Skip to main content
← Back to Events & Teaching

The Case for Digital Sovereignty in Higher Education

Universities are caught in a familiar tension: the convenience of cloud-native SaaS products versus the imperative of digital sovereignty. On Saturday, 28 March 2026, I presented our approach to resolving this tension at the Chemnitzer Linux-Tage 2026 (CLT2026) in Room V7 at TU Chemnitz. The talk, titled „Bequem oder souverän? openDesk für Hochschulen", ran for 54 minutes and sparked a lively discussion with an engaged audience.

The core question is straightforward: can universities run their own collaborative cloud stack — email, file sharing, project management, video conferencing — without sacrificing the usability that commercial providers like Microsoft 365 or Google Workspace offer? And if so, what does it actually take to get there?

openDesk: An Open-Source Cloud Stack

openDesk is an open-source cloud workspace built on top of Kubernetes. It bundles applications like Open-Xchange (email and groupware), Nextcloud (file sync and share), OpenProject (project management), Jitsi (video conferencing), and Matrix (messaging) into a cohesive, self-hosted platform. Originally developed by the German Federal Printing Office (Bundesdruckerei) for the public sector, openDesk provides a compelling foundation for institutions that need to keep their data under their own control.

For universities, this is particularly relevant. Research data, student records, and internal communications often carry legal and ethical obligations regarding data residency and access control. Relying on third-party cloud providers means trusting their infrastructure, their compliance processes, and their terms of service — all of which may conflict with institutional policies or national regulations.

From Evaluation to Production: Lessons Learned

The talk covered three layers of the evaluation and deployment process:

Motivation and organizational requirements. Before any technical decision is made, universities need to align stakeholders — IT departments, data protection officers, faculty representatives, and student bodies. Digital sovereignty is not purely a technical goal; it requires institutional commitment and a clear understanding of what "sovereign" means in each specific context.

Technical architecture decisions. openDesk runs on Kubernetes, which introduces its own complexity. We discussed our choices around storage backends (SeaweedFS), authentication (Keycloak as the SSO provider), and networking. The stack is deployed using Helmfile, which allows version-controlled, reproducible deployments — critical for an environment where multiple teams may need to collaborate on infrastructure management.

Update strategies and hidden pitfalls. Rolling updates across a microservices architecture are non-trivial. We shared our experiences with coordinated upgrades, database migrations, and the occasional surprises that arise when individual components have conflicting version requirements. One recurring theme: testing in a staging environment is not optional — it is the difference between a smooth upgrade and a weekend spent recovering from a broken deployment.

openDesk-Edu: Extending the Stack for Teaching and Research

A significant portion of the talk was dedicated to openDesk-Edu, our extension of openDesk Community Edition tailored for higher education. openDesk-Edu adds integrations that are essential for academic workflows:

  • LMS integration with ILIAS and Moodle, allowing seamless access to learning materials directly from the openDesk workspace
  • BigBlueButton for virtual classrooms and lecture recordings
  • OpenCloud for research data sharing with fine-grained access controls
  • Keycloak SSO that connects to existing university identity providers

All of this is deployable via a single Helmfile command, dramatically lowering the barrier to entry for institutions that want to evaluate the stack.

Video Recording

The full talk is available on media.ccc.de under a CC BY 4.0 license:

Links

Photos from CLT2026

CLT2026 Audience

CLT2026 Scene