The Sovereign Cloud
How can Canada realistically create a sovereign cloud
Posted on: 2025-09-14
Last week, Prime Minister Carney gave a speech about how a new major project will help build a Canadian sovereign cloud. This is not a new idea, several others have thought about this, and the idea has been brought up endlessly since the latest US administration came into office. The cost is undoubtedly going to be high, but the need to control our digital infrastructure seems undeniable. From Microsoft briefly turning off an Indian company's cloud services due to sanctions, to their admission that they cannot guarantee data sovereignty even if your data is hosted outside the US, it seems the examples are piling up.
So I got interested in the technical aspects of running such a cloud. What would it take to actually build and run a Canadian sovereign cloud? First, this isn't uncharted territory. There are many non-US cloud providers out there, big and small, some public and some private:
- Alibaba Cloud - Based in China, they offer a complete suite of public cloud services running on their own custom stack called the Apsara Stack.
- Tencent Cloud - Also based in China, they offer cloud features tailored to a number of industries like gaming, social media and AI workloads. They don't disclose the tech stack they use.
- OVH Cloud - Based in France, this is one of the world's biggest alternative cloud providers, offering a full suite of features, with a custom tech stack based on OpenStack.
- Deutsche Telekom - Focused mostly on the enterprise sector, this public cloud runs a lot of open software like Kubernetes and Weaveworks.
- CERN - Running perhaps the biggest scientific cloud, with thousands of compute nodes, they run a full OpenStack environment to provide resources to scientists from around the world.
- European Weather Cloud - Similar to CERN, they also run an OpenStack environment focused on climate models, AI research and so on.
The technical foundation
Any decision related to which tech stack to choose has to be based on the requirements. I think a realistic Canadian sovereign cloud would need to support very large environments, with broad needs, similar to what the hyperscalers offers. This means self-service provisioning, virtual machines, container orchestration, storage services, networking, serverless functions, metered billing, identity management and more. However, the scale would be massively smaller by necessity. So we can't afford to create custom versions of everything. That's why relying on open source software is key, and in my research, there's only one real option that can offer such a vast, integrated environment, and that's OpenStack.
So why pick OpenStack? First, it's a mature platform with over 15 years of production use in very large environments. It's modular, with core modules providing pretty much every feature a cloud could need. Other technologies, such as Kubernetes for containers or OpenFAAS for serverless, can easily be added in. While OpenStack meets the backend needs, it's also important to realize that people are used to the industry standards, so providing a layer like Kubernetes would be vital for adoption.
So this is what a core stack would look like:
- Keystone - Identity management
- Nova - Compute for VMs
- Neutron - Software-defined networking
- Cinder - Block storage
- Glance - VM image management
- Horizon - Web dashboard
- Octavia - Load balancing
- Heat - Auto scaling
- Ceilometer - Telemetry and billing
- Kubernetes - Container orchestration
- OpenFAAS - Serverless functions
When it comes to hardware, having enough capacity would be key. People use the cloud mainly for the ease of use and elasticity, so they expect to press a button and have compute available. Different workloads also require different instance types. For example, such a cloud would need various Intel and AMD instances, but also instances optimized for networking, iops, and even AI training, with nVidia GPUs available as well.
The cost
Obviously the biggest concern of such a project would be the cost. The biggest cost by far would be the hardware capex, which could be divided into something like this to start with:
| Hardware | Estimated cost |
|---|---|
| 800 general compute nodes | $12M |
| 20 storage clusters (100TB each) | $5M |
| 100 GPU nodes (4x GPU each) | $16M |
| Networking gear, racks, cabling, etc | $500k |
| Total (hardware only) | $33.5M |
This gives us an initial cost of $33.5M just for the hardware. That's assuming we would already have some kind of warehouse or other building that can be reused.
Of course you then have to add a significant amount for ongoing operation:
| Operating cost | Estimate (annual) |
|---|---|
| Power and cooling | $500k |
| Facilities and related costs | $500k |
| Network transit and peering | $800k |
Staffing
| $1.1M |
| Total operating expenses | $2.9M |
That's an additional $2.9M per year. And this is assuming a very basic level of support. In reality, most cloud providers have other departments including marketing to bring in customers, professional services to assist them in migrating their workloads, and developers to customize features and services.
The bottom line
I actually don't think that cost would be the biggest blocker for such a project. I've worked with large enterprises for over 20 years and I can tell you that nobody embarks on a cloud project with just the base features. Everyone wants their own customized workloads, and cloud projects can last months if not years, usually with a non-trivial amount of support from the cloud provider, or from one of the thousands of AWS, GCP and Azure partner companies. Any large organization is going to have very customized, very specific requirements and workloads, and you cannot expect them to start from scratch in a fairly vanilla version of OpenStack.
This isn't to say that the idea is without merit. I think especially in the small to medium size sector, there could be a lot of value in having a sovereign cloud. These are the most nimble organizations that could tailor their workloads to a fairly generic cloud provider. But I don't think it's realistic to see our biggest enterprises or governments switch over to such a service anytime soon.