span {background: linear-gradient(#1e5799 0%, #2989d8 100%);}
-.blue span::before {border-left-color: #1e5799; border-top-color: #1e5799;}
-.blue span::after {border-right-color: #1e5799; border-top-color: #1e5799;}
-
-.yellow span {background: linear-gradient(#b07620 0%, #ffbf00 100%);}
-.yellow span::before {border-left-color: #b07620; border-top-color: #b07620;}
-.yellow span::after {border-right-color: #b07620; border-top-color: #b07620;}
-
-</style>
-
-
-<script>
-
-$(document).ready(function() {
-
-  $( ".card-img-overlay").hide();
-
-  $( ".card" ).hover(
-  function() {
-    $(this).addClass('shadow-lg').css('cursor', 'pointer');
-    $(this).find('.card-img-overlay').show();
-  }, function() {
-    $(this).removeClass('shadow-lg');
-    $(this).find('.card-img-overlay').hide();
-  }
-);
-
-});
-
-</script>
+</div> <!-- close container -->
+<script src="/static/js/catalogue.js"></script>
+<link rel="stylesheet" href="/static/css/catalogue.css">
 
 <script>
-function cardFilter() {
-    var input, filter, cards, cardContainer, h5, title, i;
-    input = document.getElementById("cardFilter");
-    filter = input.value.toUpperCase();
-    cardContainer = document.getElementById("cardsContainer");
-    cards = cardContainer.getElementsByClassName("card");
-    for (i = 0; i < cards.length; i++) {
-        title = cards[i].querySelector(".card-body .card-title");
-        if (title.innerText.toUpperCase().indexOf(filter) > -1) {
-            cards[i].style.display = "";
-        } else {
-            cards[i].style.display = "none";
-        }
-    }
-}
+    $('#requestAccess').on('show.bs.modal', function(event) {
+        var target = $(event.relatedTarget) // Button that triggered the modal
+        // Extract info from data-* attributes
+        var service = target.data('id')
+        var url = target.data('action')
+        var modal = $(this)
+        modal.find('.modal-title').text('Request access to service \"' + service + '\"')
+        modal.find('input[name="service_type"]').val(service)
+        modal.find('#requestform').prop('action', url)
+    })
 </script>
-
-
-<script>
-$('#requestAccess').on('show.bs.modal', function (event) {
-    var target = $(event.relatedTarget) // Button that triggered the modal
-    // Extract info from data-* attributes
-    var service = target.data('id')
-    var url = target.data('action')
-
-    var modal = $(this)
-    modal.find('.modal-title').text('Request access to service \"' + service + '\"')
-    modal.find('input[name="service_type"]').val(service)
-    modal.find('#requestform').prop('action', url)
-})
-</script>
-
-{% endblock %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/lib/dbhelpers.py b/app/lib/dbhelpers.py
index 94c01d587..ec444d3da 100644
--- a/app/lib/dbhelpers.py
+++ b/app/lib/dbhelpers.py
@@ -18,6 +18,7 @@
 from dateutil import parser
 from app.models.Deployment import Deployment
 from app.models.User import User
+from app.models.Service import Service, UsersGroup
 from flask import json
 import datetime
 
@@ -236,3 +237,62 @@ def cvdeployment(d):
                             elastic=d.elastic,
                             updatable=d.updatable)
     return deployment
+
+
+def get_services(visibility, groups=[]):
+    services = []
+    if visibility == "public":
+        services = Service.query.filter_by(visibility='public').all()
+    if visibility == "private":
+        services = []
+        ss = Service.query.all()
+        for s in ss:
+            s_groups = [g.name for g in s.groups]
+            if not set(s_groups).isdisjoint(groups):
+                services.append(s)
+    if visibility == "all":
+        services = Service.query.all()
+
+    return services
+
+
+def get_service(id):
+    return Service.query.get(id)
+
+
+def __update_service(s, data):
+    s.name = data.get('name')
+    s.description = data.get('description')
+    s.url = data.get('url')
+    if data.get('icon'):
+        s.icon = data.get('icon')
+    s.visibility = data.get('visibility')
+    s.groups = []
+
+    if s.visibility == 'private':
+        for g in data.get('groups'):
+            group = UsersGroup.query.filter_by(name=g).first()
+            if not group:
+                group = UsersGroup()
+                group.name = g
+            s.groups.append(group)
+
+
+def update_service(id, data):
+    s = Service.query.filter_by(id=id).first()
+    __update_service(s, data)
+    db.session.add(s)
+    db.session.commit()
+
+
+def delete_service(id):
+    service = Service.query.filter_by(id=id).first()
+    db.session.delete(service)
+    db.session.commit()
+
+
+def add_service(data):
+    s = Service()
+    __update_service(s, data)
+    db.session.add(s)
+    db.session.commit()
diff --git a/app/lib/utils.py b/app/lib/utils.py
index 309c38354..fceecdb2c 100644
--- a/app/lib/utils.py
+++ b/app/lib/utils.py
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import enum
 import json
 import requests
 import linecache
@@ -33,6 +34,12 @@ def to_pretty_json(value):
                       indent=4, separators=(',', ': '))
 
 
+def enum_to_string(obj):
+    if isinstance(obj, enum.Enum):
+        return obj.name
+    # For all other types, let Jinja use default behavior
+    return obj
+
 def python_eval(obj):
     if isinstance(obj, str):
         try:
diff --git a/app/models/Service.py b/app/models/Service.py
new file mode 100644
index 000000000..e7751d7db
--- /dev/null
+++ b/app/models/Service.py
@@ -0,0 +1,54 @@
+# Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2019-2022
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from sqlalchemy.orm import relationship, backref
+
+from app import db
+from datetime import datetime
+import enum
+
+class Visibility(enum.Enum):
+    private = 0
+    public = 1
+
+class Service(db.Model):
+    __tablename__ = 'service'
+    id = db.Column(db.Integer, primary_key=True)
+    url = db.Column(db.String(128), unique=True, nullable=False)
+    name = db.Column(db.String(128), nullable=False)
+    icon = db.Column(db.String(128), default="", nullable=False)
+    description = db.Column(db.String(2048), nullable=True)
+    visibility = db.Column(db.Enum(Visibility), nullable=False)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow, nullable=False)
+    groups = relationship("UsersGroup", secondary="service_access", backref=backref('service'))
+
+    def __repr__(self):
+        return '<Service {}>: {}'.format(self.name, self.url)
+
+    def get_groups_list(self):
+        return [g.name for g in self.groups]
+
+class UsersGroup(db.Model):
+    __tablename__ = 'users_group'
+    name = db.Column(db.String(128), primary_key=True)
+    #services = relationship("Service", secondary="service_access")
+
+class ServiceAccess(db.Model):
+    __tablename__ = 'service_access'
+    id = db.Column(db.Integer, primary_key=True)
+    service_id = db.Column(db.Integer, db.ForeignKey('service.id', ondelete="cascade"))
+    group_id = db.Column(db.Integer, db.ForeignKey('users_group.name', ondelete="cascade"))
+
+    #service = relationship(Service, backref=backref("service_access", cascade="all, delete-orphan"))
+    #group = relationship(UsersGroup, backref=backref("service_access", cascade="all, delete-orphan"))
\ No newline at end of file
diff --git a/app/services/routes.py b/app/services/routes.py
new file mode 100644
index 000000000..a99a4348d
--- /dev/null
+++ b/app/services/routes.py
@@ -0,0 +1,153 @@
+# Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2019-2022
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from app import app
+from app.lib import utils
+from flask import Blueprint, render_template, flash, redirect, url_for, request, session
+from flask import send_from_directory
+from app.lib import auth, settings, dbhelpers
+from werkzeug.utils import secure_filename
+import os
+
+ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'}
+#UPLOAD_FOLDER = "/tmp/uploads/"
+app.config['MAX_CONTENT_LENGTH'] = 1024 * 100
+
+services_bp = Blueprint('services_bp', __name__,
+                           template_folder='templates',
+                           static_folder='static')
+
+iam_base_url = settings.iamUrl
+iam_client_id = settings.iamClientID
+iam_client_secret = settings.iamClientSecret
+
+issuer = settings.iamUrl
+if not issuer.endswith('/'):
+    issuer += '/'
+
+app.jinja_env.filters['enum2str'] = utils.enum_to_string
+
+@services_bp.route('/list')
+@services_bp.route('/list/<visibility>')
+@auth.authorized_with_valid_token
+def list(visibility='public'):
+    groups = session['usergroups'] if visibility == 'private' else []
+    services = dbhelpers.get_services(visibility, groups)
+    return render_template("services.html", services=services)
+
+
+def allowed_file(filename):
+    return '.' in filename and \
+           filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
+
+def upload_file(file):
+    filename = None
+    if file and allowed_file(file.filename):
+        upload_folder = app.config['UPLOAD_FOLDER']
+        filename = secure_filename(file.filename)
+        fullfilename = os.path.join(upload_folder, filename)
+        if not os.path.exists(upload_folder):
+            os.makedirs(upload_folder)
+        file.save(fullfilename)
+    return filename
+
+
+@services_bp.route('/admin/list')
+@auth.authorized_with_valid_token
+@auth.only_for_admin
+def list_as_admin():
+    services = dbhelpers.get_services(visibility='all')
+    return render_template("services.html", services=services)
+
+@services_bp.route('/admin/add', methods=['GET', 'POST'])
+@auth.authorized_with_valid_token
+@auth.only_for_admin
+def add():
+    if request.method == 'POST':
+        service = request.form.to_dict()
+        file = request.files["icon"]
+        filename = upload_file(file)
+        service["icon"] = filename if filename else ""
+        service["groups"] = request.form.getlist('groups')
+        if 'is_public' in request.form:
+            service["visibility"] = 'public'
+            del service['is_public']
+        else:
+            service["visibility"] = 'private'
+        try:
+            dbhelpers.add_service(service)
+            flash('You have successfully added the service.', 'success')
+        except Exception as e:
+            flash('Something went wrong: {}'.format(e), 'danger')
+        return redirect(url_for('services_bp.list_as_admin'))
+
+    service = {}
+    return render_template("editservice.html", service=service, groups=session['supported_usergroups'])
+
+
+@services_bp.route('/admin/delete/<int:id>', methods=['POST'])
+@auth.authorized_with_valid_token
+@auth.only_for_admin
+def delete(id):
+    service = dbhelpers.get_service(id)
+    if service.icon != '':
+        fullfilename = os.path.join(app.config.get("UPLOAD_FOLDER"), service.icon)
+        if os.path.exists(fullfilename):
+            os.remove(fullfilename)
+    dbhelpers.delete_service(id)
+    flash('You have successfully deleted the service.', 'success')
+    return redirect(url_for('services_bp.list_as_admin'))
+
+
+@services_bp.route('/admin/edit/<int:id>', methods=['GET', 'POST'])
+@auth.authorized_with_valid_token
+@auth.only_for_admin
+def edit(id=None):
+
+    if request.method == 'POST':
+        service = request.form.to_dict()
+        file = request.files["icon"]
+        filename = upload_file(file)
+        groups = request.form.getlist('groups')
+        service['groups'] = groups
+
+        if filename:
+            service["icon"] = filename
+
+        if 'is_public' in request.form:
+            service["visibility"] = 'public'
+            service['groups'] = ""
+            del service['is_public']
+        else:
+            service["visibility"] = 'private'
+
+        dbhelpers.update_service(id, service)
+        flash('You have successfully updated the service.', 'success')
+        return redirect(url_for('services_bp.list_as_admin'))
+
+    service = dbhelpers.get_service(id)
+    # update groups select
+    groups = [s for s in session['supported_usergroups'] if s not in service.groups]
+
+    servicedict = service.__dict__
+    servicedict['groups'] = [g.name for g in service.groups]
+
+    return render_template("editservice.html", service=servicedict, groups=groups)
+
+
+@services_bp.route('/showimg')
+def showimg():
+    filename = request.args['filename']
+    if filename and filename != "":
+        return send_from_directory(app.config.get('UPLOAD_FOLDER'), filename)
\ No newline at end of file
diff --git a/app/services/static/images/default_service.png b/app/services/static/images/default_service.png
new file mode 100644
index 000000000..6e599fcc4
Binary files /dev/null and b/app/services/static/images/default_service.png differ
diff --git a/app/services/templates/editservice.html b/app/services/templates/editservice.html
new file mode 100644
index 000000000..dbca94131
--- /dev/null
+++ b/app/services/templates/editservice.html
@@ -0,0 +1,134 @@
+{% extends "base.html" %}
+{% block content %}
+<br>
+<div class="container">
+
+    <div class="card shadow mb-4">
+        <div class="card-header py-3">
+            <h4 class="font-weight-bold text-primary">
+            Edit service
+            </h4>
+        </div>
+
+        <div class="card-body">
+            <form id="serviceSubmit" action="" method="post" autocomplete="off" enctype="multipart/form-data">
+                <div class="form-group">
+                    <label for="service_name">Name</label>
+                    <input type="text" class="form-control" id="service_name" name="name" value="{{ service.name }}" maxlength="128" required>
+                </div>
+                <div class="form-group">
+                    <label for="service_description">Description (max 2048 chars)</label>
+                    <!--input type="text" class="form-control" id="service_description" name="description" value="{{ service.description }}" maxlength="128" required -->
+                    <textarea class="form-control" id="service_description" name="description" rows="3" required>{{ service.description }}</textarea>
+                </div>
+                <div class="form-group">
+                    <label for="service_url">URL</label>
+                    <input type="url" class="form-control" id="service_url" name="url" value="{{ service.url }}" placeholder="https://example.com" maxlength="128" required>
+                </div>
+                <div class="form-group">
+                    <label for="service_icon">Icon (max 100 KB)</label>
+                    <div class="custom-file">
+                        <input type="file" accept=".jpg,.gif,.png,.jpeg" class="custom-file-input" id="service_icon" name="icon">
+                        <label class="custom-file-label" for="service_icon">{{ service.icon }}</label>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <div class="custom-control custom-checkbox">
+                        <input type="checkbox" class="custom-control-input" id="is_public"
+                               name="is_public" {% if service.visibility | enum2str == 'public' %} checked="checked" {% endif %}
+                               onchange="showgroups()" >
+                        <label class="custom-control-label" for="is_public">Public</label>
+                    </div>
+                </div>
+                <div id="selectgroups" class="form-group">
+                    <label for="mySelect2">Groups</label>
+                    <select class="js-example-basic-multiple form-control" id="mySelect2" name="groups" multiple="multiple">
+                    {% if service.groups %}
+                    {% for opt in service.groups %}
+                      {% if opt != '' %}
+                      <option value="{{opt}}" selected="selected">{{opt}}</option>
+                      {% endif %}
+                    {% endfor %}
+                    {% endif %}
+                    {% for opt in groups %}
+                      {% if opt != '' %}
+                      <option value="{{opt}}">{{opt}}</option>
+                      {% endif %}
+                    {% endfor %}
+                    </select>
+                </div>
+                <button type="submit" class="btn btn-success submitBtn">Submit</button>
+                <button id="cancelBtn" type=button class="btn btn-small btn-primary" onclick="location.href='{{ url_for('services_bp.list_as_admin') }}'">
+                <span class="fas fa-ban mr-2"></span>Cancel</button>
+            </form>
+        </div>
+    </div>
+
+</div>
+
+
+<script>
+{% if session['userrole'] == 'admin' %}
+var enableCustomInput = true
+{% else %}
+var enableCustomInput = false
+{% endif %}
+
+$(document).ready(function() {
+    $('.js-example-basic-multiple').select2({
+      width: '100%', // https://github.com/select2/select2/issues/4220
+      tags: enableCustomInput
+    });
+    $('#service_description').summernote({
+        toolbar: [
+            ['style', ['bold', 'italic', 'underline', 'clear']],
+            ['font', ['strikethrough', 'superscript', 'subscript']],
+            ['color', ['color']],
+            ['insert', ['hr', 'link']],
+            ['para', ['ul', 'ol', 'paragraph']],
+            ['height', ['height']],
+            ['view', ['fullscreen', 'codeview']],
+        ],
+        blockquoteBreakingLevel: 1,
+        maxTextLength: 2048
+    });
+
+    showgroups();
+});
+
+function showgroups() {
+    var div = $("#selectgroups")
+    if ($('#is_public').is(':checked')){
+      div.hide();
+    }
+    else {
+      div.show();
+    }
+}
+
+</script>
+
+<script>
+
+$(document).ready(function () {
+    $("#serviceSubmit").submit(function () {
+        //disable button on click
+        $(".submitBtn").attr("disabled", true);
+        // add spinner to button
+        $(".submitBtn").html( `<span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Processing...` );
+        //disable cancel too
+        $("#cancelBtn").attr("disabled", true);
+        $("#cancelBtn").attr("onclick", "#");
+    });
+});
+
+</script>
+
+<script>
+$('.custom-file-input').on('change', function() {
+   let fileName = $(this).val().split('\\').pop();
+   $(this).next('.custom-file-label').addClass("selected").html(fileName);
+});
+</script>
+
+{% endblock %}
diff --git a/app/services/templates/services.html b/app/services/templates/services.html
new file mode 100644
index 000000000..30b67288d
--- /dev/null
+++ b/app/services/templates/services.html
@@ -0,0 +1,26 @@
+{% extends "base.html" %}
+{% block content %}
+<div class="container mt-2" id="cardsContainer" xmlns="http://www.w3.org/1999/html">
+    <div class="text-right">
+        {% if session['userrole'] == 'admin' and 'admin' in request.path %}
+        <button type=button class='btn btn-primary mb-4' onclick='location.href="{{ url_for('services_bp.add') }}"'><span class='fas fa-plus mr-2'></span>Add service</button>
+        {% endif %}
+        <button type=button class="btn btn-small btn-outline-secondary mb-4" onclick="history.back()"><span class="fas fa-arrow-left mr-2"></span> Back</button>
+    </div>
+    {% if services|length > 0 %}
+    <div class="row">
+        <div class="col-md-12">
+        {% include 'managed_services.html' %}
+        </div>
+    </div>
+    {% else %}
+    <div class="jumbotron jumbotron-fluid">
+      <div class="container">
+        <h1 class="display-5">Empty list</h1>
+        <p class="lead">No service has been found</p>
+      </div>
+    </div>
+    {% endif %}
+<script src="/static/js/catalogue.js"></script>
+<link rel="stylesheet" href="/static/css/catalogue.css">
+{% endblock %}
diff --git a/app/static/css/catalogue.css b/app/static/css/catalogue.css
new file mode 100644
index 000000000..1aa292c92
--- /dev/null
+++ b/app/static/css/catalogue.css
@@ -0,0 +1,148 @@
+ .wrapper {
+     position: relative;
+     overflow: visible;
+     /*
+     top: 5px;
+     right: -5px */
+}
+ .wrapper:after {
+     content: '';
+     display: block;
+     padding-top: 30%;
+}
+ .wrapper img {
+     object-fit: contain;
+     height: 85%;
+     position: absolute;
+     top: 0;
+}
+ .card-img-overlay {
+     /* background-color: #3374FF; */
+     background-color: #213752;
+     color: white;
+     /* font-family: 'Abel', sans-serif;
+     font-family: 'Roboto Condensed', sans-serif; */
+     opacity: 0.90;
+}
+ .popover {
+     border: 2px solid #5BC0DE;
+     max-width: 50%;
+}
+ .popover-header {
+     background-color: #5BC0DE;
+     color: #FFFFFF;
+     margin: 2;
+     /* font-size: 22px; */
+     text-align: center;
+     /* font-family: 'Abel', sans-serif;
+     font-family: 'Roboto Condensed', sans-serif; */
+}
+ .popover-body {
+     /* background-color: white;
+     color: #FFFFFF; */
+     padding: 25px;
+     /* overflow-y: auto;
+     max-height: 150px; */
+}
+/* The ribbons */
+/* Default ribbon is green. */
+ .ribbon {
+     position: absolute;
+     right: 0px;
+     bottom: 0px;
+     z-index: 1;
+     overflow: visible;
+     width: 75px;
+     height: 75px;
+     text-align: right;
+     transform: rotate(-270deg);
+     -webkit-transform: rotate(-270deg);
+}
+ .ribbon span {
+     border-radius: 0px 0px 16px 16px;
+     font-size: 10px;
+     color: #fff;
+     text-transform: uppercase;
+     text-align: center;
+     font-weight: bold;
+     line-height: 20px;
+     transform: rotate(225deg);
+     width: 100px;
+     display: block;
+     background: #79A70A;
+     background: linear-gradient(#79A70A 0%, #9BC90D 100%);
+     box-shadow: 0 -3px 10px -5px rgba(0, 0, 0, 1);
+     position: absolute;
+     top: 19px;
+     right: -21px;
+}
+ .ribbon span::before {
+     content: '';
+     position: absolute;
+     right: 0px;
+     bottom: 100%;
+     z-index: -1;
+     border-left: 3px solid #79A70A;
+     border-right: 3px solid transparent;
+     border-bottom: 3px solid transparent;
+     border-top: 3px solid #79A70A;
+     transform: rotate (180deg);
+     -webkit-transform: rotate(180deg);
+}
+ .ribbon span::after {
+     content: '';
+     position: absolute;
+     left: 0px;
+     bottom: 100%;
+     z-index: -1;
+     border-right: 3px solid #79A70A;
+     border-left: 3px solid transparent;
+     border-bottom: 3px solid transparent;
+     border-top: 3px solid #79A70A;
+     transform: rotate (180deg);
+     -webkit-transform: rotate(180deg);
+}
+ .green span {
+     background: linear-gradient(#79A70A 0%, #9BC90D 100%);
+}
+ .green span::before {
+     border-left-color: #79A70A;
+     border-top-color: #79A70A;
+}
+ .green span::after {
+     border-right-color: #79A70A;
+     border-top-color: #79A70A;
+}
+ .red span {
+     background: linear-gradient(#8F0808 0%, #F70505 100%);
+}
+ .red span::before {
+     border-left-color: #8F0808;
+     border-top-color: #8F0808;
+}
+ .red span::after {
+     border-right-color: #8F0808;
+     border-top-color: #8F0808;
+}
+ .blue span {
+     background: linear-gradient(#1e5799 0%, #2989d8 100%);
+}
+ .blue span::before {
+     border-left-color: #1e5799;
+     border-top-color: #1e5799;
+}
+ .blue span::after {
+     border-right-color: #1e5799;
+     border-top-color: #1e5799;
+}
+ .yellow span {
+     background: linear-gradient(#b07620 0%, #ffbf00 100%);
+}
+ .yellow span::before {
+     border-left-color: #b07620;
+     border-top-color: #b07620;
+}
+ .yellow span::after {
+     border-right-color: #b07620;
+     border-top-color: #b07620;
+}
diff --git a/app/static/js/catalogue.js b/app/static/js/catalogue.js
new file mode 100644
index 000000000..0003648ca
--- /dev/null
+++ b/app/static/js/catalogue.js
@@ -0,0 +1,47 @@
+
+$(".service-descr").dotdotdot({
+        ellipsis: ' [...] ',
+        wrap: 'word',
+        after: "a.read_more",
+        watch: true,
+        height: 70,
+        callback: function(isTruncated, orgContent) {
+            if (isTruncated == true) {
+                //$(".read_more").css("visibility","visible");
+            } else {
+                $(this).parent().find('.read_more').css("display", "none");
+                //$(".read_more").css("display","none");
+            }
+        }
+ });
+
+function cardFilter() {
+        var input, filter, cards, cardContainer, h5, title, i;
+        input = document.getElementById("cardFilter");
+        filter = input.value.toUpperCase();
+        cardContainer = document.getElementById("cardsContainer");
+        cards = cardContainer.getElementsByClassName("card");
+        for (i = 0; i < cards.length; i++) {
+            title = cards[i].querySelector(".card-body .card-title");
+            if (title.innerText.toUpperCase().indexOf(filter) > -1) {
+                cards[i].style.display = "";
+            } else {
+                cards[i].style.display = "none";
+            }
+        }
+ };
+
+$(document).ready(function() {
+        $(".card-img-overlay").hide();
+        $(".card").hover(function() {
+            $(this).addClass('shadow-lg').css('cursor', 'pointer');
+            $(this).find('.card-img-overlay').show();
+        }, function() {
+            $(this).removeClass('shadow-lg');
+            $(this).find('.card-img-overlay').hide();
+        });
+ });
+
+$(document).ready(function() {
+     $('[data-toggle="popover"]').popover();
+});
\ No newline at end of file
diff --git a/config/default.py b/config/default.py
index 928dcec7c..255e3eb71 100644
--- a/config/default.py
+++ b/config/default.py
@@ -45,6 +45,9 @@
 FEATURE_REQUIRE_USER_SSH_PUBKEY = "no"
 FEATURE_PORTS_REQUEST = "no"
 FEATURE_S3CREDS_MENU = "no"
+FEATURE_ACCESS_REQUEST = "yes"
+
+ACCESS_REQUEST_TAG = "LOCKED"
 
 ### VAULT INTEGRATION SETTINGS
 VAULT_ROLE = "orchestrator"
@@ -63,3 +66,5 @@
 PORTFOLIO_TEMPLATE = 'portfolio.html'
 MAIL_TEMPLATE = 'email.html'
 FOOTER_TEMPLATE = 'footer.html'
+
+UPLOAD_FOLDER = '/opt/uploads'
diff --git a/config/infn-cloud.py b/config/infn-cloud.py
index c632d1782..09b3c7972 100644
--- a/config/infn-cloud.py
+++ b/config/infn-cloud.py
@@ -8,6 +8,9 @@
 
 FEATURE_REQUIRE_USER_SSH_PUBKEY = "yes"
 FEATURE_PORTS_REQUEST = "yes"
+FEATURE_ACCESS_REQUEST = "no"
+
+ACCESS_REQUEST_TAG = "SYS-ADMIN ONLY"
 
 ### Template Paths
 HOME_TEMPLATE = 'infn-cloud/home.html'
diff --git a/migrations/versions/514c0e87e61f_ninth_update.py b/migrations/versions/514c0e87e61f_ninth_update.py
new file mode 100644
index 000000000..d09cebe77
--- /dev/null
+++ b/migrations/versions/514c0e87e61f_ninth_update.py
@@ -0,0 +1,53 @@
+"""Ninth update
+
+Revision ID: 514c0e87e61f
+Revises: 7e9fa167c199
+Create Date: 2022-06-09 21:43:03.802422
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '514c0e87e61f'
+down_revision = '7e9fa167c199'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('service',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('url', sa.String(length=128), nullable=False),
+    sa.Column('name', sa.String(length=128), nullable=False),
+    sa.Column('icon', sa.String(length=128), nullable=False, server_default=""),
+    sa.Column('description', sa.String(length=2048), nullable=True),
+    sa.Column('visibility', sa.Enum('private', 'public', name='visibility'), nullable=False, server_default='private'),
+    sa.Column('created_at', sa.DateTime(), nullable=False, server_default=sa.func.now()),
+    sa.Column('updated_at', sa.DateTime(), nullable=False, server_default=sa.func.now(), onupdate=sa.func.now()),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('url')
+    )
+    op.create_table('users_group',
+    sa.Column('name', sa.String(length=32), nullable=False),
+    sa.PrimaryKeyConstraint('name')
+    )
+    op.create_table('service_access',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('service_id', sa.Integer(), nullable=True),
+    sa.Column('group_id', sa.String(length=32), nullable=True),
+    sa.ForeignKeyConstraint(['group_id'], ['users_group.name'], ondelete='cascade'),
+    sa.ForeignKeyConstraint(['service_id'], ['service.id'], ondelete='cascade'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('service_access')
+    op.drop_table('users_group')
+    op.drop_table('service')
+    # ### end Alembic commands ###