 So thanks for thanks for being here. I think I was invited as a long-time open source developer and found of the own cloud project and co-found of own cloud in the company around on cloud, but I actually want to talk about Not really about on cloud but about a few interesting concepts and trends that we see in the industry Which are it's in our opinion very very important for the future So the topic is next generation cloud capability is here today. So First thing I want to Discuss with you is actually what is cloud right because as we all know cloud is a quite cloudy term Everybody understands something different than the the term cloud What I mean here at this talk with the term cloud is cloud files think-and-share services so If you look at this picture here I think this describes best what we understand here this moment with the term cloud files think-and-share Let's say I have a computer here in in in Europe And I have my laptop desktop something and I have a folder here on my desktop And I store all my files that I want to work with in this folder and but I work together with someone in Japan That's like a one from a different companies. I'm collaboration Between university something and everything I store on my local folder Automatically magically appears on the folder on the other side of the world of the guy in Japan So this is basically cloud files think-and-share So Most of you might know this concept from services like Dropbox or Google Drive or iCloud I think who here in this room is using Dropbox or Google Drive or iCloud Okay, I would say nearly everybody So later in this talk I want to discuss I actually want to understand what your IT department what your privacy office or what your CIO actually thinks about this that you use consumer services and What this means for the security of your data? That's a topic for for in a few seconds so This services this files think-and-share services on the cloud there are different ways to implement that There is like what we call the first generation so this is this is like a centralized service where you have Where you have in the middle like Like a spider in the middle of a net you have a centralized service Somewhere on the internet usually operated by one entity by one company and you have all these different users all these different clients basically Connected to the central service So let's say in the middle there is like something like Dropbox and I'm connected to Dropbox and my cooperation Collaboration partner in Japan as I said earlier is also connected to that so you can easily sync and share files Well, the deal is easy just Upload all your data to Dropbox and then you can have to sync and share features It's a deal basically here and that's of course very cool because it's so easy to use It's very you don't have to care right? It's in the cloud magically happens somewhere You don't have to care and that's very good Obviously, there are a few problems here So one problem is the centralization here So I don't know if you would check the news this morning This was actually interesting because this morning a story broke that six million Dropbox accounts are leaked so The guys who raised their hands earlier we use Dropbox you probably want to use your change your password right now And so this is of course one of the problems with the centralized solutions then there's user Provisioning right if you use it few straw box inside your company inside your University then can the IT department actually change a password of the user if you forget a password can the IT department help you Can the IT department? Lock down and shut down an account if someone is leaving the company right? How does user provisioning work here then speed? I mean obviously this works very well if you synchronize and share a few files few office files That's not a problem But let's say you're in your search your research facility and you deal with petabytes of data Well, and we have these nice local networks, which are really fast 10 gigabits and so on So well does this mean that I have to first upload every single file to the US somewhere so that my colleague next door Can download it to actually access it? That's a bit strange right then cost right? It's of course very affordable, but if you have a big enterprise you have thousands of users and you have petabytes of data Then yeah, it's cost is not so Not so good anymore and then data protection of course right this is whole privacy aspect We have actually data protection laws in lots of countries And what does this actually mean if the data is stored somewhere else? Is it still? legal Which laws actually apply to the data lots of interesting questions here But wait, hey, we have good news right so we are an open source conference here Right so we can we can write some tools so we can fix this So it's possible with the power of open source to create cloud software Which enables people to store the data locally so This basically means that you can have your own local dropbox on premise wherever you want So this then is what we call the second generation of of cloud software So you basically have a picture like that Which is similar to the first picture But you don't have one central cloud instance like there are lots of individual ones so every institution every company every soccer club every Enterprise everybody can have their own local cloud services all the users can connect to those Services and this is very cool. So it's on premise It is very secure that big because you control the policies you control the software and everything here So that's very nice It is flexible. You can integrate it with your other services software, whatever you have in your enterprise It's of course fast because it's all local rights Don't have to transfer it over the over the half of the planet right to just share stuff with your guy next door that's very cool and They are no There are No data silos, sorry Which means that you can actually integrate in these systems You existing storage you can integrate your existing windows network drive you can Integrate your existing SharePoint. So it's not creating another dropbox or we drive data silo. It's actually leveraging you existing Your existing storage and of course open source. Well, this can be all done with open source software. It's very nice Few examples are one drive pro for Microsoft not open source But still provides this functionality in own cloud, of course So that's all cool, but it's not so easy, unfortunately because What this means in reality is that? IT department and users they have to choose between Having the convenience of the public clouds, right? You can share between the planet between different users very easily or you have to security to have everything local Because the local ones are relatively isolated, right? So that's the problem You have basically you have to choose between those two paths And this leads us into the what we call the third Generation, which is something like that Where we have local on-premise cloud services, but I can actually talk to each other So it has actually server to server sharing where one person on one cloud can share something with a guy in a different cloud Right, so let's say there's one university here And there's a big enterprise on the other side and someone is running a cloud service at a Raspberry Pi at home and they can all they all have this shared folder as I said earlier in the first slide So it's very seamlessly, but it's still distributed So this is very nice this combines the the benefits of this public services with the on-premise solutions They can talk to each other with some open protocols. It's very nice and The administrator can basically choose where the data is physically stored. That's very nice The question here is well, okay, that's nice. So we all talk to each other Well, what does this actually mean for security? I mean, why is this more secure than the very first generation that I shared earlier because we obviously have some kind of Nash where a network here at some distributed clouds. So what about a security here? Well, the security is then what leads to the full picture of what we call the third generation Distributed clouds because we introduce a concept here. We need to have we need to introduce a concept called file firewall Which means that the administrator of these different domains one is administrator of your university of some company someone can actually apply some rules some some policies to their local Cloud storage so something like hey, I am happy if all my users share their files with the rest of the world but not certain file types or Not something in a certain path or I'm only give this Server-to-server features to a certain LDAP group So only a certain a certain user group is actually allowed to do certain things or They can only access it from different from specific devices that I have to they have to approve manually, right? So I'm only basically allowing sharing with I don't know Special authority Authorized tablets that I decided or time or location I mean I can decide that while every share automatically expires after five days for security reasons and so on So this is what we call the third generation distributed cloud architecture So the summary is what in our opinion is really needed for the future is Cloud file swing and share services that can run wherever you want just to be clear This can be run somewhere on a on a public cloud infrastructure if I decide to but then it's my decision If I decided that I want to have it in my own company my own hosting center Then I I want to do that on premise User provisioning I want to decide which user accounts work here. I Want to leverage existing local storage? I really want to leverage the maximum performance So I don't think we want we want to copy everything around the world only because it's called cloud Right then distributed we want to collaborate work together Firewalled so I want to decide which rules actually apply to my data and obviously open source Thank you So for the second part here I actually want to invite my my colleague Marcus Rex with an awesome panel to the stage To dive into this topics a little bit more This was very interesting so We wanted to act a bit deeper into some of the some of the ideas that Frank Spoke to us about so first why don't we just go around and introduce ourselves a little bit and talk about what interesting projects we have in that space, so I'm Marcus Rex. I know some of you here and I'm the co-founder and CEO of own cloud the company My name is Rokie is poor. I'm working in the Netherlands. It's surfnet. That's a national research network We run the network and we have about one million users there So my name is Kuba Moschitzki. I am from CERN I'm a stored service manager at CERN and we are Well at CERN we're doing science as you know, and we are currently looking into Adding this file sharing and thinking capabilities in our environment. Maybe we can layer Evolve on that Okay, good morning, I'm Peter Sagady I work for a community which is the association of the European research and education networks So those organizations that primary serve higher education and research here in Europe Hello, my name is Raymond Vogel. I'm from the University of Münster in North Rhine-Westphalia so this federal state of Germany and we are currently setting up a Cloud sync and share service for the academic community in North Rhine-Westphalia So that's a prospective 500,000 users using this service and we will start that at the beginning of next year so that is an impressive number I want to to put out here when you Think about this. I don't think there's any other. I have not heard of any other project of That size of like a self-hosted half a million user cloud instance What is what are some of the Problems you had to overcome to make something like that happen. Oh So the universities in North Rhine-Westphalia. They are not Well, they are independent, but they are state Funded and we had to get together this consortium of now around 25 Universities that they are willing to participate in that service to find the agreements to govern that and also to create trust amongst our future users and co-operators that this could be a well a secure service a service compliant with German data privacy legislation and also, of course a Service that will be accepted by the user community. So we did extensive surveys on that to see how to position the service and how to motivate people to use it when once it is available next year so Thinking about this Peter you said that you You work for a community would it have been easier when thinking about what Frank showed us with the distributed Cloud where sort of participation is a little bit voluntary compared to what What Rimon said about you know, it get everybody to agree and some things Do you think that in a future world where there is a distributed voluntary cloud that this would be an easier path towards getting everybody connected? Yes, we are facing with a challenge basically That education is global research is global and we have this this notion that we try and treat our users Wherever they are just like they have never left home So it's it's pretty much like the approach of my mom, right? She wants to treat me that I've never left home So that's it's pretty much the same here and you know being a matter It's not a that's an easy thing. It's challenging sense a huge distributed community around Europe They are collaborating with overseas with Asia Pacific US America's so Serving them with the services they are used to it in their home environment is quite challenging We have this example of at you Rome for instance if you heard about it So at you Rome as the you can basically access all kinds of local wireless and networks Distributing their university society and participating in this collaboration with your home credentials So reaching something similar with with data storage and fasting can share would be it would be really challenging the That's actually interesting Interesting point when you say that this would be a real a real challenge when you What it is What is it? What problems would you have with existing? You know nowadays solutions that you can find out there of this first or maybe even second generation cloud services What are you lacking there that you would need to make this less challenging? One of the biggest challenges I believe is is a service verification. So we have to build services With the notion that the end user should be able to verify the service that he's getting So if I'm requesting for service It should have the abilities as built into the architecture of the service the end user is able to verify The actual service attributes, which is not there in in terms of public cloud services for instance So if your cloud provider promises you that the files will be stored in Europe. All right How can I verify that there is no such a way where you can you know Get that information out of the cloud and that's what you're trying to solve with public some sort of private cloud Offerings but again there if you build up walled gardens around all kinds of services in different domains That's going to help our global community It's kind of interesting because you know The challenges that we are facing actually are Related by a slightly different so with that's certain what we're trying to do You know, we are an organization like many others 5000 people and we have different departments and typical issues for organizations with different departments for using this kind of Public cloud services, so you know a financial department HR department. We don't want people to store some files somewhere else But what's actually let's say very specific to to what we try to do at CERN is we are trying to see how we can Enable this very easy file stick and share Way of working for to do easier science in our very sophisticated physics environment with more than 10,000 physicists in more than 200 Institutes worldwide and this is challenging because these are very sophisticated IT users most of the time They are excellent scientists. They have very complicated ways of analyzing the data accessing files We have all infrastructure in place to replicate files to Store them at very large scale The challenge here is really how you enable this very very easy zero setup access to this kind of service and of course the environment is extremely heterogeneous because Believe it or not, but if you come to CERN you are free to choose your operating systems So actually we end up with having all sorts of operating systems You can imagine and to support this kind of thing on such a heterogeneous In such a heterogeneous environment is very very challenging as well. I don't envy you on that one the when you when you think about the This heterogeneous and environment and and everything that You have to do to support that and support all your users that come with the expectations You said this actually very nicely yesterday when we when we had dinner. We said, you know all the users actually want is They want to have a Dropbox like experience everywhere. They don't want to think about it They don't want to sort of type in anything They just wanted to work and and of course have a phone number to call if it doesn't But they wanted to work exactly the way they want and not how you want to do this Is there anything you can give to? to vendors out here in the in the various cloud space and I'm sure we have a bunch of them in the room that You know, they should be doing different to make your life easier running such an environment, you know It's certain and in general in hand at the physics. We are very good at getting noble prices But we are very bad at designing interface user interfaces So, you know something that is probably pretty obvious for to most of the people here We are not very good at and actually the major key cell one of the major key selling arguments is that for such a service is that it's Perfectly integrated into the desktop environment It works on Windows on Mac on Linux on all in all possible platforms in a completely seamless way so don't have a particular message to the vendors right now, but Just keep in mind that well different communities are good at doing different things and what you are trying to do is to put together These different best capabilities of different communities and provide some service that would be unique and serving well in our environment For our setup, of course, we have things that we we do not find in a commercial product or in an open-source product like on cloud Probably we we will never have a chance to find that right away So we have to do it ourselves and that's things like enrollment portals for having more or less zero effort Self enrollment by our users. So when you go for a scope of 500,000 users, you don't want to mess around with with Dealing with each user registration. You have to keep support efforts down by making your service operation transparent to the users like doing monitoring of system availability and proactively informing your users of system outages of and of System availability conditions. So this is all the thing that there are things that we have to do Well ourselves as add-ons and so it would be nice to have well probably packages for that that we could easily integrate of course there is Nagios and also distributions set up on Nagios that add to add features like Multi-site availability monitoring, but this is currently a thing that we are dealing with interesting Anything you have to share with any problems you Yeah, this and enrollment of new users this that's was also a key thing for us when we decided to start our own service build on own cloud, but we liked to use our own Federation service So all our universities, polytechniques, academic hospitals, they are all Connected to our Federation service. So they have their own identity system But they are connected to one one central Federation in the Netherlands run by us and what we have done is we have just connected the own cloud service with our Federation and then all users can just directly Log in to the own cloud service and they will get redirected to their own institutional identity provider. So they will log in with their familiar environment and Then get redirected back to the own cloud service. So in this way, we don't need need to really provision users They can just well get direct access to the service and this was for us a very convenient way in In offering the service to all Institutes in the Netherlands and you know, I have a feeling that at CERN we are going to get back to the roots because Sharing is part of our culture and let me give two examples. So All results of scientific research that is done at CERN or using CERN for facilities is open for public and free Okay, so there is a explicit policy for that There's also a lot of attention given to giving to enabling first-class access to data and to Let's say analysis facilities for researchers from all the countries because we have a worldwide Users and we really see that for some people in some countries. It's much more difficult to do science than for others okay, and The other example is that actually, you know World Wide Web was invented at CERN and it was invented exactly for that reason To enable and to make it easier for scientists to share information so with this kind of project and also about Federation and about all this kind of you know Collaboration with this multiple clouds. I feel that we are coming back to the roots So we are sort of you know where we started and but now we can really give it in and a much more interesting way to people but I think at CERN you are one single administrative domain So the main challenges come when different administrative domains should talk to each other And that's the area where I believe we need open standards and actually this cloud standardization activity is still lagging behind because of the The current status of the industry and the cloud economy I would say so I think I just like to Emphasize the fact that we need open standards and we should we should work on things how different clouds can work together And this interoperability can be you know from the architecture point of view It can be done at the infrastructure level can be done at the application level or can be done at the service level He already mentioned the access federations that we are working on so it's a very good example of you know Interoperability at the service level so we can allow Students or researchers and stuff using their home credentials to access services We're experiencing with some cloud interoperability at the infrastructure level using you know various protocols We haven't really seen at any major interoperability at the application level And that's what really need and I think on cloud is in a good good path to achieve this The you actually mentioned when you mentioned Open standards in the cloud space the it is actually an interesting challenge when you think about this you have You have this big Frank called them the first generation cloud services When you have them There are sort of run by commercial entities because although it might be free to an end user It's certainly you know, you don't get sent hard disk just because you want them you have to pay for them So you have to make some money in some way shape or form The way how this is being generally done these days is try to get as many people as you possibly can and lock them in and Don't interoperate because if you interoperate you sort of give away one of the One of the most priced commodity, which is a user because the user might actually change I Wonder how that is going to pan out and I hope that Some of you guys here with some of the projects that are doing that are you know Approach this whole challenge in a very different way can actually make a sort of be a little groundbreaking and and force People to be a be more open about their the way how they're interacting. There would be I'm really looking forward to seeing Some things on that front Let me ask you another Question because I'm sure we have a lot of people in the audience that You know are thinking about you know building up some of their own cloud services or do something What would be when you think about your project and how they evolved What would be the primary learnings that you had and what you should be really? What what heads up would you like to give people of like? Remember this so you don't run into any any big or major challenges Who wants to go first? I'm sure all of you have plenty of stories that go way longer than the time we have Oh, yeah Well major challenges Wow Well, I think in the end why we have chosen own cloud was because our universities were already moving to Google to Microsoft 365 why because it is just free. I mean, yeah, it's easy choice It's free, but then they had concerns about data then they told okay, we must address this We have also security concerns. That's the reason why we have set up this service and Well, what's important right now for us is to to reach out to the end user to the individual The student to teacher and make sure he will use our service because he's already using a draw box He's also using a Google drive. He's a Microsoft one So so the challenge right now is how to convince that end user and I think It's part of it is in the user interface It must be very and that's I see lots of improvement there even in the own cloud 7 So that will definitely help and the other thing is make sure that in the own cloud system will be very valuable data for researchers and students in such a chance that they just Will make use of the system and get familiar with it So for us the main really the main challenge was to integrate This service with existing storage systems Because what we want to achieve at the end of the day is that all this makes a complete coherent picture. So people who are currently doing analysis and Producing some analysis files like histograms or other Files with this kind of data They put it into the existing storage system and then it's automatically Sinked if they wish so to their devices. So enabling this sink and share capability in the existing in the our Existing quite sophisticated Data storage system. This is the main challenge for us and also with this comes, you know some other technical issues like really Assuring that file system level three consistency of their actuaries and things like this which are well well beyond what you typically get in the drop simple dropbox use case I Work with the community no direct with the technology And if you're commercially minded the user is the king from from your point of view But in the research education area the users are just I mean students are monsters and then researchers even worse So they try to you know, they don't care about their own privacy privacy. They don't really Care about how they store the data So the real challenge is on the user side to provide them services Which then they you know have the assets and then protect them in a way that it should So for us well the key Factor for success of this project will be that we don't handle it as a so our Big cloud storage project for for the state of North Rhine Westphalia is that we don't handle it as a technology project but as a well marketing effort and also We we we put a Strict focus on trust so cloud services is a big deal of trust you have to convince Users that you're better that you give a benefit against available cloud services publicly available cloud services and that you can do better than that and so you have to see what Users want and you have to address their needs. And so this is our main focus technology can be done There are people who can do that but to to focus the project on user demands and on trust is For us the main focus I think if I can if I can sum that up What's really important is you have to make sure that you pick that pick up the users where they are and get them Provide them a path of very easy Usage and if you don't do that, you know, and if you aren't able to do that don't don't try that's what it sounds like a little bit Thank you. I hope this was interesting and we could provide some Some points to you and then give you a little bit of off hints of what's going on. Thank you guys. This is a good panel Thank you