Architecture

OpenCloud is built as a peer-to-peer, fully decentralized cloud fabric.

Each OpenCloud instance is both:

  • a sovereign controller of its own infrastructure and resources, and
  • a peer node in a broader distributed network of partners.

There is no central authority, no single registry, and no single point of failure.

Core Architectural Principles

  • Sovereignty by Design
    Each instance maintains full control over its resources, policies, and trust relationships.

  • Decentralization
    The system is architected as a mesh of peers instead of a hub-and-spoke model.

  • Pluggable Workflows & Services
    Workflows and services are defined on top of a common fabric of cataloged resources.

  • Observability & Accounting
    All resource usage is tracked to enable transparent peer-to-peer billing and accountability.

Authentication and Identity

Each OpenCloud instance includes an OpenID-based distributed authentication system.

This allows:

  • Federated authentication across multiple organizations
  • Integration with existing identity providers
  • Consistent user identity across peers and collaborative areas

Access control is enforced at multiple levels: resources, workspaces, workflows, collaborative areas, peers, and groups.

Execution Fabric

The execution layer orchestrates distributed workflows across multiple peers.

Key characteristics:

  • Workflows may span several independent infrastructures
  • Execution strategies can be tuned per instance for sovereignty, performance, or cost
  • Workloads can run on datacenters, edge nodes, or public cloud instances running OpenCloud

Runtime Footprint

The core OpenCloud services are implemented in Go, delivering:

  • Native code for efficient CPU and memory usage
  • Lightweight scratch containers for deployment

This enables:

  • High-density deployments in datacenters
  • Efficient execution on resource-constrained edge devices (e.g., ARM-based single-board computers)

The user interfaces are built with Flutter and rendered as HTML/JS, reducing client requirements to a standard web browser.

Accounting and Billing

OpenCloud provides transaction tracking mechanisms that:

  • Record distributed resource usage
  • Provide a basis for peer-to-peer billing
  • Increase transparency and trust among partners

This makes it possible to build economic models (sharing, selling, renting resources) on top of the technical platform.

Hybrid Deployment Scenarios

OpenCloud can be deployed:

  • On-premises, within one or multiple datacenters
  • At the edge, close to data sources or sensors
  • On public cloud providers for scalable, non-sensitive workloads

These instances can all be peers in the same OpenCloud fabric, enabling a hybrid and multi-cloud architecture under a consistent sovereignty framework.