Instituto Nupef:
From Infrastructure Crisis to Sovereign Cloud Resilience

Instituto Nupef is a Brazilian civil society organization focused on digital rights, connectivity, and infrastructure autonomy for social movements and traditional communities.

Through its Tiwa Project, Nupef operates a nonprofit infrastructure service provider supporting initiatives such as community networks in the Amazon and digital inclusion platforms for civil society organizations.

To sustain these operations, Nupef built its private cloud infrastructure using OpenNebula as its central orchestration platform, enabling a transition toward a resilient and fully virtualized environment designed for autonomy and control.

Nupef’s adoption of OpenNebula was triggered by a severe infrastructure incident internally referred to as “Tiwa’s Cursed Day.”

A RAID degradation event caused simultaneous failures across essential services, including Nextcloud, BigBlueButton, and an ISPConfig stack. At the time, infrastructure was managed manually, lacked redundancy, and depended heavily on a single engineer for operations and recovery.

As the team recalls, the incident exposed a structural fragility that could no longer be ignored:

According to Nupef’s technology coordinator and engineer, Moacir Neto, “We were operating a system that worked until it suddenly didn’t. The recovery made it clear we needed a completely different model.”

The event became the catalyst for a full architectural redesign, moving away from bare-metal deployments toward a virtualized and orchestrated infrastructure capable of scaling and recovering under pressure.

To address these challenges, Nupef carried out a focused 7-day technical evaluation of cloud management platforms.

OpenNebula stood out for its alignment with open source principles, its operational simplicity, and its ability to support fully autonomous infrastructure without vendor dependency. Equally important was its adaptability in constrained environments and its clear path from bare-metal operations to a structured private cloud.

Over the course of a year-long migration, OpenNebula enabled Nupef to progressively rebuild its infrastructure into a stable and agile private cloud, supporting both production workloads and rapid service deployment.

Today, OpenNebula serves as the central orchestration layer across Nupef’s virtualized infrastructure, separating infrastructure resources from application workloads and ensuring strict isolation between environments.

The deployment is currently fully on-premises, with a planned evolution toward a distributed, multi-site architecture aligned with future infrastructure expansion.

The platform is built on KVM for virtualization, Open vSwitch for network segmentation, and OpenNebula Sunstone as the primary management interface.

As Neto describes: “OpenNebula gave us a single control plane without adding complexity. We finally have clarity over our infrastructure.”

The environment currently runs across multiple clusters supporting production and testing workloads, with plans to scale further as new colocation facilities come online.

Nupef operates a diverse ecosystem of services spanning infrastructure, collaboration, and partner environments. This includes core systems such as DNS, email, VPNs, monitoring platforms like Zabbix, as well as collaboration tools like Nextcloud, Gitea, OpenProject, and publishing systems such as OJS.

One of the most impactful operational improvements has been the ability to perform hardware maintenance without service interruption. Live migration and workload mobility allow the team to maintain uptime even during infrastructure changes or upgrades.

This shift has significantly improved both reliability and operational agility, especially for critical services such as DNS and email.

Beyond technical improvements, OpenNebula also transformed how infrastructure is managed internally. Service provisioning is now faster, resource usage is more transparent, and workloads can be safely delegated to partner organizations when needed.

From an operator standpoint, Nupef highlights the low operational overhead and architectural clarity of OpenNebula as key advantages.

A particularly important factor is the separation between management and execution layers, ensuring that workloads continue running even if the central management component is affected. This design has contributed to a strong sense of operational stability and predictability.

Integration with KVM and Open vSwitch provides granular control over compute and networking resources, enabling a secure and highly segmented infrastructure model.

As Neto reflects: “What we value most is not just the technology, but the stability it gives us to focus on what actually matters: our mission.”

Operational discipline has also evolved over time, introducing structured maintenance cycles and regular infrastructure reviews informed by earlier failures.

For Nupef, OpenNebula’s open source nature is not just a technical preference, but a foundational requirement.
It enables full infrastructure autonomy, eliminates vendor lock-in, and ensures control over data, routing, and service deployment. Transparency of the platform also allows independent validation and strengthens security confidence in critical environments.

Infrastructure sovereignty, for Nupef, is directly tied to its mission of supporting civil society and community networks in sensitive and often underserved regions.

Nupef is now evolving toward a federated, multi-zone architecture designed to improve geographic resilience and expand infrastructure capacity.

Future plans include distributed deployments across multiple sites and the introduction of edge computing capabilities to better support community network initiatives.

The long-term vision is a fully sovereign, distributed infrastructure capable of supporting digital rights, connectivity, and open technology ecosystems across Brazil and beyond.

Nupef’s journey with OpenNebula began as an urgent response to a critical infrastructure failure, but has since evolved into a long-term foundation for operational resilience and digital sovereignty.

Four years after that initial incident, the platform continues to support a growing and increasingly distributed infrastructure, enabling Nupef to deliver stable services to civil society organizations and community networks.

What started as an emergency recovery effort has become a sustainable architectural backbone for a sovereign, community-driven cloud.