[00:00.000 --> 00:15.760]  Thanks for joining us tonight, a long day in the digital, in the sovereign cloud room.
[00:15.760 --> 00:21.040]  We've heard a lot of great presentations before and I hope I can shed some additional light
[00:21.040 --> 00:28.080]  on this definition of digital sovereignty and how open source or how we believe that
[00:28.080 --> 00:33.520]  open source and maybe extending the way we do open source can help us to achieve more here.
[00:36.560 --> 00:43.120]  Just quickly introducing myself, first I've been doing open source for all of my professional
[00:43.120 --> 00:49.120]  life, actually I started before. I was part of the professional life at university in the 90s
[00:49.120 --> 00:55.040]  when I was doing some work on the Linux kernel contributing to the SCSI stack there and SCSI
[00:55.040 --> 01:01.200]  drivers which was really fun and which really helped me to kind of get the
[01:02.240 --> 01:08.880]  the fascination of working with with really people around the world on great technology
[01:09.680 --> 01:15.920]  and that was then actually what my professional life became and I was working in Sousa where I
[01:15.920 --> 01:23.440]  built up Sousa Labs that was actually a significant part of my career and then also been building
[01:23.440 --> 01:31.040]  clouds for Deutsche Telekom T-Systems so I was actually in the open telecom cloud project as
[01:31.040 --> 01:40.720]  head architect there and also during the time I was part of a number of communities and organizations
[01:41.600 --> 01:48.320]  EFF. Linux for Bund which became OSPA which kind of funnily today is my employer
[01:49.120 --> 01:54.160]  and that's actually the sovereign cloud tech project which we were able to
[01:55.520 --> 02:04.240]  start which brought us to work extremely closely with the German ministry for economic affairs
[02:04.240 --> 02:09.840]  and climate action that's the one who's paying us and the open source business alliance which
[02:09.840 --> 02:14.960]  runs this project and which employs me and yes over the time I've been able to contribute to a
[02:14.960 --> 02:22.800]  number of projects Linux kernel new compiler open stack and now with cluster API Kubernetes stuff
[02:22.800 --> 02:32.720]  also working in that so we've heard quite some some good reasoning why digital sovereignty is a thing
[02:33.520 --> 02:44.080]  and to kind of make it very fundamental if you look what IT does today to our lives
[02:45.120 --> 02:53.440]  in private lives in all of the things we do with our industry also our society our public
[02:53.440 --> 03:00.560]  administration they all depend on IT in a way that they didn't use to depend on IT 20 years ago
[03:00.560 --> 03:07.120]  and this is only going to get larger and more important so it's important for us to make sure
[03:07.120 --> 03:15.120]  we have control over the systems we are using and we are in a position that we can determine
[03:15.120 --> 03:21.520]  how we want to use these systems and right now this is something that is under question and we've
[03:22.080 --> 03:30.080]  heard it very good from Ludovico before that we are in trouble there we are in a challenge there
[03:31.520 --> 03:37.680]  a lot of I mean from an economic perspective a lot of the value creation happens in IT platforms
[03:37.680 --> 03:44.240]  in software in infrastructure and of course there's a lot of are we able to determine or to even
[03:45.040 --> 03:51.920]  set laws that we are able to follow if there's a lot of infrastructure all of what we do privately
[03:51.920 --> 04:00.400]  and in the industry depend on doesn't comply to how can we kind of resolve that and of course
[04:00.400 --> 04:06.160]  there's there's the question I mean we have this GDPR which I believe I mean GDPR can be
[04:06.160 --> 04:11.840]  annoying in details but in overall it's a great thing because the idea of protecting
[04:12.640 --> 04:18.240]  or restricting what companies and governance can do with our data actually is part of what
[04:18.240 --> 04:24.720]  gives us as individuals the freedom to not be being watched and being analyzed all the time
[04:24.720 --> 04:31.360]  and this is a very fundamental freedom right that we have and the thing we need to kind of ask
[04:31.360 --> 04:40.720]  ourselves is we have these great laws and question is can we actually implement them and actually
[04:40.720 --> 04:46.880]  are we serious about our law are we actually complying to it and talking to companies talking
[04:46.880 --> 04:56.240]  to people in the industry I mean I once wanted to kind of poke people a bit and said well I
[04:56.240 --> 05:02.160]  guess at least half of the usage of public clouds in Europe is illegal if we take GDPR
[05:03.120 --> 05:08.800]  seriously and I was expecting to get a lot of fire back when I said that and the the only
[05:08.800 --> 05:14.960]  comment I really got back was well only 50% I think it's a lot more so this is the status quo we
[05:14.960 --> 05:19.200]  don't have exact numbers I don't have I have not done a study on that but we know a lot of
[05:20.560 --> 05:26.240]  public cloud usage isn't legal if we take our laws seriously and the question is how can we
[05:26.960 --> 05:30.240]  how can we improve on that how can we actually make it reality and
[05:31.120 --> 05:39.680]  we we have regulation that is supposed to help but then of course we need to take it seriously
[05:39.680 --> 05:46.480]  there's Digital Markets Act Digital Services Act which is certainly a good legislation that helps
[05:46.480 --> 05:51.840]  us and we have this data protection thing which we need to start getting more serious about
[05:51.920 --> 06:01.840]  one thing we've seen come out of that debate is now that there is in several countries
[06:01.840 --> 06:11.360]  are initiatives that US hyperscalar enter partnerships with local companies and try to
[06:11.360 --> 06:18.400]  structure the partnerships in the way that the local companies fully in control of the
[06:18.400 --> 06:22.640]  infrastructure and operations with it so the hyperscalar doesn't have access to it so the
[06:22.640 --> 06:29.120]  cloud act wouldn't apply we have to I guess look into the details whether that actually
[06:29.120 --> 06:35.280]  fulfills the data protection requirement or not depends a lot on a lot of details and one of
[06:35.280 --> 06:44.240]  the things I've learned in my career that once I was trying to operate infrastructure to operate
[06:44.240 --> 06:48.960]  software that it was built for being run by the software company itself in a DevOps model
[06:49.520 --> 06:55.280]  and we were trying to run it as a third party and it was awfully painful and that is of course the
[06:55.280 --> 07:00.160]  thing that now these local providers that do partnerships with with Microsoft or Google
[07:00.160 --> 07:05.120]  need to go through and learn a lot invest a lot and actually Microsoft and Google would have to
[07:05.120 --> 07:10.240]  invest a lot to make it runnable by others so that's one thing they need to overcome but maybe they
[07:10.240 --> 07:20.480]  do that might resolve the GDPR question what it does not resolve is actually the fact can we
[07:20.480 --> 07:28.080]  actually understand the technology do we have to transparency want can we actually provide more
[07:28.080 --> 07:34.880]  influence and value from European companies and there's been discussions that we need alternatives
[07:34.960 --> 07:42.640]  not just regulation but alternatives and one of the things that I've heard discussed was well
[07:42.640 --> 07:49.120]  let's build a European Amazon let's build a European hyperscaler and to be very honest
[07:50.240 --> 07:56.240]  I don't believe in that I think replacing the dependency on a monopolist or a few
[07:56.800 --> 08:01.280]  or liquor polis with just another monopolist that everybody then depends on
[08:02.240 --> 08:06.880]  does not improve the situation much it may improve it a tiny bit because maybe there's a bit more
[08:06.880 --> 08:13.840]  legal control but it really replaces a dependency with another dependency so it's it's not a large
[08:13.840 --> 08:19.920]  step forward the other thing I've heard well I mean let's let's make sure we only use European
[08:19.920 --> 08:26.560]  software and honestly I don't think that is something we should seriously consider if we
[08:26.640 --> 08:35.040]  understand open source because open source does does not need us to restrict ourselves for to a
[08:35.040 --> 08:41.200]  certain country and I think Marcel has made that point very very nicely in his no it was not you
[08:41.200 --> 08:50.000]  it was Ludovico I guess that that that if you have open source where you have control that is not
[08:50.000 --> 08:58.160]  needed digital sovereignty so I want to take a step back and think well what is it we want to
[08:58.160 --> 09:05.840]  achieve with digital sovereignty and talking to companies understanding what they want to do
[09:05.840 --> 09:15.680]  also talking to to to public administration people it is really about the ability to take
[09:15.680 --> 09:23.840]  decisions on your own and obviously if you take that to an extreme it would mean you don't have
[09:23.840 --> 09:28.960]  any dependencies I don't think anybody in the modern world can create platforms where you don't
[09:28.960 --> 09:36.720]  depend in many many ways on others so in the end what is really I think we need to do to do this
[09:37.440 --> 09:44.240]  is to manage those dependencies and the risks we get from those dependencies in a very very
[09:44.800 --> 09:51.120]  conscious way understand them maybe we can avoid some of them and where we cannot avoid them make
[09:51.120 --> 09:57.440]  sure that the relationship we have with people that we depend on is well understood and we have a
[09:57.440 --> 10:02.960]  certain amount of negotiation power that that makes sure we can we can control things
[10:03.600 --> 10:08.160]  and we have talked to
[10:11.280 --> 10:17.680]  organizations to understand what is it what is the various dimensions of risks they want to
[10:17.680 --> 10:24.480]  to kind of address and to to manage and we we found like this list of four different
[10:25.280 --> 10:30.720]  directions that generally people were interested in that was the first one is of course this
[10:30.720 --> 10:38.320]  legal compliance thing this is something that any company needs to of course do the second thing is
[10:38.320 --> 10:45.120]  well actually I mean if we have a supplier which we have a certain dependence on we want to make
[10:45.120 --> 10:54.240]  sure whenever needed we can switch and switching of course is something that can be very easy in
[10:54.240 --> 10:59.600]  theory and extremely hard in practice so in order to to make the switch a viable option
[11:00.160 --> 11:05.760]  we need to structure the way we use this platform or maybe to structure the way this platform is
[11:05.760 --> 11:17.040]  being designed in a way that switching cost is low and I mean the the ultimate possibility to
[11:17.040 --> 11:22.400]  to switch could also be that an insourcing option happens so if things go really bad I could take
[11:22.400 --> 11:28.160]  actually a platform and run it myself that would be like the ultimate proof that as switching is
[11:28.160 --> 11:39.440]  possible the third thing is the technology platform we depend on basically opens up new
[11:39.440 --> 11:47.600]  possibilities and closes off other ones so it basically limits the amount of things we can
[11:47.600 --> 11:53.440]  do on top of that platform and of course if you as as a company for example want to evolve in a
[11:53.440 --> 11:59.120]  certain direction it may become limiting to you so actually what you would like is to have a way to
[11:59.120 --> 12:06.720]  influence how this platform is evolving in the future. The fourth thing we heard a lot is a
[12:06.720 --> 12:14.160]  discussion on transparency we want to understand how our data is stored how is it being secured
[12:14.160 --> 12:21.040]  from being improperly accessed do we have that level of transparency and do we have the skills
[12:21.040 --> 12:30.400]  to actually understand how it works so if we make certain if you want to make certain improvements
[12:30.400 --> 12:38.640]  do we do we understand them we've heard this before I guess this is kind of preaching to the
[12:38.640 --> 12:47.600]  choir a bit open source of course helps a lot with achieving our goal here using open source
[12:48.320 --> 12:56.000]  I mean the amount of control you get as the user of open source is so much larger than the amount
[12:56.000 --> 13:03.680]  of control you have over over being a user of proprietary software it's a different it's a
[13:03.680 --> 13:10.560]  different league it's a different world so we don't need to have that discussion that open source
[13:10.560 --> 13:15.840]  that's what our software needs to come from a specific country or from a specific continent
[13:15.840 --> 13:20.800]  this is this can be a relevant discussion if you're using proprietary software because then
[13:20.800 --> 13:26.560]  you don't have a lot of rights if you're using open source the idea is to do open source right
[13:26.560 --> 13:29.760]  and if you do that right you don't need to to ask that question
[13:32.480 --> 13:40.160]  and of course I mean the the ability to build on top of each other is something that is inherent
[13:40.240 --> 13:46.080]  to to the way we do open source so I mean we all today are using systems that
[13:47.360 --> 13:53.120]  well over 20 years a lot of smart people have developed doing doing Linux well 30 something
[13:53.120 --> 14:05.440]  year actually there's one thing I think we need to be aware of I mean a decade ago or so we were
[14:06.000 --> 14:12.480]  discussing that open source is really needed and we need to open source in order to have
[14:13.280 --> 14:22.320]  control over our own fate today I hear a lot of companies saying well we do open source
[14:23.760 --> 14:30.960]  and it's become something in their marketing checklist if they think well the recipient
[14:30.960 --> 14:39.920]  asks for open source we will we will check that check mark right because they ask for it
[14:39.920 --> 14:45.520]  and we do something somewhere in the open and I think the the one thing we need to be really
[14:45.520 --> 14:52.720]  careful about is we have built this great open source movement where we have achieved a lot
[14:53.760 --> 14:59.440]  and now we hear people saying open source without meaning it and we need to be careful to to call
[14:59.440 --> 15:05.440]  them out and to not let them get away with that they build projects which are partially open
[15:05.440 --> 15:09.280]  source but if you want to use them you cannot because of course there's these other components
[15:09.280 --> 15:14.560]  that you need in order to to use the software which is I don't want to say that the open source
[15:14.560 --> 15:20.240]  pieces are useless but they're not very useful and it's certainly not not open source as a whole
[15:20.240 --> 15:26.000]  or people invent strange licenses which are not even OSI compliant which restricts you in very
[15:26.000 --> 15:32.400]  surprising ways be careful on that or people build these open core models where you have like
[15:32.400 --> 15:38.240]  access to some useful core piece of technology but then if you want to do the really useful
[15:38.240 --> 15:45.760]  things with it you need the proprietary extensions not very useful so be be careful there's other
[15:45.760 --> 15:52.480]  things we've seen which I think we need to be careful about is that sometimes projects are built
[15:52.480 --> 15:59.040]  inside a company and then that companies as well okay maybe we can reach a larger market by making
[15:59.040 --> 16:06.160]  it open source and this is a great thing I applaud that company for doing that but we also need to
[16:06.160 --> 16:16.480]  be careful the company needs to invest into building a community so that the dependence of that open
[16:16.480 --> 16:23.280]  source code on that single company gets lower over time because otherwise there's if that company
[16:23.280 --> 16:32.240]  is the sole owner of taking decisions of contributing of having knowledge on that software stack it
[16:32.240 --> 16:39.280]  really doesn't make us a lot more sovereign it does in theory but the need the work needs to be
[16:39.360 --> 16:44.160]  invested to to build the competence the local competence as we heard earlier today
[16:46.000 --> 16:52.240]  and then yes I mean decision-making development process it can be closed and that is not what we
[16:52.240 --> 17:01.280]  want the open infar foundation has I think a good way of kind of addressing all those concerns about
[17:01.280 --> 17:09.760]  not really open projects with the four opens where it's not just the license the license is important
[17:09.760 --> 17:14.720]  and it needs to be OSI license it needs to be fully open source not not an open core model
[17:16.800 --> 17:19.680]  and the development process needs to be open the design
[17:20.800 --> 17:25.760]  discussions the decision taking needs to be transparent and the community needs to be open
[17:25.840 --> 17:35.120]  and diverse not just single vendor and looking at the list I made before of what
[17:36.240 --> 17:43.280]  companies expect from being sovereign I just kind of make this this little
[17:44.160 --> 17:51.520]  non-scientific taxonomy how much sovereignty can users have if they're using these platforms
[17:51.520 --> 17:59.920]  obviously if you're on a on a hyperscalar I mean even GDPR compliance is not something you can achieve
[18:01.280 --> 18:06.640]  there's this model I said where we have this trustee model where you have local providers of
[18:06.640 --> 18:12.480]  hyperscalar technology where it's fully operated hopefully which solves that problem but I mean
[18:13.040 --> 18:20.560]  the ability to to to have choice to switch provider is not there the ability to insource to
[18:20.560 --> 18:25.680]  run this stack yourself is not there you cannot really shape the technology and adjust it to your
[18:25.680 --> 18:32.080]  own needs and you don't build the skills how this software works and operates so you don't you don't
[18:32.080 --> 18:37.760]  really score on those levels if you would build a you hyperscalar it wouldn't be that much better
[18:38.480 --> 18:44.720]  maybe you have a bit of better handle on the on the GDPR things but it doesn't it doesn't solve the
[18:44.720 --> 18:50.160]  problem if you if you deploy private clouds actually you're in a better shape even if you
[18:50.160 --> 18:56.640]  build that on proprietary technology because at least I mean insourcing is then something that is
[18:56.640 --> 19:02.480]  very real because that's the decision you have taken you could have a third a third party actually
[19:02.480 --> 19:07.280]  doing some some of that management for you of course and you build some skills you learn how to
[19:07.280 --> 19:15.760]  operate it now does does open source solve the problem for you well it does partially
[19:15.760 --> 19:19.360]  and I think there's some additional steps and I'll talk about them in in a second
[19:20.960 --> 19:25.760]  one of the things with open source with building open source or using open source public
[19:25.760 --> 19:31.280]  clouds or building open source private clouds is that switching may not be easy still because
[19:32.240 --> 19:40.800]  if you have five companies that build open source clouds you may end up in a situation that those
[19:40.800 --> 19:45.840]  five clouds may use some of the same technology components but all of them are configured and
[19:45.840 --> 19:50.800]  run in a very different way which makes which means switching from one to the other is still
[19:50.800 --> 20:00.080]  extremely painful so that's one thing that needs to be solved and the skills and transparency
[20:00.160 --> 20:06.000]  is something that also may not automatically come in in theory does because the code is open
[20:06.000 --> 20:11.840]  but to run a platform there's a lot more than code you also need to have the operational practices
[20:11.840 --> 20:18.000]  you need to have the operational tooling you need to understand how to deal with incidents
[20:18.720 --> 20:23.520]  all of those things is knowledge that you need to build and it is not automatically available
[20:23.520 --> 20:30.880]  just by having open source code and that's of course how we connect to the open operations
[20:30.880 --> 20:36.720]  and the operate first movement I'll talk about that in a second first of all one of the things
[20:37.440 --> 20:44.080]  when I said well switching needs to become easier basically we need to kind of find common ways
[20:44.080 --> 20:49.360]  how we build these clouds how we configure them and how they expose interfaces to the
[20:50.160 --> 20:54.880]  to the users and of course there's there's great existing standards out there I mean the
[20:54.880 --> 21:01.920]  on the open infrastructure side there's the OpenStack powered trademark certification which
[21:01.920 --> 21:07.680]  standardizes the the APIs how they are exposed on the CNCF world of course we have the CNCF
[21:07.680 --> 21:14.080]  compliance tests but looking at real workloads those are a great starting point but they're not
[21:14.080 --> 21:19.120]  enough I mean there's nothing standardized about how does your storage in Kubernetes for example
[21:19.440 --> 21:26.160]  need to look like there's well I mean the way you do whatever I'm ingress you need to have
[21:26.160 --> 21:31.760]  custom annotations for your load balancer so if you need to migrate applications those are the
[21:31.760 --> 21:37.280]  things that you really stumble upon and that are painful so we need to to create standardization
[21:37.280 --> 21:44.080]  together to to move forward then address that issue and then of course if you if you create
[21:44.080 --> 21:50.800]  common standards having a reference implementation that implements all these and that providers
[21:50.800 --> 21:54.560]  can take and it's it's not a black or white decision you can take certain
[21:55.200 --> 22:00.960]  modules from a reference implementation or you can take all of it both is possible helps of course
[22:00.960 --> 22:06.480]  then also for providers to have a much easier job to actually build platforms
[22:06.480 --> 22:15.440]  addressing the skills and transparency thing that's the the operation open operations that
[22:15.440 --> 22:22.080]  operate first movements that we we are working on the idea there is really that we've learned how
[22:22.080 --> 22:29.360]  to collaborate effectively and efficiently when building software the dev piece of our dev ops
[22:29.360 --> 22:37.520]  world but what we haven't done as much yet is learning how to collaborate how to share information
[22:37.520 --> 22:46.240]  how to work together on the ops piece of dev ops so most commonly we don't learn a lot how
[22:47.600 --> 22:52.480]  the application operation how the platform operation works sometimes we get some some
[22:52.480 --> 22:57.120]  highlights or some spotlights and that's that's quite informative but we haven't really built
[22:57.120 --> 23:02.800]  a practice yet of sharing that and that's something we're trying to to work on within the the open
[23:02.800 --> 23:08.400]  operations movement that we've also heard on before on on the operate first a project
[23:10.000 --> 23:15.600]  and it's it's about a number of things it's really about knowledge sharing providing transparency
[23:16.400 --> 23:20.720]  for example if there's an incident getting a public root cause analysis is a great thing
[23:20.720 --> 23:27.280]  to learn it's a culture of sharing and of course processes and tooling belong to that as well
[23:31.760 --> 23:36.560]  so filling that gap those gaps that's exactly the mission that the sovereign cloud stack project
[23:38.320 --> 23:40.960]  tries to pursue and this is kind of the the official
[23:42.800 --> 23:46.880]  a statement what a sovereign cloud stack project is about we want to build one platform
[23:47.520 --> 23:53.840]  but one platform that's not operated and built by one company that owns it but really by a community
[23:55.040 --> 24:00.400]  of many which standardizes it together which builds it together with which operates it together even
[24:02.880 --> 24:08.720]  so really trying to to build on the existing open source projects and we have a lot of really
[24:08.720 --> 24:13.680]  great open source technology that we can build upon combine them in a standardized way that we
[24:13.680 --> 24:21.680]  discuss together with the community that participates and then also build the operational practices the
[24:21.680 --> 24:31.120]  operation knowledge together so that's that's kind of the the three outcomes that we we produce
[24:31.760 --> 24:37.200]  certifiable standards the reference implementation that's of course fully open source
[24:37.920 --> 24:40.640]  and building the operational knowledge together
[24:44.720 --> 24:51.280]  so this is again about the open operations i'll skip over that so we have some time for questions left
[24:52.640 --> 24:59.680]  and i think now we can achieve what we wanted to achieve in the taxonomy of of digital sovereignty
[25:00.160 --> 25:06.960]  because we now by making it easier to run those software stacks and to to offer them
[25:06.960 --> 25:12.560]  we have more choice in providers so there will be there will be local possibilities
[25:14.000 --> 25:17.840]  switching has become easier because we have taken a further step in standardizing
[25:18.480 --> 25:22.480]  what workloads that run on top of your infrastructure can expect
[25:22.800 --> 25:30.880]  and of course we've by opening up the operational piece of the the knowledge sharing we actually
[25:30.880 --> 25:36.320]  built a lot more skills and a lot more we provide a lot more transparency on operations
[25:39.840 --> 25:45.600]  the good thing is this project exists we have been able to get a grant from the
[25:45.600 --> 25:53.520]  german ministry for economy almost well actually one and a half years ago is when we when we
[25:53.520 --> 25:59.840]  started we've been able to build up a small project team in the open source business alliance
[26:00.960 --> 26:08.080]  we are nine people i believe on staff right now still looking for maybe two or three more
[26:09.520 --> 26:15.360]  to further build this we also have some money that we can pay to partners that do development
[26:15.360 --> 26:20.400]  work and real development work is happening some of that of course contributing to the upstream
[26:20.400 --> 26:27.760]  projects that we work with some of them some of that really on on integration configuration
[26:27.760 --> 26:36.480]  operational topics where we do some sometimes need to build own software we have a number of
[26:36.480 --> 26:43.680]  active members in the community we're also working very closely with the gaya x community to
[26:46.160 --> 26:51.840]  make sure that the standardization on a very different level that's happening there is something
[26:51.840 --> 27:00.080]  that is part of of what we deliver right now we've done four releases so we do like two releases
[27:00.080 --> 27:05.680]  a year the reality is that it's a bit of a continuous process but then still the way our
[27:05.680 --> 27:13.040]  partners want to consume the software it requires us to have like releases and we do like we do two
[27:13.600 --> 27:17.840]  per year of them and currently we have three public clouds that are using the
[27:17.840 --> 27:25.840]  the reference implementation actually they are using it completely and we have a couple of projects
[27:25.840 --> 27:32.240]  that are underway where private clouds are built and also where existing cloud environments that
[27:32.240 --> 27:40.160]  pre-existed before we even started this project are starting to adopt modules from the scs work
[27:40.160 --> 27:44.400]  that we're doing and adopt the standards so the certification program on the standardization
[27:44.400 --> 27:49.440]  is also something that's currently being extended and rolled out over the next few months
[27:52.960 --> 28:01.680]  I have some some references we've talked about this quite a bit in public published
[28:02.320 --> 28:11.920]  white papers and conferences and I mean these slides have been uploaded so you can best I guess
[28:11.920 --> 28:19.520]  look them look those references up in the in the slides and that's already my final slide
[28:21.920 --> 28:27.360]  I would love if some or many or all of you join our community
[28:27.760 --> 28:34.480]  in any way what I would what I guess what everybody in this room already does is
[28:34.480 --> 28:39.600]  in some way or another contribute to digital sovereignty by working on on open source
[28:40.800 --> 28:47.440]  this is this is helpful thanks for doing that certainly some of us if some of the work ends
[28:47.440 --> 28:53.600]  up in projects that we also use like whatever the linux kernel or open stack or kubernetes
[28:53.600 --> 28:58.960]  or projects like black cluster api in kubernetes all of that is helpful and contribution is not
[28:58.960 --> 29:04.240]  just code I mean just asking questions opening issues if something doesn't work
[29:05.040 --> 29:10.320]  contributing to these standards documenting something all of that is is great contribution
[29:12.320 --> 29:19.920]  and of course if there is digital sovereignty discussions it would be great if you could
[29:19.920 --> 29:24.960]  actually raise the voice and say well digital sovereignty is not just complying to gdpr it needs
[29:24.960 --> 29:31.040]  to be it needs to go way further we need to open up the way we develop software we need to have the
[29:31.040 --> 29:38.560]  transparency we need to open up the way we do operate these environments that's the the open
[29:38.560 --> 29:43.840]  operations movement to really make sure we create this awareness and make sure also that we don't
[29:43.840 --> 29:48.880]  let people get away with saying well we do open source and then if you look at it it's not even an
[29:48.880 --> 29:55.200]  osi license or it's just like a few open source components and the rest is proprietary let's
[29:55.200 --> 30:00.080]  make sure we we don't let people get away with that but we fight for the real open source
[30:01.200 --> 30:05.520]  so that would be great and it would be great for us if some of you will will join our community
[30:05.520 --> 30:12.240]  we're also hiring still few positions we still also have a few more tenders that we where we want
[30:12.240 --> 30:18.400]  development work to be done so that's also a way to to contribute you'll not get particularly rich
[30:18.400 --> 30:27.840]  but of course you need to pay your developer that's all I hope you have some questions if there's a
[30:27.840 --> 30:35.520]  lot of questions there's also an open infrastructure meet up tonight at the roosters I've been told
[30:36.160 --> 30:40.880]  I will be there I will not make 1900 because I think the session in this room runs until 1900
[30:41.600 --> 30:48.560]  um but maybe in 730 or 80 I'll be there I can also ask some can also ask questions there but
[30:48.560 --> 30:51.520]  I would love some questions right now I think we have some minutes left
[31:02.320 --> 31:06.640]  hi thanks a lot for the presentation and congratulations for the work you've already
[31:06.640 --> 31:12.320]  done actually I was wondering because you talked a lot about switching and how switching is gonna
[31:12.320 --> 31:17.600]  bring more sovereignty but I was wondering if we cannot even take a step further and talk about
[31:17.600 --> 31:23.680]  interoperability and portability in itself because I think it would bring even more if we talk about
[31:23.680 --> 31:29.200]  sovereignty it would bring even more opportunities for sovereignty and development of new European
[31:29.200 --> 31:34.640]  or alternative for non-dependency on certain technology because interoperability will allow
[31:34.640 --> 31:38.720]  and portability will allow you to develop niche services that would be interoperable with pretty
[31:38.720 --> 31:45.040]  much all other stacks right so I was wondering why stopping at switching and not go all the way
[31:46.080 --> 31:53.600]  you know as I mentioned before great great question um and actually um on that slide I was really
[31:53.600 --> 32:00.320]  kind of um answering the pain that we've heard companies talking about um actually if you look
[32:00.320 --> 32:05.520]  at our vision what we're trying to do is we say well actually we're building one large virtual
[32:05.520 --> 32:11.200]  cloud where the crash is not so much switching from one provider to another one with your workload
[32:11.200 --> 32:16.160]  but actually using several of them together in a federated way and because the way they are built
[32:16.160 --> 32:23.040]  they are so compatible so interoperable um that that actually works and it's seamless uh that that's
[32:23.040 --> 32:28.080]  kind of the end vision and probably it will not be achievable 100 percent because sometimes there
[32:28.160 --> 32:32.160]  are things like whatever network latencies that you will not be able to overcome if you
[32:32.160 --> 32:37.120]  federate clouds from very different locations um but I mean getting as close as possible to that
[32:37.120 --> 32:42.000]  vision that that's something we try to achieve and I think I didn't mention Federation specifically
[32:42.000 --> 32:50.240]  here but it's part of our vision hello thank you for the presentation and just trying to understand
[32:50.320 --> 32:58.400]  the scope of scs uh is it like only um you want to like try to standardize what is being exposed to
[32:58.400 --> 33:04.240]  users beyond the api's like thinking of opens like all the public open cycle because they only
[33:04.240 --> 33:07.840]  have the same api but of course there are some details are different so it did make sense to
[33:07.840 --> 33:13.040]  try to standardize that but is it also because you talk about operation and everything to try to
[33:13.040 --> 33:19.920]  standardize how the ops team for this public cloud deploy manage their things uh they manage
[33:19.920 --> 33:24.800]  their open stack cloud and if it's the case like how do you deal with all the existing public
[33:24.800 --> 33:31.120]  clouds that already have a lot in terms of operations that is running if they those companies
[33:31.120 --> 33:37.920]  want to join the initiative what are they supposed to do like uh redo the deployment with the scs
[33:37.920 --> 33:45.120]  stack uh or what's the idea there yeah great question again um so I think there's several
[33:45.120 --> 33:51.520]  options maybe first of all I mean when we say we standardize we create certifiable standards
[33:51.520 --> 33:57.040]  that's of course something that is at the interface towards the users the folks that deploy workloads
[33:57.040 --> 34:02.960]  on top of the platform and that makes the the switching or also the federating possible but
[34:02.960 --> 34:07.200]  then of course we have a reference implementation which is completely open source and which is
[34:07.200 --> 34:12.720]  modular and if you are a new provider I mean our recommendation would be well try to see
[34:12.720 --> 34:16.560]  whether the whole stack actually serves your purpose we're trying to to develop it together
[34:16.560 --> 34:21.280]  in a way that it does but if you have an existing platform that's probably not something you will
[34:21.280 --> 34:26.640]  do you will not switch out an existing platform if you have any reasonable amount of users on it
[34:26.640 --> 34:33.120]  so the our suggestion is well look if there's certain modules where we create something that
[34:33.120 --> 34:38.720]  you want and see if you can fit it into your existing infrastructure we're currently trying
[34:38.720 --> 34:47.040]  to start a project on um metering uh metrics collection uh because there's kind of a number
[34:47.040 --> 34:53.680]  of of of half finished projects out there which kind of need need some need some love um and that
[34:53.680 --> 34:58.480]  is something that as as an existing cloud provider you might be very well willing to adopt or maybe
[34:58.480 --> 35:04.880]  a status dashboard something that people have built on their own most of them haven't done it
[35:04.880 --> 35:11.440]  in a way that it's great yet doing that is something that you could adopt and then step by step of
[35:11.440 --> 35:17.360]  course the the closer you are to the reference implementation the more knowledge and information
[35:17.360 --> 35:21.680]  and also operational practices you can share with the rest of the community so the more useful I
[35:21.680 --> 35:27.920]  think it will be but then if you have existing infrastructure you will probably change it very
[35:27.920 --> 35:32.160]  gradually and that that's possible that's something that we do we have partners that we work with that
[35:32.160 --> 35:44.240]  follow exactly that approach thanks for thanks for presentation um how small question are you
[35:44.240 --> 35:50.320]  starting from scratch or are you in contact with different company to build something based on their
[35:50.320 --> 35:57.680]  experience behind my question um actually I I know that a lot of countries in Europe
[35:58.880 --> 36:06.240]  there is some regulatory conditions for financial services or government and I think that everyone
[36:06.240 --> 36:13.920]  is building his own certification standards uh operational model and they're building their
[36:14.000 --> 36:21.280]  internal cloud solution so behind the question is is there any project to collaborate with all of
[36:21.280 --> 36:29.440]  that companies and maybe build something tomorrow I mean the the whole idea behind this is an
[36:29.440 --> 36:36.960]  invitation for all those companies that build similar things based on openly stack components
[36:36.960 --> 36:43.760]  to say well can't we join forces and do it together and build some joint common best practices
[36:44.160 --> 36:50.480]  that work for all of us or I should asset it's not like a white thing you can adopt some of the
[36:50.480 --> 36:54.720]  some of the the pieces if you want but in the end of course we want to have one one
[36:54.720 --> 36:58.960]  reference implementation that all the different people that that are interested in it have
[36:58.960 --> 37:04.400]  contributed to and that's that's what that's that's the main reason for us to exist this kind of
[37:05.200 --> 37:12.160]  collect all this these little great teams that do great work but it's completely disconnected
[37:12.160 --> 37:16.080]  and fragmented and we try to bring that together and of course we haven't yet talked to all of them
[37:16.720 --> 37:22.080]  and some of them may be here about us for the first time to today but yes that that's what
[37:22.080 --> 37:26.640]  we're working on and we're more than open to get additional people that have built some
[37:26.640 --> 37:32.640]  similar things and see whether we can align them and find joint joint ways to do things
[37:33.600 --> 37:46.480]  yes hi um okay great story um what I'm sort of missing is the next step and and then with regards
[37:46.480 --> 37:53.360]  to politics uh if we look back in history that once was a thing called the docu wars you know
[37:53.360 --> 38:00.320]  Microsoft document liberal office etc and uh there was a certain arrogance of a certain supplier that
[38:00.320 --> 38:06.960]  I won't mention that there were no price negotiations as possible and then if you say that to a
[38:06.960 --> 38:13.200]  government official he goes back to his desk and he starts thinking okay but I'm being screwed and
[38:13.200 --> 38:19.280]  how can I fix this so they came up with a thing called open standards and the importance of open
[38:19.280 --> 38:28.640]  standards in uh uh using in in in society now what we see with the GDPR is is also a very good
[38:28.640 --> 38:34.400]  standard but on privacy if you talk to the people in Japan and say well what do you do with privacy
[38:34.400 --> 38:41.600]  laws the answer is well we look at Europe and copy that um so on that area we're in the front so in
[38:41.600 --> 38:47.840]  in the hyperscalers we're losing big but on standardization of privacy laws we're leading the world
[38:48.240 --> 38:57.440]  yeah um what you're doing now is setting a very nice standard and if you can sort of
[38:57.440 --> 39:05.600]  promote that standard to governments as in look the exit costs of your product and and projects
[39:05.600 --> 39:12.880]  will will go down if you standardize on these standards that we have developed then they will ask
[39:12.880 --> 39:20.320]  the uh suppliers uh it's nice that you want to sell or something but it has to apply uh by by this
[39:20.320 --> 39:31.600]  standard um which will give legitimacy to your standard um so are there basically after my long
[39:31.600 --> 39:38.000]  stall and the question would be are there plans on that direction so um I think it's a great suggestion
[39:38.720 --> 39:43.840]  we have some level of discussions with the german government that's just because we were operating
[39:43.840 --> 39:48.640]  out of that country and also have funding from the from the german ministry so some some of that is
[39:48.720 --> 40:00.880]  happening there yes so I think it's something we will need to address to see that we can um yeah
[40:00.880 --> 40:05.200]  I would love not to say it needs to be friends in Germany because I think europe is a lot more
[40:05.760 --> 40:12.080]  colorful than that but I know those are two key countries so yes um I'll just take that as input
[40:12.080 --> 40:16.560]  and think about how we can maybe start a discussion in a broader european sense I mean we have some
[40:16.560 --> 40:20.160]  great partnerships in sweden where actually great discussions happen
[40:30.160 --> 40:36.560]  talk to the the join-up task force of the EU in in brussels geysi lenis is walking around here
[40:37.200 --> 40:43.440]  as one of those people involved there and and and make that connection and because
[40:44.320 --> 40:52.560]  from that point on um uh things should start rolling because well that's their job you know to
[40:52.560 --> 40:57.680]  disseminate these kinds of initiatives through the other countries and the other countries are all
[40:58.880 --> 41:07.760]  looking for a way to make also their lives better for their constituents so um
[41:08.480 --> 41:14.240]  yeah I I think this is a very good initiative but it needs the political dimension
[41:15.280 --> 41:20.880]  yeah great input and I'll I'll try to catch you to to make sure you can establish those connections
[41:21.520 --> 41:26.560]  yeah sure sure no worries I'll I'll uh walk to you in a minute please
[41:27.520 --> 41:36.320]  so last question
[41:42.640 --> 41:48.640]  so uh disclaimer I work at red hat and I have a question you know how this compares to red hats
[41:48.720 --> 41:57.280]  uh hybrid cloud uh strategy what what do you think and it's kind of the common many of the
[41:57.280 --> 42:05.360]  common goals so I it's a great question um I I mean red hat does a lot of great work in a lot
[42:05.360 --> 42:09.520]  of the open source projects that we are also using when we're building the reference implementation
[42:09.520 --> 42:14.720]  and we have lots of of contacts at the working level in the end what red hat does is they are
[42:14.720 --> 42:22.080]  building a uh product a distribution for well open shift is a lot of the work is is based on
[42:22.080 --> 42:28.000]  open shift basically in red hat which is it's a nice product but what red hat doesn't really do
[42:28.000 --> 42:32.880]  is address like this standardization thing that red hat doesn't try to tell its customers well
[42:32.880 --> 42:37.440]  you should run it in a certain way so it can be federated with all the others something which is not
[42:37.440 --> 42:43.760]  in the scope of red hats work and I think it's great because it's not their their role to do that
[42:43.760 --> 42:48.560]  we're trying to establish that so we can build these federations um so it's it's really a different
[42:48.560 --> 42:56.480]  role uh that we have there um and then of course I like the fact that red hat has kind of invented
[42:56.480 --> 43:00.240]  this operate first thing when we came up with this open operation things which kind of fits
[43:00.240 --> 43:04.640]  together very nicely so I think there will be a lot of collaboration and I hope red hat will
[43:04.640 --> 43:06.880]  play a stronger role also in our project in the future
[43:11.760 --> 43:19.760]  thanks