Software

Sovereign connectivity in dataspaces requires automating network access to ensure security, compliance, and operational scale. In the Data Intelligence Hub, we replace manual firewall updates with a declarative, Kubernetes-native model using Custom Resource Definitions (CRDs). Customers define their allowed IP ranges through a self-service portal, which generates an IpAccessPolicy object representing the desired state. A controller then reconciles this state with the underlying infrastructure, automatically updating Kubernetes Ingress configurations and preventing drift. This architecture ensures auditability, validates inputs before enforcement, and keeps network access aligned with the principles of data sovereignty across multi-tenant environments.

Sovereign observability is now essential as organizations operate Kubernetes across fragmented multi-cloud environments. Traditional monitoring approaches fail when logs and metrics cannot leave their originating region due to compliance and data-residency constraints. This architecture solves the challenge by decoupling storage from querying: each cloud environment writes logs and metrics to its own sovereign object storage while a central observer cluster queries them on demand. Leveraging Prometheus, Thanos, Loki, and Promtail, the system provides global visibility, secure mTLS communication, isolated buckets, and a unified Grafana experience — all without violating sovereignty rules.

Die Fertigung befindet sich in einer digitalen Revolution, doch viele Transformationsinitiativen geraten aufgrund eines grundlegenden Problems ins Stocken: Daten, die in Silos gefangen sind. Das eigentliche Hindernis ist nicht die KI oder der Mangel an Tools, sondern die Interoperabilität – die Fähigkeit von Systemen, Teams und Unternehmen, die Daten der anderen zu verstehen und ihnen zu vertrauen. In diesem Artikel wird untersucht, warum traditionelle Ansätze scheitern, und es werden Manufacturing Data Spaces als fehlende Grundlage vorgestellt. Data Spaces bieten ein sicheres, souveränes Framework für den kontrollierten Datenaustausch zwischen Anlagen und Partnern – ohne das Eigentum aufzugeben. Von Energieeffizienz über vorausschauende Wartung bis hin zu Compliance-Berichten zeigen Beispiele aus der Praxis, wie Hersteller Werte freisetzen und gleichzeitig die Kontrolle behalten können. Wir untersuchen die Ebenen der Interoperabilität, menschliche Belange, Schlüsseltechnologien wie AAS und OPC UA und wie man mit Pilotprojekten beginnt, die einen echten ROI liefern. Für Hersteller ist der Aufbau einer vertrauensbasierten Datenzusammenarbeit nicht nur ein technisches Upgrade – es ist ein strategischer Schritt, der die zukünftige Wettbewerbsfähigkeit in einer zunehmend vernetzten Branche definiert.

Jupyter Notebook ist jetzt nahtlos in Build & Operate integriert und bietet interaktive Datenzusammenarbeit, Echtzeitanalyse und fortschrittliche Visualisierung in einem sicheren, kontrollierten Datenraum. Egal, ob Sie Datenwissenschaftler, Analyst oder Geschäftsanwender sind, diese leistungsstarke Funktion ermöglicht es Ihnen, Datensätze zu erforschen, Erkenntnisse zu generieren und Ergebnisse mühelos zu teilen - und das alles in einem vertrauenswürdigen Ökosystem, das für Effizienz, Compliance und Innovation ausgelegt ist.

This article outlines our experience migrating workloads from an on-premises data center to the AWS Cloud, culminating in the decommissioning of our last server in December 2024. The migration focused on our Motion Data product, which leverages geo-information analytics from Deutsche Telekom's mobile network to provide anonymized mass movement insights for industries such as retail, tourism, and public transport. Our transition to AWS was driven by rising colocation costs and the need to modernize our infrastructure, which faced limitations due to outdated technology constraints, high maintenance efforts, and inefficient storage and compute resource management. We selected AWS's Replatforming approach to harness managed services, improve scalability, and replace legacy Hadoop infrastructure with a more flexible Spark-on-Kubernetes and S3-based solution. The migration delivered key benefits, including 35% lower infrastructure costs, access to up-to-date technology stacks, and removal of resource constraints for compute workloads. By leveraging AWS-managed services such as Kubernetes (EKS), EMR, and RDS, we optimized performance, simplified operations, and positioned ourselves for future growth and innovation in cloud-native environments.

In a multi-cloud setup, using Rancher to manage Kubernetes clusters requires adding NAT gateway IPs to the Rancher Load Balancer's Security Group. Due to Security Group limits of 1,000 IPs per ENI, employing a Web Application Firewall (WAF) is beneficial. WAF allows 100 IP sets with 10,000 IPs each, supporting up to 1 million IP addresses and providing enhanced logging and metrics.

Discover an innovative application development environment powered by Eclipse Tractus-X, offering unparalleled focus and speed from concept to implementation success. With Tractus-X Sandbox, Catena-X Sandbox, and LivingLab Tractus-X, choose the option that fits your needs and start building your data-driven applications effortlessly. Benefit from trusted transactions, ease of use, and T-Systems' expertise in providing reliable data infrastructure solutions.

Explore the transformative power of open source and collaboration in driving innovation, exemplified by initiatives like Catena-X and IPCEI-CIS, fostering data-driven transformation and advancing digital autonomy.

Explore the collaborative journey of Telekom Data Intelligence Hub with the Eclipse Dataspace Working Group (EDWG), shaping the future of secure and innovative data exchange through open-source technologies. From pioneering dataspaces to global collaborations, discover how T-Systems is unlocking the value of data on its own terms.