A European Cloud?

What are European Cloud solutions that can be used as alternative to AWS, Azure and Google Cloud Platform?

Introduction

Today, again, the question was raised, whether a project can be hosted in a European cloud, compliant with European regulations, especially with data protection requirements.

As in many cases there's no one-size-fits-all-solution, it heavily depends on your requirements.

And that's mainly because there is no standardized cloud. So, let's first look at what the big-three providers have to offer and what the differences are.

The Big Three

Amazon offers their cloud services und AWS (Amazon Web Services), which has a huge range of services: More than 500 services in around 20 categories are listed as cloud products and many new services are launched every year.

Microsoft has also a wide range of products, but not all of them can be called cloud products, although they are marketed as cloud solutions (e.g. Office 365). Cloud services are offered under Azure. There are also a few 100 services available, also listed in around 20 categories.

Google summarized all Cloud services under Google Cloud Platform. It consists of more than 150 servicesorganized in 6 categories.

The least common factor are these areas:

·      Computing (Virtual Machines)

·      Storage (Databases)

·      Kubernetes

·      Artificial Intelligence (AI resources and engines)

·      Serverless

And for the first 3 points you can indeed find a lot of alternatives in Europe. They are to a certain degree standardized.

When you already use anything else from the list of their services in your existing solution, you probably have to search for your very own specific cloud alternatives.

What are the different standards to look for?

Computing (Virtual Machines)

You can usually get VM instances – basically computers in the cloud – that you can flexibly start, stop and manage on your own. You can choose the power (usually the kind and number of CPUs), the size (RAM) and sometimes a category for a specific purpose (e.g. optimized for calculations, search, databases, AI, etc). And you can choose your own operating system, usually Windows (which requires a Non-European license) or Linux (Open Source).

When you have your application already prepared for Docker or Podman, you can basically choose any VM to run it on.

✅ There are a lot of services providers in Europe that can provide bare VMs or Docker/Podman instances.

When using VMs, you can usually also attach physical storage to your VM and use it as your local file system.

Storage (Databases)

If you need a database, you have the choice of doing it on your own on VM instances or to pick a managed database from a cloud provider. When doing it on your own, consider additional effort for scaling, availability and management. When choosing a managed database, there are a some available from almost all cloud providers. Most of them are just instances of popular Open Source databases. There are many providers of relational databases (e.g. Postgres, MySql, but also Oracle or others). Also NoSQL databases (e.g. MongoDB, Cassandra, Cosmos) are very popular and available as managed database.

✅ Usually, European cloud providers also offer these types of databases.

If you are using a provider specific database you need to check individually what alternatives are available on the market or if you can migrate to a more common one.

Kubernetes

When your project is running on Kubernetes, chances are good that you can just pick any cloud provider. But be careful when migrating. Some features are only available in specific Kubernetes versions and, although standardized, sometimes there are subtle differences when using Kubernetes instances from different vendors (e.g. RedHat, SUSE, OpenShift, VMware).

✅ Nevertheless, Kubernetes is a typical offer from European cloud providers, too.

Artificial Intelligence

Here the market is very rapidly changing. There are a few standard large language models (LLM) that are offered by many cloud providers, but it is at the moment very difficult to predict compatibility. Some cloud providers even exclude AI execution on their platforms. Individual research is necessary to meet project requirements.

❓ There are also many European companies that offer managed AI LLMs, but compatibility is very limited.

Serverless

For classical cloud resources and Kubernetes it is still necessary to manage almost every detail of your project. You have to setup the resources, organize proper scaling and make sure, everything runs without wasting resources. But the latest trend is to use serverless computing or "Function as a Service" (FaaS). Here, you are not managing the resources on you own, you just get an "execution environment" for individual operations, all resources are dynamically allocated as needed. No need for server management, no worries about scaling. And you pay only for the compute power that has been used.

While AWS has Lambda, Azure offers Azure Functions and Google Cloud Platform advertises Google Run, all these serverless solutions are very specific. The runtime is matching the programming language, but the connection from and to serverless environments differs widely, due to platform features and deployment models.

❓ Today, when deciding for a serverless platform, it is very likely that you end up with a vendor lock-in. There are some European providers, but the compatibility is limited.

Multi-Cloud

When you want to stay independent or want to use multiple cloud providers in your project, this can usually be achieved by Infrastructure as Code (IaC), using Terraform and Ansible. Those Open Source projects have adaptors to many cloud providers, and you can manage your resources flexibly and reproducible.

But that also means, you have to manage your infrastructure as code within the project.

✅ Many European cloud providers have Terraform plugins.

Integration

User Management

One of the most important points in a project is user and access management. Usually, you have two basic types for authentication:

·      Users are managed by a company or organization

·      Users are managed independently within your project

In the first case, you need to connect your software to a company identity management (LDAP or Active Directory), in the second, you need to setup and manage your own identity management.

In both cases, you usually need an Identity and Access Management (IAM) solution in your project. You are probably setting up OAuth 2.0 or SAML. In many cases, Keycloak (Open Source, managed by Red Hat) is used today. As this is the heart of your security architecture, it needs to be very carefully managed and closely monitored.

Some cloud providers offer a managed Keycloak instance.

Special considerations are required when using Microsoft AD as central IAM. This could jeopardize the whole idea of a European cloud project. The same thoughts should be relevant for possible Office 365 integrations or whenever you need a license from a Non-European company.

✅ Nevertheless, there are European solutions that could be considered. Very few providers are offering to run MS products in own data centers located in the EU. Also checkout the status of the Microsoft Sovereign Cloud initiative.

Other Services

When further other services are integrated everything needs to be checked individually. In many cases there are external APIs used or libraries from Non-European providers included for specific product features.

❓ Individual evaluation is required to identify these parts and fulfill regulations or find alternatives.

It is recommended to generate an SBOM (software bill of material) for your project, which can also be used for vulnerability scans.

Gaia-X

The Gaia-X project started as a promising cloud alternative. As Open Source initiative it was meant to replace the need for one of the big three players, implementing security and European data protection needs. But it a little academic and was never broadly excepted by major cloud projects.

❓ It's always difficult to make predictions, but using Gaia-X as cloud platform for production services needs to be evaluated very carefully.

Encryption

Encryption is a good alternative to achieve digital sovereignity, independent from any cloud provider or vendor lock-in.

It is important to consider that the encryption is required at transport and storage level, perhaps also "in use" – on computational level (confidential computing). Transport level is usually easy with TLS. More organizational effort is required for full encryption when storing data (encryption at rest), because the keyes need to be managed in a trusted location – which is usually not the cloud provider.

❓ Confidential computing usually requires Homomorphic Encryption and there are only very few players on the market at the moment. There's one Open Source Project that aims for full encryption: OpenMPCC.

Another point to consider is that also software development requires special protection. That means, that developers have encrypted computers and project sources are transferred and saved on encrypted instances.

Wir unterstützen Unternehmen dabei, ihre Informationssicherheit zu stärken und Compliance-Anforderungen wie NIS2 und ISO 27001 zu erfüllen.

Impressum & Datenschutz

all rights reserved