The Sovereign Cloud Stack project, funded by the German Federal Ministry for Economic Affairs
and Climate Action releases
its fourth version of the SCS reference implementation R3 on September 21, 2022.
Defined and implemented in an open development process by a community of over 20
companies, the latest version of the SCS reference implementation features among
other new features – the possibility of network bound disk encryption, improved
test coverage, and simplified management of Kubernetes clusters. All implemented
open source components have been updated to the latest stable version.
Sovereign Cloud Stack as a secure foundation for the German Public Sector Cloud
By participating in the working groups of Gaia-X and
the Deutsche Verwaltungscloud-Strategie (DVS)
the Sovereign Cloud Stack project ensures that the project’s jointly developed
standards and reference implementation also meet the requirements from these key
initiatives. The Sovereign Cloud Stack thus forms not only a technical foundation
for Gaia-X compliant infrastructure, but also for a resilient, federatable public
sector cloud.
The SCS reference implementation meets all criteria on the software and licensing side
of the Mindestanforderungen an die Nutzung von Cloud-Angeboten durch die öffentliche
Hand
which were published under the leadership of the Open Source Business Alliance e.V.
beginning of September. At the same time, SCS is designed for high security
requirements and supports platform operators in the public sector through appropriate
architecture, open development processes as well as the provision of operational
knowledge in the BSI certification according to IT-Grundschutz.[^1]
With the Sovereign Cloud Stack project, we offer a productively deployable solution
that harnesses the potential of cloud computing. SCS meets the requirements for
security, resilience, and the ability to shape the future of the project, thus
contributing to a significant strengthening of digital sovereignty.
Peter Ganten, Chairman of the Board of the Open Source Business Alliance e.V.
Technical highlights in SCS Release 3
The components included in the architecture of the reference implementation have been
updated to OpenStack Yoga, Ceph Quincy, OSISM 4.0.0, and Kubernetes Cluster API 1.2.x
with support for Kubernetes 1.25. (See figure below).
Sovereign Cloud Stack Architecture
With Release 3 the Network Bound Disk Encryption (NBDE) is ready for productive use.
NBDE enables cloud service providers to automatically encrypt and decrypt data carriers
and thus prevents unauthorized access to customer data.
In cooperation with T-Systems, the Special Interest Group Monitoring in the project
is working intensively on a successor to the already proven
openstack-health-monitor
that now has been further improved by an informative dashboard. This asset allows
cloud service providers that rely on OpenStack as the underlying infrastructure layer,
to monitor the cloud environment in detail and to be able to localize problems at
an early stage. More details on the progress of the SCS project in the area of
observability can also be found in the
current October issue of the German-language Linux Magazin.
Among others, the Kubernetes cluster management used within SCS is being tested
on the development environments for the GXFS project
and has been further improved by the lessons learned. Tools for analysis
were added and each cluster gets its own private authorization to manage the
underlying cloud resources now. The rolling update of clusters to a new Kubernetes
version has been significantly simplified and upgrading, maintenance and debugging
Kubernetes clusters in SCS has been documented. The implemented components of the
CNCF ecosystem have been upgraded to the latest versions and validated through
appropriate conformance tests.
The full release notes including a reference to the consumed upstream projects
are available at https://scs.community/release-notes-r3.
Collaboration over competition
Next to all the technical achievements with R3, there is one thing that makes me
even more happy with our progress. Witch SCS, we set out to prove that we can
jointly develop standards, an open reference implementation and operational practices
to create a viable federated Cloud- and Containerplatform, well knowing that
collaborating on operations is still rather uncommon in the industry. When I
learnt that two of our operators are actually spending a day together in a joint
session to perform upgrades from SCS R2 to R3, I was very impressed with their
openness and willingness to collaborate in new ways. With this mindset, more great
things can be expected!
Kurt Garloff, CTO of Sovereign Cloud Stack at the Open Source Business Alliance
Enhanced test automation ensures high quality
Together with OSISM, the test coverage of the deployment
and lifecycle management framework osism used in the SCS reference implementation
has been significantly extended and thus enables a faster upgrade of the deployed
environments. The close cooperation between the cloud service providers as well
as the enhanced test coverage allowed that a major part of the infrastructures
could already be upgraded before the official release of SCS R3. One goal of the
Sovereign Cloud Stack project is to enable infrastructure operators to upgrade
their environments on a daily basis.
Third public cloud provider uses Sovereign Cloud Stack
With the public clouds from OSISM and plusserver,
there are already good SCS offerings primarily targeted at the private sector.
Now also Wavecon – a 100% subsidiary of the
noris network AG – relies on the SCS reference
implementation for the setup and operation of a fully open, standardized sovereign
public cloud, this way further strengthening the coverage and choice for companies.
With Wavestack
the third public cloud provider launches its new offering simultaneously to the
release of SCS R3.
With Sovereign Cloud Stack, we are relying on a solution that significantly
faciliates the setup and operation of a modern cloud and container platform,
especially by fostering an active community. The open development process allows us to
to have direct influence on the project and actively shape it. Collaboration based
on partnership and the transparent sharing of operational knowledge are essential
core of our company philosophy.“
Cemil Degirmenci, CEO of Wavecon GmbH.
About Sovereign Cloud Stack
The Sovereign Cloud Stack (SCS) was launched in 2019 and initially funded by the
Federal Agency for Disruptive Innovations – SPRIND. Since July 2021, SCS is a
project of the Open Source Business Alliance and receives funding by the German
Federal Ministry for Economic Affairs and Climate Action (BMWK).
A growing community of more than 20 companies contribute to the success of Sovereign
Cloud Stack. By joining forces, standards for a modern, federatable open source
cloud and container platform are defined and implemented by using proven open source
components. At the same time, operational knowledge and practices are
transparently shared to minimize the difficulty of delivering high-quality and secure
cloud offerings. Three providers are already using SCS in production
environments to offer public cloud services. Further setups are in the development
and testing phases.
About the Open Source Business Alliance (OSB Alliance)
The Open Source Business Alliance (OSB Alliance) is the association of the open
source industry in Germany. We represent over 190 member companies that employ
approximately 10,000 people and generate more than 1.7 billion euros annually
in Germany. Together with scientific institutions and user organizations, we
are committed to sustainably anchoring the central importance of open source
software and open standards for a successful digital transformation in the
public awareness. This digital transformation should benefit companies, the
state and society alike. In addition, innovations in the field of open source
should be promoted. Our goal is to establish open source as the standard in
public procurement and in research and business promotion. After all, open
source and open standards are essential foundations for digital sovereignty,
innovative capacity and security in the digital transformation and thus the
answer to one of the greatest challenges of our time.
[^1]: see Deutsche Verwaltungscloud-Strategie: Rahmenwerk der Zielarchitektur, Beschluss des IT-Planungsrats as of 2021-10-29
You are currently viewing a placeholder content from Vimeo. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from YouTube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
