What does it take to run high-performance, containerized financial systems and keep them protected according to strict data protection, Kubernetes storage, OpenShift Container Platform, and regulatory requirements?
In this blog, we are going to introduce you to a major European financial institution that has a strong DevOps culture and wide-ranging storage requirements, both of which the company helps solve with Cloud Volumes ONTAP.
Click below to jump down to the section on:
Meet the Customer: A Major European Financial Institution
This customer success story is about a leading banking and financial services provider headquartered in one of the largest nations in Western Europe. In its home country alone, it serves tens of thousands of corporate clients as well as more than 10 million private banking customers, from individuals to small businesses. The company’s subsidiary digital bank with operations in a number of neighboring European countries also counts clients in the millions. The bank is responsible for almost a third of all the foreign trade that takes place in its home country, and has branches to support its clients abroad in close to 40 different nations. The company generates an annual gross revenue of over 8 billion Euros.
The Challenge: Modernize the Business and Pivot to DevOps
This company is a long-time NetApp storage user. As part of a company-wide digital strategy, the company adopted OpenShift as the orchestration tool for new applications, and set a goal of running 85% of its decentralized applications in the cloud by 2024. A multicloud approach was defined to allow flexibility and an option to choose between different cloud offerings.
To achieve this strategy, the company needed a way to provision and manage data environments in the cloud that would meet strict data protection and security requirements. They also needed to provide the agility required by developers working in CI/CD pipelines (continuous integration and continuous delivery) based in Kubernetes clusters managed through OpenShift Container Platform. Most of the data was accessed via NFS network file shares, but they also required multi-protocol support.
This transition was going to completely change the way the company operated, introducing new technologies, operating models, and processes. Among the challenges they were going to face included:
- Containerization
Stateful apps that run in Kubernetes containers require data persistence capabilities. While Kubernetes can create persistent volume claims to request such storage, as per the application demands, it lacks enterprise data management capabilities to operate multiple storage volumes at scale.
The bank was also going to employ OpenShift. This container application platform, based on the open-source Kubernetes project, makes development easier and provides automation, monitoring, and logging capabilities for the container deployment. Since it is based on Kubernetes, OpenShift has similar challenges and constraints for persistent storage management.
- Automation
Automation is a key to seamless DevOps workflows, as it increases repeatability without user intervention, speeding up development and delivery time, and reducing the likelihood of human error. To enable the company’s automation efforts, its developers turned to Ansible playbooks and Terraform. All of the cloud-based workloads at the company are deployed and managed via Terraform and self-contained scripts.
These kinds of infrastructure-as-code (IaC) solutions would significantly reduce much of the manual oversight needed in provisioning storage, considerably increasing flexibility and agility.
- Data Protection
As a financial service provider, the bank’s clients require a very high availability and guaranteed uptime. The data also needs to be protected against multiple threats, including ransomware, data corruption, accidental deletion, or loss. Both of these issues can present serious cloud cost sprawl.
- Hybrid and multi-cloud deployment
While pivoting entirely to the cloud is the goal for the future, a large part of the deployment currently remains based in the company’s on-premises data centers. This requires a hybrid solution that could integrate and work seamlessly across both environments.
In addition to this hybrid deployment, the company’s planned cloud expansion would also take advantage of multiple public cloud providers—specifically Azure and Google Cloud—presenting a new challenge for orchestration, management, and visibility.
- Cloud Migration
The migration itself was a considerable part of this company’s modernization. The company needed an easy-to-use and cost-effective way to lift and shift its applications and data to the cloud, and one that would be able to meet the target date for being fully in the cloud.
- High security and regulation requirements
Security in the financial sector is a serious concern. In addition to this, the company’s strict local data protection regulation makes it mandatory to employ secondary deployments to ensure service availability for all services the company provides. That rule comes in addition to the blanket data privacy requirements of the EU’s General Data Protection Regulation (GDPR) the company is subject to.
The Cloud Volumes ONTAP Solution
As a long-time NetApp user, the company identified Cloud Volumes ONTAP as the best solution to address the company’s developer-centric requirements.
The company had been looking for a secure, unified hybrid cloud data platform for both containerized and traditional applications that would integrate with the existing NetApp systems. Cloud Volumes ONTAP addressed this need and also provided a solution for cloud file shares. Combining these two use cases with a single platform helped the company get its cloud journey underway faster and simplified the overall operations in the cloud.
The company decided to deploy 20 Cloud Volumes ONTAP HA-pairs split between Azure and Google Cloud. These are used as the persistent storage platform for web applications developed on OpenShift and as storage for databases and for data streaming with Kafka.
But Cloud Volumes ONTAP is only part of the story. The customer is very invested in the IaC approach, and all of its cloud-based workloads are deployed via Terraform. This has made NetApp BlueXP Console and the BlueXP Console Terraform provider essential resources at the company.
While the primary use case was a persistent storage platform for OpenShift, they realized that Cloud Volumes ONTAP could be leveraged simultaneously to support a second use case: file sharing. The bank has large file shares on-premises which are planned to be migrated to the cloud. Thanks to Cloud Volumes ONTAP’s multi-SVM support, the team was able to create two separate, isolated environments on each of the Cloud Volumes ONTAP instances. In this setup, each Cloud Volumes ONTAP instance runs two separate SVMs: one to serve file shares for the application, and the second to act as persistent storage for OpenShift and Kubernetes. This maximizes the potential for each instance and allows the company to reduce the overall number of instances required.
Benefits
- Automatic and dynamic persistent storage provisioning.
Using Cloud Volumes ONTAP, the company can now dynamically provision persistent volumes for containers, thanks to the Kubernetes CSI-compliant Astra Trident technology. This gives developers an easy way to provision data environments directly from OpenShift.
Through Cloud Volumes ONTAP, the bank’s Kubernetes storage gains a number of powerful benefits. NetApp’s familiar cost-reducing storage efficiencies can extend to Kubernetes, including tiering infrequently used data to less-expensive object storage in the cloud and BlueXP Console’s auto-capacity management to head off potential costs. NetApp Snapshot™ technology provides enhanced data protection for persistent volumes, and multi-protocol support means the same environment can be used as backend persistence storage for all kinds of Kubernetes storage-classes.
- Full automation and infrastructure-as-code tool integration
The company uses BlueXP Console’s Terraform Provider for automating all the deployment and management of Cloud Volumes ONTAP clusters, which includes SnapMirror data replication, connector management, etc. The customer chose a 100% IaC approach, meaning that every operation is done programmatically through IaC tools and APIs—the BlueXP Console GUI is never used.
Since BlueXP Console is fully API-driven, every operation can be automated with Ansible URI modules. In addition, NetApp provides several certified Ansible modules including CloudManager module to automate CM-related operations, and more specific ONTAP modules to automate day-to-day operations, such as volume and aggregate management, SVM management, etc.
- Native NetApp integration
With the company’s long partnership with NetApp, Cloud Volumes ONTAP allows the bank to easily move its operations into the cloud without the need to learn new platforms and how to integrate them. Cloud Volumes ONTAP extends the interfaces and ONTAP features they already use in all the new cloud environments.
- Hybrid and multicloud operability
As the company has operations spread across its existing ONTAP environments, Azure and Google Cloud, BlueXP Console acts as the central management point for all its multicloud and hybrid storage operations. This gives the company a single interface to interact with and orchestrate all the storage volumes in use.
- High availability
To give the company ensured uptime for continual operations—which is mandatory by law—the company has employed all of its Cloud Volumes ONTAP instances in the dual-node, multi-zone high availability configuration. This provides RPO=0 and >60-second RPO for any data environments that developers deploy in the cloud.
- Powerful security features
The suite of security features employed by Cloud Volumes ONTAP allows the company to meet the strict security requirements it is under as a major financial institution. Among the many features provided, end-to-end encryption and customer key management, which allows the bank to use its own encryption keys in the cloud, have been especially relevant.
Another data portability and protection requirement that Cloud Volumes ONTAP has been able to accommodate is the company’s usage of a proxy with custom certificate, that allows the strictly required outbound internet connectivity and runs SSL traffic inspection to all sessions. The software-only option of BlueXP Console also makes it possible to operate the SaaS architecture with absolutely no inbound internet connectivity. Outbound access can be restricted to only specifically approved endpoints, making data much more secure.
- Seamless data mobility
Cloud Volumes ONTAP easily migrates data and workloads to the cloud using seamless SnapMirror® data replication technology. This enabled SAN and NAS data to easily move between on-premises and the public cloud repositories as the company continues to operate using a hybrid cloud model.
- Instant, zero-capacity cost cloning
With Cloud Volumes ONTAP the company can create clones of persistent volumes at instant speed and with zero-capacity cost via NetApp FlexClone®. This enables DevOps teams to spin up any number of test and pre-production environments instantaneously, only incurring costs for changes to the copies. That means development time is reduced and so are the costs.
- Added protections with Cloud Data Sense and Cloud Backup
The bank is also taking advantage of NetApp solutions Cloud Data Sense and Cloud Backup, for data governance and data protection, respectively.
With Data Sense, reports on private sensitive data are automatically produced to help respond to GDPR-mandated requests. Cloud Backup gives the bank a faster, more reliable, and cost-effective backup solution, by automatically creating block-level backup copies that are stored in object storage in the cloud.
Conclusion
Cloud Volumes ONTAP has become a key resource in DevOps pipelines by providing the ability to operate seamlessly across clouds, enable IaC resource provisioning, automatically respond to persistent storage claims for stateful apps running in Kubernetes and other container services, and fully integrate with Ansible and Terraform providers.
For more on how Cloud Volumes ONTAP is being used in DevOps, Kubernetes, and other CI/CD deployments, read these posts: