German Administrative Cloud Strategy: Focus on Kubernetes, Containers, and DevOps

The IT Planning Council adopts the document “German Administrative Cloud Strategy: Framework for Target Architecture 2.0”.

Download PDF

TL;DR

• The German Administrative Cloud should primarily consist of Open Source components
• All participants must implement and adhere to the defined standards
• Providers of solutions for the German Administrative Cloud must
  • deliver their services within German jurisdiction
  • provide Container-as-a-Service platforms based on Kubernetes
  • implement DevOps approaches like Continuous Integration and Continuous Deployment
  • ensure the portability of services between different providers
• Central service components developed by participants of the German Administrative Cloud should be made available to all participants via OpenCoDE

Overview

The IT Planning Council acts as the central political steering committee between the federal and state governments on issues of information technology and the digitalization of administrative services. It promotes and develops joint user-oriented IT solutions, paving the way for efficient, secure, and well-networked digital administration in Germany.

According to § 1 IT State Treaty, the IT Planning Council assumes the following tasks:

• IT Coordination: Coordination of federal cooperation in information technology matters
• IT Standards: Establishment of overarching IT interoperability and security standards
• Digitalization of Administration: Coordination and support of federal and state governments in digitalizing administrative services
• E-Government Projects: Management of assigned projects and products of digitally supported governance and administration
• Connection Network: Coordination body for the connection network between the IT networks of the federal and state governments

On October 10, 2022, the IT Planning Council adopted the “Framework for Target Architecture 2.0” for the German Administrative Cloud Strategy.

The German Administrative Cloud Strategy (DVS) is part of the adopted strategy to strengthen the Digital Sovereignty of IT in public administration. The goal is to create common standards and open interfaces for cloud solutions in public administration to establish an interoperable and modular federal cloud infrastructure across the board.

In addition to the ongoing market development of increasing use of cloud solutions, there are already numerous cloud solutions within the federal administrative levels of the federal, state, and local governments. However, due to a lack of standardization in individual cloud architecture layers, the existing federal cloud solutions are, if at all, only limitedly interoperable and compatible.

The primary goal of the DVS is the possibility of cross-cloud and reciprocal use of applications (software solutions). Additionally, the DVS aims to reduce critical dependencies on providers through standardized, modular IT architectures.

Content

To structure the broad field of cloud computing and effectively standardize cloud solutions, five areas were identified in collaboration with federal, state, and local governments where federal peculiarities should be considered:

1. Development and Development Platform: Uniform platforms, processes, and architectural guidelines for application development
2. Application Deployment and Management: Standardization of the deployment and management of applications throughout their lifecycle
3. Code Repository: Standardized management environments for versioning application code and central mirroring or storage of decentralized source codes with their documentation
4. Infrastructure Service and Technological Stack: Definition of standards for the hardware and software components used to provide IT services
5. Operational Standards and Operating Model: Harmonization of collaboration with IT service providers and service delivery

The Target Architecture 2.0 of October 10, 2022, specifies the implementation specifics for these five areas.

Target Architecture 2.0

The German Administrative Cloud Strategy – Federal Approach was adopted as a concept paper in October 2020 during the 33rd meeting of the IT Planning Council. The measure is part of the adopted strategy to strengthen the Digital Sovereignty of IT in public administration (ÖV) and is assigned to the solution approach defined there “Vendor-independent modularity, (open) standards, and interfaces in IT”.

Digital sovereignty is defined here as “the abilities and possibilities of individuals and institutions to independently, autonomously, and securely exercise their role(s) in the digital world”.

The technical conception of the German Administrative Cloud Strategy is the responsibility of the Sub-working Group Technology and Operations (UAG Technik), in which IT service providers of the ÖV are particularly represented. This proximity to practice ensures ongoing technical feasibility alongside conception.

According to the standardization areas and requirements in the DVS concept paper, the UAG is divided into seven operational teams based on nine fields of action:

• Field of Action 1+4 “Infrastructure and Interfaces”
• Field of Action 2 “Policies / Governance”
• Field of Action 3 “Cloud Service Portal and Support Structures”
• Field of Action 5+7 “Development Environment and Code Repository”
• Field of Action 6 “Operating Model”
• Field of Action 8 “Proofs-of-Concept”
• Field of Action 9 “Integration of External Cloud Providers”

Based on the DVS concept paper, more detailed operational goals were formulated for each field of action. Subsequently, requirements for the architecture were identified within the individual fields of action using application scenarios (“Use Cases”). Based on the identified requirements and operational goals, the necessary systematics or the basic structure of the German Administrative Cloud was derived, from which the present target architecture was specified.

Integration into Existing Ecosystem

The following projects related to the ÖV and focusing on cloud computing were considered within the framework of the target architecture:

• Cloud solutions from federal, state, and local governments (e.g., Federal Cloud): Various cloud solutions already exist (provision of service models Infrastructure-as-a-Service (IaaS); Platform-as-a-Service (PaaS) including Container-as-a-Service (CaaS); Software-as-a-Service (SaaS) at the different administrative levels of federal, state, and local governments.
• Gaia-X: The Gaia-X project aims to make a federated European data infrastructure usable by establishing a network system of existing cloud and service providers based on uniform interfaces and standards, the so-called “Federation Services”. The focus is primarily on shared values regarding data sovereignty, openness, and interoperability. A stringent Open Source (OS) approach is pursued for building this ecosystem in Europe.
• Sovereign Cloud Stack (SCS): The SCS project develops a federatable and fully open software stack for cloud service providers to provide and operate cloud infrastructure independently of manufacturers. Proven, modular standard software components (e.g., Kubernetes) are used in the development, and tools and processes for the automated operation of such environments are implemented. SCS thus provides an infrastructure component for Gaia-X, which can serve as a fully sovereign technical foundation.
• OZG Implementation: The “Act to Improve Online Access to Administrative Services” obliges the federal and state governments (and thus also the municipalities) to offer their administrative services digitally by the end of 2022. A central principle in the OZG implementation is the “One for All” (EfA) principle. This means that solutions developed once by one state can be reused in other states to proceed in a collaborative and time-saving manner in digitalization.

Existing cloud solutions of the ÖV and the associated IT service providers must implement the defined standards of the DVS as participants of the German Administrative Cloud.

By consistently implementing the DVS standards, multifaceted added values are created, which will also support the OZG implementation and the EfA principle in the future. Prospectively, OZG and the German Administrative Cloud should interlock. The OZG implementation is not dependent on the establishment of the German Administrative Cloud and is seen as a parallel course of action. While OZG digitalizes administrative services, the DVS aims to future-proof the IT infrastructure of the ÖV. Nevertheless, the German Administrative Cloud can have a significant supportive effect on the OZG implementation if, for example, EfA services are developed and offered as DVS-compliant (cloud) services, as they can then be implemented in all data centers that meet the DVS standards with minimal individual configuration needs.

SCS is designed for high security requirements. Accordingly, the SCS project plan provides for supporting the platform operators of the ÖV for a BSI certification according to IT-Grundschutz through appropriate architecture, development processes, and the provision of corresponding knowledge.

The compatibility of the German Administrative Cloud with Gaia-X can be achieved through SCS’s participation in the Gaia-X network. In this way, the ÖV can prospectively participate in the Gaia-X ecosystem with the existing IT infrastructure. The DVS supports the development and expansion of Gaia-X by ensuring interoperability so that Gaia-X cloud and service offerings can be used in the ÖV in the future, provided that the requirements for information security and confidentiality are demonstrably met. Therefore, representatives of the SCS project are in regular exchange with the UAG Technik.

While the primary focus of Gaia-X is on establishing a networked data infrastructure corresponding to the goals of digital sovereignty, the German Administrative Cloud aims to ensure the cross-cloud reusability of cloud services and software solutions. In the future, solutions from the SCS or standards from Gaia-X could be adopted and reused for the German Administrative Cloud. The standards of the German Administrative Cloud will retain their validity and will only be expanded accordingly.

Special Features of the DVS

The German Administrative Cloud strengthens the digital sovereignty of the ÖV by creating switching options, promoting its own design capabilities, and influencing IT providers.