Sovereign Core AI - for model serving, AI, Agentic
π§ IBM Sovereign Core vs π₯ Cantaloop Sovereign Core
A tale of platforms, bare metal, and radical simplicity
TL;DR π
- IBM Sovereign Core is a platform: powerful, integrated, complex.
- Cantaloop Sovereign Core (this blog) is a pattern: bare metal, explicit, auditable, boring in the best way.
- Both solve sovereignty β but from opposite ends of the abstraction spectrum.
This post explains why less platform can mean more sovereignty.
π§ What is IBM Sovereign Core?
IBM Sovereign Core is a software foundation designed to help governments and regulated industries deploy AI and cloud workloads under strict sovereignty constraints.
At a high level, it provides:
- A customer-controlled cloud-like control plane
- Integrated governance, audit, and compliance
- AI-ready infrastructure
- Heavy use of Kubernetes and virtualization
- Deep integration with Red Hat technologies
It answers the question:
βHow do we run a sovereign cloud inside our borders?β
This is a valid β and often necessary β approach.
π₯ What is Cantaloop Sovereign Core?
Cantaloop Sovereign Core is not a product.
Itβs not a platform.
Itβs not even software.
Itβs an architectural stance:
βOne project. One machine. One boundary.β
Instead of abstracting sovereignty up, we enforce it down β at the physical and OS level.
𧱠Cantaloop Sovereign Core β Architecture
Core principles π―
- β No virtualization
- β No Kubernetes
- β No shared control plane
- β Bare metal only
- β Linux as the contract
- β One physical server per project
π Ingress & Security
- NGINX as the single ingress point
- TLS everywhere (443 only)
- Strong ciphers, rate limiting, explicit routing
- No direct access to internal services
NGINX is the sovereign choke point.
π€ AI Stack
- Ollama
- Local inference
- Open-source models
- Direct GPU access
- No external API calls
- Open WebUI
- Self-hosted AI interface
- Authentication enabled
- Accessed only via NGINX
No schedulers. No orchestration. No surprises.
π Data Layer
- Nextcloud
- Sovereign document store
- Auditable access
- Controlled data ingress for AI (RAG, uploads)
- Lives on the same physical machine
This replaces:
- Cloud object storage βοΈ
- Ad-hoc file transfers β
- Shadow IT data paths π«
π Observability & Audit
- Full ELK stack
- Centralized logs from:
- NGINX (access + TLS)
- Open WebUI (usage + tokens)
- Ollama (inference)
- Nextcloud (file + user audit)
- OS / auditd
Yes β token traffic is observable.
And no β nothing leaves the box.
flowchart LR
%% External Users
User[Users / Clients]
%% Ingress Layer
NGINX[NGINX Reverse Proxy<br/>TLS 443 Only]
%% Application Layer
WebUI[Open WebUI<br/>AI Frontend]
Ollama[Ollama<br/>Local LLM Inference]
Nextcloud[Nextcloud<br/>Sovereign Data Store]
%% Observability
ELK[ELK Stack<br/>Logs Β· Metrics Β· Dashboards]
%% Hardware / OS
OS[Ubuntu 24.10<br/>Bare Metal]
GPU[GPU<br/>Direct Access]
%% User Flow
User -->|HTTPS 443| NGINX
%% Routing
NGINX -->|HTTPS| WebUI
NGINX -->|HTTPS| Nextcloud
NGINX -->|Optional HTTPS API| Ollama
%% Internal AI Flow
WebUI -->|Local API| Ollama
Ollama -->|CUDA / ROCm| GPU
%% Data Flow
WebUI -->|Read / Write| Nextcloud
Ollama -->|Model Files| OS
%% Logging & Audit
NGINX -->|access.log| ELK
WebUI -->|usage / token logs| ELK
Ollama -->|inference logs| ELK
Nextcloud -->|access / audit logs| ELK
OS -->|system / auditd| ELK
%% Sovereignty Boundary
subgraph Sovereign_Node["Sovereign Bare-Metal Node"]
OS
GPU
NGINX
WebUI
Ollama
Nextcloud
ELK
end
π Side-by-side comparison
| Capability | π§ IBM Sovereign Core | π₯ Cantaloop Sovereign Core |
|---|---|---|
| Philosophy | Platform | Pattern |
| Deployment model | Cloud-like | Appliance-like |
| Virtualization | Required | β |
| Kubernetes | Core dependency | β |
| Physical isolation | Partial | β |
| Control plane | Centralized | None (by design) |
| AI runtime | Abstracted | Direct GPU |
| Auditability | Tool-driven | Structural |
| Explainability | Complex | Trivial |
| Sovereignty story | Strong | Extremely strong |
π§ The key insight
Sovereignty is not created by platforms.
It is created by boundaries.
IBM builds sovereignty by adding layers.
Cantaloop builds sovereignty by removing them.
Neither is βbetterβ in all cases β but for:
- Predictable workloads
- Long-lived AI services
- Strict audit requirements
- Low tolerance for ambiguity
β¦the bare-metal approach wins on clarity, cost, and control.
π£οΈ The one sentence that disarms auditors
βThis is a single-tenant, bare-metal sovereign AI node with encrypted ingress, centralized audit logging, and token-level observability. It intentionally avoids virtualization and orchestration to reduce attack surface and maximize data locality.β
Try saying that about a Kubernetes cluster π
π§ When to choose which?
Choose IBM Sovereign Core if:
- You need multi-tenancy
- You need elastic scaling
- You need a vendor-supported platform
- You are already deeply invested in cloud-native ops
Choose Cantaloop Sovereign Core if:
- You value determinism over elasticity
- You want one box = one answer
- You prefer Linux over platforms
- You like sleeping at night π€
π οΈ TODO / Next steps
- Add RAG pipeline (Nextcloud β embeddings β Ollama)
- Introduce token quotas & governance
- Add mTLS between NGINX and internal services
- Implement log hashing + WORM storage
- Define air-gapped model import workflow
- Formalize βSovereign Node v1β spec
- Write a threat model & compliance mapping
- Explore multi-node federation (without Kubernetes)
𧩠Final thought
Not everything needs to be a platform.
Sometimes the most sovereign system is the one you can draw on a whiteboard β and explain in five minutes.
π₯ Cantaloop Sovereign Core is intentionally boring.
And thatβs exactly why it works.
Last updated: January 2026
Source: Cantaloop Aps.