Dear colleagues,

Thank you for the discussion so far. This is what we summarised earlier:
https://www.ripe.net/ripe/mail/archives/ncc-services-wg/2021-June/003422.html

Since then we have seen these major additional points:

• Avoiding vendor lock-in (thanks Shane for pointing this out)
• Use of metal as a service (MAAS)

If you see something important missing from our summary, please speak up soon as it will help with our work.

We will use this summary to produce a first draft of community requirements and, based on those, a list of principles we would like to agree on, reasons and requirements for deploying RIPE NCC services in the cloud, and a high-level draft strategy. We will share this in a RIPE Labs article around mid-July. We are going to liaise with the chairs to ask this working group to organise an interim meeting to discuss this draft in the coming weeks. 

We aim to finalise the draft strategy in September in time for submission of the Draft RIPE NCC Activity Plan & Budget 2022 to the Executive Board. We realise that working on this while many people are taking vacation is not ideal, but we will take as much time as is needed to do this properly.

Once we see rough consensus emerging on the draft strategy we will revise our deployment plans for the RPKI repository and the RIPE Database. We will share our draft plans with the Routing WG and the RIPE Database WG at an early stage.

Thanks again for your contributions - I believe we are moving towards a positive outcome.

Kind regards,
Felipe


On 25 Jun 2021, at 11:43, Felipe Victolla Silveira <fvictolla@ripe.net> wrote:

Dear colleagues,

Thank you everyone who has commented - this is useful and we hope it continues. Below is a summary of the discussion so far.

We have formed a team internally that is focused on making sure we have this discussion properly. We are tracking your concerns and plan to share a detailed response with the working group in mid-July.

Here is what we’re hearing (in no particular order):

- Requests for more clarity about the "why"
- Risk that relevant technical skills may be lost internally
- Concerns related to security (e.g. cloud providers may present more of a target for state-sponsored actors)
- Some privacy aspects might be overlooked (e.g. while services like the RIPE Database are public, metadata or log files could be a concern)
- Compliance: make sure the RIPE NCC doesn't violate any regulations
- The discussion should focus on requirements rather than implementation... on the other hand, you're going to get solutioneering whether you like it or not - accept it!

It is helpful to see whether people agree or disagree with any of the points being raised. We are also interested to hear from anyone who hasn't spoken up yet, especially if you have real-world experience to share.

Kind regards

Felipe Victolla Silveira
Chief Operations Officer
RIPE NCC

Here's a link to the article on RIPE Labs again:
https://labs.ripe.net/author/felipe_victolla_silveira/ripe-ncc-and-the-cloud-lets-start-again/


On 21 Jun 2021, at 11:13, Alun Davies <adavies@ripe.net> wrote:

Dear colleagues,

The community’s reaction to our cloud proposal was stronger than expected. In this article we look at some of the concerns we have seen so far, to make sure we heard you correctly:

https://labs.ripe.net/author/felipe_victolla_silveira/ripe-ncc-and-the-cloud-lets-start-again/

Please share any comments on this mailing list so the discussion can continue.

Kind regards,

Alun Davies
RIPE Labs Editor
RIPE NCC