)
In today’s cloud-dominated IT landscape, many organizations are rethinking their dependencies on proprietary software platforms. Rising licensing fees, abrupt policy shifts, and vendor lock-in have caused concern across industries — particularly in the public sector, where digital sovereignty and long-term control over infrastructure are critical. The increasing frequency of “licensing rugpulls” from major vendors such as VMware has only accelerated this shift.
NUBO, a French interministerial cloud project, built and operated by the Ministry of Economics and Finance, has emerged as a leading example of how open-source technologies — especially OpenStack — can power sovereign, secure, and scalable digital infrastructure.
This article explores why NUBO chose OpenStack, the challenges they encountered, and how their experience reflects the broader movement toward open-source cloud platforms as a foundation for digital independence.
A Foundation Built on Open Source
For over 25 years, NUBO’s technical teams have relied on a wide range of open-source technologies, including Linux, KVM, and Open vSwitch. Their commitment to open source has never been about cost savings alone. Instead, it stems from two key priorities:
- Technical excellence: These tools meet the demanding requirements of government-level operations.
- Strategic and financial independence: Avoiding proprietary licenses and subscription-based models helps ensure freedom from vendor lock-in and long-term cost predictability.
Rather than investing in commercial licenses or external support contracts, NUBO has consistently chosen to invest in people — building deep internal expertise across the stack. This approach empowers them to adapt, innovate, and retain control over their digital infrastructure.
Why OpenStack?
When NUBO set out to build its own interministerial private cloud, open source infrastructure was the natural choice. Among available cloud platforms, OpenStack quickly stood out as the only open source solution mature enough to meet the project’s unique demands.
OpenStack’s advantages aligned perfectly with NUBO’s goals:
- Modular and API-Driven Architecture: OpenStack’s component-based design lets NUBO select only the services needed and integrate them cleanly with the rest of its stack. Each service is fronted by an API, offering maximum flexibility.
- Infrastructure Abstraction: OpenStack is more than just a virtual machine orchestrator. It provides a unified abstraction layer for compute, storage, and networking — making it a full-fledged cloud infrastructure platform.
- Scalability and Reliability: Built for both small and large deployments, OpenStack supports NUBO’s mission to deliver robust services to government organizations, now and into the future.
Maturing with the Ecosystem
NUBO began testing OpenStack between 2013 and 2015. At the time, the project was powerful but unwieldy. Deployments were difficult, configuration was inconsistent, and reliability was not where it needed to be.
A major turning point came in 2017, when the Kolla and Kolla-Ansible projects gained traction. By containerizing OpenStack services and standardizing deployment practices, Kolla addressed the complexity and made it feasible for NUBO to maintain and upgrade OpenStack with confidence. The team developed a continuous integration and testing pipeline — including a full “virtual Nubo” deployment environment — to validate each release before it hit production.
Today, NUBO manages regular updates to its OpenStack platform and contributes back to the ecosystem, as both a user and innovator.
Technical Challenges — and Solutions
While OpenStack has evolved, NUBO’s experience shows that successful deployments still require deep technical knowledge. The team encountered several performance and reliability challenges, which they addressed through targeted troubleshooting and adaptation:
- Network Performance Issues: As the number of security groups on hypervisors grew, network performance degraded. The solution was to switch from the default driver to the OpenFlow driver, which handled the filtering rules more efficiently.
- MariaDB Query Bottlenecks: NUBO’s database cluster was generating performance issues due to excessive joins. A single configuration change, once diagnosed, dramatically improved response times.
- Neutron Clustering Failures: An overload on one Neutron server caused a domino effect across clustered nodes. The team had to disable clustering temporarily to stabilize the environment.
- NFS Storage Freezes: Using the NetApp Cinder driver, NUBO experienced unpredictable VM freezes. Migrating to NFS 4.1 resolved the issue.
These experiences underscore the value of OpenStack’s flexibility: most problems could be solved internally, without waiting for vendor fixes — a major advantage in a sovereignty-focused model.
Observability and Security: Key Areas of Focus
Despite many improvements, observability remains a challenge. Solutions like Ceilometer and Monasca either underperformed or lacked maintenance when attempting to implement them at the time. In response, NUBO built a custom observability stack using Prometheus, Grafana, and VictoriaMetrics, along with EFK (Elasticsearch, Fluentd, Kibana) for log management.
Security has also been a major priority, in line with France’s SecNumCloud cybersecurity standards. The team worked in particular on refining internal network segmentation, internal-external API separation, multi-factor authentication and HTTPS across all internal communications.
Preparing for the Future: Kubernetes and Ceph
Looking ahead, NUBO is in the process of building a Kubernetes-based offering, Kubo, based on Cluster-API for managing the lifecycle of multiple clusters. The plan is to offer this service by 2026, maintaining the level of security that complies with the ANSSI’s SecNumCloud reference framework, just like their OpenStack-based infrastructure. As part of this Kubo project, they plan to make or contribute to a sovereign Kubernetes distribution.
Simultaneously, the team is evaluating Ceph as a possible future storage backend. Although powerful, Ceph requires specialized expertise — particularly in sensitive areas like data integrity and replication — and the team is considering eventual adoption.
Lessons from NUBO: Open Source Enables Sovereignty
NUBO’s experience offers a compelling lesson for governments, enterprises, and institutions worldwide: digital sovereignty is achievable — but it requires a commitment to open source principles, long-term investment in people, and readiness to manage complexity.
OpenStack has matured into a powerful platform capable of supporting mission-critical workloads at national scale. In contrast to proprietary platforms that may change their licensing or roadmap at any time, OpenStack empowers users with transparency, control, and community-led innovation.
While challenges remain — especially around observability and long-term operations — the benefits of control, adaptability, and independence far outweigh the costs. NUBO’s experience provides a roadmap for others to follow — proving that open source is not just a cost-saving measure, but a strategic asset in the defense of national autonomy and digital freedom.
