ITKey: KeyStack Cloud Platform

Main article: PaaS - Platform As A Service

KeyStack is a cloud platform distribution from ITKey based on OpenStack. It is a fault-tolerant cloud platform built on the principle of "infrastructure as code," which is architecturally and functionally optimal for creating both a public and a private cloud.

2026

Certificate of FSTEC of Russia for 4 levels of trust

On February 5, 2026, ITKey announced that it had received the FSTEC of Russia certificate for the KeyStack virtualization platform. The product is certified according to Level 4 of trust in information protection and meets the requirements for Class 4 virtualization environments. The certificate confirms the possibility of using KeyStack to protect information in state information systems of all classes, including GIS class 1, in personal data information systems of all security levels, including UZ-1, as well as in significant objects of critical information infrastructure of all categories, including the highest - first.

The availability of the FSTEC certificate removes regulatory restrictions on the use of the platform in systems with increased information security requirements and allows customers to use KeyStack as the basis of a secure virtual infrastructure. The use of a certified platform ensures compliance with regulatory requirements and allows you to carry out an infrastructure qualification procedure in accordance with regulatory authorities.

The KeyStack certification process has become a comprehensive project for ITKey. One of the key challenges was bringing the product into full compliance with the requirements of the regulator without losing its architectural integrity, key functionality and ecosystem approach. The team focused on preserving the functionality of the platform as much as possible, ensuring the protection of hosted information systems, fulfilling all the requirements of FSTEC on the transparency, reproducibility and formalization of the methodology necessary for passing certification tests.

Obtaining a certificate has already affected the market's interest in the solution. As of February 2026, ITKey implements several active requests and pilot projects, within which the availability of an FSTEC certificate is one of the key requirements. First of all, these are projects in the public sector, at critical information infrastructure facilities and at large corporate customers, for whom confirmed compliance with information security requirements is a prerequisite for choosing a platform. As the pilot implementations are completed and the systems go into commercial operation, the company plans to publicly talk with customers about the cases implemented.

We consider obtaining an FSTEC certificate as a strategic stage in growing up a product. KeyStack is moving into the base platform category where you can build secure enterprise, industry, and infrastructure for mission-critical IT workloads. KeyStack is a solution on which customers can build a long-term and secure IT infrastructure without hesitation about compliance with information security requirements and further product development. " said Andrey Kovalev, CEO of ITKey.

Obtaining the FSTEC certificate consolidates ITKey's position in the market of import-independent infrastructure solutions and confirms the maturity of KeyStack as an industrial platform ready for use in the most demanding and regulated segments.

KeyStack 2025.3

On January 28, 2026, ITKey, a Russian developer and provider of solutions for building a corporate cloud infrastructure, announced the release of the next release of KeyStack 2025.3.

𝓲

Фото: ITKey

According to the company, this version is focused on automating critical operational processes, increasing manageability and strengthening the security of the cloud infrastructure. KeyStack is a cloud platform designed to build and exploit private and public clouds in the corporate and government segment. Version 2025.3 sets the stage for the transition to the OpenStack version of Epoxy as a base layer and updated functionality, which will be presented in the next major release (2026.1). The released update closes the key operational tasks and eliminates the identified shortcomings in information security that are relevant for large distributed infrastructures.

The key achievement of the release was the automation of routine operations in the field of information security. The platform implements automatic rotation of mTLS certificates to protect intercomponent interaction, as well as automatic rotation of account passwords. These mechanisms eliminate the need for manual intervention by administrators and operations teams, and allow automatic application of security policies and rules. As a result, the predictability of operation is increased and the risks associated with the human factor are reduced.

KeyStack 2025.3 is a release in which we purposefully removed manual operations from daily use. Automated data accounting and certificate rotation enables customers to reduce operating costs and operational risks, especially in large infrastructures. As a result, cloud management becomes more predictable and scalable, and the load on operational teams is significantly lower. narrated by Alexey Sharandin, KeyStack Product Manager

If earlier maintenance of these mechanisms required manual configuration, monitoring of the validity of certificates and the constant participation of specialists, then after updating the security rules are set centrally and then applied automatically. When changing information security requirements, it is enough for the administrator to adjust the settings in one place - the system will independently extend the changes to all components.

The release placed significant emphasis on the practical security demanded by large customers and organizations with increased infrastructure protection requirements. In version 2025.3, in addition to the above enciphering , secrets are implemented, and also closed vulnerabilities at the code level and used components published in specialized sources since the previous release. Most platform components are put into read-only mode, which reduces the risk of harmful interference or unauthorized access.

We have made security more practical and manageable. Automatic rotation of certificates and passwords according to the specified rules, encryption of secrets and closure of vulnerabilities identified after the previous release allow minimizing potential threats without complicating exploitation. This approach is especially important for infrastructures where information security requirements are constantly changing. reported by Maxim Kulikov, product owner

As part of the update, the platform switched to an updated version of the operating system - SberLinux 9.6.0, which optimized the overall stability of the platform, expanded the ability to collect metrics and monitor and increase control over the state of the system in industrial scenarios and distributed environments.

In addition to key changes, the KeyStack 2025.3 release includes a number of functional improvements. The system management capabilities through the web interface have been expanded, work with networks, subnets and ports has been updated, additional scenarios for mass operations have been added. Based on the results of industrial operation, the High Availability (HA) and Disaster Recovery (DR) mechanisms were optimized, algorithms for managing the migration of virtual machines were introduced, and the monitoring system with updated notification mechanisms was expanded.

With this release, we have made the platform more architecturally sustainable and manageable. Enhanced network management, improved fault tolerance and disaster recovery scenarios, and enhanced infrastructure visibility. This allows you to respond to incidents faster and more confidently operate the cloud in distributed environments. told Alexey Abashkin, chief architect of KeyStack

In future versions, the platform will continue to develop. KeyStack 2026.1, which includes OpenStack versions of Epoxy, plans full support for OVN, a completely redesigned UI/UX day-2 operations to increase system usability, as well as implementation of end-to-end audit of user actions.

2025

KeyStack 2025.2.2 with automated update process for all platform components

ITKey has released KeyStack 2025.2.2, an update that forms the standard for automation and security of corporate cloud infrastructures. The platform received a fully automated update of all components, additional tools for managing regions directly from the administrator interface and advanced security features. The company announced this on October 13, 2025.

The development team has implemented a high level of automation, scalability and comprehensive security, which was previously available only in distributions of international vendors.

The main achievement of the release is a fully automated process for updating all platform components, including the operating system. Administrators can now update control and compute nodes directly from the administrator interface without manual intervention. Previously, updating these nodes was a manual and time-consuming process: administrators alternately updated each server, monitored dependencies, and risked making mistakes in the settings. The automated approach reduces the impact of the human factor, minimizes downtime and reduces the cost of operation through automation. For large businesses, this means a faster response to changes and a reduction in the speed at which services enter the market.

One of the key elements of the update was the introduction of automatic configuration of firewall rules (nftables), which provides flexible microsegmentation of networks to isolate control flows according to the zero-trust security model.

The updated version implements a role-playing access model that implements horizontal integration at the level of all product components and meets the requirements for cloud information security and Russian legislation. Thanks to this, KeyStack can be used in sectors with increased information security standards - from financial institutions to the public sector.

In addition, mTLS is integrated into the platform between services, which increases security by confirming the "identity" of each product component before establishing a connection, which protects against man-in-the-middle attacks and provides secure communication on distributed systems, and support for SELinux in SberLinux, which increases the level of security, application isolation and process control. This makes KeyStack one of the most reliable solutions in the enterprise cloud market.

As part of the strategic update, KeyStack is moving to Podman as a target containerization system, leaving Docker in the past. This step ensures greater security, flexibility, independence and compatibility with the current requirements of the Russian corporate sector.

The release also included dozens of improvements: OVS and OVN support, VictoriaMetrics default installation, VM console log rotation, as well as new administrator interface capabilities (group actions with virtual machines, separate pages for services, aggregates and security groups) and many others.

Шаблон:Quote 'author=said Alexey Sharandin, Product Manager of KeyStack.

Шаблон:Quote 'author=noted Alexey Abashkin, chief architect of KeyStack.

KeyStack 2024.3 compatibility with Tatlin.Unified Gen2

ITKey February 18, 2025 confirmed the compatibility and correctness of cloudy the KeyStack 2024.3 platform TATLIN.UNIFIED GEN2. Integration with the product storage system will allow customers to simplify the solution of tasks virtualizations and strengthen the security of scalable. IT infrastructures

Tests that took place over several months included reliability, security, product bundle reactions to various service failures, as well as other scenarios within the iSCSI and FC protocols. It also confirmed both the ability to clone existing virtual machines without converting them to an image, and the ability to customize and change the parameters of a cloned VM before turning on.

To confirm the compatibility of our cloud platform with partner DSS, we have developed a test method that recreates scenarios as close as possible to the real ones. Based on the results of the testing, our customers can be confident in the quick launch and sharing of the KeyStack 2024.3 cloud platform based on TATLIN.UNIFIED GEN2 storage system. These products are perfectly compatible and relevant for large customers, users of "heavy" systems with a large number of hypervisors. We also plan to conduct similar testing procedures for the compatibility of our cloud platform and with the products of other vendors on an ongoing basis, - said Fedor Tarasenko, Technical Director of ITKey.

2024: Server Compatibility S2041I

ITKey and Graviton have confirmed the compatibility of products: the KeyStack cloud platform and the S2041I server. Now customers of companies will be able to speed up the import substitution process using an IT solution with guaranteed performance. ITKey announced this on March 27, 2024.

To prove the compatibility of vendor products, test tests were carried out according to a special method. It includes more than a hundred check scenarios: load tests, starting various -infrastructure elements, network virtual IT health check and other examinations.

The efficient operation of hardware and software platforms expands the choice of solutions on the Russian market for building IT infrastructures.

Potential customers can get a ready-made solution out of the box, saving time on matching software and hardware, quickly implement an IT solution, and accelerate the transition to an import-independent IT infrastructure. In addition, technical support for products is provided from vendors.

The comprehensive offer includes:

• The KeyStack cloud platform is based on, open source which makes it more transparent and understandable to the client in operation. The platform allows you to create and manage cloud infrastructure and other services in accordance with the laC approach (infrastructure as code). The product is built using practices DevOps and is suitable for their implementation.
• The S2041I server is based on two Intel Xeon Scalable processors and provides high performance. Equipped with four 3.5 'SATA/SAS drives for local storage of information, there is the possibility of All-flash configuration with NVMe drives.

The use of software and hardware platforms has been tested together on a pilot project of Graviton. So, on the basis of KeyStack and Graviton servers, a web service for hosting and joint development of IT projects works.

We see that most Russian customers have difficulties when choosing hardware. Including, this concerns the choice of servers, the volume of offers has become much less. The proposal based on Graviton and KeyStack is an opportunity to get a software solution fully verified by Russian certification bodies, ready for use out of the box, not inferior in functionality to world counterparts, while at the same time allowing you to support the strategy of digital sovereignty, - said Andrei Kovalev, co-founder of ITKey.

We are constantly expanding our ecosystem of technology partners. In cooperation with them, products appear that meet the requirements of customers as much as possible. The request for an IT infrastructure with virtualization services is the most massive, it starts with the IT environment of any enterprise. Together with KeyStack, we offer an IT solution that is fully ready for deployment, "said Sergey Kochepasov, Product Director of Graviton.