Skip to main content

Building a Sovereign Cloud Platform with Cirrus Cloud Platform

A unified cloud management platform for government and enterprise cloud services delivery

Executive Summary

Governments and enterprises across the globe are accelerating their transition to sovereign cloud infrastructure — cloud platforms that are locally controlled, independently operated, and built to meet the unique compliance, security, and governance requirements of national and regulated industries. Cirrus Cloud Platform (CCP), developed by Coredge, is a hyper-scaler grade Cloud Management Platform (CMP) purpose-built to address this need. In combination with Cirrus Cloud Platform (CCP), the IaaS Orchestrator, and Cloud Orbiter, the Kubernetes Orchestrator, CCP delivers a unified cloud services platform that enables service providers to offer Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) to their customers through a single, self-service portal. This White Paper presents the capabilities, architecture, service portfolio, and delivery approach of Cirrus Cloud Platform as deployed for a sovereign cloud platform serving government and enterprise customers. It is intended for technology leaders, cloud architects, and business decision makers evaluating a Cloud Management Platform for sovereign or enterprise cloud deployments.

💡
Key Insight
Cirrus Cloud Platform provides hyper-scaler grade self-service capabilities for Infrastructure, Platform, and Software services — designed for sovereign cloud environments.

Key Highlights

  • Unified Cloud Management Platform for IaaS, PaaS, and SaaS delivery
  • Self-service portal with automated provisioning and policy-based governance
  • Multi-region, multi-AZ high availability architecture with active-passive failover
  • Comprehensive service portfolio delivered in three phased milestones (MVP1, MVP2, MVP3)
  • Built-in Identity and Access Management with multi-tenant identity federation
  • Scalable to 50,000 virtual machines and 200,000 pods per deployment
  • Enterprise-grade security with mTLS, AES-256 encryption, and RBAC

1. The Business Challenge

As cloud adoption matures, governments and enterprises are increasingly recognizing that public hyperscale cloud alone does not meet all their needs. Sovereign cloud — cloud infrastructure that is locally deployed, nationally controlled, and operated independently — is emerging as a critical requirement for sectors handling sensitive data, regulated workloads, and strategic national infrastructure. Building and operating a sovereign cloud platform at scale presents significant challenges:

ChallengeDescription
Self-Service at ScaleGovernment and enterprise customers expect on-demand provisioning of compute, storage, and network resources without manual intervention from the service provider.
Visibility & GovernanceOperating a multi-tenant cloud requires centralized visibility across all environments, with policy-based governance and compliance enforcement.
Operational ComplexityManaging heterogeneous infrastructure — physical servers, virtual machines, Kubernetes clusters, and storage — through disparate tools creates operational overhead and increases risk.
Security & ComplianceSovereign cloud workloads demand end-to-end encryption, identity federation, and role-based access control that meets national and industry compliance standards.
Cost OptimizationWithout centralized metering, showback, and quota management, cloud spending becomes opaque and difficult to govern across multiple tenants and business units.

2. The Solution — Cirrus Cloud Platform

Cirrus Cloud Platform (CCP) is a Cloud Management Platform developed by Coredge that provides hyper-scaler grade self-service capabilities for Infrastructure, Platform, and Software services. CCP is designed to operate as the management and orchestration layer above existing cloud infrastructure, enabling service providers to deliver cloud services to their customers through a unified, self-service experience. CCP operates in combination with two complementary Coredge products:

ComponentRole
Cirrus Cloud Platform (CCP)Cloud Management Platform — the top-layer self-service and governance platform that customers and operators interact with directly.
Cirrus Cloud Platform (CCP)IaaS Orchestrator — manages the underlying OpenStack infrastructure, providing compute, storage, and networking resources.
Cloud OrbiterKubernetes Orchestrator — manages Kubernetes clusters across the platform, enabling container workload management and application deployment.
Cirrus Cloud Platform — Platform Stack ArchitectureCIRRUS CLOUD SUITE (CCP)Cloud Management Platform — Self-Service Portal · Admin Console · Governance · MeteringIdentity & Access (Keycloak · OpenFGA) · RBAC · Multi-Tenancy · API GatewayCIRRUS CLOUD PLATFORM (CCP)IaaS OrchestratorOpenStack · Compute · Storage · NetworkingCLOUD ORBITERKubernetes OrchestratorContainer Mgmt · App Deployment · PaaS/SaaSINFRASTRUCTURE LAYERPhysical Servers · Virtual Machines · Bare Metal · Storage Arrays · Network FabricDelivered ServicesIaaSPaaSSaaSGovernanceSecurityMetering & FinOps

Figure 1: Cirrus Cloud Platform — Layered Platform Architecture

Together, these three components provide a complete, end-to-end sovereign cloud platform layer that serves both the internal teams of the cloud service provider — Day 2 operations, business units, security, FinOps, and cloud governance — and the end customers who consume cloud services.

3. Platform Capabilities

Cirrus Cloud Platform delivers five foundational capabilities that address the core challenges of sovereign and enterprise cloud management:

Five Core Platform CapabilitiesCIRRUSCLOUDSUITE🖥Self-ServiceProvisioningOn-demand VMs, Storage,Containers & Bare Metalwithout manual ops📊VisibilityAcross EnvsAll regions & AZsPrometheus +Grafana monitoring⚙️CentralisedManagementREST API gateway · RBACTenant → Cell hierarchy🔒Compliance &SecurityKeycloak IAM · OpenFGAmTLS · AES-256 · SAML11 service-specific roles💰OptimisedCloud SpendMetering &Showback · QuotaManagement · FinOps

Figure 2: Five Core Platform Capabilities of Cirrus Cloud Platform

3.1 Self-Service Access for Automated Provisioning and Deployments

CCP provides a rich, user-friendly Self-Service Console as the primary interface for end users. Through intuitive interfaces, customers can provision and manage virtual machines, storage volumes, load balancers, container workloads, and bare metal servers without requiring intervention from the service provider's operations team. Organisation administrators can create and manage Projects and Cells, define access control policies, and ensure proper resource allocation and usage — all from a single portal.

3.2 Visibility Across Environments

The CCP Admin Console provides the service provider's operations team with a comprehensive view of the entire cloud environment — all virtual machines, volumes, load balancers, container namespaces, and infrastructure health indicators — across all regions and availability zones.

Integrated monitoring through Prometheus and Grafana enables proactive health tracking, alerting, and automated recovery workflows for cluster and database components.

3.3 Centralised Management

CCP Coredge Platform Services is composed of purpose-built microservices that communicate through well-defined REST APIs and internal routing mechanisms. The platform provides centralized access control and API logging through an in-built API gateway, ensuring secure and authorized access to all platform resources from a single management plane. The platform's resource hierarchy — Tenant → Cell → Resources — provides a structured, governed model for multi-tenant resource management, with quota management enforced at both tenant and cell levels.

3.4 Improved Compliance and Security

CCP provides multi-layered security architecture. The built-in Identity and Access Management server (powered by Keycloak) is multi-tenant by design, with the capability to federate with external identity providers including BSS Portal and ADFS using SAML 2.0. For each customer organisation, CCP creates a unique identity account, ensuring complete isolation between tenants. Role-Based Access Control (RBAC) is enforced across all platform layers through OpenFGA, Coredge's AuthZ engine. Eleven pre-defined service-specific roles and seven organisation-level roles provide granular access control aligned with the principle of least privilege. All data is protected with encryption in transit (mTLS) and encryption at rest (AES-256). Regular security assessments and compliance checks are built into the platform's operational model.

3.5 Optimised Cloud Spends

CCP includes built-in metering, showback, and quota management through the orbiter-metering module. This provides full visibility in resource consumption across all tenants and cells, enabling the service provider to generate notional invoices, enforce spending limits, and give customers visibility into their own cloud usage.

4. Service Portfolio

CCP delivers cloud services to customers in a phased manner across three milestones. This approach ensures that foundational services are delivered and stabilised before expanding the portfolio, reducing deployment risk and enabling early value realisation.

Service Portfolio — Phased Delivery Roadmap123MVP1 — FoundationMVP2 — ExpandedMVP3 — Advanced💻 ComputeVirtual Machine · Container as a ServiceBare Metal as a Service (BMaaS)💾 StorageBlock · Object · File Storage🌐 NetworkALB · NLB · VPN · Firewall · NAT · VPC📊 MonitoringLog Analyzer · Alarms · Notifications🗄 DatabaseOracle DBaaS · MongoDB DBaaS🔒 SecuritySIEM · CWPP · WAF · Log Monitoring🏗 FoundationIAM · MFA · DNS · NTP · PAM · SMTP💼 Backup & SupportBaaS · Basic & Enterprise Support💾 StorageArchival Storage🗄 DatabaseMS SQL (Std/Enterprise/Web) · Managed DBaaS🌐 NetworkCDN · MPLS (Partner & Dedicated)🔒 Security (Advanced)HSM · DDoS · TLS Mgmt · Digital Forensics📨 Queue ServicesKafka as a Service🌐 NetworkBandwidth as a Service / QoS (BWaaS)🗄 DatabaseMariaDB Managed · NoSQL Managed DBaaS☁ Disaster RecoveryDisaster Recovery as a Service (DRaaS)📨 MessagingMessage Broker Services

Figure 3: Phased Service Portfolio Delivery — MVP1, MVP2, MVP3

4.1 MVP1 — Foundation Services

The first milestone delivers the core infrastructure and platform services required for a fully operational sovereign cloud platform:

CategoryServices
ComputeVirtual Machine · Container as a Service · Bare Metal as a Service (BMaaS)
StorageBlock Storage · Object Storage · File Storage
NetworkApplication Load Balancer · Network Load Balancer · VPN Gateway (Site-to-Site & Point-to-Site) · Firewall · Public IP · NAT Gateway · VPC
MonitoringLog Analyzer · Operational Metric Collection · Alarm Service · Notification Service
DatabaseManaged Database as a Service (Oracle and MongoDB)
SecuritySecurity Incident and Event Management · Log Monitoring · Cloud Workload Protection · Web Application Firewall
FoundationIAM · SMTP · Identity Federation · MFA · DNS · NTP · Privileged Access Management · IP Address Management · Active Directory Services
SupportBasic Support Services · Enterprise Support Services
Managed ServicesManaged Services
BackupBackup as a Service

4.2 MVP2 — Expanded Services

The second milestone expands the portfolio with advanced storage, database, network, and security services:

CategoryServices
StorageArchival Storage
DatabaseMicrosoft SQL-as-a-Service (Standard, Enterprise, Web Editions) · Managed Database as a Service · Database Licenses
NetworkContent Delivery Network · MPLS Connectivity (Partner & Dedicated Interconnect)
SecurityCloud-Based Hardware Security Module · DDoS Protection · TLS/SSL Certificate Management · Encryption Services · Digital Forensics
AdditionalQueue Services (Kafka as a Service)

4.3 MVP3 — Advanced Services

The third milestone delivers advanced network, database, disaster recovery, and messaging services:

CategoryServices
NetworkBandwidth as a Service / QoS (BWaaS)
DatabaseManaged Database as a Service — MariaDB · Managed Database as a Service — NoSQL
Disaster RecoveryDisaster Recovery as a Service (DRaaS)
AdditionalMessage Broker Services
💡
Note
The above list of services may change in accordance with the guidance provided by the Client Business team.

5. Architecture and High Availability

The CCP architecture is designed from the ground up for high availability, fault tolerance, and multi-region resilience. The platform operates across multiple regions and availability zones, with every layer of the stack engineered for continuous operation even in the event of infrastructure failures.

5.1 Multi-Region, Multi-AZ Architecture

Multi-Region, Multi-AZ High Availability ArchitectureREGION 1 (North)Availability Zone 1Cluster 1PRIMARY (Active)Web Layer (DMZ)3 VMs · Reverse ProxyK8s ClusterCCP MicroservicesMongoDB PrimaryConfig + Metrics DBPostgreSQL PrimaryKeycloak + OpenFGAAvailability Zone 2Cluster 2STANDBY (Passive)Web Layer (DMZ)3 VMs · StandbyK8s Cluster ReplicaCCP MicroservicesMongoDB ReplicaConfig + Metrics DBPostgreSQL ReplicaKeycloak + OpenFGAFailoverREGION 2 (South)Availability Zone 3Cluster 1PRIMARY (Active)Web Layer (DMZ)3 VMs · Reverse ProxyK8s ClusterCCP MicroservicesMongoDB PrimaryConfig + Metrics DBPostgreSQL PrimaryKeycloak + OpenFGAAvailability Zone 4Cluster 2STANDBY (Passive)Web Layer (DMZ)3 VMs · StandbyK8s Cluster ReplicaCCP MicroservicesMongoDB ReplicaConfig + Metrics DBPostgreSQL ReplicaKeycloak + OpenFGAFailoverGSLBActive-ActiveReplicationCross-Region Backup Replication (5 TB object storage per region)Active / Primary ClusterStandby / Passive ClusterAutomatic Failover

Figure 4: Multi-Region, Multi-AZ High Availability Architecture

Each region consists of multiple Availability Zones (AZs). Within each region, CCP runs independent components per AZ — all microservices managing infrastructure in that AZ operate autonomously. Two clusters run per region in an active-passive configuration:

Cluster 1 (Primary): Hosts the main application services and primary MongoDB database in Availability Zone 1. This is an active cluster during normal operations. The web layer is deployed across 3 virtual machines in the DMZ, acting as a reverse proxy to the Kubernetes cluster in the production zone.

Cluster 2 (Standby): Hosts replica application services and a replica MongoDB database in Availability Zone 2. This cluster remains in standby, ready to assume primary responsibilities immediately upon failure of Cluster 1.

5.2 Failover and Continuity

CCP provides automated failovers at multiple levels:

Regional Failover: Traffic is automatically routed to the passive cluster when the active cluster fails. MongoDB replica sets ensure data consistency during failover within a region.

Multi-AZ Failover: If an individual AZ fails, services fail over within the region without impacting overall platform operations. Load balancers and DNS routing ensure seamless traffic redirection to active services.

Global Services Continuity: Global services — responsible for organisation onboarding, metadata management, metering aggregation, and quota management — run in active-passive mode across regions. A GSLB probe detects endpoint availability and redirects traffic to the backup region when the active cluster goes down. Internal quorum is based on a 2n+1 system for accurate active cluster identification.

5.3 Global Database Architecture

Global services store Tenant, Project, and User information in MongoDB, replicated using Active-Active replication with change-stream. OpenFGA (the AuthZ engine) and its PostgreSQL backend run in Active-Passive mode between regions, with writes going to the primary region by default since this is a read-heavy database. A 3+3 node setup distributes database responsibility evenly across two availability zones. In the event of an AZ failure, the surviving AZ retains a full set of 3 nodes, enabling safe manual failover. Administrators can force reconfiguration — such as reinitiating leader elections in the surviving AZ when quorum is lost.

5.4 Backup and Data Protection

CCP implements a comprehensive, automated backup strategy:

Application Data Backup: Active CCP cluster data — including Keycloak PostgreSQL DB, Config MongoDB, Metrics MongoDB, and ETCD DB of the Kubernetes cluster — is continuously backed up to a geo-replicated object storage bucket. North region backups are stored in the south region and vice versa.

Database VM Backup: Database clusters hosted on virtual machines are backed up using the Veritas backup agent. Backup Schedule: Incremental backup every 30 minutes, full back up every 24 hours, with a 3-month retention period.

Storage Allocation: 5 TB object storage per region for configuration replication, 5 TB for log retention, and 10 TB cross-region object storage for backup data.

6. Identity, Access Management and Multi-Tenancy

CCP is built as a multi-tenant platform from the ground up. Each customer organisation operates within a completely isolated identity and resource boundary, governed by a structured hierarchy and role-based access control framework.

6.1 Platform Hierarchy

Resources in CCP are organized in a structured hierarchy that maps directly to the customer's BSS Portal construct:

Platform Resource Hierarchy — BSS Portal to CCP MappingBSS PORTALCIRRUS CLOUD SUITEPartyTop-level customer entity / Organisationmaps toTenantIsolated domain · Quota enforced · Multi-cellBilling AccountFinancial/operational sub-accountmaps toCellLogical resource group · Quota inherited · IsolatedLogical Subscriber IdentityIndividual user / subscribermaps toResourcesVMs · Storage · Network · Containers · DB⚠ Nesting of Tenants and Cells is not permitted · Quotas enforced at both Tenant and Cell levels · All Cells inherit quota by default

Figure 5: Platform Resource Hierarchy — BSS Portal to CCP Mapping

BSS Portal Party  →  Billing Account  →  Logical Subscriber Identity

CCP Tenant  →  Cell  →  Resources

Each customer account maps a single Tenant in CCP. Multiple Cells can be created within a Tenant, providing logical isolation for different business units, projects, or environments. Nesting of Tenants and Cells is not permitted. Quotas are enforced at both tenant and cell levels, with all cells inheriting quota by default.

6.2 Identity Federation

The BSS Portal serves as the primary user identity store. All customer user accounts are created, modified, and deleted exclusively through the BSS Portal. CCP IAM (Keycloak) federates with the BSS Portal as its Identity Provider, supporting SAML 2.0 and ADFS federation. For each customer organisation, a unique Keycloak realm is created, ensuring complete identity isolation between tenants.

6.3 Role-Based Access Control

CCP provides a comprehensive, pre-defined role framework covering all platform functions. Seven organisation-level roles govern Tenant and Cell management:

RoleAccess Level
Tenant Super AdministratorRoot-level access; manages everything within a Tenant; can create other Tenant Super Administrators and Tenant Administrators
Tenant AdministratorHighest privileges per tenant; creates Cells and custom roles; manages quota and access requests
Tenant ViewerRead-only access for auditing, compliance, and training purposes
Tenant Billing AdminAccess to quota usage, metering, and showback
Cell AdministratorFull access to all resources within a Cell; manages Cell quota
Cell ViewerRead-only access to Cell resources for auditing and compliance
Cell UserAccess to all services within a Cell; no quota management access

Eleven service-specific roles provide granular access control for individual cloud services, including VM Admin, VM Reader, Block/Object/File Storage Admin, Backup Admin, Network Admin, Container Admin, BareMetal Admin, Database Admin, and InfoSec Admin.

7. Scalability

CCP is engineered to scale with the demands of a sovereign cloud platform serving government and enterprise customers on national scale. The platform's Kubernetes-based deployment model enables horizontal scaling of all CCP microservices by adding worker nodes to the management cluster.

💡
Note
CCP scales to support 50,000 virtual machines and 200,000 pods per deployment — with additional worker nodes added on demand to handle increased load.

The production infrastructure per availability zone is dimensioned to handle this scale:

ComponentCountvCPU / NodeMemory / Node
K8s Master Nodes312 vCPU24 GB
K8s Worker Nodes548 vCPU128 GB
CCP PostgreSQL DB332 vCPU64 GB
CCP MongoDB324 vCPU48 GB
OpenFGA PostgreSQL DB **324 vCPU48 GB
Global MongoDB **312 vCPU24 GB
Web Layer (DMZ)312 vCPU24 GB
** OpenFGA PostgreSQL DB and Global MongoDB VMs are stretched across 2 AZs in the region and routed accordingly.
💡
Note
All cluster VMs must be deployed with anti-affinity enabled across different physical compute nodes to ensure cluster high availability.

8. Implementation Approach

CCP is deployed on a Kubernetes management cluster, separate from the workload infrastructure. The Cloud Management Platform solutions: Cirrus Cloud Platform, Cirrus Cloud Platform, and Cloud Orbiter — is deployed in the control plane of each availability zone and must not be deployed in the workload pod. This separation ensures that the management layer is not affected by workload activity.

8.1 Deployment Pre-Requisites

The following infrastructure and services must be in place before CCP deployment can commence:

  • Wildcard SSL certificates for CCP hosting and dynamic customer account URLs
  • Load Balancer and VIPs for each CCP endpoint
  • DNS Server with credentials to create dynamic domains based on customer accounts
  • Accessible Container Registry to store container images
  • Kubernetes-compliant storage with High IOPS performance
  • Connectivity and credentials for SMTP server for email notifications
  • NTP and DNS server connectivity
  • Connectivity and APIs to integrate with the BSS Portal

8.2 Phased Delivery

CCP services are delivered in three phases — MVP1, MVP2, and MVP3 — allowing the platform to be operational with foundational services quickly, while the full-service portfolio is built out progressively. This phased approach reduces risk, allows for early customer onboarding, and provides the operations team time to build operational maturity with each new service category before the next phase begins.

8.3 What is Out of Scope

The following are explicitly out of scope for the CCP platform delivery:

  • Hardware procurement and its deployment
  • Software procurement and associated licensing (operating system, database, backup software, management software) other than CCP
  • Penetration Testing
  • Performance Testing for components other than CCP
  • Day 2 operations for underlying infrastructure (Compute, Storage, and Network)
  • Application or configuration changes within the BSS Portal

9. Conclusion

Sovereign cloud is no longer a future aspiration for governments and regulated enterprises — it is an immediate operational requirement. Building it successfully demands a Cloud Management Platform that combines the self-service convenience of public cloud with the control, governance, and security posture that sovereign deployments demand. Cirrus Cloud Platform delivers exactly this. With its unified management layer spanning virtual machines, containers, and bare metal; its multi-region, multi-AZ high availability architecture; its comprehensive role-based access control and identity federation capabilities; and its phased, risk-managed service delivery model, CCP provides a complete, proven foundation for sovereign cloud platform operations. The platform's ability to scale to 50,000 virtual machines and 200,000 pods, combined with its enterprise-grade backup, security, and monitoring capabilities, positions it as a long-term platform for cloud services growth — from foundational IaaS in MVP1 through advanced database, security, and disaster recovery services in MVP2 and MVP3.

💡
Note
Cirrus Cloud Platform — built for sovereign cloud, designed for scale, engineered for continuity.

About Coredge

Coredge is the developer of Cirrus Cloud Platform, Cirrus Cloud Platform, and Cloud Orbiter — a complete, integrated Cloud Management and Orchestration platform designed for service providers, enterprises, and government organisations building and operating sovereign and private cloud infrastructure. Cirrus Cloud Platform provides hyper-scaler grade Cloud Management Platform capabilities for OpenStack and Kubernetes-based deployments, enabling service providers to deliver IaaS, PaaS, and SaaS services through a unified, self-service portal with enterprise-grade governance, security, and operational tools.

Contact

For more information or questions about Coredge's CCP:

Download PDF