Day 1 - Talks & Workshops
As the landscape of digital sovereign IT infrastructure evolves, achieving top-tier security for endpoints in a cloud-controlled environment becomes increasingly vital. This talk will introduce B1 Linux Client Management (LCM), emphasizing its critical role in securing and managing Open Source Linux Desktops, onprem or in the cloud.
The presentation will focus on the following key aspects:
- Introduction to B1 Linux Client Management. The product is designed to provide comprehensive control and security, forming the backbone of a robust endpoint management strategy.
- Integrated Technologies for Endpoint Security: Attendees will learn how B1 Linux Client Management integrates with other open source technologies like Keycloak. This section will highlight how these integrations facilitate seamless and secure management of endpoints, ensuring that every device within the network adheres to stringent security protocols.
- Implementation Strategy: We will delve into the practical steps the participants can take to prepare for and implement a cloud-controlled Open Source Linux Desktop environment. This will include detailed guidance on setting up & configuring the required technologies, from managing user identities with Keycloak to orchestrating services with Kubernetes and automating tasks.
- Achieving the Highest Levels of Security: The talk will also address the various security challenges associated with endpoint management and connections to an open cloud environment and how the combined use of OpenDesk, B1 Linux Client Management, and other tools can mitigate these risks. Attendees will gain insights into best practices for securing their Linux desktops, ensuring compliance, and maintaining high levels of operational integrity.
By the end of this session, participants will be equipped with the knowledge and tools necessary to transition to a secure, cloud-controlled Open Source Web or Linux Desktop environment – all centrally controlled and provided by a public cloud infrastructure. This will enable them to enhance endpoint security from the cloud and leverage the full potential of open source technologies within their organizations
Stefan Bogner & Tilman Kranz
B1 Systems GmbH
This talk explores the current state of encryption in OpenStack. We will dive into Sovereign Cloud Stack’s contributions to the kolla-ansible project, addressing existing encryption gaps. Additionally, we’ll compare the state of the kolla-ansible deployment tool with Yaook, the lifecycle management tool for OpenStack, from the security perspective.
Martin Pilka
dNation
The Sovereign Cloud Stack (SCS) project was started three and half years ago with the vision to standardize cloud infrastructure and offerings and change how clouds are operated and offered for the better.
Sometime into the project the statement „One platform — standardized, built and operated by many.“ was found to describe what we (the project) envision.
The (initial) funding of the project will end this September and we want to give an honest and sincere overview of what we have achieved so far, the impact we’ve made on our surrounding ecosystems and will elaborate on why this project needs to continue and how the leverage will be in the future with a focus on the standardization and certification.
Specifically, the talk will dive deep into the way the standards are developed and adapted in the industry – ranging from CSPs that build their cloud on top of the SCS reference implementation, CSPs that adapted the standards in their existing environments up to other software solutions such as Yaook who adapted the SCS standards in their deployment mechanisms.
Felix Kronlage-Dammers
OSB Alliance e.V.
In this presentation we will describe our journey towards becoming a multi-cloud service provider, both from a technical and from a non-technical perspective.
The presentation will offer an overview of the technical basis needed on this journey (i.e.: Yake – the installer and lifecycle management tool for Gardener – as well as Crossplane and K3s for Edge). We will also discuss the benefits of these tools and why they are necessary to improve the functionality and automation of multi-cloud infrastructures.
In addition, we will take a look at the challenges that arise when you don’t operate the underlying cloud yourself but have it operated by CSPs.
Finally, the presentation provides and overview of the R&D project SDM4FZI (Software Defined Manufacturing for the vehicle supply industry) in which Yake was created and why Kubernetes is required as a substructure.
Christian Berendt
23 Technologies GmbH
Moderator:
Michael Kaiser
Smart Systems Hub
Panelists:
Christian Weiss
T-Systems International GmbH
Felix Kronlage-Dammers
OSB Alliance e.V.
Kendall Nelson
OpenInfra Foundation
Martin Pilka
ALASCA e.V.
In this talk, we will zoom into one part of the virtualization stack and look at the different open source virtual machine monitors, such as Qemu, Cloud Hypervisor, VirtualBox and others. We will discuss their origins, common uses, advantages, downsides and why, despite the many options, people still use Qemu. With a focus on security, we will also take a look at the successes and shortcomings of KVM, which underpins everything. Finally, we will look at worthwhile opportunities to collaborate as a community to improve the status quo.
Julian Stecklina
Cyberus Technology GmbH
Many industrial manufacturers are faced with the challenge of manufacturing in an economically efficient way, despite the increasing quality requirements and complex production landscapes. One solution lies in the closer integration of production and quality processes and the use of virtual measurement technology. The presentation highlights the surprisingly easy-to-develop value creation potential in the physical and mechanical engineering boundaries. Process, machine and workpiece data are recorded and combined in an intelligent way, significantly increasing the level of automation and, with appropriate control, the level of autonomy, even in established brownfield environments. Using an example from metal cutting, the presentation shows the potential that arises over the entire product life cycle and how it can be easily scaled using a cloud solution.
The solution is an industry 4.0 cloud agnostic IIoT Cloud and Edge platform with containerization and virtualization for reusable connectivity, data ingest and transformation modules for Hardware and Legacy Software enabling rapid shift to data driven autonomous processing as critical strategic advantage. Standardization and remote deployments of any workload reduces costs in projects while increases feasibility of use cases, act as new data driven business enabler as well as accelerator platform for rapid AI development and deployment.
Kai Schoppe
Carl Zeiss Digital Innovation GmbH
OpenStack remains one of the top most active Open Source projects in the world! Focusing on virtualization of cloud computing, it’s compatible with many other popular open source projects to provide a platform for a wide variety of workloads and use cases. This 90 minute workshop will give attendees the essentials to get started contributing to OpenStack. By the end of the training, attendees will have their accounts created, be able to communicate with the community and have pushed a patch to the sandbox repository to make sure that their development environment is ready to go! Attendees of the workshop will walk away able to contribute bug fixes or even new features to the OpenStack project.
Participants will need their laptops for the workshop.
Kendall Nelson
OpenInfra Foundation
After a short intro to Yaook operator, in this workshop, Yaook operators will be installed on Kubernetes clusters and an OpenStack cluster will be created with them. The workshop is equally suitable for people with a lot or little prior knowledge of OpenStack, as we limit ourselves to installation, supported by Yaook, and simple examples of operating OpenStack.
Participants should have a basic understanding of containers and Kubernetes and should bring their own laptop to the workshop.
Stefan Hoffmann
Cloud&Heat Technologies
In this workshop we will provision baremetal servers in a virtual environment that is very close to reality with a virtual SONiC switch, virtual cables and virtual BMC. The goal is to build a managed Kubernetes cluster on baremetal.
The workshop explains the background and concepts. This enables participants to use the tools and understand them better.
Participants can work alone or in small groups.
Matthias Haag
UhuruTec AG
Day 2 - Talks & Workshops
Marius Feldmann
ALASCA e.V.
Daniel Gerber
Mitglied Sächsischen Landtags
STACKIT
Moderator:
Julia Nitzschner
Silicon Saxony e.V.
Panelists:
Members of the ALASCA Board:
Representatives of ALASCA’s open-source software projects:
- Christian Berendt (Yake)
23 Technologies GmbH
The talk introduces a Sovereign Cloud Stack (SCS) Observer monitoring platform powered by the dNation monitoring solution. We dive into how this platform enables CSPs to obtain a comprehensive view of their infrastructure globally. We explore the current deployment of SCS, which covers observability across multiple Kubernetes clusters, virtual machines, infrastructure endpoints, and tools such as Zuul. Additionally, we will explore extending this deployment to include monitoring for CSPs‘ IaaS and KaaS layers.
10:15-10:30
Matej Feder
dNation
This presentation provides an overview of current open source technologies for conversational AI. We will start with an introduction to the fundamental concepts of conversational AI across various applications. The talk will then cover key open source frameworks and tools, including speech recognition (ASR), speech synthesis (TTS), dialog flow frameworks but also large language models (LLMs). We will discuss their features, use cases but also licenses. Furthermore, we will address the challenges and opportunities associated with leveraging open source solutions and offer insights into future developments in this rapidly evolving field. This presentation is designed for developers, researchers, and decision-makers interested in utilizing open source technologies for conversational AI.
10:30-10:45
Felix Gräßer
alphaspeech
The topic of digital sovereignty is on everyone’s lips and has already found its way into the marketing of many players. But what does digital sovereignty actually mean? As a non-standardized term, there are many different interpretations, making it difficult or even impossible to compare different offers. At the same time, the relevance of the topic is undisputed, which urgently requires professional comparability.
This talk will provide an overview of the most common meanings of the term and shed light on how it can be defined and made tangible. We will analyze different perspectives based on concrete situations to illustrate how companies can evaluate their own infrastructure and that of their customers and suppliers, and what general risks and opportunities this might present for digital players.
10:45-11:00
Anastasia Vöhringer
Marcel Beyer
DISQU GmbH
In this presentation, we will introduce ECO:DIGIT, an open-source project aimed at revolutionizing the assessment of software’s environmental impact. Through a comprehensive methodology and an automated assessment environment, ECO:DIGIT transparently discloses metrics and data regarding resource usage and CO2 emissions for distributed software in the four deployment scenarios cloud computing, edge computing, end devices and mobile networks. We will delve into the significance of addressing the lack of transparency and comparability in assessing the energy and resource consumption of digital solutions which account for a significant portion of global CO2 emissions.
Supported by the German Federal Ministry for Economic Affairs and Climate Action and in collaboration with research institutions and industry leaders, ECO:DIGIT aims to establish transparency, comparability, and standardization in assessing the ecological footprint across various software solutions. The presentation is intended to provide an introduction to the topic, give insights into the project’s objectives, methodologies, and challenges, as well as its potential implications for driving sustainable technology development.
Josefine Kipke
OSB Alliance e.V.
In the Sovereign Cloud Stack (SCS) project, security in hardware, OpenStack and Kubernetes are of the essence. On one site this is reflected in open discussions and advisories around recent vulnerabilities. On the other we create SCS standards for security best practices and harden the configuration of SCS wherever possible.
But this is only half of it. In one of our sub-projects (tenders) we worked out a concept of dynamic infrastructure security testing, also known as DAST. With this approach, deployed infrastructure is continuously scanned for known and even unknown (using heuristics) weaknesses that might pose a problem to the platform’s security posture. The aim is to create tooling that increases resilience of production environments, reducing overhead of manual work and allowing better integration of tools for asset management, compliance and security hardening.
In this talk we’ll give an overview over context and the actual implementation in SCS. We further highlight how the concept can also be transferred to projects like Yaook and similar technology stacks.
Dominik Pataky
Sovereign Cloud Stack /
OSB Alliance e.V.
Yaook/k8s is part of the Yaook-stack. It is a holistic life cycle management (LCM) tooling for Kubernetes mainly based upon Ansible. It can be used to create and maintain customizable, highly available, scalable and flexible kubeadm-based Kubernetes clusters on top of OpenStack or bare metal with many production-ready feature needs (e.g. the management of a monitoring stack based on Prometheus, Grafana & Thanos or NVIDIA GPU and vGPU support).
As it turned out during discussions with various stakeholders, there is a broad need for a minimized but ready for production installation and management procedure of kubeadm-based Kubernetes clusters without a lot of extras. Therefore, we started the long-term process of making Yaook/k8s more modular, more accessible, and more flexible for different use cases of Kubernetes, while also maintaining its feature richness and compatibility to more complex use cases such as the provision of managed Kubernetes clusters to third parties.
The talk will give a brief overview about the current status quo of the LCM, the currently planned roadmap and will provide an outlook on our long-term vision.
Steve Starke
Cloud&Heat Technologies
microvm.nix is a Nix Flake that builds NixOS Virtual Machines from declarative source code. It supports a number of use-cases with a plethora of configuration options across six different KVM-based virtual machine managers.
In this workshop we’re going to partition the services of a single NixOS host into easily maintainable virtual machines that are booted by systemd.
Participants will need to bring a laptop with NixOS or a Virtual Machine with nested virtualization.
Stephan Maka
Cyberus Technology GmbH
Krake is an orchestration tool that can automatically and intelligently decide where a virtualised workload should be executed based on individual metrics and labels. With the help of Krake and infrastructure-providing software, Kubernetes clusters can be rolled out, customised and scaled manually or automatically.
In this workshop participants will set up Krake and Kubernetes to understand the installation process. Subsequently, the results will be used for testing purposes deploying a toy application. During the test participants will observe Krake at work moving the app across clusters based on specific metrics.
Participants will need to bring a Laptop (Linux or Mac would be best).
Patrick Thiem
Cloud&Heat Technologies
In the workshop participants will learn why and how the new CLI for OpenStack is being created and maintained. After a short theory explanation, a hand-on session will show participants how to install the CLI, configure it and walk through the most common commands like listing servers, images, creating new network, uploading object, etc. A comparison with the official OpenStack Client will demonstrate key similarities and differences and explain the caching mechanism.
Participants will need to bring their laptops and have usual credentials for their cloud of choice (OpenStack cloud).
Artem Goncharov
Sovereign Cloud Stack /
OSB Alliance e.V.
