In the dynamic landscape of clouds and edges, the integration of software across diverse environments demands innovative solutions. Enter ApeiroRA, a pioneering initiative within the EU's digital policy project, aimed at reshaping cloud-edge interactions. Let's delve into the core elements driving this transformation, from ORD down to Iron- and CobaltCore. These components, alongside projects like Gardener, OCM, and OpenMFP, offer a neutral and open interoperability approach based on existing, well-accepted cloud-native ecosystem standards. Build the future of the cloud-edge continuum together with ApeiroRA.
Software that is built for the cloud is often deployed into multiple applications across landscapes spanning the cloud and edge and often lacks a clear interplay with related business processes. These applications come with domain specific designs on API and data. Data Fabric (DF) facilitates distributed, heterogeneous software services to cooperate on data and business processes without requiring centralized manual pre-design, hard-wiring, or planning. The decentralized approach is enabled through peer-to-peer standardization of discoverability, protocols, and interfaces that aid transparency, interoperability, automation, and machine understanding of data via meta data.
DF spans its fabric across the continuum through the specification of concrete technical interfaces (APIs, resource discovery protocols and events) that can be leveraged by ever higher level abstractions and constructs necessary for designing and automatically integrating business services and applications - such as Data Products, Process Modelling & Execution, and Data Spaces.
The ultimate ambition of Data Fabric is that applications find themselves automatically and connect to an effective business process – supported by common denominators on meta-data and process level.
Open Resource Discovery (ORD) is the first contribution in ApeiroRA as part of the Data Fabric. ORD helps software developers and providers to define how their services expose and discover their APIs, Events, capabilities and data. This includes practical concepts and examples of how technical services can implement a business reality over a distributed cloud-edge scenario using ORD-based semantic concepts.
Modern applications, including the associated as-a-Service canopy, are typically built and run using a combination of cloud-native technologies, microservices, preferably using event-driven architectures, and operated with progressive release and life cycle management. Application teams that should battle with the technicalities of distributed systems challenges face a business predicament: which provider(s) of infrastructure should be qualified and supported? If more than one provider is necessary to reach the market, undoubtedly a Cloud Operating System (COS) is fundamentally needed; a body of software that abstract the “continuum”, orchestrates workloads dynamically across available resources, and protects and isolates tenants from each other.
The following projects represent adaptable building blocks needed for COS.
A distributed system spawns over multiple individual machines, where Linux as an operating system of choice abstracts the underlying, possibly heterogeneous, hardware resources. This makes Linux strategic to ApeiroRA which requires elevated attention. ApeiroRA includes Garden Linux, a Debian GNU/Linux derivate that aims to provide a small, secure, and auditable Linux. Garden Linux has a highly customizable feature set that can be adjusted to fit your needs, and prebuilt images are provided for cloud providers and major hypervisors. While ApeiroRA allows for any compatible Linux distribution to be used, all ApeiroRA components will be streamlined and qualified/supported by SAP on Garden Linux only.
All resources and services in a distributed cloud are advantageously managed through an API. But often, the methods of organizing software products on the cloud are old-school, imperative, artisanal, and hand-crafted, involving human DevOps teams to accomplish the goal. The cloud-edge continuum though, demands mobility of software (and data) between the many providers, cloud regions, and the plethora of edges, and therefore requires a modern, fully automatable, approach for software life cycle management (as internal concern when considering Software-as-a-Service products). For ApeiroRA, it's not just important but crucial to provide best practices and ready-to-use toolsets for managing the lifecycle, security posture, and the mobility of cloud-native software. We tackle the cloud-native life cycle management with synergetic practices and technologies.
Software today must fulfill further obligations than its plain functionality. Security and Compliance are crossover requirements that all components in ApeiroRA must fulfill. Therefore, ApeiroRA includes relevant tools and best practices to increase the general security posture and compliance level with automation. Similar to Software Bill of Materials (SBoM), ApeiroRA introduces a Software Bill of Delivery (SBoD) for cloud-native products described with OCM. OCM based identities allow to correlate all audit relevant facts with the software development and operational lifecycle. End users can adopt the tools provided in ApeiroRA for their own development process. Furthermore, ApeiroRA in phases provides a growing number of tools and predefined processes templates gathered in the OCM Gear.
The Gardener Project is a robust, scalable, and production-hardened, certification ready, open-source system that manages Kubernetes clusters across many infrastructure providers. It's designed to handle the heavy lifting of cluster provisioning, management, and operations, freeing up teams to focus on their core competencies. With its extensible architecture, Gardener ensures seamless integration with existing infrastructure/cloud providers, making it an ideal choice for the diverse and complex cloud and edge needs. It embodies the principles of the European Union's digital strategy, promoting open standards, interoperability, and hence serves as a bootstrap building block in ApeiroRA.
The Open Component Model (OCM) allows describing software products and included versioned components and (security) related metadata in a standardized way. It is a Software Bill of Delivery (SBoD) specification, akin to Software Bill of Materials (SBoM). Tools built for OCM enable consistent and secure delivery of software products across the many organizational and physical boundaries of the continuum. Furthermore, OCM becomes a source of truth and offers component identities to correlate information from and for the build, deployment, up to the runtime context. OCM can be used to prove the end-to-end compliance and security posture of a software product (also see Security & Compliance Automation).
The Open Managed Control Plane (OpenMCP) enables extensible Infrastructure- and Configuration-as-Data capabilities as a Service. Based on the Kubernetes Resource Model, all resources in the cloud-edge continuum with ApeiroRA are accessible and managed via a declarative API and corresponding controllers and operators. Together with the controller which understand OCM and declarative deployment orchestrators, consumers can subscribe to a product release-train of software producers and implement an automated, GitOps-driven deployment workflow at the edges.
The Open Micro Frontend Platform (OpenMFP) project is an opinionated, “batteries-included” framework for building portals and complex web-based applications with enterprise qualities.
Key value propositions are the dynamic extension model and the inclusion of central shared services (e.g. for Authorization), which enable the seamless integration of UI capabilities from different teams and disparate organizations. Whereas classical UI integration techniques typically force teams to fully align their release and life cycle procedures, OpenMFP preserves the autonomy for teams to contribute independent capabilities and services, while not impeding the teams in their choice of technology and allowing them to independently release and life cycle their services.
For ApeiroRA, we use OpenMFP to make the multi-vendor cloud continuum tangible for end users, providing access to, for example, Kubernetes cluster management, IaaS administration and compliance data, all integrated into a central touchpoint.
The cloud-edge continuum requires physical hardware which can be housed in centralized, secure data centers or in more compact form factor at near and far edges, all with appropriate energy supply (preferably renewable) and cooling. Alongside the physical setup of cloud and edge locations, a software system is essential for managing this hardware - the Baremetal Operating System (BOS). The BOS is designed to create a stable and robust foundation that seamlessly integrates with the Cloud Operating System (COS). As spending on cloud infrastructure services continues to grow, BOS aims to facilitate an easily reproducible, fully automated, and end-to-end lifecycle for compute, storage, and network hardware from build to decommissioning. In addition to documentation, BOS will provide a reference implementation on qualified hardware, allowing companies to join the continuum.
BOS extends the traditional definition of machine-centric Infrastructure-as-a-service (IaaS) by operationalizing and combining cloud-native concepts with robust and known open-source components. It is primarily provided via projects IronCore and CobaltCore, whereas other projects assist with its production-grade monitoring and operations.
CobaltCore is a reimagined, opinionated, and Kubernetes enabled OpenStack distribution, fully embedded with other projects of ApeiroRA. It complements IronCore and bridges the obligation to support the numerous non-cloud-native workloads by ensuring backward compatibility. The resulting, well-known Infrastructure-as-a-Service offering is augmented with value-added capabilities, such as a novel, micro-frontend based self-service portal, advanced scheduling and rebalancing, container registry as a service, and integration with Gardener and GardenLinux.
Furthermore, CobaltCore offers coordinated control-plane maintenance, reliable updates of the compute (hypervisor) and storage fleet, extended audit capabilities and customer telemetry services. Operational requirements are seamlessly integrated with the Greenhouse Operations Platform and security posture management. As with all projects, the software lifecycle utilizes OCM methodology and best practice, wherein Kubernetes-based operators automate the inner lifecycle for all concerns.
IronCore provides the new reference for compounded software layers for inventorying, managing, and maintaining Baremetal using Kubernetes’ cloud-native principles. Kubernetes, originally designed to manage and orchestrate containerized applications and microservices, has significantly expanded its reach through its inherent API extensibility, allowing it to be adapted to a wide range of use cases entirely outside the realm of containers. IronCore takes a modern spin with Kubernetes, offering a single interface for managing resources orchestrated across regions, data centers, and availability zones. All assembled with the identical blueprint, thereby offering unmatched flexibility, scalability, and ease of use. Unlike traditional infrastructure solutions, IronCore delivers a much sought, fresh, next generation approach. As a default, Ceph is modularly provided as a cloud-natively automated, vendor-neutral storage backend for block, shared, and object storage. Furthermore, a disruptive network fabric based on CLOS Topology is included. The software defined network data plane materializes through routed layer 3 only, using an IPv6 overlay, and is grounded on the robust, standard experience of the established internet architecture and technology.
IronCore can be used for cloud-native workloads via Gardener directly, where IronCore dynamically sources ephemeral virtual and physical machines for Kubernetes. IronCore can also be used as the robust foundation layer for other opinionated infrastructure management platforms, such as CobaltCore.
Greenhouse is a comprehensive platform designed to address the challenges of operating large-scale cloud infrastructures.
It offers a holistic dashboard and API to manage various operational aspects efficiently and transparently. Moreover, it enables operations of a globally distributed cloud infrastructure in compliance with industry standards. The platform addresses common operational challenges such as the complexity of tools, fragmentation of configuration, visibility and permission management.
Several plugins extend the core platform, providing cloud-native observability, security & compliance tooling and more. These plugins come with sane default configurations and include all necessary components for application-specific needs such as production-proven alerts, playbooks, metric visualization dashboards.
