One of GAIA-X’s main goals is to restore data sovereignty in Europe when using cloud technology. US hyperscalers, for example, are subject to the US Cloud Act, which enables US authorities to enforce the release of data stored in data centers in Europe. This is contrary to European law and the GDPR. At the beginning of 2019 it was still being considered to build a European hyperscaler, but it was finally decided to create solutions with standards that would give European users more sovereignty. In order to enforce more EU law in Europe, GAIA-X will require certificates that prove that the GDPR is applied to personal data and not the US Cloud Act.
But sovereignty has other aspects. In the case of the Corona-Warn-App, for example, the code that Telekom and SAP have developed for the German government is freely available as open source and everyone has the theoretical possibility to understand what happens to his or her intimate data (infected or not). However, Apple’s iOS and Google’s Android require additional software to run the warning app. This is not open source and therefore not freely available, but proprietary and secret. One can only hope that the two companies will not pass the data on to US authorities because of the Cloud Act. At present, smartphone users cannot make a sovereign decision.
What does this mean for cloud users? With GAIA-X, they will be able to decide in 2021 whether or not the cloud service provider to be selected complies with European data protection regulations. At the moment, this is often not the case with applications that are to be run in the cloud, but there is a trend for software manufacturers to switch their business models from license revenues to service revenues, with the software then being offered as open source. This is also the focus of the Open Software Business Alliance https://osb-alliance.de/ .
But what about the software between the actual applications and the offerings of the cloud service providers? The standard today is a Kubernetes ecosystem that orchestrates containers, supports the development process of own software with CI/CD methods (development, test, operation), supports special CPUs and storage and provides further software for cloud management, monitoring and other functionalities, as shown in the following figure:
Here too, more and more open source software is being used. One example is VanillaStack (https://vanillastack.io/) from Cloudical. This provides all the software needed for a complete cloud stack, so that you can run your own applications in a cloud (public, private or even on–premise). The software is a bundle of pure open source software that can be downloaded free of charge. It can be installed and configured quickly and easily with the installer. The following figure shows which modules are all included. Often there are several alternatives for one function. For example, for containers you can choose between Docker, CRI-O or ISTIO.
The following figure shows how to build a development and runtime platform for the world-famous problem “hello, world”. Ansible or Jenkins is used to build the CI/CD pipeline. The binary is brought into several identical docker containers, which are orchestrated by Kubernetes. With a loadbalancer the work can then be distributed to the different containers. Application data is made persistent with Rook, for example, because nothing is stored in containers when they are switched off again. ManageIQ can be used to manage and EFK can be used to monitor. All components in the red frames are freely available as open source software and are included in VanillaStack. The user can confidently choose and check the source code itself.
What does this have to do with GAIA-X? GAIA-X will help to select a cloud service provider that guarantees digital sovereignty for users according to the European legal framework. VanillaStack can then be installed here too, even in hybrid as well as multi-cloud environments. Your own applications will then run on it. Either proprietary software or open source.
While VanillaStack is already available today in 2020 and can be evaluated immediately with the evaluation, GAIA-X 2021 will bring even more advantages. For identity management, IDS (https://www.internationaldataspaces.org/) is being developed, with connectors that can be used to verify identity and control access rights. Additional solutions will be available for data management, whether for open data or restricted data. For multi-cloud environments (e.g. for IoT data with one service provider, an ERP with another and evaluations with AI/ML with a third) there will be secure communication between the providers in GAIA-X.
All in all, it can be said that GAIA-X has set in motion a movement towards more sovereignty, allowing you to choose a cloud service provider that suits you best, and to implement your own cloud architecture. Open source software further strengthens this sovereignty, as the example of VanillaStack shows. It is great that more and more companies, but also European countries, will participate in GAIA-X.