The Knowledge Graph (KG) builds a connected network leveraging the metadata aggregated by UMS and covering relationships across a distributed service landscape. The KG is then further enriched via AI powered modeling on top of the extracted metadata. In this way, KG becomes the basis for generating a semantic representation, tailored for consumption by agentic AI. The representation is used in crucial steps like API discovery and query generation and enables agents to achieve data access within and across enterprises at scale.

Public links coming soon.

Open Resource Discovery (ORD) is a protocol for decentralized metadata discovery that lets software providers describe and publish their APIs, events, capabilities, and data products in a machine-readable way. Consumers and platforms can then automatically discover and integrate these resources without manual coordination. It establishes a common standard for publishing this metadata in a structured, machine-readable way across a distributed cloud-edge landscape.

ORD is the foundation of the Data Fabric. The metadata it produces is collected by UMS and used by the Knowledge Graph to map relationships between business objects across providers.

WebsiteGitHub

The Unified Metadata Service (UMS) is a central service that collects and aggregates ORD-based metadata from all participating services in a given landscape, making it queryable by platforms and AI agents without requiring direct integration with each individual provider.

Together with ORD, UMS enables seamless and automatic integration between services hosted across different providers, without requiring centralized manual pre-design or hard-wiring.

Public links coming soon.

A distributed system spawns over multiple individual machines, where Linux as an operating system of choice abstracts the underlying, possibly heterogeneous, hardware resources. This makes Linux strategic to ApeiroRA which requires elevated attention. ApeiroRA includes Garden Linux, a Debian GNU/Linux derivate that aims to provide a small, secure, and auditable Linux. Garden Linux has a highly customizable feature set that can be adjusted to fit your needs, and prebuilt images are provided for cloud providers and major hypervisors. While ApeiroRA allows for any compatible Linux distribution to be used, all ApeiroRA components will be streamlined and qualified/supported by SAP on Garden Linux only.

WebsiteGitHub

The Gardener Project is a robust, scalable, and production-hardened, certification ready, open-source system that manages Kubernetes clusters across many infrastructure providers. It's designed to handle the heavy lifting of cluster provisioning, management, and operations, freeing up teams to focus on their core competencies. With its extensible architecture, Gardener ensures seamless integration with existing infrastructure/cloud providers, making it an ideal choice for the diverse and complex cloud and near edge needs. It embodies the principles of the European Union's digital strategy, promoting open standards, interoperability, and hence serves as a bootstrap building block in ApeiroRA.

WebsiteGitHub

Konfidence is an open-source software delivery framework. It ensures that only tested and approved versions reach production, addressing a common challenge in complex IT landscapes.

Instead of relying on fragmented deployment processes, Konfidence uses immutable, versioned application packages. These packages contain all the necessary components for consistent and traceable deployments across development, testing, and production environments.

Konfidence reduces complexity, improves security, and facilitates predictable daily releases. It supports modern deployment practices, such as progressive rollouts and feature toggles, providing a structured process for faster, more stable, and more transparent software delivery.

Website

Luigi is a micro frontend JavaScript framework for building modular, scalable, and technology‑agnostic web applications with a unified user experience across distributed UI modules.

Luigi enables organizations to develop complex web applications by composing independent micro frontends, each potentially built with different technologies. Its value proposition lies in simplifying integration, navigation, and communication between distributed UI modules, reducing development overhead and fostering team autonomy. Luigi provides a consistent user experience, centralized authentication, and extensible configuration, making it ideal for enterprises seeking scalable, maintainable, and future-proof frontend architectures.

WebsiteGitHub

The Open Component Model (OCM) allows describing software products and included versioned components and (security) related metadata in a standardized way. It is a Software Bill of Delivery (SBoD), comparable to a Software Bill of Materials (SBoM), but specifically focusing on delivery artifacts.

Tools built for OCM enable consistent and secure delivery of software products across the many organizational and physical boundaries of the continuum.

Furthermore, OCM becomes the operational source of truth and offers component identities to correlate information from and for the build, deployment, up to the runtime context.

OCM can be used to prove the end-to-end compliance and security posture of a software product (also see OCM Gear).

WebsiteGitHub

OpenKCM is an open-source Key and Crypto Management solution designed to provide secure, scalable, and flexible key management for cloud-native and enterprise environments. It supports key hierarchies, BYOK (Bring Your Own Key), and HYOK (Hold Your Own Key) scenarios, enabling customers to retain full control over their cryptographic keys and revoke access to sensitive data at any time.

OpenKCM integrates with various key management backends, offers extensible APIs for cryptographic operations and lifecycle management, and ensures compliance with stringent security and privacy standards across multi-tenant platforms.

WebsiteGitHub

The Open Managed Control Plane (openMCP) enables extensible Infrastructure- and Configuration-as-Data capabilities as a Service. Based on the Kubernetes Resource Model, all resources in the cloud-edge continuum with ApeiroRA are accessible and managed via a declarative API and corresponding controllers and operators. Together with the controller which understand OCM and declarative deployment orchestrators, consumers can subscribe to a product release-train of software producers and implement an automated, GitOps-driven deployment workflow at the edges.

GitHub

The Open Micro Front End Platform (openMFP) brings together micro front ends and APIs into a cohesive platform, allowing teams to contribute components while maintaining their independence.

• Decoupled Development: Teams can work independently using their preferred technologies, promoting agility and innovation while contributing to shared objectives.
• Unified User Experience: OpenMFP integrates key systems like authentication, reducing redundancy and improving usability across services.
• Extension Mechanisms: The platform supports adding new micro front ends and APIs, ensuring scalability and adaptability to evolving needs.

WebsiteGitHub

The Platform Mesh defines an environment that allows service providers to offer services of any kind and service consumers to discover those services, order capabilities, and control their lifecycle.

Platform Mesh powers complex multi-tenant environments without compromising security, delivering a foundation for globally distributed and highly scalable services. Built on the Kubernetes Resource Model, it provides a declarative API layer for seamless interaction between providers and consumers. With integrated control planes and support for decentralized marketplaces, consumers can easily discover APIs while providers publish services effortlessly.

WebsiteGitHub

CobaltCore is an opinionated OpenStack distribution providing an IaaS layer and API for non-cloud-native and heritage workloads, designed for backward compatibility with established IaaS interfaces, VM live migration, and traditional network configurations.

• Self-Service Portal: Aurora Dashboard provides a micro-frontend based interface for tenant self-service across compute, network, and storage resources.
• Advanced Scheduling: Cortex enables intelligent workload placement and scheduling across the compute fleet.
• Container Registry: Built-in container registry as a service for storing and distributing container images.
• Automated Operations: Zero-downtime maintenance with automatic server discovery, provisioning, and evacuation reduce operational overhead across the compute and storage fleet.
• Security & Compliance: Extended audit capabilities, customer telemetry, and security posture management are seamlessly integrated with the Greenhouse Operations Platform.

CobaltCore can optionally build on IronCore's Bare Metal Management and Network Automation for a fully integrated, end-to-end stack. It integrates with Gardener and GardenLinux, and follows OCM methodology with Kubernetes-based operators automating all lifecycle concerns.

WebsiteGitHub

Bare Metal Management provides a comprehensive solution for managing physical servers in a Kubernetes-native way. It leverages Kubernetes Custom Resource Definitions (CRDs) to automate the full server lifecycle:

• Discovery: Automatically detect and register bare metal servers, ensuring seamless integration into the infrastructure.
• Provisioning: Deploy and configure servers using Ignition, automating OS installation and server setup.
• Day-2 Operations: Manage BIOS, firmware, and hardware inventory declaratively, keeping the fleet compliant and up to date without manual intervention.
• 3rd Party Integrations: Seamlessly integrate with existing vendor-specific management tools.
• Kubernetes Support: Run Kubernetes on bare metal servers with support for Cluster API and Gardener.

Core components include the Metal Operator for lifecycle management, the Boot Operator for iPXE/HTTP booting, and FeDHCP for in-band and out-of-band network configuration.

WebsiteGitHub

The IronCore Infrastructure as a Service layer exposes a unified, declarative API for managing compute, storage, and networking resources using modular, pluggable providers designed for hybrid and near edge deployments.

• Compute: Pluggable providers support diverse environments, with KVM via libvirt as the default compute backend.
• Storage: Block, shared, and object storage are backed by default with Ceph, a cloud-natively automated, vendor-neutral storage solution.
• Networking: Declarative networking resources are managed through the IronCore API.

The IaaS layer integrates natively with Gardener, CSI, CCM, and Cluster API. It is designed for cloud-native workloads where the compute interface is intentionally ephemeral, enabling Gardener to dynamically provision virtual and physical machines for Kubernetes clusters.

WebsiteGitHub

Network Automation provides a robust framework for automating network management tasks using a Kubernetes-based architecture to streamline the deployment, configuration, and monitoring of network devices.

• Device Discovery: Automatically discover network devices across the data center.
• Provisioning: Automate the provisioning of network devices at scale.
• Configuration Management: Manage and apply configurations across multiple devices consistently.

The IronCore project supports different vendors and device types through dedicated operators, including the network-operator for Cisco NX-OS devices and the sonic-operator for Sonic Edgecore switches.

WebsiteGitHub

Greenhouse is a comprehensive platform designed to address the challenges of operating large-scale cloud infrastructures.

It offers a holistic dashboard and API to manage various operational aspects efficiently and transparently. Moreover, it enables operations of a globally distributed cloud infrastructure in compliance with industry standards. The platform addresses common operational challenges such as the complexity of tools, fragmentation of configuration, visibility and permission management.

Several plugins extend the core platform, providing cloud-native observability, security & compliance tooling and more. These plugins come with sane default configurations and include all necessary components for application-specific needs such as production-proven alerts, playbooks, metric visualization dashboards.

Website GitHub