Switching Register
Version: 2025-09-19
- Contact: security@ayedo.de · billing@ayedo.de
- Legal nature: This register specifies Art. 26 EU Data Act. The contract including the General Terms and Conditions remains decisive. For each contract, the version handed over at the time of the conclusion of the contract is decisive (export/PDF as an attachment). Subsequent updates do not affect current contracts to their detriment.
1) Purpose and Scope
This register describes procedures, data structures/formats, standards, and interfaces for provider switching. It applies to the following ayedo service areas:
- Managed Kubernetes (Public Cloud, Private Cloud, Enterprise Cloud)
- Managed Apps
- Bring-Your-Own-Apps
Note on on-premises target environments: Switching to customer-owned data centers is supported (see Section 9).
2) Process Overview (Notice → Transit → Completion)
Notice (Initiation)
The customer initiates the switch with an announcement at least 2 months before the desired start date. ayedo confirms within 5 working days and designates technical contact persons as well as access to the export interfaces.
Transitional Period
During the transitional period, which usually lasts 30 calendar days, the service remains usable. ayedo cooperates in good faith.
Extensions
Two mechanisms exist:
- Technical impossibility/dependencies – notification within 14 working days; maximum total duration up to 7 months.
- Customer right to a one-time extension according to Art. 25 para. 5.
Retrieval and Completion
After the end of the transitional period, ayedo provides a retrieval window of at least 30 days. Subsequently, the exported data (including backups) will be deleted with confirmation.
SLA/escalation for switching tickets are based on § 18 of the General Terms and Conditions.
3) Data Mapping (Categories, Formats, Methods)
| Category | Format/Spec | Method / Endpoint (Examples) | Notes |
|---|---|---|---|
| Cluster Configurations | YAML/JSON (Kubernetes), Helm, Kustomize | Git/Artifact Export; Bundle ZIP | CRDs/Policies documented; no secrets in plain text; separate handling see Section 7 |
| Container Artifacts | OCI Image/Artifact, OCI Distribution | Registry-to-Registry (Pull/Push); Digest manifests | Signatures/Provenance optional; Namespace/Tag mapping project-related |
| Persistent Data | CSI Snapshots/Backups | Snapshot → Transfer → Restore | Consistency via App Quiesce; RPO/RTO project-related; Longhorn-based volumes via CSI path |
| Object Storage | S3-compatible API | Bucket Replication/Export | Versioning/ACL mapping documented |
| Logs | JSON Lines | Bulk Export API / Blob Export | Time window and filter negotiable; PII filtering optional |
| Metrics | OpenMetrics | Prometheus Remote Write / Bulk Export | Standard retention 30 days; typical resolution 60 s |
| Traces | OpenTelemetry (OTLP) | Collector Export / File Dump | Service/Span schema documented |
| Identities/Roles | OIDC/SAML, RBAC (Kubernetes) | Role/Group Export; IdP Mapping | Customer-owned IdP recommended |
| Secrets/Keys | BYOK/HYOK (no plain text) | Re-Injection via KMS/Vault | Rotation at transit start; no plain text export |
4) Backups with Velero (Restic/Kopia on S3)
Backups and restorations are performed using Velero. Storage volume contents are backed up to S3-compatible object storage via Restic/Kopia.
- Export. For the switch, backup sets are specifically marked and transferred to a customer-specified S3 destination.
- Encryption. Customers can use BYOK; key management is handled via the customer-side KMS.
- Validation. After the transfer, key-date backups are checked randomly (readability, checksums, restore dry run by arrangement).
5) Persistent Data and Longhorn
For persistent volumes in Kubernetes clusters using Longhorn, exports are orchestrated via the CSI interfaces by default. Alternatively, for special target environments, an export via Longhorn snapshots and subsequent re-hydration is possible. The choice of path depends on the requirements of the target provider and the required consistency.
6) Monitoring with Prometheus
For metrics, ayedo supports Prometheus Remote Write to customer-side systems as well as time-limited bulk exports. The standard retention is 30 days, the typical resolution is 60 seconds. Details on label and naming conventions are documented at the start of the project.
7) Secrets and Key Material
Secrets are not exported in plain text. It is recommended to use re-injection at the target via customer-side KMS/Vault mechanisms (BYOK/HYOK). At the start of the transitional period, a key and secret rotation is performed. Transfers are made via secure paths; protocols document the time, responsible parties, and hashes.
8) Open Interfaces and Standards (Art. 30 para. 2–4)
ayedo provides open, documented interfaces free of charge and maintains compatibility with common open specifications:
- Kubernetes (CNCF), OCI (Image/Artifact/Distribution), CSI (Storage), CNI (Networking)
- OpenTelemetry (OTLP), OpenMetrics, Prometheus
- S3-compatible object APIs, OIDC/SAML for identities/federation
Technical documentation and examples are provided project-specifically. Breaking changes to interfaces will be announced at least 6 months in advance.
9) On-Premises Target Environments
Switching to customer-owned data centers is supported. Data transfer takes place primarily via secure network paths (VPN/peering) to customer-side registries/object storage.
For air-gapped environments, ayedo provides offline-capable artifact bundles and storage media upon request. The handover is logged (hashes, serial numbers, responsible parties). Safety requirements of the customer are included in the migration plan.
10) Export Throughput and Operating Windows
As a guideline, ayedo provides up to 5 TB per day per tenant. Higher volumes are possible after coordination. Operating and cutover windows are planned jointly; freeze periods only in case of justified risk.
11) Switching Charges until January 12, 2027 – “at cost”
Until January 12, 2027, service-related switching costs may be charged, exclusively as a pass-through of directly attributable costs (e.g., migration compute/runner, egress/transit, switching-related third-party tools/licenses, explicitly commissioned engineering services). From January 12, 2027, no switching charges will be levied.
12) Security and Data Protection
The customer is the data controller, ayedo the data processor. Transfers are encrypted and accompanied by integrity checks. After completion, exported data (including snapshots/backups) will be securely deleted; the customer receives a deletion confirmation. Data subject rights under the GDPR remain unaffected.
13) Contact and Escalation
- Technical Contact (Switching): security@ayedo.de
- Legal & Compliance: billing@ayedo.de
- SLA/Escalation: according to § 18 of the General Terms and Conditions
14) Version and Contractual Reference
This version bears the version 2025-09-19. For the interpretation of the contract, the attached PDF version of this register with the same version level applies. Changes to this online register will be documented; ongoing contracts remain unaffected unless a mutual update is agreed upon.