Ready for the digital transformation: the strength of VS-Cloud for Defense

The highly secure cloud solution "Made in Germany"

Reliable technology for your innovation project

The secure foundation of VS-Cloud

The SecuStack-Cloud is based on the extensively hardened OpenStack open source IaaS project and implements clients at the infrastructure level. SecuStack uses design principles and security features of the already approved SINA technology as well as further cloud-specific hardening measures. It is the first cloud platform to be in an approval process by the German Federal Office for Information Security (BSI).

Red Hat OpenShift: The container platform

The SecuStack IaaS layer is complemented by the Red Hat OpenShift secure container and Platform-as-a-Service environment. Red Hat OpenShift provides an isolated and secured application environment for development and operations. Furthermore, the life cycle application, policies, clients at service and application level are implemented along with hybrid cloud and multi-cloud.

Combining existing applications and cloud-native applications

VS-Cloud enables the operation of legacy applications based on virtual machines as well as containerised applications. The optional IBM Cloud Paks also offer all the components needed to use modern technologies from blockchain to AI.

Business transformation and hybrid cloud

IBM, secunet and Red Hat have many years of experience in the design and implementation of complex IT infrastructures and the development of state-of-the-art applications. The digitalisation and cloud transition of the armed forces and defence technology industry begins with the provision of tailored services for each step of the process.

Requirements for a highly secure cloud solution

VS-Cloud as a scalable cloud solution

As a scalable open source-based infrastructure, SecuStack offers an optimal way to react quickly and efficiently to sudden resource changes. This applies, among other things, to data storage capacities, computing power and memory extensions. SecuStack's cryptographic client separation also enables scalability across clients and different security domains. This way, the advantages of a scalable cloud infrastructure can also be used for sensitive data.

State-of-the-art methods and technologies for processing classified information

An entire ecosystem of methods and technologies, and thus digital innovations, has emerged in the cloud. The aim of VS-Cloud is therefore to make these methods and technologies available for processing classified information. The use of security technology "Made in Germany", enterprise open-source software and professional services are the best prerequisites for the upcoming BSI approval.

Secure use of cloud standards in the processing of classified information

At the heart of VS-Cloud is the SecuStack cloud operating system, which enables simple and secure provision of resources via Infrastructure as a Service (IaaS). Transparently integrated cryptographic mechanisms ensure that data transfer, storage and processing as well as the networking of resources in an OpenStack environment stay consistently secure. SecuStack takes into account cryptographic separation between clients and end-to-end encryption (E2EE), as well as other security and control features to protect against external attacks and threats.

VS-Cloud data and key management

Thanks to the cryptographic keys used, data and key management is completely in the hands of the users (HYOK/BYOK). Data is encrypted during transmission, storage and processing on the basis of SINA technology.

Operation in your own data-processing centre

In computer science, an "air gap" or "airwall" is understood as being a procedure that physically and logically separates two CIS systems with different levels of trust from each other, but still allows the transmission of user data. With VS-Cloud, the Air Gap can be implemented in the cloud system itself, hosted on-site in a customer data centre or at a later stage remotely as a managed service.

VS-Cloud interoperability

VS-Cloud is a software solution that provides a free architecture and interfaces for cloud computing services. With its modular architecture and open standards, VS-Cloud can cover the entire spectrum ranging from data collection from IoT devices to aggregation, analysis and evaluation by artificial intelligence.

Compliance with the "red lines" of the BSI

By using SecuStack in the VS-Cloud solution, core aspects of Digital Sovereignty are fulfilled:

  • Federally owned infrastructure
  • Local operation by federally owned IT service providers
  • No data transmission to the manufacturer
  • Interoperability
  • Control of resources
  • Ensuring testability and availability of updates along with their documentation
  • Compliance with the legal requirements of the German Federal Office for Information Security (BSI) and implementation of all federal regulations

Strict cryptographic separation of clients

If the data and applications of several organisations are processed in a central cloud infrastructure, there must be a strict separation of services and clients. Until now, the separation on the physical level could only be achieved by having separate racks with independent and disjoint components, which incurs high costs.

By using SecuStack as an infrastructure component of VS-Cloud for Defence, it is possible to perform client separation at a higher level of abstraction. Strict cryptographic separation and flexible key management allow multiple clients to use the same components without compromising data protection and data security. This improved utilisation of existing hardware resources and the lower licensing costs provide a significant cost advantage.

A cloud platform for multifaceted application scenarios

Predictive maintenance for distributed product fleets

The products of the defence technology industry are used by customers from various nations. The degree of asset management varies from country to country. However, comprehensive asset management is necessary to operate a fleet cost-effectively and to ensure operational readiness. IBM Cloud Pak for Data is a tool based on the VS-Cloud that enables asset management tailored to the respective customer. Customer data can thus be managed separately in a scalable platform and yet evaluated with special methods across the physical boundaries of the organisation without endangering the nations' data integrity.

Flexible execution of simulations at distributed sites

The importance of simulations is constantly increasing in order to save valuable resources and, at the same time, achieve a high level of training success. Thanks to a significant reduction in hardware and personnel costs, in the future it will be possible to offer more economical simulations based on VS-Cloud to sensitive customers.

The significant increase in flexibility by conducting simulations while not being bound to on-site hardware resources will allow armed forces to conduct simulations at distributed sites. At the same time, the cloud-based solution allows not only the German Federal Armed Forces (Bundeswehr) but also smaller organisations, such as fire brigades, police forces and civil defence, to benefit from the advantages of simulation-based training.

Collaboration platform for sensitive industries

The digital twin has become the epitome of collaboration across organisational and corporate boundaries. One challenge faced when sharing sensitive data is the combination of data that may only be provided, changed or viewed by one node with other data shared as part of a project. VS-Cloud offers the possibility to provide each node with its own client in a scalable manner and at the same time defining clients for collaboration, including data exchange through data diodes that regulate the data flow.

Processing classified information in an infrastructure that complies with confidentiality (VS) requirements

Companies and organisations that only need to process classified information in special situations (individual projects, participation in tenders etc.) also want to provide their employees with modern technologies and collaboration options. For purposes like that, VS-Cloud as a Service along with selected collaboration tools can provide a highly secure productivity environment.

Your contact for innovation with maximum security

IBM Deutschland GmbH

Ralph Michel
Bereichsleiter Cloud & IT Service Management Defense & Intelligence

secunet Security Networks AG

David Sonntag
Head of Strategic Sales Defence & Space Division

Red Hat GmbH

Christof Orth
Sales Manager Government, Health Care, Education and Research

You want to learn more? We will be happy to advise you.