Team of professionals

Back to all news

Case Study: Deutsche Telekom – Open Sovereign Cloud

Motivation and Objectives

The project was driven by two primary principles: openness and sovereignty. By leveraging open-source components, the platform ensures transparency and flexibility. Sovereignty is achieved by adhering to the guidelines set by the GAIA-X initiative, which promotes data and operational sovereignty within the European Union. This ensures compliance with EU laws, providing users with freedom of choice and interoperability across multiple cloud providers.

Key Features and Architecture

The cloud platform is structured into three main layers, each with its unique features and capabilities:

1. Infrastructure Layer:
   • MetalStack Technology: The infrastructure is based on a modern, Kubernetes-native technology called MetalStack. This offers essential infrastructure services like compute resources (virtual machines), storage (using Ceph), and networking (based on SONiC).
   • Kubernetes Integration: MetalStack leverages Kubernetes for resource management, providing a cloud-native, scalable, and efficient infrastructure solution.
2. Platform as a Service (PaaS):
   • Gardener: This orchestration tool manages Kubernetes clusters, allowing for seamless integration with various infrastructures. It supports multiple Kubernetes versions and offers geo-redundancy through its garden, seed, and shoot cluster architecture.
   • Automated Management: Users can easily create and manage Kubernetes clusters via a user-friendly dashboard or APIs, supporting CI/CD pipelines for automated deployments.
3. Software as a Service (SaaS):
   • Kyma Runtime: Kyma enhances Kubernetes with additional tools for serverless functions, API gateway, service mesh (Istio), and observability (Prometheus, Grafana, Loki, Jaeger).
   • Service Catalog: A comprehensive catalog of ready-made services like PostgreSQL, Kafka, Redis, and more, allowing developers to build applications quickly using these pre-configured components.

Innovation and Security

One of the most innovative aspects of the platform is its support for confidential computing. This technology addresses the challenge of securing in-memory data by encrypting the entire memory context of running containers. Leveraging Intel’s SGX technology, the platform ensures that even memory snapshots remain encrypted, preventing unauthorized access to sensitive data. This level of security makes the platform suitable for high-stakes applications in sectors like healthcare and defense.

Development Process and Team Culture

The development of this platform follows agile methodologies, with cross-functional teams working collaboratively across different layers of the stack.

Key technologies and tools used include:

• Programming Languages: Go, shell scripting, C (for network acceleration), and Python (for testing).
• Operating Systems: A customized Debian-based Linux distribution called Garden Linux.
• Development Tools: Git and GitLab for version control, task management, and CI/CD pipelines.

The team’s culture emphasizes transparency, collaboration, and continuous improvement, with regular sprint reviews and quarterly face-to-face meetings to align on priorities and address challenges.

Conclusion

The open-source and sovereign cloud platform developed by our client represents a significant advancement in cloud technology, combining compliance, security, and interoperability. By adhering to GAIA-X principles and leveraging cutting-edge technologies, the platform offers a robust solution for businesses seeking a secure and flexible cloud environment. This project not only sets a new standard for cloud services in Europe but also provides a model for future innovations in the industry.

Provided services

• Cloud services
• DevOps services

Key Technologies

• Kubernetes
• MetalStack
• Ceph
• Gardener
• Kyma
• Go
• GitLab