Migrating a SIEM application to Kubernetes clusters

ハイライト

  • Guarantees reliable 24/7 operation of NTS Defense Services, providing continuous monitoring of IT security in remote customer environments.
  • Accelerates initial implementation time for the NTS Defense Platform from one week to half a day.
  • Facilitates automatic software updates across all customer systems without disrupting service availability through a single pane of glass.
  • Provides flexible horizontal scalability for additional data sources and users as required.
  • Supports any customer environment for running NTS Defense Platform – on-premises, hybrid or public cloud.
  • Protects the SIEM configurations of customer environments with integrated backup and disaster recovery functions.
  • Ensures compliance with uniform security standards and bespoke security requirements across customer environments.

製品

Living up to its motto, “Relax, we care,” Netzwerk Telekom Service AG (NTS) is a managed services provider that designs and supports IT solutions for a wide range of organizations. NTS’s passion for technology and exceptional service cultivates satisfied customers and fosters enduring partnerships. Collaborating with premium manufacturers, the company deploys solutions for networks, security, collaboration, cloud and data centers. 

Headquartered in Raaba-Grambach, Austria, NTS was founded in 1995. Currently, more than 680 employees work for the company in 21 locations across Austria, Germany and Italy. Its revenue in 2022 neared 261 million euros, increasing 50% since 2021, reflecting its resiliency and fast track growth.

At-a-Glance

Responding to heightened market demand for managed security services, NTS developed the NTS Defense Services offering for its customers. The challenge here was to provide the solution used for security information and event management (SIEM) in the most standardized and efficient way possible. Therefore, the company decided to migrate the SIEM application to Kubernetes clusters and manage the environment with Rancher Prime and Longhorn. The transformation simplified and automated the deployment process, speeding up service implementation drastically. The resulting product is a robust security offering that adapts to customer needs, redefining possibilities for managed security services.

Developing a new managed security package: NTS Defense Services

In the late 2010s, NTS began noticing a surge of market demand for managed security services. As Thomas Fellinger, distinguished senior security architect at NTS, states, “The threat landscape has expanded considerably, and many companies struggle to find the right professionals to fend off these emerging threats.” 

Uniquely positioned to address this market need, NTS began building a Security Operation Center (SOC) in 2019. With the SOC, the company wanted to develop and deliver managed security services to its customers. The vision of the NTS Defense Services: to provide comprehensive, 24/7 support in monitoring customer infrastructures and handling security incidents. 

Fellinger, who has held various positions in the security sector for many years, was involved in setting up the SOC from the very beginning. Together with a team of security specialists, he developed the infrastructure for the new managed security offering. 

The team knew from the beginning that they required powerful tools and an efficient, automated implementation in order to meet customer needs and operational viability. Starting with a focus on customer needs, the team selected Splunk to run as the backbone of the NTS Defense Platform. A market leading SIEM solution renowned for its ability to collect, correlate and analyze data from multiple IT systems, Splunk swiftly detects threats and allows users to spot and address suspicious events and dangerous trends in real time. These features made Splunk the perfect tool for running a managed security service. 

But there was a challenge.

“Rancher Prime was the only management platform that gave us the degrees of freedom we were looking for. We chose it because It allows us to centrally manage and monitor all of our customer clusters, whether running on-premises or with a public cloud provider.”

Journey to automation

Choosing Rancher Prime 

Because of its complexity and monolithic structure, implementing Splunk requires a time-consuming, complicated process, making it impractical to deliver to customers at scale out-of-the-box. “In order to use Splunk for our NTS Defense Services, we had to find a way to make the solution available to our customers in the easiest and most automated way possible,” says Fellinger. His team considered ways to streamline Splunk’s deployment, ultimately deciding to migrate it into microservices with Kubernetes containers. 

The company had already seen benefits from using container architectures – it had been running its GitLab DevOps platform with Kubernetes. Building on those positive experiences, the team dedicated significant time to research and development. In the end, the team was finally able to run Splunk as a containerized application, along with all its necessary components. NTS also extensively evaluated and tested various container management solutions and finally opted for Rancher Prime. 

“Rancher Prime was the only management platform that gave us the degrees of freedom we were looking for,” says Fellinger. “We chose it because It allows us to centrally manage and monitor all of our customer clusters, whether running on-premises or with any public cloud provider.” 

Choosing Longhorn 

The first generation of the NTS Defense Platform included a hypervisor for hosting Kubernetes clusters. For the second generation, the project team decided to remove the virtualization layer to streamline operations and boost performance. Consequently, the Kubernetes clusters running Splunk are now installed directly on the appliance.

However, without the virtualization layer, the system lacked persistent storage for the containerized applications, which could lead to data loss in the event of a system failure. Another shortcoming was the lack of the ability to dynamically distribute workloads to different nodes. To ensure this functionality again, the team turned to Longhorn - the cloud native distributed storage platform from SUSE. 

“Fortunately, Longhorn proved to be the perfect solution for our needs, working seamlessly with Rancher Prime,” says Fellinger. “Longhorn allows us to allocate persistent block storage directly from the Rancher Prime interface to any Kubernetes cluster with minimal effort.”

The impact of Rancher Prime

The NTS Defense Platform is designed as a compartmentalized and hardened cell running on Cisco Unified Computing System (UCS) hardware. Relying on Rancher Prime’s interoperability, the system can plug into any environment and adapt to customer requirements. In addition to this adaptability, Rancher Prime delivers additional benefits to the business and its customers. 

Fast-tracking customer onboarding with high-level automation 

Thanks to Rancher Prime, NTS has almost completely automated the deployment and management of Kubernetes clusters for the NTS Defense Platform. In the past, the basic setup of a Splunk environment at a customer’s site could take up to a week. Now the system is up and running in half a day. 

“Today, we can deploy a complete Splunk environment on a Kubernetes cluster with the push of a button, thanks to a fully automated deployment process using Helm Charts and Rancher Prime,” says Fellinger. 

This efficiency allows NTS to notably reduce project cycles and make NTS Defense Services available to new customers much faster, enhancing the overall customer experience. 

Maintaining customer environments at scale 

The NTS Defense Platform currently runs exclusively within the confines of customer data centers. NTS remotely manages the hardware and clusters to ensure all log data remains local and secure within the customer’s premises. 

With Rancher Prime, NTS can effortlessly keep these remote systems updated all at the same time. From a single pane of glass, NTS can initiate updates to the Kubernetes platform just once, leading to automatic application across all clusters and customer sites, maintaining system consistency. Importantly, throughout the update process, customers retain constant access to the SIEM service, courtesy of Rancher Prime’s zero downtime maintenance feature. 

“Without Rancher Prime, delivering NTS Defense Services to our customers wouldn’t have been feasible,” says Fellinger. “We can’t hire a dedicated system administrator for each new client to manage servers, install software updates or renew security certificates. Our competitive edge of a managed security service hinges on the degree of automation that Rancher Prime provides.” 

Implementing consistent access and security policies 

Additionally, Rancher Prime complies with NTS’s rigorous security standards, endorsed by international certifications like ISO/IEC 27001. This container management platform empowers the NTS team with comprehensive control over access and permissions throughout all clusters via role-based access controls. 

“Rancher Prime allows us to grant security auditors or external consultants access to specific resources for audits or assessments, when necessary,” explains Fellinger. “It also enables us to prevent unauthorized access through consistent security policies and centrally managed authentication procedures.” 

Facilitating easy scalability as resource needs increase 

Fellinger recognizes Rancher Prime’s flexible scalability as a significant business advantage. The customer can quickly integrate additional data sources or teams as required. 

“We urge our customers to keep up with their industry’s threat landscape and adapt to detection patterns as needed,” says Fellinger. “If this increases the need for resources, Rancher Prime allows us to scale easily, adding additional cluster nodes as needed.” 

Besides additional security use cases increasing workloads, NTS has found that customers are also analyzing log data, captured by the NTS Defense Platform, to help troubleshoot business applications or pinpoint performance issues. Rancher Prime’s easy scalability ensures that Kubernetes clusters can quickly handle any of these analytics requests, providing additional business value to NTS customers.

 

The impact of Longhorn 

 

Comprehensive protection of sensitive data 

The Longhorn storage solution also includes security functions to reliably protect the stored configurations of the SIEM components against failures and other risks. Among other things, Longhorn has integrated functions for automatic data backup and robust disaster recovery. 

“The NTS Defense Platform acts as an alarm system for our customers’ IT environments. We therefore need to ensure that the stored data is not lost due to a failure. Rancher Prime and Longhorn help us to make the operation of NTS Defense Platform as reliable and secure as possible,” emphasizes Fellinger. 

 

What’s next for NTS? 

 

Through its partnership with SUSE, NTS has established itself as a trailblazer in managed security services. Leveraging the dynamic duo of Rancher Prime and Longhorn, the company has crafted a security solution that not only meets but exceeds market demands. By simplifying the deployment process and accelerating implementation time, NTS has delivered a robust, adaptable and efficient security offering to its clients. With Rancher Prime’s advanced automation and control features, and Longhorn’s secure and reliable storage capabilities, NTS ensures that customers’ sensitive data remains protected while offering them the flexibility to scale based on their needs. 

Looking ahead, NTS plans to continue harnessing the power of Rancher Prime and Longhorn to expand its service offerings and cater to a diverse range of customer environments. 

“We also expect to receive requests for hybrid or public cloud deployments soon,” said Fellinger. “Thanks to Rancher Prime, we will also be able to serve these customers with our NTS Defense Service. Regardless of a company’s cloud strategy, Rancher Prime’s openness eliminates all potential deal-breakers, ensuring our constant presence in the candidate pool as a security service provider.”