AKDB Logo
行业: Public Sector
位置: Germany
下载全文

AKDB advances digital government services with Rancher Prime and NeuVector

亮点

  • Facilitates the transformation of government software solutions and online services to a modern container architecture.
  • Ensures nearly 100% availability of digital services for citizens, businesses and government agencies.
  • Automates software deployments, significantly reducing manual tasks for the IT team.
  • Minimizes troubleshooting efforts needed to keep applications running.
  • Processes tens of thousands of requests per hour quickly and reliably with flexible scalability.
  • Secures Kubernetes clusters, containerized applications and sensitive personal data against both known and emerging threats.
  • Facilitates compliance with requirements, including BSI security guidelines.

产品

Founded in 1971, AKDB develops comprehensive digital solutions for municipalities and public institutions. Its offerings include software, IT security, consulting, training and comprehensive IT services. Its IT services range from SaaS solutions in BSI-certified (Germany’s Federal Office for Information Security, or Bundesamt für Sicherheit in der Informationstechnik) data centers to sovereign tasks for the Bavarian registry office and civil status registers, and fully managed IT environments. AKDB’s customers include more than 5,000 communities, municipalities, cities, counties, districts, public institutions and the federal government. 

In e-government, AKDB provides the Citizen Service Portal to federal states and municipalities, Germany’s most comprehensive interoperable platform for online administrative services. Nationwide, more than 18 million citizens and numerous companies use the Citizen Service Portal’s online services to communicate with public authorities. 

With its headquarters in Munich, AKDB employs around 1,200 people across various locations in Germany.

At-a-Glance

From applying for absentee ballots to registering vehicles, citizens can now efficiently manage numerous government tasks online through services provided by the Anstalt für Kommunale Datenverarbeitung in Bayern (Institution for Municipal Data Processing in Bavaria, or AKDB). AKDB utilizes a container infrastructure featuring Rancher Prime and NeuVector to expedite the development of new offerings and provide reliable digital services for municipalities and other authorities. With these SUSE solutions, the organization benefits from easy scalability, fast software updates without downtime and reliable protection of sensitive data.

Transitioning to container technology

In recent years, AKDB has expanded its range of software solutions and online services. Today, the organization offers a comprehensive portfolio to modernize public administration for the digital era. “Our goal is to simplify citizens’ lives by reducing time-consuming administrative procedures,” says Peter Köhlmann, DevOps team leader at AKDB. “At the same time, we want to alleviate the workload for administrative institutions, helping them excel despite the shortage of skilled workers in the public sector.” 

AKDB’s work is now more important than ever as the pace of digitization in public administration is accelerating, partly driven by new legal requirements like the Online Access Act (Onlinezugangsgesetz, or OZG). Under the OZG, federal, state and local authorities are obliged to make around 600 administrative services digitally accessible. This ensures citizens and companies will have round-the-clock online access to various government services.

AKDB provides some of these online government services through its data center, including vehicle and driver’s license registration. Civil registry services, such as applications for birth, marriage and death certificates, can also be processed through AKDB’s online applications.

“As part of this digital transformation, we have to react faster than ever to new legal frameworks and changing demands from citizens and authorities,” says Köhlmann. “This can hardly be achieved with cumbersome, monolithic applications. That’s why, since 2018, we began developing and delivering applications using a microservices architecture.” 

As a result, BayernID, the digital identity service for secure communication with public authorities, has been running on Kubernetes clusters for more than four years. The new OK.PERS+ HR software was also developed as a containerized application from the start. 

Initially, AKDB used the SUSE Container-as-a-Service platform to manage its expanding container infrastructure. Following SUSE’s acquisition of Rancher Labs in late 2020, AKDB transitioned to the Rancher Prime Kubernetes management platform.

“With Rancher Prime and Kubernetes, we were able to scale the infrastructure so that it could cope with very high performance requirements. As a result, several million applications were received and processed without delays ahead of the state elections.”

Why SUSE solutions?

Rancher Prime 

After SUSE acquired Rancher Labs, the AKDB IT team quickly realized that Rancher Prime was the right choice. “Our first impression of Rancher Prime was very positive. We particularly liked the fact that we can monitor and manage all Kubernetes clusters from a central interface,” says Köhlmann. “How are the individual clusters and workloads doing? What is happening in the different namespaces? With Rancher Prime, we can see all of this at a glance, without having to install and operate additional tools.” 

Rancher Prime enabled the IT team to set up a granular access control structure, encompassing three different user roles within the container environment. Viewers, users and administrators each have different access rights, restricting them to functions essential for their roles in the Kubernetes clusters. Such measures minimize risk and uphold a consistently high level of security. 

The AKDB team, assisted by the SUSE Customer Success Team and Consulting Services, successfully migrated existing workloads to the new infrastructure. Shortly thereafter, AKDB quickly expanded its container infrastructure from eight to 20 Kubernetes clusters to deliver, in part, a new application for requesting absentee ballots in time for state elections in Bavaria and Hesse.

NeuVector 

Given that AKDB’s online services frequently handle sensitive personal data, safeguarding this data against potential threats and loss throughout the processing chain is crucial. Consequently, AKDB also tested the NeuVector container security platform while setting up the new container infrastructure with Rancher Prime. Introduced to NeuVector at the KubeCon conference, an AKDB team member first installed the solution on clusters via the Rancher Prime console. 

“NeuVector is as versatile as a Swiss army knife when it comes to container security,” summarizes Köhlmann. “With technologies such as vulnerability management, deep packet inspection and the integrated container firewall, the solution offers comprehensive protection of our containerized workloads. This helps us meet the growing requirements for data protection and IT security in the public sector, even with cloud native applications.”

The impact of Rancher Prime

Ensures maximum availability of modern digital government services 

For Köhlmann, the combination of Kubernetes and Rancher Prime offers significant advantages for reliably operating containerized applications: “Since implementing the new infrastructure, we haven’t had any issues with the availability of our deployed applications. Based on the uptime reports in Rancher Prime, we can see that our online services for citizens, businesses and authorities are now consistently available 24/7, fulfilling all internal and external service level agreements.” 

Previously, AKDB’s IT team spent considerable time troubleshooting application issues. For example, Java applications often stopped working properly due to insufficient memory. However, thanks to Kubernetes’s self-healing capabilities, many of these typical problems get resolved without human intervention. For example, Kubernetes automatically restarts components until the desired system status is restored. Additionally, Rancher Prime’s management interface proactively alerts system administrators of issues needing manual intervention. 

Even during maintenance or software updates, Rancher Prime ensures AKDB’s online services remain accessible. To accomplish this, the tool automatically moves workloads within the cluster so that individual nodes can be updated one at a time, resulting in continuous, uninterrupted operation of online services. 

Scales easily to handle millions of requests quickly 

The updated solution architecture makes it easier for the AKDB team to handle increasing demands. “When we launched the online service for requesting absentee ballots, we expected peak loads of up to 30,000 requests per hour,” says Köhlmann. “With Rancher Prime and Kubernetes, we were able to scale the infrastructure so that it could cope with very high performance requirements. As a result, several million applications were received and processed without delays ahead of the state elections.” 

Rancher Prime and Kubernetes provide AKDB with multiple scaling options. The team can allocate more CPU power and memory to individual nodes as needed, or simply add more nodes to the cluster. It can also use Kubernetes’ Horizontal Pod Autoscaler (HPA), which allows individual services in a cluster to be automatically scaled up or down. Rancher Prime streamlines HPA management, allowing the team to set individual thresholds for specific services.

“Rancher Prime’s monitoring enables us to quickly identify emerging performance bottlenecks and proactively address them,” says Köhlmann. 

Improves collaboration between development and operations 

As the DevOps team leader, Köhlmann recognizes how Rancher Prime improves collaboration between development and operations: “Today, we empower software developers to independently initiate software release deployments from our defined CI/CD pipeline.” 

New releases undergo various stages of automated testing before being deployed on the production clusters. This automated deployment process is a huge relief for the operations team, saving at least 10 hours of work each week. 

“We used to have to limit the number of deployments per week for traditional applications because of operational and staffing constraints,” says Köhlmann. “Now the process runs so smoothly that we no longer have to worry about frequency. When a new release is ready, it is deployed immediately.” 

 

The impact of NeuVector 

 

Provides end-to-end security for containerized applications 

The NeuVector container security platform comprehensively protects AKDB’s container environment from potential risks. With its zero trust architecture, the solution cannot only defend against known attack patterns, but also detect and block new types of threats. NeuVector inspects all inbound and outbound traffic within the container environment and can differentiate between normal application behavior and suspicious activity. The integrated container firewall in NeuVector enables immediate isolation of compromised systems, preventing the spread of malicious code within the network.

“Without NeuVector, we would not be able to reliably monitor and secure container traffic in clusters with thousands of microservices,” Köhlmann emphasizes. “NeuVector also provides protection against zero-day attacks that lack existing security patches. As a result, the solution helps us comply with new legal requirements, including those from the BSI. NeuVector’s strict control mechanisms enable us to securely run applications with high protection requirements in our container environment.” 

 

What’s next for AKDB?

 

AKDB’s application landscape transformation is in full swing. The organization is now developing new applications as containerized applications across the board, and application managers are evaluating the extent to which some of the existing monolithic core applications can also be ported to a container architecture. 

Containerized applications bring a lot of value to AKDB and its customers, helping the organization further accelerate the government’s digital transformation. “Rancher Prime and NeuVector are helping us make the transition to cloud native applications as smooth as possible,” concludes Köhlmann. “We provide our customers with innovative, highly secure solutions, simultaneously making the transition easier for our developers and operations teams. Consequently, our partnership with SUSE remains a strategic cornerstone for our future endeavors.”