Federal Frontier Vitro — OpenStack HCI Platform

Federal Frontier Vitro is an on-premises OpenStack HCI platform built on Kolla-Ansible for federal, defense, and air-gapped environments. Hardened containers, NIST 800-53 compliance, sovereign infrastructure.

Federal Frontier Vitro — OpenStack HCI Platform

Federal Frontier Vitro (VitroAI) is an on-premises OpenStack Hyper-Converged Infrastructure (HCI) platform built on Kolla-Ansible (Dalmatian 2024.2). It provides compute, storage, networking, and identity services for federal agencies, defense contractors, and regulated enterprises that require sovereign infrastructure under their direct physical and administrative control.

Vitro runs at IL2 through IL6 including tactical edge. All services run as hardened containers on bare-metal servers. No workload leaves the customer’s authorization boundary.

Why Vitro

The Broadcom acquisition of VMware has created immediate migration pressure across federal and defense IT. License cost increases of 3-10x, forced bundling of unwanted products, and uncertainty about VMware’s product roadmap are driving organizations to evaluate alternatives.

Vitro is the alternative. It provides the same core capabilities — compute virtualization, software-defined networking, block and object storage, identity federation — without proprietary lock-in, without per-socket licensing, and without a vendor that changes terms annually.

Capability VMware/Nutanix Vitro
Compute vSphere / AHV Nova (KVM)
Networking NSX / Flow Neutron (OVN)
Storage vSAN / Storage Pool Ceph (Quincy)
Identity vCenter SSO Keystone + Keycloak
Container Platform Tanzu RKE2 via CAPO
Licensing Per-socket, proprietary Open source, no license fees
Air-gap support Partial Native — all images pre-cached
Compliance STIG available NIST 800-53 / RMF

Target Environments

  • On-premises federal data centers — DISA IL4/IL5 enclaves where cloud is not authorized
  • Air-gapped classified environments — IL6 / Secret networks with no internet connectivity
  • Tactical edge — Deployable compute in containers, vehicles, or forward operating bases
  • Defense contractor labs — CUI/ITAR environments requiring sovereign compute

Compliance Posture

Vitro targets NIST SP 800-53 and the Risk Management Framework (RMF) — not FedRAMP. FedRAMP applies to cloud service providers. Vitro is on-premises infrastructure owned and operated by the customer. The compliance boundary is the customer’s authorization boundary, not a shared cloud.

Framework Applicability
NIST SP 800-53 Rev 5 Primary control framework
DoD RMF (Risk Management Framework) Authorization process for DoD systems
DISA STIGs Hardening benchmarks for OS, containers, network
CIS Benchmarks Additional hardening (RKE2, Ubuntu, Ceph)
FIPS 140-2 Cryptographic module validation (BoringCrypto for Go, kernel FIPS mode)

Hardened Container Images

All OpenStack services run as Docker containers deployed by Kolla-Ansible. Production Vitro deployments use hardened base images:

  • IronBank — DoD-approved hardened container images from Platform One / Iron Bank registry
  • Bitnami Secured Images — Commercially supported hardened images with CVE patching SLAs

Development and lab environments may use upstream Kolla images for faster iteration.

Technology Stack

Component Technology
OpenStack Release Dalmatian (2024.2)
Deployment Tool Kolla-Ansible
Compute Nova (KVM hypervisor)
Networking Neutron with OVN
Block Storage Cinder (Ceph RBD backend)
Object Storage Ceph RadosGW (S3-compatible)
Image Service Glance
Identity Keystone (federated with Keycloak FAS realm)
Orchestration Heat
Dashboard Horizon + Skyline
Load Balancer Octavia
Monitoring Prometheus + Grafana (external to OpenStack)
Container Runtime Docker (Kolla containers)
Host OS Ubuntu 22.04 LTS (FIPS-capable)
Bare Metal Dell PowerEdge (validated), HPE ProLiant (compatible)