Workshop

Private Mini Hyperscaler


From OpenShift investment to cloud product — in 90 days




Format

Half-day workshop

Duration

3.5 hours

Output

Architecture + 90-day roadmap

Today's Agenda

09:00

Welcome & Introductions

15 min
09:15
Presentation

Why Now: The Private Hyperscaler Opportunity

20 min
09:35
Discovery

Your World Today

45 min
10:20

Break

15 min
10:35
Presentation

Reference Architecture

40 min
11:15
Workshop

Requirements & Priorities

35 min
11:50
Planning

90-Day Path to First Tenant

25 min
12:15

Next Steps

15 min

Session 1 — Why Now

The Opportunity


Already Solved

OpenShift is production-ready

Compute, storage, VMs, networking — your infrastructure works.

Still Missing

The cloud operating model above it

Self-service. Per-BU tenant isolation. Metering. Chargeback. A portal that feels like a hyperscaler.

The Cost

Teams go to public cloud instead

Because on-prem doesn't feel like cloud. Shadow IT grows. Costs leak out.

The Answer

Add the commercial layer above OpenShift — so your on-prem infrastructure operates exactly like a hyperscaler. Self-service. Metered. Chargeback. Governed.

Your OpenShift investment stays intact.

Cloud Orchestrator sits above it — not inside it.

Session 2 — Discovery

Your World Today


Tenants

Q1 — Who consumes the hyperscaler?

Which business units, squads, or applications? How many at launch — and in 12 months?

Service Catalog

Q2 — What do you want to offer on day 1?

Managed clusters? VMs? Databases? CI/CD? What's must-have vs. phase 2?

Pain Points

Q3 — What breaks today?

Ticket backlogs? No cost visibility? Teams going to public cloud instead? Manual provisioning?

Compliance

Q4 — What are your isolation and audit requirements?

PCI-DSS zones? Data residency? Air-gap? SOC 2 audit trail? SIEM?

Chargeback

Q5 — How should costs flow internally?

Chargeback to BU budgets or showback only? Which financial system receives the data?

Integrations

Q6 — What must the hyperscaler connect to?

Active Directory / LDAP? SAP / Oracle for chargeback? ServiceNow? Vault / HSM?

What is a Private Mini Hyperscaler?



Self-Service

Business units provision what they need — without tickets, without waiting

🔒

Hard Isolation

PCI-DSS zones, per-BU tenants, no lateral exposure — by architecture

📈

Metering & Chargeback

Every CPU, GB, and request tracked. Costs flow to cost centers automatically

🏭

On Your Infrastructure

Runs entirely on-prem on OpenShift — no hyperscaler dependency, no data leaving the building



Public cloud feels fast because of the commercial layer — not because of the hardware.

That commercial layer is exactly what Cloud Orchestrator adds above OpenShift.

Session 3 — Architecture

Reference Architecture


Your Teams See

Self-service portal Service catalog Cost dashboard Access management Audit trail

Cloud Orchestrator

Tenant isolation engine Policy enforcement per cluster FinOps Operator Keycloak / LDAP Service Catalog

Red Hat OpenShift

OCP — Kubernetes runtime Storage Virtual machines Networking

Your Data Centre

Bare metal / servers Network Storage hardware Air-gap boundary

Tenant Isolation & Governance


How Isolation Works

Hard Tenant Separation

Each business unit gets its own isolated environment. Not shared infrastructure with access controls — a completely separate boundary by architecture.

Automatic Policy Enforcement

Security policies, quotas, and network controls are applied automatically when a tenant is provisioned — no manual configuration, no human error.

No Lateral Movement

Clusters are not routable to each other. PCI-DSS workloads stay in a dedicated cluster. Zero blast radius by design.

What You Get for Compliance

PCI-DSS hard isolation per zone or BU

Full audit trail — every provisioning action logged

RBAC federated to your LDAP / Active Directory

Data residency — air-gap ready, no cloud dependencies

SIEM integration for audit event streaming

Metering & Chargeback


Measure

Usage Metering

CPU hours, memory-hours, storage GB, request volume — tracked per tenant, per namespace, per service

Allocate

Cost Attribution

Each resource maps to a cost center. Finance gets a monthly breakdown by BU — no manual allocation

Integrate

System Integration

Export to SAP, ServiceNow, or your ERP via API. Automated chargeback — no spreadsheets

Before:

Platform team gets one monthly invoice. No idea which BU consumed what. Finance argues. No accountability.

After:

Every BU sees their own costs in real time. Finance gets automated chargeback. Platform team is a profit center.

Service Catalog


What you can offer to internal teams — on day one.

Compute

Virtual Machines

Standard sizes, self-service provisioning — no ticket required

Cluster

Managed Clusters

OpenShift or Kubernetes clusters provisioned instantly — dedicated, quota-bound, policy-enforced

Data

Managed Databases

PostgreSQL, Redis, Kafka — provisioned from catalog, metered, managed

AI / ML

GPU Workloads

Shared GPU pools with per-team quota. Jupyter, model serving, OpenShift AI



The catalog is extensible — anything that can be automated can become a service. You define the offerings. Teams self-provision.

Session 4 — Requirements

Your Requirements


Service Catalog

Managed clusters (OpenShift / Kubernetes)

Virtual machines

Managed databases

GPUaaS / AI workloads

Compliance & Access

PCI-DSS cluster isolation

Full provisioning audit log

LDAP / AD identity federation

Air-gap / data residency

Integrations & Chargeback

SAP / Oracle chargeback export

ServiceNow / ITSM records

Vault / HSM secrets per tenant

SIEM audit event streaming

Session 5 — Roadmap

90-Day Path to First Tenant


1

Weeks 1–4

Setup & Access

→ Environment access & procurement sorted

→ Cloud Orchestrator installed

→ Identity integration started (LDAP / AD)

→ Pilot BU and tenant model agreed

→ 2 catalog items scoped and designed

2

Weeks 5–10

Pilot Live

→ One pilot BU self-provisioning

→ 2 catalog items in production: cluster + VM

→ Cost showback dashboard live

→ Compliance team engaged on isolation model

→ Feedback loop with pilot users

3

Weeks 11–12

Stabilise & Plan

→ Runbooks written, hyperscaler team trained

→ Pilot lessons documented

→ Production rollout plan agreed

→ Chargeback & SIEM scoped for phase 2

→ Catalog expansion roadmap signed off



End of 90 days: one pilot BU live, 2 catalog items proven, foundation ready to scale.

What We Need From You



Access & Environments

🔐

OpenShift cluster access (non-prod) for PoC

👥

LDAP / AD read access for identity integration

📋

Completed pre-workshop questionnaire

Decisions & Stakeholders

🎯

Which BU runs first? Who owns the pilot?

💰

Finance contact for chargeback integration design

🛡

Security / compliance sign-off process

📅

Target go-live date for first tenant

How We Work Together


Today

Workshop

Complimentary

✓ Half-day design session

✓ Architecture document

✓ PoC scope & proposal

90 Days

Pilot

Fixed Fee

✓ 2 catalog items live

✓ One pilot BU running

✓ Full handover & runbooks

✓ Credited against production

Production

Cloud Orchestrator

Base fee + MRU

✓ Base platform fee (annual)

✓ + MRU billed monthly

✓ Scales with your usage

What is an MRU (Managed Resource Unit)?

One MRU = one managed resource on the hyperscaler. Each virtual machine, each managed cluster, each managed database counts as one MRU — billed monthly based on actual consumption. You only pay for what your tenants use.

Next Steps



1

Stakater sends

Workshop summary, architecture document, and pilot proposal — within 48 hours

2

You confirm

Pilot BU, environment access, and internal stakeholders — within 1 week

3

Pilot kickoff

90-day paid pilot — Cloud Orchestrator on your infrastructure, first tenant live




From today's workshop to first tenant live — in 90 days.