Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Sovereign Architecture Design
- Threat modeling: Identifying cloud dependencies and data egress points.
- Network topology: Configuring DMZs, internal zones, and management networks.
- Hardware selection: Choosing servers, storage, networking equipment, and UPS systems.
- Establishing disaster recovery sites and air-gap requirements.
Identity and Access Foundation
- Deploying Authentik for single sign-on (SSO) across all services.
- Designing LDAP directories and group policies.
- Utilizing Step CA for service-to-service mutual TLS.
- Enrolling YubiKeys and hardware tokens.
Communication and Collaboration Hub
- Setting up Synapse/Element for chat and federation.
- Implementing Jitsi Meet for video conferencing.
- Configuring Roundcube/Nextcloud Mail for email services.
- Leveraging Nextcloud for file sync, calendars, and contacts.
- Integrating OnlyOffice for document editing.
Development and Operations Platform
- Using Gitea for source code management and CI/CD.
- Implementing Woodpecker CI for automated builds.
- Setting up Nexus or Harbor for artifact and container registries.
- Deploying Wazuh for security monitoring and compliance.
- Configuring Uptime Kuma for service health dashboards.
AI and Knowledge Management
- Deploying Ollama for local large language model (LLM) serving.
- Accessing internal AI assistants via LibreChat.
- Building personal knowledge bases with Obsidian or Logseq.
- Preserving web content using Hoarder/ArchiveBox.
Security and Perimeter
- Deploying pfSense or OPNsense firewalls.
- Configuring Suricata IDS/IPS with custom rules.
- Enabling remote access via WireGuard/OpenVPN.
- Implementing Pi-hole for DNS filtering and local resolution.
- Managing team passwords with Vaultwarden.
Backup, DR, and Operations
- Establishing BorgBackup central repository for all services.
- Automating database dumps and off-site replication.
- Documenting runbooks and incident response procedures.
- Planning capacity and defining scaling triggers.
- Conducting quarterly sovereignty audits and dependency reviews.
Capstone Project
- Students present their fully operational sovereign stack.
- Peer review of architecture decisions and trade-offs.
- Performing load testing and failure injection exercises.
- Completing documentation handoff and operational readiness assessments.
Requirements
- Advanced proficiency in Linux, networking, and container orchestration.
- Completion of at least two other Data Sovereignty courses or equivalent professional experience.
- Familiarity with DNS, TLS, firewall management, and backup concepts.
Target Audience
- Senior infrastructure architects tasked with designing sovereign organizations.
- CTOs and CISOs developing digital independence roadmaps.
- Government and defense digital transformation teams.
35 Hours
Testimonials (2)
Craig was extremely involved in the training, always making sure we are paying attention, adapted the examples to our day-to-day activities and always provided an answer when asked, even if the information was not added in the presentation.
Ecaterina Ioana Nicoale - BOOKING HOLDINGS ROMANIA SRL
Course - DevOps Foundation®
High level of commitment and knowledge of the trainer
