ECKD GmbH is a leading IT service provider for churches and charitable organizations in Germany. For more than 30 years, the company has provided IT services to organizations of the Protestant and Catholic Churches, including charities like Caritas and Diakonie. ECKD supports its customers on their way into the digital future with comprehensive consulting, customized applications and professional project management.
Currently, over 300 employees across six ECKD locations support around 1,500 customers throughout Germany. The company runs applications for more than 40,000 users in two high-performance data centers and has established the churchX platform as a digital marketplace and central service portal. The company motto “IT.Menschlich” (IT. Human) underlines the fact that ECKD attaches great importance to open, respectful and binding cooperation and places people at the center of its corporate culture.
At-a-Glance
ECKD GmbH supports church institutions and charitable organizations in their digital transformation with innovative software solutions. Recently, the IT service provider began offering its customers its first containerized applications: the new church reporting software ITM.Kiris and the HR system ITM.PerSys, now running on a cloud native infrastructure with Kubernetes, Rancher Prime and Harvester. This allows ECKD to deliver new functionality faster, automate operational processes and flexibly scale IT resources as needed.
The journey to containers
ECKD develops industry-specific software solutions for various use cases, driving digital transformation in the church and charity sector. Its primary goal is to meet the individual requirements of the various institutions and to optimally support the respective work processes. The ECKD team has a large repertoire of agile tools and methods at its disposal, and it began exploring the possibilities of containerizing applications early on.
“In our initial project, we wanted to see if we could deliver our HR software as a containerized application,” says Patrick Schmidt, IT systems engineer at ECKD. “So, we started experimenting with tools like Docker Swarm and tested our HR application, ITM.PerSys, in a container environment.” However, the IT team quickly realized that it needed an orchestration solution like Kubernetes to efficiently run its growing container environment. “We realized that Kubernetes is the future of container technology,” Schmidt explains. “Its automation capabilities and resource efficiency convinced us immediately. This is exactly the path we wanted to follow.”
“Our Customer Success Manager at SUSE promptly addressed our urgent internal issues, enabling us to achieve the desired results very quickly. This exceptional level of support helped us rapidly convert technological possibilities into added value for our company.”
Why SUSE solutions?
Rancher Prime
During this experimental phase, ECKD also evaluated the Rancher Prime container management platform. “Rancher Prime simplified our entry into the world of Kubernetes, enabling easy setup and management of our first clusters,” says Schmidt.
The IT team thoroughly tested the entirely open source solution and was immediately impressed by its ease of use and customer-focused value.
Schmidt highlights the benefits of multicluster management: “In order to develop and run different containerized applications for different customers, we need our own test, production and QA environments — all separated by client. Rancher Prime is an excellent tool for managing this type of multi-dimensional cluster architecture.”
ECKD set up its Kubernetes environment on Cisco UCS servers with NetApp storage. Following the successful deployment of ITM.PerSys clusters with Rancher Prime, the IT team decided to use the container management platform for developing the ITM.Kiris software as well. The team wanted to combine the functionality of two existing applications into a new solution for the church’s reporting system as a modern, microservice-based application architecture.
“With ITM.Kiris, we wanted to improve the user experience and application performance for our customers while making development and operations more agile,” says Sven Meyer, head of application hosting services at ECKD. “Rancher Prime gives us the foundation to efficiently and reliably deploy this innovative application via Kubernetes.”
Harvester
SUSE’s hyperconverged infrastructure (HCI) solution, Harvester, which integrates seamlessly with Rancher Prime, also played an important role in the decision to deploy Rancher Prime. Harvester combines components like the SUSE Linux Enterprise Server (SLES) operating system, the Longhorn cloud native distributed storage platform, the RKE2 Kubernetes distribution and the KubeVirt virtualization solution into a fully open source HCI stack. Its native integration into the Rancher Prime console allows administrators to manage virtual machines and Kubernetes clusters from a single interface, simplifying the provisioning of IT resources for containerized workloads.
“We initially looked at traditional virtualization infrastructure and HCI solutions from other vendors, but Harvester’s price-to-performance ratio was simply unbeatable,” says Schmidt. “We also like the fact that Harvester and Rancher Prime work together perfectly and that we have only one point of contact for support issues.”
The Harvester solution, installable directly on bare-metal servers, combines all connected systems into a flexible resource pool. ECKD utilized this technology to adapt existing hardware for running Kubernetes clusters.
The impact of Rancher Prime
With SUSE’s support, ECKD smoothly transitioned from experimental to productive use of Rancher Prime and Harvester. Meyer highlights the role of the Customer Success team: “Our Customer Success Manager at SUSE promptly addressed our urgent internal issues, enabling us to achieve the desired results very quickly. This exceptional level of support helped us rapidly convert technological possibilities into added value for our company.”
Saves up to 95% of time through automation
The ECKD IT team anticipated significant time savings in development and operations with Rancher Prime. In practice, the new solution has fully met these expectations. From the project manager’s “go” to the deployment of a new software release, almost all steps are now automated.
“Compared to previous application operations, Rancher Prime and Kubernetes have reduced our deployment time up to 95%,” estimates Schmidt.
Manual software installation on servers, which used to take about four hours even with scripting support, is now completed within 15 minutes — despite the fact that the application environment has become much more complex.
“A core application used to consist of five or six modules running in one or two environments. Now, we are talking about 10 to 12 environments, each with up to 15 modules. Managing this level of complexity would have been impossible with traditional methods,” says Schmidt.
Reduces error rate through reliable repeatability
The high level of automation in Rancher Prime and Harvester ensures consistent processes and significantly reduces human error. “We create templates for clusters and virtual machines and can deploy them at the push of a button,” says Meyer. “The process eliminates manual installation, ensuring all systems are identical. If a system does not work as expected, we can rebuild it from the template within five minutes.”
Standardized cluster configurations not only reduce troubleshooting time and effort but also simplify meeting security and compliance requirements. Access permissions and security settings are centrally managed and automatically applied to all new clusters. This enables ECKD to maintain a high level of security when managing sensitive personal data.
Update processes are also standardized and controlled. “Rancher Prime enables us to manage our entire Kubernetes infrastructure lifecycle from a central interface, helping to maintain low operating costs as the environment grows,” says Meyer.
Accelerates response to new customer needs
Since November 2023, ECKD has provided its church registration software ITM. Kiris via Rancher Prime to two Protestant regional churches. During the introduction phase, pilot users provided regular feedback, which was incorporated into the software’s ongoing development. The result is an application tailored to the individual needs of the parishes, such as in the design of their church records.
“Thanks to Kubernetes and Rancher Prime, we can now react much faster to new customer requirements,” says Meyer. “Whether it’s bug fixes or feature enhancements, the container architecture significantly speeds up the rollout of new software releases, shortening our innovation cycles.”
ECKD can now roll out new features more easily without needing to take down the entire application. While individual containers are updated, the service remains available and accessible to users.
The impact of Harvester
Enables easy scalability to meet growing needs
Over the coming months, ECKD plans to extend the new church reporting application to additional customers. Soon, up to 3,500 users across Germany will be working productively with the new application. Additionally, ECKD is developing other applications to run on its Kubernetes infrastructure.
“The easy scalability of Harvester is extremely valuable to us,” says Meyer. “We can expand the environment as needed and allocate additional resources to the individual workloads when necessary.”
The dynamic infrastructure can also handle short-term load spikes. For instance, if the parishes need large data collections or analyses, ECKD can scale up the clusters in the evening. The IT team has the flexibility to access resources in the Harvester infrastructure not in use by other workloads.
If the application supports it, ECKD also utilizes the autoscaling capabilities provided by Kubernetes with the Horizontal Pod Autoscaler (HPA). Rancher Prime simplifies HPA management and enables automatic scaling of individual clusters when memory or CPU utilization reaches a certain threshold.
Ensures more efficient delivery of new services
Harvester and Rancher Prime enable the IT team to quickly provide software developers with the resources they need to do their jobs. “Our developers always need to test new releases in near-production environments, and they need test clusters with specific configurations and Kubernetes versions,” explains Schmidt. “Today, we can provide them these clusters with all the necessary settings and dependencies in a matter of minutes.”
Looking ahead, the IT team wants to offer self-service provisioning of complete application environments. With this enabled, customers could order an application like the Nextcloud file sharing service via a service portal. Utilizing Harvester and Rancher Prime, the entire application infrastructure would then be automatically deployed in the data center. “This approach will enable us to significantly shorten the time-to-market for hosting applications for our customers,” says Meyer.
What’s next for ECKD?
As ECKD continues to expand its container infrastructure, the company upholds a strong focus on security and compliance. Notably, ECKD’s data centers and processes are ISO/IEC 27001 certified, aligning seamlessly with SUSE’s own ISO/IEC 27001 certification. This shared certification framework enhances ECKD’s overall security and compliance posture.
“Our collaboration with SUSE, both being ISO/IEC 27001 certified, reinforces our commitment to protecting our customers’ sensitive data and responding to new threats as quickly as possible,” says Meyer.
ECKD is currently evaluating NeuVector Prime to ensure maximum security when deploying containerized applications. The SUSE container security platform protects the entire lifecycle of containers, from development to production. Among other capabilities, NeuVector Prime continuously scans all containers and hosts for vulnerabilities, and it can detect and defend against real-time network, packet, zero-day and application attacks, including DDoS and DNS.
“NeuVector Prime made a very good impression in the initial tests,” concludes Schmidt. “The solution has powerful security features and works very well with Rancher Prime. We could therefore implement a zero trust security strategy for our entire Kubernetes environment with relatively little effort.”