Software

Sovereign connectivity in dataspaces requires automating network access to ensure security, compliance, and operational scale. In the Data Intelligence Hub, we replace manual firewall updates with a declarative, Kubernetes-native model using Custom Resource Definitions (CRDs). Customers define their allowed IP ranges through a self-service portal, which generates an IpAccessPolicy object representing the desired state. A controller then reconciles this state with the underlying infrastructure, automatically updating Kubernetes Ingress configurations and preventing drift. This architecture ensures auditability, validates inputs before enforcement, and keeps network access aligned with the principles of data sovereignty across multi-tenant environments.

Sovereign observability is now essential as organizations operate Kubernetes across fragmented multi-cloud environments. Traditional monitoring approaches fail when logs and metrics cannot leave their originating region due to compliance and data-residency constraints. This architecture solves the challenge by decoupling storage from querying: each cloud environment writes logs and metrics to its own sovereign object storage while a central observer cluster queries them on demand. Leveraging Prometheus, Thanos, Loki, and Promtail, the system provides global visibility, secure mTLS communication, isolated buckets, and a unified Grafana experience — all without violating sovereignty rules.

Manufacturing is undergoing a digital revolution, yet many transformation initiatives stall due to a fundamental problem: data trapped in silos. The real roadblock isn't AI or lack of tools, but interoperability—the ability of systems, teams, and companies to understand and trust each other's data. This article explores why traditional approaches fail and introduces Manufacturing Data Spaces as the missing foundation. Data Spaces provide a secure, sovereign framework for controlled data sharing across plants and partners—without giving up ownership. From energy efficiency to predictive maintenance and compliance reporting, real-world examples show how manufacturers can unlock value while preserving control. We explore the layers of interoperability, human concerns, key enabling technologies like AAS and OPC UA, and how to get started with pilots that deliver real ROI. For manufacturers, building trust-based data collaboration isn’t just a tech upgrade—it’s a strategic move that defines future competitiveness in an increasingly connected industry.

Jupyter Notebook is now seamlessly integrated into Build & Operate, bringing interactive data collaboration, real-time analysis, and advanced visualization to a secure, governed dataspace. Whether you're a data scientist, analyst, or business user, this powerful feature enables you to explore datasets, generate insights, and share findings effortlessly—all within a trusted ecosystem designed for efficiency, compliance, and innovation.

This article outlines our experience migrating workloads from an on-premises data center to the AWS Cloud, culminating in the decommissioning of our last server in December 2024. The migration focused on our Motion Data product, which leverages geo-information analytics from Deutsche Telekom's mobile network to provide anonymized mass movement insights for industries such as retail, tourism, and public transport. Our transition to AWS was driven by rising colocation costs and the need to modernize our infrastructure, which faced limitations due to outdated technology constraints, high maintenance efforts, and inefficient storage and compute resource management. We selected AWS's Replatforming approach to harness managed services, improve scalability, and replace legacy Hadoop infrastructure with a more flexible Spark-on-Kubernetes and S3-based solution. The migration delivered key benefits, including 35% lower infrastructure costs, access to up-to-date technology stacks, and removal of resource constraints for compute workloads. By leveraging AWS-managed services such as Kubernetes (EKS), EMR, and RDS, we optimized performance, simplified operations, and positioned ourselves for future growth and innovation in cloud-native environments.

In a multi-cloud setup, using Rancher to manage Kubernetes clusters requires adding NAT gateway IPs to the Rancher Load Balancer's Security Group. Due to Security Group limits of 1,000 IPs per ENI, employing a Web Application Firewall (WAF) is beneficial. WAF allows 100 IP sets with 10,000 IPs each, supporting up to 1 million IP addresses and providing enhanced logging and metrics.

Discover an innovative application development environment powered by Eclipse Tractus-X, offering unparalleled focus and speed from concept to implementation success. With Tractus-X Sandbox, Catena-X Sandbox, and LivingLab Tractus-X, choose the option that fits your needs and start building your data-driven applications effortlessly. Benefit from trusted transactions, ease of use, and T-Systems' expertise in providing reliable data infrastructure solutions.

Explore the transformative power of open source and collaboration in driving innovation, exemplified by initiatives like Catena-X and IPCEI-CIS, fostering data-driven transformation and advancing digital autonomy.

Explore the collaborative journey of Telekom Data Intelligence Hub with the Eclipse Dataspace Working Group (EDWG), shaping the future of secure and innovative data exchange through open-source technologies. From pioneering dataspaces to global collaborations, discover how T-Systems is unlocking the value of data on its own terms.