In the dynamic landscape of clouds and edges, the integration of software across diverse environments demands innovative solutions. Enter ApeiroRA, a pioneering initiative within the EU's digital policy project, aimed at reshaping cloud-edge interactions. Let's delve into the core elements driving this transformation, from ORD down to Iron- and CobaltCore. These components, alongside projects like Gardener, OCM, and OpenMFP, offer a neutral and open interoperability approach based on existing, well-accepted cloud-native ecosystem standards. Build the future of the cloud-edge continuum together with ApeiroRA.
Software that is built for the cloud is often deployed into multiple applications across landscapes spanning the cloud and edge and often lacks a clear interplay with related business processes. These applications come with domain specific designs on API and data. Data Fabric (DF) facilitates distributed, heterogeneous software services to cooperate on data and business processes without requiring centralized manual pre-design, hard-wiring, or planning. The decentralized approach is enabled through peer-to-peer standardization of discoverability, protocols, and interfaces that aid transparency, interoperability, automation, and machine understanding of data via meta data.
DF spans its fabric across the continuum through the specification of concrete technical interfaces (APIs, resource discovery protocols and events) that can be leveraged by ever higher level abstractions and constructs necessary for designing and automatically integrating business services and applications - such as Data Products, Process Modelling & Execution, and Data Spaces.
The ultimate ambition of Data Fabric is that applications find themselves automatically and connect to an effective business process – supported by common denominators on meta-data and process level.
Open Resource Discovery (ORD) is the first contribution in ApeiroRA as part of the Data Fabric. ORD helps software developers and providers to define how their services expose and discover their APIs, Events, capabilities and data. This includes practical concepts and examples of how technical services can implement a business reality over a distributed cloud-edge scenario using ORD-based semantic concepts.
Modern applications, including the associated as-a-Service canopy, are typically built and run using a combination of cloud-native technologies, microservices, preferably using event-driven architectures, and operated with progressive release and life cycle management. Application teams that should battle with the technicalities of distributed systems challenges face a business predicament: which provider(s) of infrastructure should be qualified and supported? If more than one provider is necessary to reach the market, undoubtedly a Cloud Operating System (COS) is fundamentally needed; a body of software that abstract the “continuum”, orchestrates workloads dynamically across available resources, and protects and isolates tenants from each other.
The following projects represent adaptable building blocks needed for COS.
A distributed system spawns over multiple individual machines, where Linux as an operating system of choice abstracts the underlying, possibly heterogeneous, hardware resources. This makes Linux strategic to ApeiroRA which requires elevated attention. ApeiroRA includes Garden Linux, a Debian GNU/Linux derivate that aims to provide a small, secure, and auditable Linux. Garden Linux has a highly customizable feature set that can be adjusted to fit your needs, and prebuilt images are provided for cloud providers and major hypervisors. While ApeiroRA allows for any compatible Linux distribution to be used, all ApeiroRA components will be streamlined and qualified/supported by SAP on Garden Linux only.
The Gardener Project is a robust, scalable, and production-hardened, certification ready, open-source system that manages Kubernetes clusters across many infrastructure providers. It's designed to handle the heavy lifting of cluster provisioning, management, and operations, freeing up teams to focus on their core competencies. With its extensible architecture, Gardener ensures seamless integration with existing infrastructure/cloud providers, making it an ideal choice for the diverse and complex cloud and edge needs. It embodies the principles of the European Union's digital strategy, promoting open standards, interoperability, and hence serves as a bootstrap building block in ApeiroRA.
The Open Component Model (OCM) allows describing software products and included versioned components and (security) related metadata in a standardized way. It is a Software Bill of Delivery (SBoD), comparable to a Software Bill of Materials (SBoM), but specifically focusing on delivery artifacts.
Tools built for OCM enable consistent and secure delivery of software products across the many organizational and physical boundaries of the continuum.
Furthermore, OCM becomes the operational source of truth and offers component identities to correlate information from and for the build, deployment, up to the runtime context.
OCM can be used to prove the end-to-end compliance and security posture of a software product (also see OCM Gear).
The Open Managed Control Plane (OpenMCP) enables extensible Infrastructure- and Configuration-as-Data capabilities as a Service. Based on the Kubernetes Resource Model, all resources in the cloud-edge continuum with ApeiroRA are accessible and managed via a declarative API and corresponding controllers and operators. Together with the controller which understand OCM and declarative deployment orchestrators, consumers can subscribe to a product release-train of software producers and implement an automated, GitOps-driven deployment workflow at the edges.
The Open Micro Front End Platform (openMFP) brings together micro front ends and APIs into a cohesive platform, allowing teams to contribute components while maintaining their independence.
The cloud-edge continuum requires physical hardware which can be housed in centralized, secure data centers or in more compact form factor at near and far edges, all with appropriate energy supply (preferably renewable) and cooling. Alongside the physical setup of cloud and edge locations, a software system is essential for managing this hardware - the Baremetal Operating System (BOS). The BOS is designed to create a stable and robust foundation that seamlessly integrates with the Cloud Operating System (COS). As spending on cloud infrastructure services continues to grow, BOS aims to facilitate an easily reproducible, fully automated, and end-to-end lifecycle for compute, storage, and network hardware from build to decommissioning. In addition to documentation, BOS will provide a reference implementation on qualified hardware, allowing companies to join the continuum.
BOS extends the traditional definition of machine-centric Infrastructure-as-a-service (IaaS) by operationalizing and combining cloud-native concepts with robust and known open-source components. It is primarily provided via projects IronCore and CobaltCore, whereas other projects assist with its production-grade monitoring and operations.
CobaltCore is a reimagined, opinionated, and Kubernetes enabled OpenStack distribution, fully embedded with other projects of ApeiroRA. It complements IronCore and bridges the obligation to support the numerous non-cloud-native workloads by ensuring backward compatibility. The resulting, well-known Infrastructure-as-a-Service offering is augmented with value-added capabilities, such as a novel, micro-frontend based self-service portal, advanced scheduling and rebalancing, container registry as a service, and integration with Gardener and GardenLinux.
Furthermore, CobaltCore offers coordinated control-plane maintenance, reliable updates of the compute (hypervisor) and storage fleet, extended audit capabilities and customer telemetry services. Operational requirements are seamlessly integrated with the Greenhouse Operations Platform and security posture management. As with all projects, the software lifecycle utilizes OCM methodology and best practice, wherein Kubernetes-based operators automate the inner lifecycle for all concerns.
IronCore provides the new reference for compounded software layers for inventorying, managing, and maintaining Baremetal using Kubernetes’ cloud-native principles. Kubernetes, originally designed to manage and orchestrate containerized applications and microservices, has significantly expanded its reach through its inherent API extensibility, allowing it to be adapted to a wide range of use cases entirely outside the realm of containers. IronCore takes a modern spin with Kubernetes, offering a single interface for managing resources orchestrated across regions, data centers, and availability zones. All assembled with the identical blueprint, thereby offering unmatched flexibility, scalability, and ease of use. Unlike traditional infrastructure solutions, IronCore delivers a much sought, fresh, next generation approach. As a default, Ceph is modularly provided as a cloud-natively automated, vendor-neutral storage backend for block, shared, and object storage. Furthermore, a disruptive network fabric based on CLOS Topology is included. The software defined network data plane materializes through routed layer 3 only, using an IPv6 overlay, and is grounded on the robust, standard experience of the established internet architecture and technology.
IronCore can be used for cloud-native workloads via Gardener directly, where IronCore dynamically sources ephemeral virtual and physical machines for Kubernetes. IronCore can also be used as the robust foundation layer for other opinionated infrastructure management platforms, such as CobaltCore.
Greenhouse is a comprehensive platform designed to address the challenges of operating large-scale cloud infrastructures.
It offers a holistic dashboard and API to manage various operational aspects efficiently and transparently. Moreover, it enables operations of a globally distributed cloud infrastructure in compliance with industry standards. The platform addresses common operational challenges such as the complexity of tools, fragmentation of configuration, visibility and permission management.
Several plugins extend the core platform, providing cloud-native observability, security & compliance tooling and more. These plugins come with sane default configurations and include all necessary components for application-specific needs such as production-proven alerts, playbooks, metric visualization dashboards.
