Since its start, the bank has consistently delivered a comprehensive array of products and services spanning personal and business banking, corporate and investment banking, wealth and investment management and insurance.
At-a-Glance
This customer spotlight features a company whose digital banking evolution, fueled by a commitment to innovation, found its transformative partners in Rancher Prime and NeuVector Prime. Focused on enhancing agility and security, the bank embraced Rancher Prime's multi-cluster management, empowering teams and streamlining compliance in a complex landscape. Leveraging NeuVector Prime's consolidated security platform, the bank fortified its defense against vulnerabilities, unifying efforts across business units. The bank's strategic journey yielded significant dividends — a seamless and secure environment fostering agile innovation, embodying its pursuit of a future-forward banking landscape.
The journey to containers
At the forefront of digital banking evolution, the bank is reshaping the future banking landscape through pioneering technology. The route began with a nod to Kubernetes' potential, as the bank turned to Red Hat OpenShift for its container requirements in 2016. The bank's Kubernetes journey preceding Rancher spanned approximately five years.
Running Red Hat OpenShift at scale posed challenges in navigating complexity, and costs began to rise. As the bank’s teams expanded, it became clear that the current platform's scalability and cost-effectiveness needed to be improved. This prompted the bank to seek a more adaptable solution capable of aligning with its ambitions. The pursuit of cost efficiency, the necessity to manage complexity and the need to segregate the impact on its diverse customer base drove the bank's search for a new solution.
“SUSE Premium Support and SUSE Premium Technical Advisory Services is like having a strong team by your side the whole time. It’s the assurance that you have expert backup to tackle any nuanced challenges that you might need to solve.”
Why Rancher Prime?
In late 2018, the bank explored alternatives to Red Hat OpenShift, fully aware of the value brought by multi-cluster, multi-cloud and hybrid deployments. Among the prospects, Rancher Prime emerged as the standout choice. Its appeal extended beyond cost efficiency and usability, resonating deeply with the bank's collaborative ethos due to its open source nature. This approach aligned perfectly with the bank’s vision of co-creating specialized finance solutions, with the ripple effect benefiting the entire African banking sector.
A two-month proof of concept (PoC) in 2019, followed by intensive architectural workshops, led to the bank's decision to select Rancher Prime.
Why NeuVector Prime?
Security is a major concern in modern banking, where technology is the driving force. A platform engineer manager (PEM) at the bank pinpoints the weight of development, security and operations (DevSecOps) within the broader DevOps spectrum. "DevSecOps is more than just three letters within DevOps,” he says. “It encompasses a substantial workload that must be integrated into development pipelines and developer experiences." Recognizing the challenge, the bank embarked on a journey to fortify its security practices, with NeuVector Prime emerging as a critical component of its strategy.
The bank thoroughly examined various products in its search for the right security solution. NeuVector Prime, as the bank’s PEM highlights, stood out due to its scalability and versatile fit across multiple segments of the DevSecOps pipeline. Particularly, NeuVector Prime’s seamless integration within the container and Kubernetes landscape captured the bank’s attention.
"NeuVector Prime’s scalability and adaptability to different verticals within the DevSecOps pipeline, alongside its compatibility with Kubernetes and containers, drew our attention," says the PEM. NeuVector Prime's addressed not only audit requirements but also critical security gaps within the bank's organizational framework.
Moreover, the PEM underscores the broader impact NeuVector Prime brings to the bank's IT teams: "While Kubernetes and containers are our primary focus, there are numerous factors preceding and succeeding them that require careful management. This is where we see NeuVector Prime‘s greatest value."
Why SUSE Premium Support and SUSE Premium Technical Advisory Services?
Navigating the evolution of a software environment, especially at a large scale, can bring many challenges. The PEM emphasizes the intricacies involved in this process: "Transitioning an environment from its early large-scale implementation in 2019 to its current state introduces significant complexity. We heavily relied on SUSE's Premium Support and SUSE PTAS to address specific aspects of Rancher and Kubernetes."
To ensure a seamless utilization of both Rancher Prime and NeuVector Prime within the bank’s ever-evolving landscape, the bank’s team sought help from SUSE Premium Support Services and SUSE Premium Technical Advisory Services (PTAS). Premium Support Services provides the bank with robust assistance in managing its environment, addressing immediate needs and maintaining stability. At the same time, SUSE PTAS offers strategic insights and guidance for long-term success.
As the PEM points out, the journey from initial implementation to the present involved a series of challenges that demanded expert support. The collaboration with SUSE Global Services teams proved instrumental in overcoming hurdles and gaining expert guidance. They further affirm: "Partnering with the professional services team from SUSE has allowed our internal team to focus on what we need to do while leveraging the expertise that comes with the SUSE relationship."
The impact of Rancher Prime
Enhances agility
About 60% of the bank's workloads operate on its Kubernetes infrastructure, a component that fuels heightened agility. The PEM underscores this: "Agility has always been the primary focus of my team — the ability to be far nimbler in a very regulated space. And with Rancher Prime, we've seen a decoupling of concerns."
This agile approach involves the strategic separation of various dependencies, offering the flexibility needed for dynamic operations in a highly regulated environment. Rancher Prime, as the central workhorse, serves this agility-driven purpose while performing cluster management and role-based access control.
Unified entry point and progressive enablement
The PEM further highlights the role of Rancher Prime in facilitating a seamless customer journey and progressive skill development: "Rancher Prime does a great job of facilitating entry-level staff, with the best user interface (UI), and organizing the natural human response."
For the bank, Rancher Prime acts as a user-friendly entry point into the intricate Kubernetes landscape. It empowers users at various levels of expertise, allowing beginners to leverage a UI while providing more advanced users with access to native Kubernetes features via the same platform. This harmonious blend enables teams to mature along their journey while remaining compliant with banking standards and best practices.
Cluster management at scale
One of Rancher Prime's standout benefits is its proficiency in managing clusters at scale, which significantly eases operations. This feature becomes particularly critical in large and intricate environments like the bank's.
"Another aspect is segregating the blast radius across customers,” adds the PEM. “It's something that Rancher Prime gives us the ability to do with multiple clusters, managing all those clusters at scale."
This approach ensures that potential issues are isolated to a specific cluster, minimizing the impact on the overall environment. With more than 130 clusters and 1,200 nodes under management, this functionality is indispensable for maintaining operational resilience and agility.
The impact of NeuVector Prime
Unified security efforts for comprehensive protection
Multiple security tools have been historically employed within the expansive landscape of the bank's operations, leading to disjointed efforts and concerns. With diverse business units and shifting focus areas, the security approach was often reactive due to audits or incidents, resulting in fragmented implementations. This disjointed path led to billing complexities, unfeasible deployments and ineffective security management.
NeuVector Prime revolutionized this landscape, providing a robust platform to consolidate security endeavors. The PEM emphasizes: "NeuVector Prime definitely creates a good platform to consolidate the different efforts and gives a single plane where you can manage all of these different attack vectors and vulnerabilities."
NeuVector Prime settled the challenges of scattered security measures by offering a unified strategy for safeguarding the bank's digital ecosystem.
Strategic implementation and learning for enhanced insight
The bank’s NeuVector Prime implementation showcased strategic execution and a learning-driven approach. The PEM revealed that NeuVector Prime's adoption was phased, beginning with the architectural perspective and then transitioning into dedicated DevSecOps team implementations.
“We’ve worked hand in hand with the NeuVector team from SUSE to facilitate leveraging Fleet (a feature of Rancher Prime that simplifies managing, deploying and scaling containerized applications across multiple clusters) and the GitOps methodology,” says he.
This close collaboration with NeuVector Prime’s team facilitated the deployment process, involving labeling clusters, scaling resources, and ensuring seamless integration into the bank's infrastructure. While currently in the nonproduction learning phase, the bank plans to expand NeuVector Prime to its production environment soon in a gradual and informed way.
The impact of SUSE Premium Support Services and SUSE PTAS
Speedy assistance and architectural guidance
Within the past year, the bank encountered specific challenges that required specialized expertise to address. "We've had some audit requirements we needed to remediate that were outside of the scope of knowledge of my team members, in which we've had direct engagements from SUSE Premium Support Services to remediate that," affirms the PEM.
The complexity of the bank's environment, coupled with evolving regulatory demands, called for tailored solutions. Moreover, as a long-standing environment with a management plane operational for five years, the bank confronted architectural considerations during Kubernetes upgrades. In response to these challenges, the bank leveraged PTAS to collaborate with experts, ensuring accurate solutions and optimized architectural decisions.
Collaborative learning and assured success through expert backing
The PEM’s description of the cooperative process with Premium Support Services and PTAS exemplifies the partnership's value. He emphasizes the benefits of a collaborative approach: "All of our engagements with the SUSE Global Services teams have been very positive, collaborative and fruitful experiences so far."
This alliance not only brought the bank’s team significant learning opportunities but also enabled the SUSE Global Services teams to work on a challenging project, leading to robust solutions tailored to the bank’s unique environment. "My team learned a lot. I believe that they also challenged the SUSE Global Services teams in terms of thinking on how we should roll this out, " says the PEM.
The PEM vividly describes the role of Premium Support Services and PTAS as analogous to having a supportive presence during challenging times. He states: "SUSE Premium Support Services and PTAS is like having a strong team by your side the whole time. It's the assurance that you have expert backup to tackle any nuanced challenges that you might need to solve."
What’s next?
Moving forward, the bank's Rancher Prime strategy centers on continuous enhancement and empowerment. As the PEM states: "We're sticking to our current path, managing diverse platforms through GitOps, cluster segregation and empowering teams, freeing them from shared environments and regulatory complexities."
As NeuVector Prime expansion continues, the PEM emphasizes gradual progress, "We'll begin production rollout soon for a portion of our low-risk environment, progressing in the weeks ahead."