# OpenShift Competence Center Switzerland

> VSHN is a Red Hat Premier CCSP offering managed OpenShift on public and private cloud. 24/7 support, 99.99% SLA, fixed monthly fee for Swiss organizations.


VSHN takes over your OpenShift operations (upgrades, patching, monitoring, and incident response) so your engineers ship features instead of fighting cluster maintenance. Fixed monthly fee, 24/7 support, SLA up to 99.99%. On public or private cloud.


## Pages

- [Homepage](https://www.managed-openshift.ch/): Managed OpenShift in Switzerland – Red Hat CCSP | VSHN
- [ROSA vs ARO vs Self-Managed vs VSHN Managed OpenShift](https://www.managed-openshift.ch/comparison.md)
- [OpenShift vs Kubernetes – Which Platform Fits You?](https://www.managed-openshift.ch/openshift-vs-kubernetes.md)
- [Partner with VSHN on Managed OpenShift | VSHN](https://www.managed-openshift.ch/partners.md)
- [OpenShift Sovereignty: Swiss Managed K8s | VSHN](https://www.managed-openshift.ch/sovereignty.md)

## Features

- **OpenShift Expertise from Switzerland**: VSHN is a Red Hat Premier Certified Cloud & Service Provider (CCSP), winner of the 2025 Red Hat Switzerland Partner Award for Platform Modernization, and Switzerland's first Kubernetes Certified Service Provider (KCSP). We have been running managed OpenShift backing APPUiO.ch since January 2016, a decade of production experience. When Health Info Net needed to modernise Swiss healthcare infrastructure, VSHN deployed their OpenShift platform in 36 hours. We offer managed OpenShift on both public and private cloud with 24/7 support, an SLA up to 99.99%, and a fixed monthly fee.

- **Architecture & Implementation**: We design OpenShift architectures tailored to your organization's size, compliance requirements, and infrastructure landscape. Whether you need OpenShift Container Platform with its full developer tooling or OpenShift Kubernetes Engine for a leaner footprint, VSHN handles the design, deployment, and configuration, from first cluster in 36 hours to full application migration, all for a fixed monthly fee.

- **Swiss Data Sovereignty & Multi-Cloud**: As HIN's CTO puts it: "No financial compensation could ever make up for leaked medical information." Data sovereignty is more than compliance - it is a strategic choice. VSHN deploys OpenShift on Swiss cloud providers such as cloudscale.ch and Exoscale, where your data stays in Switzerland without hyperscaler dependency. This multi-vendor approach avoids the US CLOUD Act and eliminates single-provider lock-in. VSHN is Swiss-owned with no foreign parent company, and all contracts are governed by Swiss law. We also support Google Cloud and on-premises infrastructure. You control where your data lives and who operates it. Learn more in our [sovereignty assessment](/sovereignty/).

- **Managed Services Inside Your Cluster**: With the VSHN Application Catalog, databases and services like PostgreSQL, MariaDB, Redis, and Keycloak run directly on your OpenShift cluster, so your data never leaves your environment. This is unique to Managed OpenShift: instead of connecting to an external service, your applications talk to managed services on the same cluster, reducing latency and meeting data residency requirements without exception. Available via Servala self-service or VSHN operations.

- **Custom Application Operations**: Beyond standard software, VSHN operates your custom applications on OpenShift: deployment automation, monitoring, incident response, and on-call coverage for your own workloads. Combined with managed platform services from the Application Catalog, this covers the full stack: your code, your databases, and the platform underneath, all operated by one team with 24/7 coverage.

- **Open Source Foundation**: OpenShift is built on Kubernetes, the open-source container orchestration platform backed by the Cloud Native Computing Foundation. No vendor lock-in on the orchestration layer. VSHN actively contributes to the open-source ecosystem and brings a decade of production experience to every engagement.

- **Application Modernisation & Migration**: Modernise at your own pace. Lift-and-shift existing workloads and refactor them into cloud-native applications over time. VSHN handles the migration planning, target environment build-out, and ongoing operations, from legacy estate to fully containerised production.

- **Consulting, Training & Support**: From architecture reviews and proof-of-concept builds to training delivered by specialist partners and ongoing 24/7 operational support – VSHN offers the full spectrum of OpenShift services. We help your team become self-sufficient or provide long-term operational partnership, whichever fits your needs.


## What VSHN offers for OpenShift

- Architecture design and review for OpenShift platforms
- Cluster provisioning on public cloud, enterprise private cloud, or on-premises infrastructure
- VSHN Application Catalog services (databases, caches, identity) running inside your cluster
- 24/7 operations and support with an SLA up to 99.99%
- GitOps setup with Argo CD and Project Syn
- Backup strategy with K8up and encrypted off-site storage
- Custom application operations support for your workloads
- Internal developer platform foundation: offer managed services to your development teams
- Training delivered by specialist partners for platform and development teams

## Trusted by Swiss organizations

- [Finnova](https://www.vshn.ch/en/success-stories/finnova/)
- [acrevis](https://www.vshn.ch/en/success-stories/acrevis/)
- [HRM Systems](https://www.vshn.ch/en/vshn-partner/hrm-systems/)
- [Schweizerisches Bundesarchiv BAR](https://www.vshn.ch/en/success-stories/schweizerisches-bundesarchiv-bar/)
- [HIN](https://www.vshn.ch/en/success-stories/hin-health-info-net/)
- [Taurus](https://www.vshn.ch/en/success-stories/taurus/)

## Testimonials

> With VSHN and Red Hat, we can give healthcare providers and patients a better experience and more resilient services. It was an amazing experience to switch to DevOps and empower our developers with a whole new culture.

> — Mohammad Alavi, CTO, Health Info Net

> We reduced monthly incidents from twelve to zero and improved our SLA from 99% to 100%. We wanted a Red Hat partner as a single point of contact for our Red Hat technology. We had worked with VSHN before and had full trust in them.

> — Sébastien Pasche, VP Engineering, Taurus

> Providing such a scalable OpenShift platform promptly ourselves would have meant substantial pre-investment and time for building a corresponding team. For us, it has proved to be the most effective, efficient and secure way of not establishing this service in-house.

> — Daniel Bernasconi, CTO, Finnova

## Managed OpenShift FAQ

### What OpenShift services does VSHN offer?

VSHN offers fully managed OpenShift operations, consulting, architecture design, implementation, training, and support for Red Hat OpenShift. We take care of the platform operations for a fixed monthly fee with 24/7 support and an SLA up to 99.99%. Whether you are evaluating OpenShift for the first time or running it in production on cloudscale.ch, Exoscale, Google Cloud, or your own private cloud and on-premises infrastructure, we bring a decade of production experience to accelerate your project.


### What is Red Hat OpenShift?

Red Hat OpenShift is an enterprise Kubernetes platform that adds developer tooling, built-in CI/CD pipelines, service mesh, serverless capabilities, and a comprehensive operator ecosystem on top of Kubernetes. It is available as OpenShift Container Platform with the full feature set or as OpenShift Kubernetes Engine for organizations that need a leaner, open-source-focused distribution. VSHN helps you choose the right edition and deploy it on the infrastructure that fits your requirements.


### Why is VSHN the right partner for OpenShift in Switzerland?

VSHN is a Red Hat Premier Certified Cloud & Service Provider (CCSP), winner of the 2025 Red Hat Switzerland Partner Award for Platform Modernization, and Switzerland's first Kubernetes Certified Service Provider. We have been running managed OpenShift backing APPUiO.ch since January 2016, a decade of production experience. Health Info Net, which serves over 90% of Swiss healthcare stakeholders, chose VSHN to build its sovereign cloud platform, deployed in 36 hours. We offer managed OpenShift on both public and private cloud with 24/7 support, an SLA up to 99.99%, and a fixed monthly fee.


### Which cloud providers does VSHN support for OpenShift?

VSHN deploys OpenShift on Swiss cloud providers including cloudscale.ch and Exoscale, both of which operate data centers exclusively in Switzerland. We also support Google Cloud and private cloud or on-premises environments. Swiss cloud providers are the recommended choice for organizations with data residency or compliance requirements. Your infrastructure preferences are documented in the engagement scope before any work begins.


### Can I run managed databases and services on my OpenShift cluster?

Yes. This is a key differentiator of Managed OpenShift. The VSHN Application Catalog provides managed PostgreSQL, MariaDB, Redis, Keycloak, MinIO, Kafka, and more running directly inside your OpenShift cluster. Your data never leaves your environment, which eliminates external network dependencies and satisfies strict data residency requirements. VSHN operates these services with the same 24/7 coverage as the cluster itself. You can also use custom application operations support for your own software.


### How are backups handled on OpenShift clusters?

VSHN includes K8up, an open-source Kubernetes backup operator, on every OpenShift cluster. K8up is available for automated encrypted backups of application data to off-site storage. Persistent volume backups are the user's responsibility, with K8up available to help. We help you design a backup strategy that covers retention policies, disaster recovery procedures, and compliance requirements. etcd backups protect against cluster-level data corruption and are configured as part of every deployment.


### Does VSHN offer OpenShift training?

Yes. VSHN works with specialist training partners to deliver hands-on OpenShift training for platform engineers and development teams. Training covers OpenShift architecture, cluster operations, GitOps workflows with Argo CD, operator development, security hardening, and day-two operations. Sessions can be delivered on-site in Switzerland or remotely, tailored to your team's experience level and your specific infrastructure.


### Can VSHN migrate our workloads to OpenShift?

Yes. Migrating from vanilla Kubernetes, Docker Swarm, or traditional VM-based deployments to OpenShift is one of our core competencies. We assess your existing workloads, design a migration strategy, build the target OpenShift environment, and execute the migration with minimal downtime. You can modernise at your own pace, from lift-and-shift to full cloud-native refactoring. Contact us to discuss your specific migration requirements.


### How does VSHN handle security and compliance on OpenShift?

OpenShift includes built-in security features such as role-based access control, Security Context Constraints, network policies, and container image scanning. VSHN configures these security controls as part of every cluster deployment and maintains them through automated GitOps pipelines. We implement zero trust architectures with defense-in-depth network microsegmentation - Health Info Net is among the first Swiss companies to adopt this approach. For organizations with DevSecOps requirements, we integrate security into the software delivery pipeline from build to production - automated vulnerability scanning, policy enforcement, and audit logging. Combined with Swiss data residency on cloudscale.ch or Exoscale, this meets FINMA, GDPR, and ISO 27001 compliance requirements.


### How do I engage VSHN for OpenShift consulting?

Contact us using the form below. Describe your project – whether it is an architecture review, a proof of concept, a production deployment, or ongoing operations. We provide a written scope and CHF cost estimate within one business day. There is no commitment at the scoping stage. Engagements typically start within one to two weeks of agreement.


### Can consulting firms use VSHN-managed OpenShift for client platforms?

Yes. Consulting firms and system integrators use VSHN-managed OpenShift to deliver container platforms for their clients. VSHN operates the cluster, handles upgrades, security patches, and 24/7 monitoring while your team focuses on application architecture and deployment. Each client can run on a dedicated cluster with full isolation, or share a multi-tenant platform with namespace-level separation. Written service agreements and transparent pricing make it easy to structure client engagements.


## Contact us

Planning an OpenShift deployment or evaluating managed operations for your existing clusters? Book a free consultation to discuss your architecture, compliance requirements, and pricing.


Booking: #contact

---

## ROSA vs ARO vs Self-Managed vs VSHN Managed OpenShift

# OpenShift Deployment Options Compared

Swiss organizations running Red Hat OpenShift have four realistic paths: ROSA on AWS, ARO on Azure, self-managed on any infrastructure, or a managed service from VSHN. Each option makes different trade-offs on sovereignty, operational burden, and cost.

This page lays out the differences so you can evaluate which model fits your requirements.

## Quick comparison

| | ROSA (AWS) | ARO (Azure) | Self-Managed | VSHN Managed |
|---|---|---|---|---|
| **Operator** | AWS + Red Hat | Microsoft + Red Hat | Your team | VSHN |
| **Data location** | AWS regions (nearest: Frankfurt) | Azure regions (nearest: Zurich) | Your choice | Your choice (Swiss cloud, on-premises, hyperscaler) |
| **Governing law** | US law (CLOUD Act applies) | US law (CLOUD Act applies) | Depends on hosting | Swiss law |
| **Swiss data center** | No (Frankfurt nearest) | Yes (Zurich region) | Yes (if hosted in CH) | Yes (cloudscale.ch, Exoscale, on-premises) |
| **Ops responsibility** | AWS/Red Hat manage control plane; you manage workloads | Microsoft/Red Hat manage control plane; you manage workloads | Everything is yours | VSHN manages cluster + operations |
| **SLA** | 99.95% (control plane) | 99.95% (control plane) | None (your own) | Up to 99.99% |
| **Upgrades & patches** | Shared responsibility | Shared responsibility | Your responsibility | VSHN handles weekly |
| **Monitoring & incident response** | AWS CloudWatch + your tooling | Azure Monitor + your tooling | Your responsibility | 24/7 monitoring, VSHN incident response |
| **Vendor lock-in** | AWS networking, IAM, storage | Azure networking, AD, storage | None (standard OpenShift) | None (standard OpenShift, portable) |
| **Open source** | OpenShift is open; AWS infra is proprietary | OpenShift is open; Azure infra is proprietary | Fully open source stack possible | OpenShift on open-source-friendly Swiss clouds |
| **Best for** | AWS-native teams, no CH residency requirement | Azure-native teams, Zurich region available | Full control, large platform team | Swiss compliance, small-to-mid ops team |

## ROSA: Red Hat OpenShift Service on AWS

ROSA is a jointly managed OpenShift service operated by AWS and Red Hat. AWS provides the infrastructure, Red Hat provides the OpenShift layer.

**What you get:**

- AWS manages the underlying EC2, networking, and storage
- Red Hat manages the OpenShift control plane and core components
- You manage your workloads, namespaces, and application configuration
- Pay-as-you-go pricing through your AWS bill

**Limitations:**

- Nearest AWS region to Switzerland is Frankfurt (eu-central-1), so data leaves Switzerland
- US-incorporated operator, subject to the [CLOUD Act](https://en.wikipedia.org/wiki/CLOUD_Act)
- Tied to AWS infrastructure: VPC, IAM, EBS, ELB. Migrating away means re-engineering networking and storage
- You still need a team for workload operations, CI/CD, and application-level monitoring
- Pricing varies by instance type and region; no fixed monthly fee

**Consider ROSA when:** Your workloads already run on AWS, you don't need Swiss data residency, and you want to reduce cluster management overhead while staying in the AWS ecosystem.

## ARO: Azure Red Hat OpenShift

ARO is the Azure equivalent: Microsoft and Red Hat jointly operate OpenShift on Azure infrastructure.

**What you get:**

- Microsoft manages Azure networking, storage, and compute
- Red Hat manages the OpenShift control plane
- Available in the Switzerland North (Zurich) Azure region
- Integrated billing through your Azure Enterprise Agreement

**Limitations:**

- Microsoft Corporation (USA) operates the infrastructure. US law and CLOUD Act apply regardless of data centre location
- Tied to Azure: VNET, Azure AD, Managed Disks. Migration requires re-engineering
- Workload operations, monitoring, and application management remain your responsibility
- Pricing is per-worker-node-hour plus OpenShift licensing; no fixed monthly fee

**Consider ARO when:** You're already invested in the Azure ecosystem, Switzerland North meets your data location needs, and you have a team to handle workload operations.

## Self-Managed OpenShift

Self-managed means your team installs, operates, and maintains OpenShift end-to-end. You choose the infrastructure: on-premises, Swiss cloud, or hyperscaler.

**What you get:**

- Full control over every layer: infrastructure, OpenShift version, upgrade timing, networking
- No dependency on a third-party operator
- Run on any certified infrastructure (bare metal, VMware vSphere, cloudscale.ch, Exoscale, AWS, Azure, GCP)
- Community Edition (OKD) available at no license cost

**Limitations:**

- **Operational burden is the main cost.** Running OpenShift in production requires:
  - 24/7 on-call rotation (minimum 5 engineers for true 24/7 coverage)
  - Cluster upgrades every 3-4 months (Red Hat support lifecycle)
  - Security patch management, including emergency zero-day response
  - Backup, disaster recovery, and restore testing
  - Monitoring, alerting, and incident response infrastructure
- At Swiss engineering salaries, a 24/7 OpenShift operations team costs over CHF 1M/year in personnel alone
- Even business-hours-only support (2-3 engineers) runs CHF 300,000-450,000/year
- Smaller teams consistently fall behind on upgrades and security patches

**Consider self-managed when:** Your organization has a mature platform engineering team (5+ people), you need full control over every layer, and you treat platform operations as a core competency.

## VSHN Managed OpenShift

VSHN operates your dedicated OpenShift cluster on the infrastructure of your choice. VSHN is a [Red Hat Premier Certified Cloud & Service Provider (CCSP)](https://www.vshn.ch/en/blog/vshn-is-red-hat-premier-ccsp-partner-in-switzerland/) and has been operating OpenShift clusters since 2016.

**What you get:**

- Dedicated cluster, not shared with other customers
- Choice of infrastructure: cloudscale.ch, Exoscale, Google Cloud, VMware vSphere, or on-premises
- Weekly maintenance: OS updates, OpenShift upgrades, zero-day patches
- 24/7 monitoring with proactive incident response
- Up to 99.99% SLA with service credits
- ISO 27001 certified operations
- Swiss company, Swiss law, no CLOUD Act exposure
- Fixed per-vCPU pricing depending on edition (OCP+, OCP, OKE), service level (Best Effort or Guaranteed Availability), and cloud provider tier. See [current pricing](https://products.vshn.ch/openshift/pricing.html)

**Limitations:**

- You delegate cluster-level control to VSHN (by design, this is the point)
- Infrastructure costs (compute, storage, network) billed separately by the cloud provider
- Custom cluster configurations may require engineering hours billed at the [standard hourly rate](https://products.vshn.ch/openshift/pricing.html)

**Consider VSHN when:** You need Swiss data residency, your team is too small for 24/7 OpenShift operations, compliance requires ISO 27001 certified processes, or you want to free your engineers from cluster maintenance.

## Total cost of ownership

Direct license and service fees are only part of the picture. The largest cost driver for OpenShift is people.

| Cost factor | ROSA / ARO | Self-Managed | VSHN Managed |
|---|---|---|---|
| **OpenShift licensing** | Included in service fee | Red Hat subscription required | Included |
| **Infrastructure** | Hyperscaler compute pricing | Your cloud or on-prem costs | Swiss cloud provider costs |
| **Control plane ops** | Managed by vendor | Your team | VSHN |
| **Workload ops** | Your team | Your team | Your team (or VSHN add-on) |
| **24/7 on-call** | Your team (for workloads) | Your team (for everything) | VSHN (cluster level) |
| **FTE overhead** | 1-2 for workload ops | 2-3 (BH) or 5-6 (24/7) for full stack | 0 for cluster ops |
| **Compliance documentation** | Limited (shared responsibility model) | You produce everything | VSHN provides ISO 27001 audit artifacts |

**Example: 8-worker-node cluster (32 vCPUs, OCP edition)**

| Model | Estimated monthly cost | Notes |
|---|---|---|
| ROSA / ARO | Variable (compute + per-node OCP fee) | Check [AWS](https://aws.amazon.com/rosa/pricing/) or [Azure](https://azure.microsoft.com/en-us/pricing/details/openshift/) pricing calculators; add internal ops team cost |
| Self-Managed (BH ops) | CHF 25,000-37,500+ | 2-3 FTEs at CHF 150K/yr + infrastructure + Red Hat subscription |
| Self-Managed (24/7 ops) | CHF 85,000-100,000+ | 5-6 FTEs at CHF 150-200K/yr + infrastructure + Red Hat subscription |
| VSHN Managed | A fraction of self-managed cost | See [current pricing](https://products.vshn.ch/openshift/pricing.html); per-vCPU fee includes operations, monitoring, incident response, upgrades, and Red Hat licensing |

Infrastructure costs from the cloud provider are additional.

## Sovereignty considerations

For a detailed sovereignty analysis covering CLOUD Act exposure, governing law, operational jurisdiction, and data residency, see our [OpenShift sovereignty assessment](/sovereignty/).

Key points:

- **ROSA and ARO** are operated by US companies subject to US law, including data stored in European regions
- **Self-managed** sovereignty depends entirely on your infrastructure and hosting choices
- **VSHN** is a Swiss company under Swiss law with an optional [Switzerland-only support](https://products.vshn.ch/support_plans.html#_option_switzerland_only_support) model

## Next steps

Evaluating your OpenShift deployment model? [Book an architecture review](#contact) with our OpenShift team. We'll assess your current setup and recommend the approach that fits your compliance, operational, and budget requirements.


---

## OpenShift vs Kubernetes – Which Platform Fits You?

# OpenShift vs Kubernetes: What OpenShift Adds and When You Need It

OpenShift *is* Kubernetes, the same way Ubuntu *is* Linux. Kubernetes is the core technology (available on GitHub, like the Linux kernel), but nobody runs a raw kernel on their servers. Teams choose a *distribution* that bundles the kernel with the tooling they need: an installer, networking, authentication, monitoring, and upgrade mechanisms. Some distributions are slim and leave most choices to you; others come fully integrated.

OpenShift is a Kubernetes distribution by Red Hat. Every `kubectl` command and every Kubernetes manifest works unchanged. What OpenShift adds is the platform tooling around Kubernetes: developer console, CI/CD, service mesh, operator lifecycle, and a tested upgrade path, so your team does not have to assemble and maintain these components from scratch. The real question is not "OpenShift or Kubernetes" but how much tooling should come pre-integrated from the vendor vs. what your team builds and maintains itself.

This page compares all options available through VSHN: vanilla Kubernetes, Managed Kubernetes, OpenShift Kubernetes Engine (OKE), OpenShift Container Platform (OCP), and OCP+.

## The platform spectrum

VSHN offers multiple tiers to match different needs and budgets:

| | Vanilla Kubernetes | Managed Kubernetes (coming soon) | OpenShift Kubernetes Engine (OKE) | OpenShift Container Platform (OCP) | OpenShift Container Platform Plus (OCP+) |
|---|---|---|---|---|---|
| **What it is** | Open-source container orchestrator | Standardised, lifecycle-managed K8s | Enterprise Kubernetes with OpenShift operations tooling | Full OpenShift with developer and operations tooling | OCP with advanced security, compliance, and multi-cluster management |
| **Operated by** | Your team | VSHN | VSHN | VSHN | VSHN |
| **Developer console** | No (kubectl only) | No (API-first) | Admin console only | Full developer + admin console | Full developer + admin console |
| **CI/CD built-in** | No | No | No | Yes (Tekton Pipelines, Source-to-Image) | Yes |
| **Networking / Service mesh** | DIY (Istio, Linkerd) | Cilium OSS | Cilium (Isovalent Enterprise) | Cilium + OpenShift Service Mesh | Cilium + OpenShift Service Mesh |
| **Serverless** | DIY (Knative) | DIY (Knative) | DIY (Knative) | Yes (OpenShift Serverless / Knative) | Yes |
| **Logging** | DIY | Basic (logs + metrics) | Cluster monitoring | Platform logging + cluster monitoring | Platform logging + cluster monitoring |
| **Operator ecosystem** | Community operators | No OLM | OLM included | OLM + Red Hat Marketplace | OLM + Red Hat Marketplace |
| **Red Hat support** | None | None (open-source stack) | Red Hat subscription included | Red Hat subscription included | Red Hat subscription included |
| **SLA** | None (your own) | Up to 99.9% (business hours) | Up to 99.99% | Up to 99.99% | Up to 99.99% |
| **Best for** | Platform engineering teams who want full control | Cost-sensitive workloads on Swiss cloud | Enterprise K8s with 99.99% SLA at a lower price (bring your own CI/CD) | Developers build, deploy, and route through one platform without assembling separate tools | Regulated industries needing multi-cluster governance |

## When Kubernetes is enough

Plain Kubernetes is the right choice when:

- Your team has strong Kubernetes expertise (3+ engineers who manage clusters daily)
- You already run your own CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins)
- You don't need Red Hat enterprise support or certified operators
- You want maximum flexibility to choose every component yourself
- Budget is the primary constraint and you can absorb the operational overhead

The trade-off: you build and maintain every layer above the orchestrator yourself, including networking policies, ingress, observability, image builds, security scanning, and upgrades.

## When you need OpenShift

OpenShift adds value when:

- **Buying is cheaper than building.** For smaller deployments (hundreds, not thousands of subscribed CPU cores), it costs less to buy the integrated services in OpenShift than to employ a platform team to assemble and maintain them from separate open-source components. This is a classic make-or-buy decision. Since OpenShift runs standard Kubernetes underneath, migrating to a self-built platform later remains straightforward once the deployment grows large enough to justify a dedicated team.
- **Red Hat enterprise support matters.** Certified operators, tested upgrade paths, and a single vendor for the entire platform stack.
- **You want a shared platform for multiple teams.** All OpenShift editions let you run multiple teams' applications on the same cluster, sharing infrastructure, security policies, and operational cost. OpenShift builds on open standards (OCI containers, Kubernetes API, Operator Framework), so teams choose their own languages, frameworks, and CI/CD tools while the platform provides the shared foundation. OCP adds more integrated developer tooling; OKE leaves that choice entirely to the teams.
- **Compliance requires a hardened platform.** OpenShift ships with Security Context Constraints (SCCs), RBAC defaults, and sandboxed containers, out of the box, not bolted on.
- **Developers need self-service.** The OCP developer console and application catalog let developers deploy without writing YAML or filing tickets.

## OpenShift editions explained

### OpenShift Kubernetes Engine (OKE)

OKE is OpenShift without the developer tooling. You get enterprise-grade Kubernetes with automated installs, over-the-air upgrades, the admin console, Operator Lifecycle Manager, cluster monitoring, and Cilium networking (Isovalent Enterprise). It does not include the developer console, built-in CI/CD, OpenShift Service Mesh, or serverless.

OKE is a good fit when you need enterprise Kubernetes but not the full developer platform. You get Red Hat's certified upgrade paths and compatibility matrix, VSHN's operational economies of scale from running hundreds of OpenShift clusters, and pre-integrated components (Cilium, Argo CD, k8up backups, AppCat services), at a lower per-vCPU price than OCP. Your developers keep their existing CI/CD tooling; VSHN handles the cluster operations. OKE still qualifies for the full 99.99% SLA: the same availability guarantee as OCP, without the cost and complexity of the full platform.

**Pricing example (VSHN Managed, Certified CSP: includes Red Hat subscriptions, VSHN operations, and all platform components):**
- Best Effort: CHF 44/vCPU per 30 days
- Guaranteed Availability 99.99%: CHF 76/vCPU per 30 days

### OpenShift Container Platform (OCP)

OCP is the standard OpenShift edition. It includes everything in OKE plus the developer console, application catalog, Tekton Pipelines, Source-to-Image builds, OpenShift Service Mesh, distributed tracing, Serverless (Knative), and platform logging.

OCP is the right choice when your developers should be able to build, deploy, and route applications through a single platform, without assembling separate tools for CI/CD, container builds, service mesh, and observability. The developer console and application catalog let teams ship without writing deployment manifests or filing ops tickets.

**Pricing example (VSHN Managed, Certified CSP: includes Red Hat subscriptions, VSHN operations, and all platform components):**
- Best Effort: CHF 60/vCPU per 30 days
- Guaranteed Availability 99.99%: CHF 100/vCPU per 30 days

### OpenShift Container Platform Plus (OCP+)

OCP+ includes everything in OCP plus five additional components designed for organizations that operate multiple clusters or face strict security and compliance requirements:

- **Advanced Cluster Management (ACM)**: manage the lifecycle, policies, and application deployment of multiple OpenShift clusters from a single console. Includes 60+ pre-built governance policies.
- **Advanced Cluster Security (ACS)**: Kubernetes-native security platform that covers vulnerability management, network segmentation, risk profiling, and compliance checks across the entire application lifecycle.
- **OpenShift Data Foundation Essentials**: software-defined persistent storage integrated with OpenShift. Provides block, file, and object storage without relying on cloud-provider-specific storage classes.
- **Red Hat Quay**: enterprise container registry with image scanning, geo-replication, and access controls. Acts as a single source of truth for all container images across clusters.
- **Zero Trust Workload Identity**: assigns verifiable identities to workloads across hybrid and multi-cloud environments without managing certificates manually.

Each component is also available as a standalone subscription, but the OCP+ bundle is usually more cost-effective as soon as you need two or more of them. OCP+ is common in regulated industries (finance, healthcare, government) that run multiple clusters and need centralized security policy enforcement and audit trails.

**Pricing example (VSHN Managed, Certified CSP: includes Red Hat subscriptions, VSHN operations, and all platform components):**
- Best Effort: CHF 148/vCPU per 30 days
- Guaranteed Availability 99.99%: CHF 226/vCPU per 30 days

All pricing is per worker vCPU for a 30-day period. Infrastructure costs (compute, storage, network) from the cloud provider are additional. Full pricing details: [VSHN OpenShift pricing](https://products.vshn.ch/openshift/pricing.html).

## Cost comparison: 48 worker vCPUs (3 × 16 vCPU nodes)

Prices are for worker node capacity only. Control plane and infrastructure nodes (logging, monitoring) are not included in the vCPU count.

| Option | VSHN service fee (monthly) | What's included | What you add |
|---|---|---|---|
| **Self-managed Kubernetes** | CHF 0 (DIY) | Nothing (you run everything) | 3-6 FTEs for 24/7 ops (CHF 450K-1.2M/year) + tooling |
| **VSHN Managed Kubernetes** (coming soon) | TBD | Lifecycle management, basic monitoring, reactive support | Your CI/CD, networking policies, security tooling |
| **OKE** (Certified CSP, GA) | ~CHF 3,650/month | Enterprise K8s, admin console, OLM, Red Hat support, 24/7 ops | Your developer tooling, CI/CD |
| **OCP** (Certified CSP, GA) | ~CHF 4,800/month | Full platform: CI/CD, service mesh, logging, developer console, 24/7 ops | Your application code |
| **OCP+** (Certified CSP, GA) | ~CHF 10,850/month | Everything in OCP + multi-cluster management, advanced security | Your application code |

Infrastructure costs from the cloud provider are additional. Self-managed OpenShift requires Red Hat subscriptions on top of FTE costs. Self-managed vanilla Kubernetes has no license fees, but most organizations still budget for a support subscription with a vendor so there is someone to call when etcd or the control plane breaks.

## VSHN Managed Kubernetes (coming soon)

VSHN is developing a standardised Managed Kubernetes offering for organisations that need Kubernetes without the cost of an enterprise platform. Built on open-source components (Cluster API, Cilium, Rook/Ceph), it will provide:

- Lifecycle-managed Kubernetes on Swiss cloud providers
- Networking via Cilium, storage via Rook/Ceph, ingress via Gateway API
- Basic observability (logs and metrics)
- Standardised configurations for predictable pricing
- No enterprise licensing fees

This fills the gap between self-managed Kubernetes and Managed OpenShift. If you are interested, [contact us](#contact) to join the early access list.

## Feature comparison: OKE vs OCP vs OCP+

| Feature | OKE | OCP | OCP+ |
|---|---|---|---|
| Cilium networking (Isovalent Enterprise) | Yes | Yes | Yes |
| Automated installers and upgrades | Yes | Yes | Yes |
| Enterprise-secured Kubernetes | Yes | Yes | Yes |
| kubectl and oc CLI | Yes | Yes | Yes |
| Operator Lifecycle Manager | Yes | Yes | Yes |
| Admin web console | Yes | Yes | Yes |
| OpenShift Virtualization | Yes | Yes | Yes |
| Cluster monitoring | Yes | Yes | Yes |
| User workload monitoring | Yes | Yes | Yes |
| Platform logging | No | Yes | Yes |
| Developer web console | No | Yes | Yes |
| Developer application catalog | No | Yes | Yes |
| Source-to-Image / Tekton builds | No | Yes | Yes |
| OpenShift Pipelines (Tekton) | No | Yes | Yes |
| OpenShift Service Mesh | No | Yes | Yes |
| Distributed tracing (Jaeger) | No | Yes | Yes |
| OpenShift Serverless (Knative) | No | Yes | Yes |
| Sandboxed containers | No | Yes | Yes |
| Advanced Cluster Management (ACM) | No | No | Yes |
| Advanced Cluster Security (ACS) | No | No | Yes |
| OpenShift Data Foundation Essentials | No | No | Yes |
| Red Hat Quay (enterprise registry) | No | No | Yes |
| Zero Trust Workload Identity | No | No | Yes |

Source: [VSHN OpenShift editions](https://products.vshn.ch/openshift/index.html#_openshift_editions), [Red Hat OCP+](https://www.redhat.com/en/technologies/cloud-computing/openshift/platform-plus), [VSHN Cilium on OpenShift](https://products.vshn.ch/openshift/cilium.html)

## Next steps

Not sure which tier fits your workloads? [Book an architecture review](#contact) with our OpenShift and Kubernetes team. We assess your current setup, workload requirements, and budget, and recommend the right platform tier.


---

## Partner with VSHN on Managed OpenShift | VSHN

# Partner with VSHN on Managed OpenShift

You bring the customer relationship and OpenShift expertise: application modernisation, container migration, CI/CD design, developer onboarding. VSHN brings 24/7 managed cluster operations, Swiss data residency, and a 99.99% SLA as Red Hat Premier CCSP. Together you deliver a complete managed OpenShift solution without either side building capabilities you don't have.

## How we collaborate

**Lead Partner model.** For each project, one of us is the customer's single point of contact. Who leads depends on the project, agreed per engagement. The Lead Partner drives the project, handles invoicing, and owns first-level support.

**Joint delivery.** You handle consulting, integration, and project management. VSHN handles infrastructure operations, monitoring, backups, and SLA. Or the other way around, depending on the project. Roles are agreed per engagement, not locked into a rigid structure.

**Flexible billing.** Invoice the customer together or separately, agreed per project. Both models are supported: each party invoices their share directly, or one party invoices the full amount and redistributes.

**Protected relationships.** No undercutting. Your customer stays your customer. Existing relationships are respected on both sides, with contractual protections for both parties.

## Division of labour for Managed OpenShift

| Your role | VSHN's role |
|-----------|-------------|
| Application modernisation | OpenShift cluster operations |
| Container migration | Node management and scaling |
| CI/CD design and pipeline build | Monitoring and alerting |
| Custom operator development and infrastructure integrations | Upgrades and security patches |
| Developer onboarding and project management | SLA with 24/7 support |

## Partners delivering Managed OpenShift

**[tim&koko](https://tim-koko.ch)**. Cloud consulting firm delivering container migrations and CI/CD pipeline design on VSHN-operated OpenShift clusters.

**[Puzzle](https://puzzle.ch)**. Software company with 140+ employees. Provides cloud-native consulting and DevOps transformation alongside VSHN managed OpenShift.

**[bespinian](https://bespinian.io)**. Cloud-native consulting firm focused on Kubernetes and OpenShift application delivery.

See all VSHN partners at [servala.com/partners](https://servala.com/partners/).

## Become a partner

Interested in delivering managed OpenShift together? Let's explore how we complement each other.

[Book a partnership discovery call](https://aarno.cal.vs.hn/15-openshift) or [start a partnership conversation](#contact).


---

## OpenShift Sovereignty: Swiss Managed K8s | VSHN

# OpenShift & Kubernetes Sovereignty: Platform Choice Matters

Your container platform hosts every application, every deployment pipeline, and every secret. The sovereignty of your platform determines the sovereignty of everything running on it.

Hyperscaler Kubernetes services (GKE, EKS, AKS) run on US-owned infrastructure under US law. Even "Swiss region" deployments are operated by US companies subject to the [CLOUD Act](https://en.wikipedia.org/wiki/CLOUD_Act). Managed OpenShift services from Red Hat or IBM are governed by US law as well.

VSHN offers both **OpenShift** and **vanilla Kubernetes** on Swiss infrastructure, operated by a Swiss team under Swiss law.

## Platform sovereignty compared

| Dimension | GKE (Google) | EKS (Amazon) | AKS (Microsoft) | ROSA (Red Hat/AWS) | VSHN Managed K8s/OpenShift |
|-----------|-------------|-------------|-----------------|-------------------|--------------------------|
| **Ownership** | Google (USA) | Amazon (USA) | Microsoft (USA) | Red Hat/IBM (USA) | VSHN AG (Switzerland) |
| **Governing law** | US law | US law | US law | US law | Swiss law |
| **CLOUD Act** | Exposed | Exposed | Exposed | Exposed | Not exposed |
| **Data location** | Configurable | Configurable | Configurable | Configurable | Switzerland by default |
| **Platform source** | Proprietary (K8s core open) | Proprietary (K8s core open) | Proprietary (K8s core open) | Open source (OKD) | Open source (K8s or OKD) |
| **Vendor lock-in** | GKE-specific APIs, Anthos | EKS-specific, Fargate | AKS-specific, Arc | Red Hat subscription | Standard K8s APIs, portable |
| **Operations team** | USA | USA | USA | USA | Switzerland ([Swiss-only option](https://products.vshn.ch/support_plans.html#_option_switzerland_only_support)) |

## OpenShift vs vanilla Kubernetes: a sovereignty perspective

VSHN offers both platforms. The sovereignty trade-off:

**Vanilla Kubernetes**, maximum sovereignty:

- No non-Swiss vendor dependency
- CNCF-governed, community-maintained
- All VSHN managed services available
- Swiss-only operations with no foreign corporate chain

**Red Hat OpenShift**, strong sovereignty with one nuance:

- OpenShift source code is open (OKD)
- Red Hat (IBM subsidiary, US) provides certified images and subscription entitlements
- Red Hat offers [EU Sovereign Support](https://www.redhat.com/en/about/press-releases/red-hat-introduces-confirmed-sovereign-support-european-union) as an option
- Day-to-day operations are fully independent by VSHN

For customers where the Red Hat corporate chain is a concern, vanilla Kubernetes provides the same managed services with no non-Swiss dependencies.

## VSHN sovereignty self-assessment

We applied the EU's [Cloud Sovereignty Framework](https://commission.europa.eu/document/09579818-64a6-4dd5-9577-446ab6219113_en) (v1.2.1, October 2025) to our own services. This framework was used to score providers in the EU's [EUR 180M sovereign cloud tender](https://ec.europa.eu/commission/presscorner/detail/en/ip_26_833) in April 2026. Three pure-European providers achieved SEAL-3, while a consortium involving Google Cloud scored only SEAL-2.

*This is a self-assessment, not a formal SEAL certification. We publish it for transparency so customers can evaluate our sovereignty profile using the same structured criteria the EU uses.*

| # | Dimension | Weight | Assessment | Evidence |
|---|-----------|--------|-----------|----------|
| SOV-1 | Strategic | 15% | **Strong** | Swiss AG, no foreign parent, all shareholders Swiss citizens ([Commercial Register](https://zh.chregister.ch/cr-portal/auszug/auszug.xhtml?uid=CHE-275.566.226)) |
| SOV-2 | Legal | 10% | **Strong** | Swiss law ([GTC](https://products.vshn.ch/legal/gtc_en.html)), no CLOUD Act, [EU adequacy decision](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) |
| SOV-3 | Data & AI | 10% | **Strong** | Swiss DCs by default. Sovereign key management via [Managed OpenBao](https://www.openbao.ch) + [Swiss HSM](https://cloud.securosys.com/cloudhsm) |
| SOV-4 | Operational | 15% | **Strong** | Swiss 24/7 ops, [Swiss-only support option](https://products.vshn.ch/support_plans.html#_option_switzerland_only_support). All services on vanilla Kubernetes |
| SOV-5 | Supply Chain | 20% | **Strong** | Infrastructure-agnostic; [customer chooses provider](https://servala.com/providers/). Open-source software |
| SOV-6 | Technology | 15% | **Strong** | 100% open source. VSHN contributes to [K8up](https://github.com/k8up-io) (CNCF), [Crossplane providers](https://github.com/vshn), [Project Syn](https://github.com/projectsyn) |
| SOV-7 | Security | 10% | **Strong** | [ISO 27001](https://www.vshn.ch/wp-content/uploads/2025/12/ISO-27001-certificate-VSHN-2024.pdf), ISAE 3402 Type II, Swiss SOC. [FINMA-regulated customers](https://www.vshn.ch/en/solutions/solutions-for-banks-and-financial-service-providers/) |
| SOV-8 | Environmental | 5% | **Moderate** | DC operators: Green Datacenter AG (ISO 22301/27001/27701), [Exoscale sustainability](https://www.exoscale.com/sustainability/). [VSHN CSR policy](https://handbook.vshn.ch/corporate_social_responsibility_policy.html) |

**Overall: SEAL-3 equivalent**, the same level achieved by the winners of the EU's own sovereignty tender. No provider worldwide achieved SEAL-4: it requires fully EU/EEA-sourced hardware supply chains and open-source foundations, structural gaps shared by every cloud provider.

Try Swiss infrastructure: [APPUiO](https://www.appuio.ch) (managed Kubernetes, free trial), [Exoscale]({{partner:exoscale.signup_url}}) (Swiss IaaS). Want help choosing? [Contact us](#contact).

## Get a sovereignty assessment for your platform

Running containers on a hyperscaler and evaluating sovereign alternatives? We assess your sovereignty profile against the EU framework and plan a migration to Swiss-operated OpenShift or vanilla Kubernetes.