A Sovereign Cloud for the German Government

Thank you, thank you for the possibility to, to present the work we are doing. And on the first glance, if you see me hear me talking about the sovereign cloud and the cloud system, it might be far away from all these identity topics, but it is not, as, you know, the systems have to manifest somewhere. You have to run them somewhere and you want them in to run them in a secure cloud environment. So I'll be talking about this sovereign cloud. We are proposing and preparing these days for the German government.

And we have, if you look at the recent years, a lot of demand has been uttered by governments that they want clear regulations being in place for data residency, for data processing and being in full control end to end. In Germany, we have this ITpedia, which is an eight 800 page monument to, to advise you how to run your systems and how to control the flow with your information from end to end, from the client to the backend. And on the other side, there's a lot of need for operational sovereign in terms of cleared personnel and so on.

And on the search dimension, we see a special here in Germany from the Bundes technique bsi, that there's a need for transparency and fast ways of, of reacting to, to attacks, for example. And there's definitely a need for services that are normally hosted in public clouds or public available clouds. We talk about collaboration services, office services, but also like all the databases, scaling HPC and so on.

We call it parity in in terms of yes, the government needs a special cloud for their own, but with the same quality and the same standards and with the same power that they would be used from when, when they compare it to a, to a commercial cloud. So what we did is, okay, so if you look at the left side, I just noted some of the so-called cloud platform requirements that are in place here.

When we started talking with the government a couple of years ago on that issue, we got a so so-called red lines water lenient that we had to fulfill in terms of how is the data traveling, who is, who has access to the data center, what kind of APIs are supported there, what kind of open source components? And we antivirus components and we are in the zone that resulted in nine so-called red lines negatively formulated. So in the meantime, they are so, they are renamed, we now call them cloud platform requirements. And some of them are noted here.

And some key principle for designing such as sovereign cloud for the government is it's especially designed and to be only used by the government. So no industry players or customers in there. There is no standing connection to our, I'll show you on the network diagram later on the, on the site to our border gateway protocol network. Every data getting into this cloud, getting out of this data egress data egress is controlled by bsi. Yeah.

Meaning like for us, as soon as we, we built this cloud right at the moment, the, the, the buildout is running and as soon as it is certified and handed over to the German company called dealers cloud came behind, they will operate it. We as Microsoft test come with a truck, so to speak, going to the loading bay, putting our updates there. And everything that is loaded via this loading bay definitely is controlled and inspected by the bsi, by by our German regulator.

But also if you look at the whole platform according to the law, the BSI is obliged to control all the data sitting in that platform, getting in and out to every door, yes, loading bay in the back as well as the front door where the customers get in, bring their office workloads or their databases. All of these entrances are controlled end to end. And of course it is operated here in Germany. And this was, this was like the left side. Look at the left side. This is the, the requirements. What did we do? What did we design?

We designed the, a sovereign cloud that is run by cleared personnel, for example, which is run by a German entity owned and run by a German entity called Delos Cloud, which was founded by SAP and Batman Lavato. So in its German jurisdiction, we have a national operator. The personnel working there will be cleared personal with the security clearance.

And, but there's some things that are dependencies from outside. For example, all the name resolution we will not be hosted inside, but it is a dependency from outside. So the bun de will provide us with, with a domain name service that we can use. They will provide us with a PKI and HSM and certificates and so on that we can use. And of course there's looking here to terminate the German crypto industry. There's the strong will and the requirements to, to use and implement German crypto technology in terms of HSMs, high, low DEOs and and so on.

So if we look into the high level architecture, and if you look at the middle part of the, of this diagram, you'll see the functionality of our Azure cloud technology. And this is, we were talking about from like if you take it from a bottom up. So supporting infrastructure as a service container as a service, of course, in the platform as a service, I'm up to software, a service like office and maybe sap, SharePoint, you name it.

And, but looking at this picture, you'll see I'll mark the, the the or painted the customers on the right side. So the plan is to connect this cloud, this cloud factory, so to speak, to the corporate network of the customer, which is called, you see it here, it's called ndb net, this net, which is the corporate network of the federal government.

So every user that is able to work on the corporate network of the federal government, NetID, Bunes will be able to access this cloud through the fault front door and then replace workloads there, use office to work within their organization, but also work between different organizations within the same cloud. And of course you can, if you use teams for example, and you are the foreign ministry here, you can, we will definitely be able to make a call to another foreign ministry outside that sovereign cloud here.

What is special and what is the difference between, if you compare it to a cloud that is normally run within our normal data network and you know, we are a cloud provider, we are running more than 200 data centers in over so-called 60 regions on this planet, resulting in power consumption, right in this second about like 3.5 whatever giga. What, huh?

Here we, but we are talking about like using the same technology but also the same way of like building the racks and so on other like hardware using the same software like in our cloud, public cloud data centers and using the same procedures and all the soft stuff you need to run a data center, the standard operation procedures, troubleshooting guide, capacity planning tools, but also revolving doors and the tools to issue batches and so on. What we do is we'll hand over the whole package.

You need to run this building hardware software to capacity planning, reorder cables you might need in the future and so on to make the dealers cloud game behalf fully sovereign operatable and fully able to, to run this cloud on their behalf or on their, in their way away. When you search for Microsoft here on this picture, you'll find us on the, on the bottom left, huh?

Because at the moment when this high tech factories are built and handed over, testified by bay's eye, we will step out of this factories and only come along with our truck to the loading bay, bringing Euro pallets, so to speak, and we human and machine readable updates to be delivered there. So that be, I will look at them randomly or fully inspect them and then move them into the production hall to be executed, huh?

Meaning for example, if you have an update for the software defined networking stack or for some databases, whatever, they will all go through this so-called data diode, which is controlled by the, the BSI coming from the other side, from the right side. Of course customers can implement in their tenant, huh? They can switch features on in office, but it also bring their own database to install it there and so on. But always keep in mind the whole platform is PSI regulated and PSI controlled, huh?

So of course every customer within this platform being a member of the ministry for example, or being with the police force or whatever entity you take from the government is obliged to relate to the so-called it security end to end. And the kind of certification we are aiming at is the c5, the cloud computing criteria catalog from the BS I, which is probably internationally well known.

And, and we became a standard as on and on top of that we aiming this, we aim to, to provide with that platform classified information, forest NFD in Germany to be hosted there for the agencies and ministries to use also classified material to be safe there, to be collaborated with and so on.

If you take one more the, the, the, the view to the, to the right, you'll see that over the nets over the corporate network we are, we can connect federal entities, state local entities and also cities for example, to that network because we have exchange points with all this so-called land nets and bundes nets, so on, so on. But of course there will also be an controlled outbreak connection point to that, what we call the internet to be able to make team calls to be able to send emails and so on across that, across that border.

And when we go on once more, more in the architectural view, and I think this is the connection point to that, to, to our conference here as well as we are talking about identity systems and wallets ID systems, AI gateways and so on, they have to recite somewhere. And for, from my, from my point of view, and this is the reason why I suggested this, this talk here as well at least is this sovereign cloud can be a really valuable and secure place to run tested workloads. But looking at it, we always had in mind a so-called multi-tier architecture, for example.

It's from a very architected point of view, I would say that is a very good place to put the back ends, the databases, the stuff that has to, to to scale out quite quite good. While as like for example, the interaction with the customer or a ural person is not the stuff you would do on this sovereign cloud, but instead on another level, on another tier, for example, with a local Berlin IT provider, the Berlin IT provider would identify and identify you go to the backend, take the data and then deliver it.

So it's a division of, of labor, so to speak, an NT architecture, microservices, talking with each other because when we, maybe let me just open up the round for questions or if there's no burning question, Mike's doing that. I just wanted to say how much I admire your choices and hairstyle and beards. So thank thank you very much first of all for that interesting presentation. Now I've actually had a question from the audience, which is, which was, and maybe you've answered it and I didn't quite get it, but it's goodness me, there's all these questions.

What is the, what is the scope of government? Because it says here, federal, state, local borden or federal owned companies?

Okay, it's, well, it's the, the scope is federal entities, state, local and local, but no owned companies and so on. And the primary, primary scope was only federal. But with our, the main, the project owner, so to speak, is the ministry of Finance. And from their point of view, it is the federal entities, state, local and local, but not owned companies like CHEBAN and so on.

Okay, Thank you. And no universities, no hospitals and so on. We Have one in the audience. Yeah. Okay. An audience question.

Yeah, so thanks a lot. It's a very interesting project where one can see that you seem to take the word sovereign quite seriously. Nevertheless, my, my question is, does the BSI have access to the source code of the technology that Microsoft is delivering to make sure that there are no back doors? That's you, you, you, you, you understand?

Yep, yep. Yes. Thank you. Yes.

And yes, BSI has a long working relationship with us and they are part of the so-called government security program. And with that they have access to this products. And we started the journey, right when the, about the time when the pandemic hit and we, we are spending couple of hours every week like from from, from documentation and, and technical stuff to like dive through the whole platform and also dive into all the different stuff. And then we found interesting things like, oh, you call it as a firewall.

Oh, it looks like it's IP tables. Yes, it is. Yeah. And then you start drilling into all that stuff. And from the perspective, we are building this cloud right now, like the data halls preparing, putting the racks in and stuff like this.

And the, the same time in apparel way, we are doing functional testing with the BMF in order to, how, how does it look like to, to log on, to log off, to collaborate and so on. And then the, the third phase is as soon as this cloud data centers are built out that the PSI will, we take the whole platform and look without any users to, to get a decent zero line for everything to do the whole inspection. Because this is the ground for not for c5.

You get C5 other way tested as well, but we want to go for classified data and therefore you have to have full open book for your supply chain, for your technology, for the software and for the processes. It's source code is one part, but we on the other side that the process, how do you deal with x?

Y said, how do you implement a HSM and so on. This is even more interesting and more important because this has to be looked, we add by the BSI as well. So thank you. So there are actually quite a number of questions have come up on the online more than we really have time to deal with here. So can I suggest that the people that were asking those questions hook up with, with Thomas here after the session. But thank you very much indeed, Thomas, for your very good presentation.