Adoption is coming from a host of sectors. Early interest came from telecoms and utility companies (energy and water), but appetite is growing in other areas (finance, education and health care). Its popularity is easy to understand. By automating and mediating access to property and assets, companies can dramatically simplify security management, improve overall estate security and ensure observance of local data protection laws.
Headquartered in Waterloo, Ontario, Sera4 Ltd. is a leading expert in keyless access control for critical infrastructure. It provides cyber-resilient site access automation and identification at scale, solving real operational challenges while reducing losses. Founded in 2014, Sera4 engineers its technology from the ground up via hardware and cloud data center experts with backgrounds at RIM and IBM. On a growth trajectory, the company now has hundreds of enterprise customers in North, Central and Latin America, Africa, Europe and its home country of Canada.
Sera4 has created a portfolio of keyless smart locks and controllers that connect to Teleporte, its innovative control and monitoring platform. The company connects and manages tens of thousands of access points, connected to many users across the world.
Working in the critical infrastructure space, security and resilience are of obvious importance to VP of engineering, cloud and security specialist, Jeff Klink, and his team. To help the company meet its goals, the team has put Kubernetes containers — and Rancher Prime — at the heart of its success strategy.
At-a-Glance
Secure access control is an important part of every company’s security strategy, regardless of sector. The market is evolving and demand for high-level, digitized security for critical infrastructure (assets of national, public and economic importance) is accelerating. The access control market for critical infrastructure, alone, is worth more than $10 billion total addressable market (TAM).
The journey to containers
Sera4 has patented its own highly secure, low-energy security framework, with Bluetooth at its core, which connects hardware to devices and the cloud-based Teleporte management platform. With ultra-tight security baked in, Sera4 has quickly gained traction with security-conscious organizations.
Immediate interest came from telecoms and utility providers tasked with managing thousands of individual access points in several separate regions. In just one country, an operator may manage thousands of individual base stations, local exchanges and junction boxes — replicated in multiple territories — each monitored and accessible by engineers 24/7.
Because of its diverse international footprint and need for reliable internet connectivity, Sera4 has always run on bare metal and virtual machines (VMs) in IBM Cloud. The team wanted to be able to scale the service up and down depending on demand, and they knew that cloud enablement and strategic placement of data centers were of utmost importance. Preserving data sovereignty in individual territories was (and continues to be) a major priority. Over time, the team started to investigate the benefits of containers as a way to manage its virtualized infrastructure more efficiently and drive agility and increased security into management processes.
The team knew Red Hat’s OpenShift community well, but the overhead was too high for this growing startup. Still in the ‘nitty-gritty’ phase of development, the team tried Docker Swarm but found it clumsy and lacking features. Furthermore, Kubernetes offered a more mature platform and was winning the war with Docker. However, with a small team and an extremely fast-growing base of clients, the team needed something to help manage the scalability, upgrades and deployments on many servers and containers per day. That’s when they discovered Rancher Prime. They found it easy to get started — no barrier to usage and no cost. Plus, Rancher Prime was a powerful, feature-rich platform that could control their Kubernetes clusters.
To get to where they are today, the team spent more than a year rewriting its architecture, transforming Sera4’s access control platform into a microservices environment. In 2018, Klink carried out a proof of concept (PoC), spinning up a couple of raw Kubernetes clusters to see how Sera4’s virtualized environment would fare. The original cluster designs certainly had their shortcomings. When trying to spin the Sera4 service mesh up in more than one territory, the cluster struggled. For example, the battle of geographic resilience versus high latency imposed its own set of issues on the cluster. Having multiple instances of etcd too far apart caused synchronization issues and thus, continued instability.
However, with time, perseverance and some heavy cluster and container design modifications, the team overcame its original issues, hastened development and moved its core services into production in Rancher Prime, and out of VMs. Since May 2019, the company has been running more than 95% of its development, beta and production infrastructures on Rancher Prime.
“It was love at first sight. Rancher Prime has a great user interface and the platform was improving quickly. Rancher Prime allowed us to deploy QA, staging and production environments right off the bat — which is rare.”
What were the problems Sera4 was trying to solve?
Security and stability
For organizations securing high-value assets at scale, Sera4 is a boon. Utility companies, for example, can manage access to high-value sites such as local power stations and, more importantly, gather vital activity data. Managers can see how many times locks have been opened during select time periods and who accessed them. They can see, in granular detail, the access behaviors of their field technicians and control access accordingly — ensuring sites are secure when work is complete. Most importantly, they can spot anomalies early, preventing unauthorized access and loss.
To meet these particular needs, the highest levels of security and resilience are of utmost importance. The team at Sera4 had to be sure that putting its core services into Rancher Prime would enhance its service to its customers and build an additional layer of security into its offering. Rancher Prime automates a host of processes (role-based access control [RBAC], namespace-as-a-service [NaaS], authentication, application catalog, etc.) that hasten deployment, simplify management and improve security. Rancher Prime has enabled Sera4 to migrate its virtualized, cloud-based environment into Kubernetes where multiple customers can coexist, side-by-side, operating completely securely and independently of one another, managed via one interface.
After creating an entirely new microservices architecture, the DevOps team at Sera4 started migrating clients into containers on Rancher Prime — one-by-one at first. In 2019, via Rancher Prime, the team released a single sign-on (SSO) feature for their customers. For the first time, customer projects could be viewed, managed and debugged together via a single interface. This meant no need to create separate entities for each customer and a smoother, more intuitive management experience. By May 2019, almost 95% of the infrastructure was running on Rancher Prime.
Rancher Prime brings an additional layer of security to the cluster. Developers can respond to important issues in real time, which has boosted overall security. On the technical front, logging and alerting features in Rancher Prime allow them to act before issues arise.
For example, when disks are reaching capacity, the team receives an alert. While the team had some legacy alerting in place, it would often trigger too late. Now, issues are reported in real time through Slack and PagerDuty before they happen. Outages are preempted and, therefore, far less likely. Finally, working in containers in Rancher Prime means it doesn’t matter as much when things break — issues are easily managed in isolation.
Data sovereignty
When Sera4 works with organizations responsible for managing mission-critical infrastructure, the security of the access control platform and the idea of data sovereignty are of critical importance. This makes sense, considering that many of these companies are the custodians of sensitive assets or information (treasuries, federal reserve banks, correctional facilities and high-security medical facilities). What’s more, each of these institutions are bound by regional data protection laws.
New legislative frameworks, such as GDPR, have changed the way companies think about and handle data. They have also driven the design of Sera4’s cloud and container strategy. Having always had extensive international cloud coverage, Sera4 could always guarantee compliance. As more customers joined Sera4’s platform, in more territories, Klink was looking for a more consistent and coordinated management approach.
With four data centers in North America, Latin America, Europe and Asia, consistency is key for Sera4. Rancher Prime is the team’s single, unified management platform for all four data centers — upgraded once and maintained centrally. By running each customer’s micro-cluster side-by-side in Rancher Prime, Sera4 ensures consistency of service across the network — maintaining tight control over sensitive customer data while providing frictionless compliance with local data laws.
Cost and time savings
Overall, Rancher Prime has given the Sera4 team a streamlined and intuitive way of managing its 100% virtualized environment by containerizing in the cloud. Rancher Prime is reducing the complexities inherent in Kubernetes — making cluster management easier for even the most junior developers on the team.
Automation tools for basic set up and management processes have significantly reduced development time. Permissions-based access and a smart, unified interface allows every developer to spin up new clusters, scale up existing ones and move clients over without touching sensitive customer data or needing to grant command-line access. By democratizing access to the cluster, Klink can spread responsibilities throughout the team, keep senior engineering costs to a minimum and allocate experienced resources where they’re needed most.
Importantly, in preparation for rapid growth, Klink has made sure he has enough compute capacity to meet growing and changing needs. By simply adding one server to the overall number needed, or doubling the number needed plus one, Klink knows he has enough capacity to manage a rapid growth spike. Coupled with better alerting in Rancher Prime, this is helping Klink build more resilience into the service.
What’s next for Sera4
Sera4 is priming itself for international growth in the next few years. The company already provides Teleporte to hundreds of customers, all with special requirements and 24/7 access control needs. Collectively, the Sera4 platform handles millions of connections, processing terabytes of data on bare metal and virtual machines out of data centers on all continents.
With sights on fast-paced global growth, scale is, naturally, a major preoccupation for the team at Sera4. With Rancher Prime, Sera4 has the power to scale a virtual estate quickly as its international footprint grows, while remaining sensitive and performant to local businesses.