Hacker News new | past | comments | ask | show | jobs | submit login
Gaia-X: Technical Architecture [pdf] (heise.de)
51 points by doener 32 days ago | hide | past | favorite | 25 comments

To be clear, this is not a new cloud-hyperscaler.

Rather, different providers can offer services and (compute) nodes with different levels of certification / geographic location.

So a government agency / hospital / critical-Infrastructure on can use cloud offerings without loosing „digital sovereignty“ by depending on single providers or outside actors.

So, a multi-cloud marketplace with unified API across vendors ? It could be interesting

I don't see the "unified API across vendors" there. At least not for the actual cloud part. Unified is only the part interacting with the market place.

Devils advocate: So you get this EU-verified catalogue which lets you pick your vendor lock-in between Amazon, Microsoft, and Google just like before.

Yes but user data can be securely accessed between these services too, and fingers crossed the trust mechanisms allow that access to be on a needs basis and incentivised without copying

And how is that „secure” achieved. As soon as someone reads your data and has it in their system - poof, the promise of security is gone.

The most common answer to this problem given by the people behind this is „but there is a legal contract backing the data exchange and the governing body”. Nothing different than what we have today.

you generally have a unified API with all the Tier3-clouds already. Everyone is using OpenStack. A pragmatic way would have been buying RedHat and making a foundation out of it, but keeping the business running. But that would actually work and there would be no bribes involved. So we have this, a "certified" marketplace where you can buy your way to the top (of a small hill...) by influencing the decisionmaking, like companies have always done.

You must be joking. The cloud offerings of Amazon/Microsoft/Google are NOT build on OpenStack.

I was saying Tier 3, where Tier 1 ist GCP, AWS, Azure, Tier 2 Oracle, IBM and Co. and Tier 3 everyone else who is so small that he can't compete with his own API for the breadcrumbs.

I think you're mistaken. Case in point: Scaleway, a founding member of gaia-x, does not use openstack. I know of several others who do not.

If you're wondering what this is:

> We, representatives of the German Federal Government, business and science communities, are striving to set up a high-performance, competitive, secure and trustworthy data infrastructure for Europe. To this end, we have drawn up the foundations for a federated, open data infrastructure based on European values, giving it the provisional pro-ject name ‘GAIA-X’.

Here's the executive summary: https://www.bmwi.de/Redaktion/EN/Publikationen/Digitale-Welt...

What they build though is a service catalogue with some metering tooling on top. What is the magic second step which spawns this "high-performance, competitive, secure and trustworthy data infrastructure"?

Just sprinkle a little T-Systems and SAP over it et voilá...

Honestly, reading through the first parts of this document I’m immediately struck by a ‘if they’re going to make it this hard nobody is going to use it’ feeling.

AWS can be so successful because they do everything themselves as part of an integrated whole. Trying to make disparate (European!) services work together and somehow end up as a cohesive package is a recipe for disaster.

An equivalent European player can not be a bunch of separate companies each doing their own thing.

I can see possibilities, but also can see the classic "apply to some body for permission to do something", particularly "Participants" registering "Services" in "Catalogs" that will require some form of attestation to a not-yet-defined set of standards.

It's there that the old lumbering beasts of EU IT (eg Bull) will turn it into the equivalent of Web Services.

Maybe stupid question, but who assures them that any private company will actually rise up to the task of building out a product set that conforms to the Gaia-X interoperability guidelines? Even if there might launch Partners that have committed to a certain set of services (or Euros spent), what would prevent them from ditching it once they realise that consumers still rather go with AWS? Or is this supposed to be for government institutions which are legally forced to pick a Gaia-X compliant cloud provider? Confused at this point.

Starting to see where they are going with this. Quite ambitious. Perhaps overly so.

A searchable catalog of all say virtual machines across countries & providers would be pretty cool for starters.

Don't quite see how they're going to get around stuff being in different physical locations. That creates latency, cost and reliability headaches that AWS/GCP/Azure doesn't need to deal with since you normally put say DB and VM into the same data center

Usually you move the computation to the location of the data and not the other way around. That's the basic premise of Hadoop/Spark and many similar big data tools.

GAIA-X self-descriptions give visibility on whether your data is (would be) in a data center that also has GPU-capacities. And if not, what you would have to pay for interconnection.

See this demo for the basic idea of the self-description graph: https://www.youtube.com/watch?v=f17c3Vpi3rA

It's more of an example really. Patching together multiple provider offerings is going to involve interconnecting them somehow.

Thanks for the vid. The app they're demonstrating seems to be publicly accessible too:


From the doc: "GAIA-X itself does not act as a billing provider or clearing house. But GAIA-X will define standard interfaces and mechanisms for metering to be used by the Consumers and Providers. "

Yea.. so basically you have a catalogue but it's going to be up to the consumers or providers to find a way to stitch up a clearinghouse solution for dynamically orchestrated services from a multitude of providers. This is not only hard. It's near impossible. Without this crucial element, the platform is stillborn.

I don't think its like that. My understanding is that they will create a catalog with multiple services you can choose, and service provider will provide an unified API for those.

So you can take your prototype build on a server in $european_country_1 and publish it on the cloud of $european_country_2 once the dev is done without any change except the billing address.

If this is what you propose, this will be yet another stillborn project (Hey AI4EU!)

The roadmap seems pretty ambitious. From the concept 3rd quarter this year to a prototype in 1 quarter? With 40 or so companies involved and a massive scope to cover up-front? I've been to openstack core meetings and things do not move that fast even in smaller groups.

I'm also curious how much is this going to be a "openstack does this, let's just adopt it" decision. (The Catalog, some Federation, etc.)

They lost me at the UML diagrams. Nothing good can come from a waterfalled system like this.

It seems that Europe is going in the right direction with GDPR and now GAIA-X project. The fact that GDPR is mentioned a lot in the proposal really make clear their main intentions.

Perhaps the limited presence of big, powerful and influential FAANG like companies significantly reduce the lobby or pressure on the European governments to take the necessary actions to guard and protect their citizens' data.

Hopefully this can provide the right fundamentals and creates impetus for more personal data friendly localhost first and cloud second software paradigm. This paradigm is more natural and secure than the cloud first software paradigm currently being practiced by major software companies (e.g. FAANG).

So, it's an open-market AWS with data sharing capabilities, certified third-party services, and RTF APIs.

I tought we agreed the semantic web was a failed experiment? Stop trying to bring it back "because it looks smart"

Provide facts and sources or be tagged forever.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact