 Hello, okay Thanks everybody for coming Thanks for everybody coming willing to see my presentation. Thanks for the guy staying here because it's silent and comfortable and Avoid me the shame of an empty room today. We will talk about a use case About Europe and open stack Let me introduce myself. My name is Mariano Cunetti. I'm I'm from Italy. I'm from a company named enter We are based in Milan. We were an ISP now. We are a cloud service provider or CSP I am currently the city. Oh, I am In charge of all the cloud of activities in my company Today, I will explain you a use case about Europe willing to extend their cloud infrastructure so Almost one year ago more than one year ago in January 2015 the EU published the tender that was intended to To be a request for proposal to all the cloud providers Global cloud providers in order to acquire External cloud services It was meant to provide services to all the 52 institutions that build up of the EU Like like the US have different agencies on the territory. They are dispersed on the territory and they provide different kind of activities from the the EU Court of Justice, the EU Commission the EU Council the EU Parliament and up to the European Food Safety Agency or an ESA for security information So this tender was published and the objective of this tender were two mainly the first one was to migrate existing workloads from internal data centers that were spread all around Europe with consistent waste of money for the EU and the second objective was to start an Innovation strategy in order to acquire a new way to approach technical problems and in order to build an Elasticity and innovation and flexibility in managing the cloud services The first one was if you cannot solve the problem Please move it and the second one was okay. We need to start from scratch on something we don't Handle very well So the key points for this were mainly two explicit and one implicit The first one was reducing the costs as I told you before the second one was to enforce the security of data managed by all the institutions and especially on a special regard to the Data protection the day the personal data the third objective was to provide the Portability across different providers. So they publish the RFP, but they wanted to be sure I just turned on Everything okay, sorry to be sure they could change at any time the provider that we're using Let me just give you a brief overview of what's happening in Europe about data protection The new data data protection law is the the law the rules the management of personal data of Citizens and users obviously in the EU it was dated 1995 and until last month it was not changed. Okay, so it was pretty old Last month it was published. It was released a new version of this data protection that mainly covers these eight Topics the right to be forgotten. I don't want anybody to store my data anymore Easy access to personal data means I want to know what kind of personal data you are managing On my behalf. I want to be able to move my personal data from one provider to another I'm talking about providers. It doesn't mean only cloud providers. It means also Facebook or Google or what else? a Clear affirmative action when consent is required a use a citizen You citizen must be clearly aware of what is doing or she's doing when she is bringing his or her data to a provider the information but must be very clear and transparent when when I give you a Clearance and allow you to manage my data. I must be very well informed and I must be informed if the provider is Has been breached somehow there are being it's been hacked Somehow I have 36 to 72 hours to be informed by the provider Improved administrative and judicial remedies which means that so far all the national laws Were pretty different every country in Europe had different laws. So now the US is saying everybody Okay, now, let's rule everybody with one single law. You will apply this law And so it will be much more clear to anybody if you want to act against any data breach This is what you have to do and the responsibility is increased for the providers managing your data So this is the content of the of the tender It was divided in three lots. The first lot was covering private. Yes It was a single framework contract which means one single winner no reopening and for Lotu and Lotu which were respectively covering Public yes and public pass it was a reopening which means the winners the awarded Providers would be put in a competition again after they've been awarded or they've been Allegable to provide those services so Public us and public pass the total amount of money The EU Provided for all of these three lots were 34 million euros Which is pretty amount of money oven over a four-year time span between two plus one plus plus one So you have you can have contracts for the first two years and then they can be renewed for one and then one other year The documentation was very heavy I Can personally say that because I studied it day and night and it was very very detailed So they wanted to be sure to cover all the aspects. It was very well written It was written by someone that has studied has done. It's his own work very well What about our lot we are we were involved in a lot lot too because we are a public cloud provider As I told you the requirements were very detailed. They started with the EU privacy compliance They wanted to be sure that anybody participating in the tender should be could be subject to any audit by EU I can say Commissioners that could come to the site to provide a site and check if for the policies and the security policies were in place Data center were an issue. They wanted to have the data centers in Europe And multiple data centers were required at a distance of at least to 100 kilometer one from each other Better if in different countries That were on the networking side. They asked very advanced features They wanted to have not only IPv6 They wanted also to have the ability to configure load balancing as a service to have IPS and ideas This was a bit tricky So it was very detailed on the working side compute very standard features flavors ranging from two gigabyte up to 100 gigabyte in the Amazon and open stock flavor Approach they wanted to have the possibility to make snapshots they wanted to have the ability also to Define who could do something on compute nodes who couldn't run instances but not destroy them Not resize etc. So a role-based access and control on the block and object storage side. They wanted typical open stock Services block storage. They wanted to have flavors or Cinder volume types in the open stock language So they wanted to have different performances at least for ranging from archiving to SSD like Type They also asked for self encryption this self-encrypted disk or opal drives to be Connected to the cinder to the block storage provider on the object storage side They wanted to be sure that there were some features like the versioning of the file expiration date temporary URLs They wanted to be sure that there was enough replica for the data across all the data centers They wanted to ingest a lot of data Either by network or by sending these drives to the the provider site On the managed services they wanted IT compliant services So they wanted the provider to be able to assist the customers and to provide information in a Following a precise framework Very enterprise like approach on the security which was one of the most consistent part in the in the in the tender They wanted to be sure that every action inside the the cloud platform was auditing So they wanted to add audit logs for network configuration changes For object storage activity They wanted to know how many people could gain access what kind of access what level of Permissions they had etc SLAs should be measured on on a monthly basis They wanted to be sure that SLAs were not related just to APIs, but also to infrastructure So if you are declaring an SLA for I mean VMs or for compute they are not saying you want to provide API access for 100% But they want the V and the single VM to be reachable 100% out of a month support Multilingual support they wanted to have an at least the English and one European language could be French could be German could be Spanish or in our case Italian Billing and pricing. This is a very Important point for them every single expense in the EU must be previously approved So every time you sign a contract, they just tell you we are going to spend Maximum this amount of money. Okay, even if they go on a consumption basis They tell you in advance how much money they are going to Allow for that project. So they want to be sure to to be in control of the expenditure They have on your platform. So they require a lot of reports and graphs and They by day consumption. They want to know everything and the last one is environmental impact. They wanted to be they want the Provided more points to the providers that had certifications like 14,000 in place, which is the environmental impact Certification and to be sure that no there were there was no Power waste or a footprint enough too much carbon footprint by running your data center in some cases we found Explicit references to open stock in which cases in object storage They when they said we want to be sure the object storage might must be the objects in the object storage must be portable They referred explicitly to open stack swift Architecture transparency and compatibility. They asked the provider to declare Providing more points. It was meant. It was not mandatory, but if you declare Your underlying architecture may the iPervisor the orchestrator, etc They would provide you more points, but they were providing more points if you were running open stack and The third one when they asked for APIs should reflect industry standards. They explicitly referred to open stack. Okay, so There might be the case of someone with some homebrewed solution providing APIs, but not compliant with the industry standard They asked for more compliance to allow more more portability so the The main goal for the the you was to avoid any vendor lock-in They didn't want they wanted to bring the data and the processes out of their data centers But they didn't want to find themself tomorrow locked in into someone some big providers data center other references to other Competitors of ours VMware initially they asked for live migration mandatory At the first stage of the tender participation, we were allowed to ask questions In one night I posted I personally posted 70 questions Because we were not agreeing with some of the requirements I mean in our vision when you ask for cloud services means you are talking about instances and not virtual machines So the workloads can move across instances if you use the proper techniques You can just get rid of the VM and build another you can snapshot and rebuild etc So having live migration should have meant a huge impact on our design So we just asked a lot of questions and the guy on the other side was very smart. We were very happy to find some intelligent person on the other side Agreed on the fact that asking for a mandatory migration live migration would mean to shrink the Options just to a few one a few ones and not to include all the other ones so they asked for our BAC and I am like Amazon I am like role-based access and control which we open stock is a bit tricky so far and All the trades like cloud trades So at the end of the day, they just cherry-picked the best of three that they wanted to build their own cloud by Getting the best the most out of the the market So and now it's up to the team what we did Anybody familiar with this movie old enough to be familiar with the Goonies. Okay, if you are not Check it on IMDB.com So this is actually a selfie We have shot in front of the you commission the first time we were invited after the award And we have Diego on the from the left Diego Cabezudo from Giga's Alexandre Steiner and the finger John from Numajie and on top me and even bought the CEO of entries here tomorrow Today with me. So we're together. We have built the cloud team alliance. We decided that in order to be ready to Fight against the big ones the big players. You will see later on. Who are they? We needed to be Together and to have more weight together So we finally ended up with a team of four now the cloud team alliance has expanded including also Germany and Belgium etc. But at the starting point we were four and we were enter cloud suite, which is us For Italy numer G. Everybody knows numer G is one of the biggest players of open stock in In Europe and France now is acquired by SFR Mio formerly Portugal telecom and and Giga's pure KDM based the homebrewed Solution for Spain and Latin American they grow in at the very fast pace So we built this team and we started to build our answers to the RFP Our guiding principles were this we are not big. We are small So we decided the number could be a viable option to answer to the the size Resource optimization because the more we are the more we can share capacity. So reducing cost for everybody and having a team that brings value to a Brand which is cloud team alliance could be better than running alone We are very focused on customers since we have not huge as the global players We can just focus more on customers. We can hear them. We can help them and support them country value Europe is a Group a community of countries very different in languages in traditions, but not that different in beliefs and and Fundamental values So we thought it could be very important for us to build an alliance to to be ready for Europe And the partner ecosystem because some of them really work hard with partner to develop their network. So here's our proposal we looked out around our respective infrastructure and we found out that our Existing enter cloud suite platform was out 80 percent ready to answer to all these specifications So what is enter cloud suite enter cloud suite is a public cloud developed since we started in 2010 and we released the first region in Milan in 2013 and then we released the second and third region in on Easter 2014 it's based in Milan where we live and Frankfurt and Amsterdam we are connected to the main Internet exchange in Europe. So we have a very powerful network. We have a 10 gig 10 gig ethernet over STH ring connecting all the dots you see we have plans to expand also in London Paris may be in Brussels and So there's a lot of capacity between all the regions, but every region is is a is a single Silo not connected with the other ones except for two Three things one is users obviously every user is Configured on any region. The other one is object storage every time you just snapshot something in one region It's immediately propagated to The other regions following the unique as possible swift routing policy and since Snapshots are stored into swift every time you take a snapshot of an instance in one region You immediately can find it available for a restore in another region. So it's pretty Comfortable to have for your disaster recovery solutions In the middle we have three possible access Interfaces one is our dashboard We are developed our dashboard just to improve the user experience that you may have with the Ryzen, which is very basic I won't say any more and we'll say more and Obviously the CLI in order to provide geographical replication between the regions we developed our own DNS as a service based on an anycast network So we picked the best out of route 53 from Amazon and from din DNS Route 53 is based on geo IP tables and din DNS on anycast So we put them together so you can have standard DNS, but you can also have HA between different regions So if one region phase that you have an L checks changing the other DNS resolution and Moving your traffic towards another region and you can also have geo DNS Based on the region where you ask the query you are answered with a different resolution IP and Also, we have partnered with the big European and now global partner iBernia Networks Formerly a throttle to provide CDN. They have 200 pops in the world and they provide Distribution and low latency access more over They also provide streaming services on top of CDN. So the data physically resides in Europe But you can access it at a low very fast speed and low latency everywhere from everywhere in the world Obviously, we also plugged in heat for automation We use cilometer for accounting and then we plug our billing system to provide all your financial information We are open source At our heart we use this kind of technologies look if you can find the intruder there's one in the picture and middle line and We we are really fond with open source We like to open stock for being open source and collaborative which are not always the same thing and also We are not paying any single license to anybody to run our Infrastructure, this is very important because We need to we need a lot of software to run computing we use KVM Obviously, we use swift or object storage. We provide network. We're using only open source Components like open V switch and all three agent etc. We have developed our own DNS We run CDN just with the partners. They just we just resale someone else's service and We are working hard with to deploy some alerting and monitoring services Who are the competitors in this in this challenge? Okay, you can see lot you as the middle column. We had Verizon Which was actually participating with the former taro mark I think Accenture and complex means Asia and We have ATOS with some Siemens acquired stuff in VMware IBM with soft layer BT with BM or definitely CSCI don't remember us with open stack telecom Italia sparkle Which means Amazon Web Services IS Group B of a I don't remember who they are But I know for sure does no open stack in that competition. So The evaluation was declared initially from the beginning. So it was a document saying we will we will test your your Installation I just switched off again. We will test your infrastructure doing this and this and this and this so it was pretty helpful and one thing we got Letter I was you know in Italy in August everything stops I was at the seaside everybody was at the seaside and I got on 28 August 28 I got this letter from the you this thing Are you sure you're going to provide these prices because these prices are abnormally low compared to the other ones? And that's why it was so important not to pay any license when you run your open stock cloud, okay? Abnormally low it anybody confident with this movie. Okay So this was the award On lot one BT one single winner 10 million euros for Private yes on lot two public yes BT again IBM with soft layer ATOS Accenture with Microsoft and the cloud team alliance Okay, this was very important. Look how big they are and how small are we so we did it against any odds and Lot three was won by telecom Italian sparkle with Amazon Accenture again with Microsoft ATOS and IBM with soft layer So what we learned from this Thing we were obviously very proud of the result. We couldn't expect we could go so far But we understood that being European is very important so far for Europe for Europe European agency for the European Union It's very important because of not only for the political but also for the values Europe brings It's hard time. It's a hard time for global players I don't know if you are aware of the safe harbor issue on October 6 2015 the court of justice sentenced that the safe harbor was illegal and then it was struck down Because in 2011 a guy from Austria and I don't remember the name He is in a civil rights activist He just asked Facebook to tell him, please I want to know all the personal data you have Related to me and they provided that 1244 pages document with a lot of stuff more than what should be in place He discovered that faiths Facebook had not deleted some contents that he was supposed to be deleting so it should Facebook Ireland and Ireland politely forwarded the the problem to the court of justice and Four years later the court of justice sentenced the safe harbor to be Illegal what is the safe harbor is the treat? it's Between the European Union and the US trade Commission, I don't know the exact name by which US based companies can manipulate and you Can I cannot say manipulate personal data in Europe for European citizens? They can do this Only if they assure that the security measures they take are enough and compatible with European law in this case Facebook was not Compliant and so all the framework collapsed It was replaced six months later by the privacy shield, which is almost the same thing But so there's a problem now with the new rules in in data protection It's a green field now. Everybody can play his game, but it's game But the rules shall shall be the same for anybody. Okay, no more advantages for Non-European companies. Everybody should play with the same rules Federation is a must I've been to countless meetings about federation, but what it means federation here is a Competition it means different companies different commercial interests for companies that need to join their forces in order to provide a larger a Broader set of services to broader customers institutional customers. It's not just academic It's something it's very important for small public cloud providers when we started four years ago five years ago Everybody won't say okay. It's there's Amazon You're doomed. Okay It was not true. It was not true, but federation was the key about this and Europe wants European companies like us to grow they need European providers, okay, because even if the NSA provides all the Clarifications and papers etc. They're not safe with bringing the data from Europe to the US So open stock enabled us to do something we were not supposed to do we thought we could not do so thanks to all the community for supporting us and What happens now? We have to sell we have to go door by door there's on the Super User magazine does an interview and I said it's like in the 50s. Yeah, you have to sell door by door like brushes now. No, we sell open stock. We sell cloud services We have to convince Every IT manager in the EU that using open stock using DevOps using CI CD is important It's future proof you have to change the way you work like Boris Ratsky said today It's a matter of people and processes and there I can assure it There's a huge amount of work to do on people and processes, but it's something most of them are Unaware of but some of them are very aware. I found the European environment agency They have just released the the perfect integration with Docker and Jenkins they are the maintainers of this stuff that you already use containers and tons of containers So there are some exceptions and there are more tenders Ongoing so more opportunities for us to participate So I would just close my presentation with a call to action If there is any European operator here that wants to join us We are looking for companies that want to join our alliance in order to share our capacities Sharing capacity means to have a common approach to the market and to provide what you are able to do in terms of capacity in terms of resources infrastructure and skills obviously So that's it. Thank you for coming. Thank you very much If you have any question, I would be glad to answer You don't have a microphone any questions, please refer them to the wireless microphones in the audience does a microphone over there Sorry for bothering you. Hi. Hi Could you tell me more specifically what the EU liked about open stack and just expand on all those points for me What they liked more Maybe What I didn't like, okay Delight the fact of being open open source. They can check how the code work None of the other competitors was open source. So especially on the security side. They were much They had a lot of relief With us, okay, they can check the code. They can know everything about it. No obscurity about that This is was the main thing. The second one was that If they have chosen us Portability would be assured. Okay, once you start using the Amazon API's you can just move to another name Amazon region You cannot move to another Amazon provider These are the two main things what they didn't like is that that open stack brings an idea of real cloud cloud native applications are Requested you need to cope with some things you're not used to if you come from a VMware world you must imagine that behind the you now there's a huge amount of data centers and servers run with VMware and Microsoft stuff So what what they didn't it's not that didn't they did like it But it's pretty awkward for them to cope with now So that's what we are working now to explain what cloud is how you can leverage open stock in your infrastructure Did I answer to you? Okay Any other question? Okay, thank you very much So you mentioned that the EU is very concerned about most security in general Did you find what difficulties did you experience in terms of? One first bring in open stack into their environments and to bring in any updates Whether it be from different like ice house to Juno or Liberty or such Okay, so the upgrade nightmare you're talking about okay, and we are currently running on Juno version We have plans to move very soon or to kilo the upgrade process takes a lot of time We don't use any facilitator like fuel or other commercial software We just run you want to and so we have to manual update and use back ports for all the releases So the question was how do they cope with the security and the updates the security updates for open stack No, we are not bringing in to that. No. No, we are a public cloud provider So they are we are bringing them into us. Okay, so the problem is migrating the first question They asked us was can I import my VM or machines? Okay. Yes, you can do but why this is what this was the first issue they had There was no issue they didn't ask anything about upgrades, etc Okay, hi, can can you clarify on lot one lot two lot three are all these companies approved? And you are one of them all these companies Like what's the process? Are they all selected? Yeah, they're the first one lot one BT one single winner Okay, every every public every private gas contract shall go to BT. There's no competition For lot two and lot three. It's a reopening now these five are able to raise a compete to bring the contract so every time the An agency has a need for cloud services. They just publish a request to all these five only to this five not to the other ones and The best wins every time. Okay, so Sometimes we lose because it's more Microsoft oriented sometimes we win because it's more DevOps Enabled or more future proof And were there any objections for AWS particularly Was there anything that they said we are not going to go AWS because they have Frankfurt and Ireland right one in Ireland as well. Yeah. Yeah, is there any reason because the data Amazon says if you're storing in that data center, it will never go out of that. No Is there any reason why Amazon was did not participate on that it was not selected? Do you know I didn't tell us the reason why the other one was were excluded, but they won on lot three So I think that was not the point Amazon I know for sure that Amazon has a lot of documentation That proves that the data is not moved without your consent from European regions to the US based region. So I'm sure that was not the problem. Okay Thank you. Bye. Bye