At the Microsoft Technical Summit in Germany Reiner Strassner, Principal Program Manager – Microsoft Cloud Germany, gave a presentation about the Microsoft Azure Cloud in Germany. His presentation provided some more details on how the German Azure cloud is organized.
The German cloud is a cloud which can be trusted by German customers. US Government does not have access to data stored.
At November 11 2015 Microsoft announced it will open two new datacenters in Germany. These will provide Azure, Office 365 and Dynamics CRM. The two datacenters are isolated from the other Azure datacenters located worldwide. A special agreement is made with T-Systems being the data trustee. This means Microsoft will not be able to hand over data if the US authorities request this. Management of the datacenters is done by T-Systems staff.
More on this here.
In China the same construction was made. Azure runs in Chinese datacenters operated by a Chinese company. This had to be done because of government rules. Also the Azure Government cloud is isolated.
Strassner explains that German customers were not very willing to use Azure cloud services because they feared for compliancy.
T-Systems will operate the German datacenters of Microsoft. Microsoft will train T-Systems staff. After completion Microsoft will virtually hand over the keys of the two datacenters and will not have access anymore.
The servers, storage, network and blueprint belongs to Microsoft. The datacenter buildings are owned by a different company.
Main characteristics of the German Azure cloud:
- Data is replicated between Frankfurt and Magdeburg. Data will not leave Germany
- German netwerk isolated from Internet
- Operated by T-Systems staff
- T-Systems is data trustee
If a technical issues happens, T-Systems has manuals which describe what they can do to solve the issue. If they cannot solve the issue someone of Microsoft will help. A Microsoft engineer will get limited access for a limited time access to the datacenter while being monitored by T-Systems. Basically T-Systems will setup a remote assistence session with Microsoft. T-Systems will monitor the activities of the Microsoft engineer.
Authorities in Germany had access to the source code of Azure software to inspect if backdoors were open.
Microsoft has a special support contract available which makes it impossible that support tickets from German customers leave the EU. The support incident is handled by either German or Romanian support teams.
The only component which is not German are the contracts. Those are based on Irish law. The contract is signed with Microsoft Ireland Operations Ltd in Ireland. There will be no contract with Microsoft Deutschland GmbH.
Azure Active Directory in Germany is isolated. It does not communicate with Azure Active directory in the other regions. This can be an issue for some situations. On the other hand it offers possibilities for software vendors to create third-party tooling to connect different Azure AD’s.
The German Azure cloud is available for any organization with a billing address in the EU or EFTA. So it is not limited to German based cusomers.
A monetary commitment on an Azure region outside Germany is not valid for the Azure cloud in Germany. So customers wanting to use both Australian based Azure services and German based, are required to buy two commitments for Azure.
Around February 2016 a Private Preview Phase will start. In second half of 2016 Azure will be GA. Then Office 365 and finally Dynamics CRM.
At 46 minutes in the presentation an interesting question is asked by someone in the audience. The question is about T-Systems being a company operating worldwide. Is this construction Microsoft made 100% sure to prevent US authorities to request data. What if T-Systems is requested to handover data?
The answer of Microsoft is that Microsoft does not have legal competence. Microsoft Germany is not allowed to provide legal answers. Microsoft legal department in the US has done a very intense investigation and has the opinion this construction makes sure T-Systems does not have to hand over data to US authorities. Reiner Strassner says that the legal department of a German company should investigate the contract which is signed with T-Systems.