The Sovereign Cloud Stack project, funded by the German Federal Ministry for Economic Affairs and Climate Action releases its fourth version of the SCS reference implementation R3 on September 21, 2022.
Defined and implemented in an open development process by a community of over 20 companies, the latest version of the SCS reference implementation features among other new features – the possibility of network bound disk encryption, improved test coverage, and simplified management of Kubernetes clusters. All implemented open source components have been updated to the latest stable version.
By participating in the working groups of Gaia-X and the Deutsche Verwaltungscloud-Strategie (DVS) the Sovereign Cloud Stack project ensures that the project’s jointly developed standards and reference implementation also meet the requirements from these key initiatives. The Sovereign Cloud Stack thus forms not only a technical foundation for Gaia-X compliant infrastructure, but also for a resilient, federatable public sector cloud.
The SCS reference implementation meets all criteria on the software and licensing side of the Mindestanforderungen an die Nutzung von Cloud-Angeboten durch die öffentliche Hand which were published under the leadership of the Open Source Business Alliance e.V. beginning of September. At the same time, SCS is designed for high security requirements and supports platform operators in the public sector through appropriate architecture, open development processes as well as the provision of operational knowledge in the BSI certification according to IT-Grundschutz.1
With the Sovereign Cloud Stack project, we offer a productively deployable solution that harnesses the potential of cloud computing. SCS meets the requirements for security, resilience, and the ability to shape the future of the project, thus contributing to a significant strengthening of digital sovereignty.
Peter Ganten, Chairman of the Board of the Open Source Business Alliance e.V.
The components included in the architecture of the reference implementation have been updated to OpenStack Yoga, Ceph Quincy, OSISM 4.0.0, and Kubernetes Cluster API 1.2.x with support for Kubernetes 1.25. (See figure below).
With Release 3 the Network Bound Disk Encryption (NBDE) is ready for productive use. NBDE enables cloud service providers to automatically encrypt and decrypt data carriers and thus prevents unauthorized access to customer data.
In cooperation with T-Systems, the Special Interest Group Monitoring in the project
is working intensively on a successor to the already proven
openstack-health-monitor
that now has been further improved by an informative dashboard. This asset allows
cloud service providers that rely on OpenStack as the underlying infrastructure layer,
to monitor the cloud environment in detail and to be able to localize problems at
an early stage. More details on the progress of the SCS project in the area of
observability can also be found in the
current October issue of the German-language Linux Magazin.
Among others, the Kubernetes cluster management used within SCS is being tested on the development environments for the GXFS project and has been further improved by the lessons learned. Tools for analysis were added and each cluster gets its own private authorization to manage the underlying cloud resources now. The rolling update of clusters to a new Kubernetes version has been significantly simplified and upgrading, maintenance and debugging Kubernetes clusters in SCS has been documented. The implemented components of the CNCF ecosystem have been upgraded to the latest versions and validated through appropriate conformance tests.
The full release notes including a reference to the consumed upstream projects are available at https://scs.community/release-notes-r3.
Next to all the technical achievements with R3, there is one thing that makes me even more happy with our progress. Witch SCS, we set out to prove that we can jointly develop standards, an open reference implementation and operational practices to create a viable federated Cloud- and Containerplatform, well knowing that collaborating on operations is still rather uncommon in the industry. When I learnt that two of our operators are actually spending a day together in a joint session to perform upgrades from SCS R2 to R3, I was very impressed with their openness and willingness to collaborate in new ways. With this mindset, more great things can be expected!
Kurt Garloff, CTO of Sovereign Cloud Stack at the Open Source Business Alliance
Together with OSISM, the test coverage of the deployment
and lifecycle management framework osism
used in the SCS reference implementation
has been significantly extended and thus enables a faster upgrade of the deployed
environments. The close cooperation between the cloud service providers as well
as the enhanced test coverage allowed that a major part of the infrastructures
could already be upgraded before the official release of SCS R3. One goal of the
Sovereign Cloud Stack project is to enable infrastructure operators to upgrade
their environments on a daily basis.
With the public clouds from OSISM and plusserver, there are already good SCS offerings primarily targeted at the private sector. Now also Wavecon - a 100% subsidiary of the noris network AG - relies on the SCS reference implementation for the setup and operation of a fully open, standardized sovereign public cloud, this way further strengthening the coverage and choice for companies. With Wavestack the third public cloud provider launches its new offering simultaneously to the release of SCS R3.
With Sovereign Cloud Stack, we are relying on a solution that significantly faciliates the setup and operation of a modern cloud and container platform, especially by fostering an active community. The open development process allows us to to have direct influence on the project and actively shape it. Collaboration based on partnership and the transparent sharing of operational knowledge are essential core of our company philosophy."
Cemil Degirmenci, CEO of Wavecon GmbH.
The Sovereign Cloud Stack (SCS) was launched in 2019 and initially funded by the Federal Agency for Disruptive Innovations - SPRIND. Since July 2021, SCS is a project of the Open Source Business Alliance and receives funding by the German Federal Ministry for Economic Affairs and Climate Action (BMWK). A growing community of more than 20 companies contribute to the success of Sovereign Cloud Stack. By joining forces, standards for a modern, federatable open source cloud and container platform are defined and implemented by using proven open source components. At the same time, operational knowledge and practices are transparently shared to minimize the difficulty of delivering high-quality and secure cloud offerings. Three providers are already using SCS in production environments to offer public cloud services. Further setups are in the development and testing phases.
The Open Source Business Alliance (OSB Alliance) is the association of the open source industry in Germany. We represent over 190 member companies that employ approximately 10,000 people and generate more than 1.7 billion euros annually in Germany. Together with scientific institutions and user organizations, we are committed to sustainably anchoring the central importance of open source software and open standards for a successful digital transformation in the public awareness. This digital transformation should benefit companies, the state and society alike. In addition, innovations in the field of open source should be promoted. Our goal is to establish open source as the standard in public procurement and in research and business promotion. After all, open source and open standards are essential foundations for digital sovereignty, innovative capacity and security in the digital transformation and thus the answer to one of the greatest challenges of our time.