Introducing Bayerische Versorgungskammer
As Germany’s largest public-law pension group, Bayerische Versorgungskammer (BVK) is a service and competence center for professional and municipal pension plans, managing the business of 12 legally independent professional and municipal pension programs.
BVK manages 5.5 billion euros in contribution and pay-as-you-go income while delivering 4.1 billion euros in pension payments to more than 2 million insured persons and pension recipients each year. Collectively, its 1,480 employees manage an investment volume worth 106.8 billion euros in total market value.
At-a-Glance
Bayerische Versorgungskammer, Germany’s largest public pension organization, is transforming its customer communications with modern digital offerings. Opting for online portals and web-based self-services instead of lengthy paper-based processes, the organization relies on Rancher Prime for greater efficiency, security and speed in the delivery of its innovative applications.
Improving customer service through digitization
Nearly one in five households throughout Bavaria receive BVK benefits. For the organization, this translates into a major corporate and social responsibility. To guarantee the best service for its policyholders and members, BVK has launched a comprehensive digitization initiative. The program aims to increase customer satisfaction and create optimal working conditions for its employees by using advanced technologies and IT standards.
Central to the program are BVK’s online portals, which are being used for digitizing individual pension institutions’ information and communication processes. More than 1.5 million insured persons can learn about the status of their company pension at any time via the BVK Zusatzversorgung (supplementary benefits) policyholder portal. Other portals, such as the BVK Beamtenversorgung (civil servant pension) member portal, simplify administrative processes through digital self-service instead of paper-based workflows.
BVK operates all online portals on a private cloud in its own data center. When developing new services, it relies on container technology and a Kubernetes-based application platform from the outset. After launching its first two portals, however, the IT organization had to readjust its strategy. The application platform it had been using was discontinued by the manufacturer, requiring the company to find a new solution for managing its containerized applications in relatively short notice.
“We immediately saw that Rancher Prime played perfectly with our existing technology stack. Whether it was Elasticsearch, Kibana or containerd, we were able to continue using familiar tools and build on existing expertise, making the transition to the new platform smooth. The positive feedback from our developers also confirmed that we are on the right track with Rancher Prime.”
The solution: Rancher Prime
The IT organization conducted a detailed product comparison of three different container management platforms. In addition to costs, security and future viability, implementation effort also played an important factor in the selection process. After all, BVK did not want to lose any time and wanted to drive its digitization of processes forward as quickly as possible.
“Rancher Prime was able to convince us in all points during the comparative test,” reports Daniel Mittlmaier, data center technology officer, responsible for the technical management of the internal cloud. “A big advantage was certainly that we had already gained a lot of positive experience with SUSE in previous years. We use SUSE Linux Enterprise Server as our Linux operating system for our entire x86 architecture.”
Rancher Prime’s intuitive user interface and comprehensive documentation enabled the IT team to quickly launch a proof of concept. Quickly thereafter, its first Kubernetes cluster was up and running.
“We immediately saw that Rancher Prime played perfectly with our existing technology stack. Whether it was Elasticsearch, Kibana or containerd, we were able to continue using familiar tools and build on existing expertise, making a smooth transition to the new platform. The positive feedback from our developers also confirmed that we are on the right track with Rancher Prime,” says Mittlmaier.
The impact
With Rancher Prime, BVK was able to quickly build a new Kubernetes infrastructure on x86 systems. As a result, it completed migrating its existing online portals before support for its previous application platform ended. In the process, the team didn’t require a long training period. “We had booked only a few days of support from SUSE Consulting, and in that time, we learned everything we needed to set up and manage the solution,” says Mittlmaier.
The new environment includes administration clusters, development clusters, test clusters and production clusters for deploying the various online portals. In the future, up to 2 million policyholders, beneficiaries and members will have access to the web services of various pension plans.
High security through centrally managed user access and security policies
Rancher Prime enables BVK to centrally manage and monitor the Kubernetes clusters for all facilities, while meeting high security standards for managing sensitive personal data.
For legal reasons, BVK is required to strictly separate the IT environments of each individual sub-organization, as well as operate a separate instance of its future inventory management system for each facility. It also has to implement this separation at the new containerized-application level and ensure that administrators and development departments are only allowed to access the projects they’re approved to work on.
With its previous platform, this involved a lot of effort. Permissions had to be set up anew for each cluster. “Rancher Prime, on the other hand, provides us with centralized permissions management,” says Mittlmaier. “This allows us to easily assign users to specific projects and apply consistent policies for user access and security across all clusters.”
Operational efficiency and easy scalability
With Rancher Prime, BVK centralized and largely automated functions such as provisioning, data backup and version management. This massively reduced the amount of manual effort required to manage the various clusters. Additionally, it can apply Kubernetes updates to all clusters while services remain available to users.
Rancher Prime’s intuitive user interface also makes it easier to diagnose errors and monitor the entire environment. The team now has a comprehensive view of the health of individual clusters, nodes and workloads at all times. “We are informed by alerts when performance bottlenecks occur and can allocate more CPU or RAM to the workloads,” Mittlmaier explains. “We can also provision additional nodes very quickly. For example, when we send out information letters to our policyholders, our online portal visits skyrocket. With Rancher Prime, we can scale our environment very easily to optimize performance as necessary.”
Standardization accelerates innovation
Finally, Mittlmaier believes that a major advantage of Rancher Prime is that the solution is 100% open source and supports any CNCF-certified Kubernetes distribution as well as common industry standards.
“With Rancher Prime, we can develop and run new applications on an x86 architecture. This makes it much easier for us to find the specialists and consultants we need, while minimizing required training. As a result, this also shortens our time to market for new services,” says Mittlmaier.
What’s next for Bayerische Versorgungskammer?
BVK wants to use Rancher Prime to expand its portal strategy and make more services available online to policyholders and members. However, the increasing containerization of applications and the interconnection of different services also create new security risks. The BVK team is therefore currently looking into possible use cases for SUSE NeuVector. The container security platform, which is also 100% open source, offers comprehensive protection across the entire container lifecycle.
“Our first impressions of SUSE NeuVector are really promising,” Mittlmaier confirms.
The solution allows container images to be checked for potential vulnerabilities as early as the build phase. Continuous scans and access controls prevent compromised containers from entering the production environment from the CI/CD pipeline. SUSE NeuVector also enables end-to-end inspection of communication between containers and automatically blocks unauthorized connections.
“With SUSE NeuVector, we can implement true Zero Trust security for our container environment,” Mittlmaier concludes. “The solution minimizes the surface for potential attacks and helps us protect our environment, even from previously unknown threats.”