Adapting to a New Reality - RIPE NCC Information Services Update 2024

Draft Activity Plan and Budget 2024

Our Draft Activity Plan and Budget 2024 sets out our plans for the year ahead along with the associated costs. It has now been published in draft form and a consultation has opened to hear your views on our activities and where the money is spent. Following an open house to receive input from members, there will be further discussion at the RIPE NCC General Meeting in November before a final version is approved by the RIPE NCC Executive Board and published in December.

Adapting to a new reality

This will be my first RIPE Labs article since becoming Chief Technology Officer, and so I want to take you through my plans for this activity area. I will also touch on the budget to explain how and where it’s being reduced and where we’re injecting more funding to continue to bring high quality data services to members.

Providing world-class services to our members and users

We know that members use our information services to guide them in building resilient networks. Even so, it was good to see this positively reinforced in the latest RIPE NCC Survey where three out of five respondents (60%) believe that the most important activity the RIPE NCC performs outside core registry functions is the provision of information services: RIPE Atlas, RIPEstat, RIS and RIPE IPmap. With this in mind, our activity plan and budget for next year reflects this importance as we aim to reinforce these services in the face of broad budget cuts.

The user experience

Our first objective is to improve both the User Experience (UX) and User Interface (UI) of our services. That is another of the main takeaways from the survey results, where much of the feedback was around improving the accessibility and interface of our services. The first service we will focus on is the RPKI dashboard, followed by other applications in the LIR Portal. RIPEstat interface, which has been revamped recently, will receive further attention.

Our second objective is on the backend side of things. RIPE Atlas and RIS both generate very large amounts of data, which are stored permanently in our systems. This data tells the history of the Internet, and holds a lot of value for researchers and other stakeholders. However, we also need to keep this service cost-effective. Our main goal here is to update where this data is stored, with a huge focus on costs. The overall idea is to have a tiered-storage solution, where recent data is stored in a faster and relatively more expensive solution, and historical data is stored in a slower, cheaper solution. That way, we aim to keep the value of providing data for storytelling the history of the Internet in a cost-effective manner.

Our final objective is to have better data about our data. Measuring all important things is the mantra: from membership satisfaction to data quality, knowing how well we are doing in different areas will allow us to assess the effectiveness of new initiatives. One of the main purposes of measuring is to get concrete information for where to improve.

Increasing flow, agility and observability

In order to deliver great services to our members and community, we need to have world-class engineering capabilities. In this context, increasing flow and observability means that we have the necessary capabilities to continuously deliver software to production at a steady pace, causing as little disruption as possible and to have the right tools and practices to detect any failure in our systems even before they are noticeable by the users. Most of these practices, like having automated CI/CD (Continuous Integration / Delivery) pipelines and production telemetry are already in place. Our goal here is to align these practices across the different teams and to bring them all to the same level.

Security and compliance

Providing world class services to our members through state of the art engineering capabilities isn't enough. We also need to ensure these services are secure and that personal data is protected. In order to achieve that, we have many ongoing initiatives being implemented in partnership with our Security and Compliance area. The two most important ones are: first, the implementation of the ISAE 3000 control framework, which focuses primarily on RPKI and has the goal of ensuring the integrity of our RPKI Trust Anchor; and second, the ISO 27001 framework, which ensures the security of our information systems. There is lots of overlap between these two control frameworks, and combined they will provide a solid foundation for the security and integrity of our most important systems.

Next to that, there are many other initiatives to increase the security of our systems, like improvements to our automated monitoring for security vulnerabilities, adding more MFA (multi-factor authentication) options to our SSO and mitigating known risk items through an ongoing review of our Risk Framework.

Engineering culture

All these great services are developed and maintained by our staff. Therefore, a very important goal is to ensure that staff are engaged and that we have a strong and healthy engineering culture. We run yearly staff engagement surveys and aim to address the most important issues raised. On top of that, we aim to foster an environment of learning, knowledge sharing and collaboration. Two of the ways we are aiming to do that is through regular knowledge sharing sessions, in which engineers are encouraged to share anything interesting they have learned or implemented lately, and by publishing post-mortems for every major incident that happens in our services. The goal of these two initiatives is to promote organisational learning and transparency without judgement.

Keeping costs within budget

The overall budget for Information Services has been reduced from 7,600 kEUR to 7,400 kEUR. Our most significant savings come from reducing our data centre footprint. We are reducing data costs, streamlining services and consolidating our tooling and technology stack.

We reviewed the cost structure on the backend for RIPE Atlas, RIPEstat and RIS and as a result, we will reduce our data centre presence by 50% over the course of 2024. The plan is to decommission 15 out of the 23 Atlas Hadoop cluster racks and move this Atlas storage to the Cloud at a much reduced cost.

From 7,600 kEUR to 7,400 kEUR

We are also reducing the number of consultants by half and will not be hiring a planned FTE in 2024. It is difficult to assess the impact of these decisions but that will certainly put extra pressure and workload on the teams to deliver the services members expect to receive with our data services. We will review and analyse the repercussions as we go.

Our third cut to the budget has been to software licences. To make savings we have significantly reduced the number of licences for staff through consolidation after a critical analysis of licence holders. We have also decreased our travel budget by 17%. We are being especially critical of overseas travel for this department, while also taking care to realise that members and staff benefit from face-to-face interactions, especially when our focus for 2024 is the customer experience - hearing criticism and feedback on our data services - often technical feedback - is highly beneficial from our perspective.

Centering collaboration in 2024 and beyond

As CTO, my main objective is to ensure that our engaged, competent engineering teams deliver secure, resilient services with world class user experience. In order to do that, we need to ensure that we have an attractive work environment and an engaged and healthy engineering culture to collaborate effectively and deliver shared objectives. Looking forward, I want to continue working, together with my team and the overall community, in creating and fostering this environment and helping the RIPE NCC to achieve its vision of shaping the future of the Internet.