A few weeks back I came across https://european-alternatives.eu/, a site dedicated to highlighting European alternatives to digital services. The fact that such a site is needed is really sad, but it is an interesting read none the less.
And in the last few days, I have seen repeated calls for european digital sovreignty. The same call we have seen plenty of times before, but has received renewed attention after the US election.
So I decided to take a closer look.
What to look for? ๐
Evaluating nascent cloud providers forces us to think about what a cloud provider even is these days. It has happened slowly, but where cloud providers used to be S3 and VMs by the hour, they are now a big mashup of services. Last time I heard, years ago, AWS had over 170 different services. Maybe they have passed 200 by now.
So what is the minimum viable cloud platform these days? I don’t know, but I can guess.
Tier 1, important:
- VMs on demand. Probably don’t need to explain that one.
- Blob storage. Almost weird how ubiquituous this one has become.
- Managed kubernetes. Because the question isn’t “do you run kubernetes”, but “how many kubernetes instances do you have”.
- Proper IAM. All the resources you spin up needs to authenticate with each other, and Oauth/identity is becoming the norm.
- Networking
- Secrets manager
- Terraform provider
Tier 2, nice to have:
- Managed databases
- Container services (aka running containers without kubernetes)
- Multi-AZ
This is of course from the perspective of medium to large companies. Small companies have different needs.
Who are they? ๐
The only European cloud platform I had heard about beforehand was Hetzner - a German provider that is undercutting the market on price and thereby gaining popularity with the DIY and one-man-band crowd. I was also aware of OVHcloud, a french company, but these surfaced on Mastodon - a fairly esoteric european crowd.
The website lists a total of 12 options, which is just way too much. If you count Oracle (which is entirely optional) the US has 4. The European providers are:
- Scaleway
- OVHcloud
- UpCloud
- Exoscale
- gridscale
- Elastx
- Fuga Cloud
- IONOS
- Seeweb
- Open Telekom Cloud
- Aruba Cloud
- STACKIT
A closer look ๐
I’m not doing a close review of all of these, that would be way too much work. But I did sign up for OVHcloud and Scaleway, as these looks the most mature.
Both of these can check off on most of the points above: VMs, blob storage, managed Kubernetes, networking, Terraform provider, managed databases, multi-AZ. Scaleway offers a Secrets manager and container services as well. And a few other cool toys, such as FaaS and AI/LLM inference endpoints.
They both also mention IAM on their product pages. but there is one vital puzzle piece missing: Identity-based authentication. A poignant example is the process of creating a blob storage in OVH. The GUI guide is great. The configuration for access reminded me that I hadn’t created any users yet, and let me do that right then and there. The user I created got OAuth credentials for authentication. It is a similar story for VMs. The GUI is great, I can paste in my public key and I’m up and running, but the instance does not have an identity or role (as the nomenclature is in Azure and AWS, respectively).
Spinning up a Ubuntu VM in Scaleway let me add my public key in the setup process, gave me a public IP, and after it had been spun up told me to ssh in as root. The process was a lot sweeter than trying something similar in EC2, but at the same time very primitive. If my new VM wants to use a FaaS (basically Scaleway Lambda), it needs a token generated by the Function serivce.
OpenStack everywhere ๐
Of the 12 cloud computing platform options listed, at least 5 of them are based on OpenStack. OVH is OpenStack, and it shines through (which is neither good nor bad). I am not very familiar with OpenStack, but I know that it is basically white-label cloud-as-a-service software. The OpenStack documentation does not mention identity-based authentication either (only identity federation, which is a different matter), so I feel fairly confident in concluding it isn’t a feature.
And that is too bad. Because OpenStack checks a long list of features.
Strategic autonomy ๐
The EU is currently funding european Cloud and Edge initiatives to the tune of 1.2 billion euros. Some googling did not give much of an answer as to what projects it supports, other than a list of member states and companies with explicit stakes. T-mobile, one of the companies running an OpenStack based cloud service, was on the list. But no mention of OpenStack. Looking at websites of OpenStack and parent organization OpenInfra, there is no mention of EU. NASA is listed as a supporting organization for OpenInfra, but there are no signs that any of the billion euros to fund EU clouds has found its way to the project that powers half of the existing EU cloud offerings. I still hope I’m overlooking something. Because funding identity-based authentication in OpenStack should be a no-brainer for the EU.