OpenInfra Foundation: AI, Digital Sovereignty, and OpenStack

At the first in-house conference of the OpenInfra Foundation since its integration into the Linux Foundation, the focus was naturally on digital sovereignty and artificial intelligence. The position and options with OpenStack for the former are well known. With Open Telekom Cloud and STACKIT, there are already two prominent representatives for cloud from Germany, both of whom were present in Paris.

And what about VMware? The internet is full of news about the new star Proxmox as an alternative. OpenStack is also positioning itself here and even provides some documentation. However, these only cover very simple environments and focus on migrating virtual machines. But this is only a small and rather simple aspect. Switching from vSAN and NSX to the corresponding components in Openstack (Neutron, Cinder, Manila, Swift, Glance) is significantly more complex. There is still a lot of work to be done here for the OpenStack community.

Isolated with Kata Containers

What were the technical innovations? Not surprisingly, AI is an important driver here. The interesting news came from the area of Kata Containers and Confidential Computing. Kata Containers are lightweight virtual machines, but they are controlled via containerd and Co. This means there is a Kata runtime environment for the container world. This starts a stripped-down version of Qemu and a special Linux kernel within it. The rest of the startup process is similar to that of a Linux system.

Nvidia now offers an optimized Linux kernel including a temporary file system for the boot process (Initial RAM Disk). This allows the concepts of Confidential Computing to be implemented in Kata Containers. The containerd process already runs in a TEE (Trusted Execution Environment). For this, the host system must have the corresponding functions of Intel SGX or TDX or AMD's SEV-SNP. The containerd process now starts a Kata Container. Before the actual application starts, attestation takes place using Nvidia tools. This planned intervention in the boot process is part of the initial RAM disk. The results of the attestation and further actions are managed by the Kata agent within the container. For the setup, it is recommended to use Nvidia's GPU Operator.

The whole thing can be further enhanced: With eBPF, it is known that things can be executed in a sandbox within the Linux kernel. This is also possible with a Kata-optimized kernel. Developers at the company Ant Group have implemented this. With eBPF, they monitor activities in the container and the implementation of security policies. The former has two aspects: it can simply check if the application is running normally – but also detect suspicious activities that indicate a possible intruder. The Ant Group's implementation monitors network activities, executed processes, performed system calls, and more. The eBPF programs hook into the so-called Linux Security Module (LSM).

AI and OpenStack

The Foundation also published an AI white paper titled "Open Infrastructure for AI: OpenStack’s Role in the Next Generation Cloud". Among other things, it describes five different use cases: training and deploying base models; GPUaaS platform (GPU-as-a-Service); fully automated MLOps platform (Machine Learning Operations); HPC cluster for large-scale AI research; AIoT and Edge Computing. For each of these, the documentation shows which OpenStack components are needed and provides quite precise guidance for implementation on the infrastructure side. Anyone who wants to run AI on OpenStack should definitely take a closer look at the white paper.

Digital sovereignty combined with the increasing use of AI could give OpenStack a kind of second spring. The open-source community and the OpenInfra Foundation have set the course – now actions must follow quickly.

(vbr)