Oldenburgische Landesbank AG (OLB) is a profitable and growing universal bank for private and corporate customers in Germany and neighboring European countries. Under its OLB Bank and Bankhaus Neelmeyer brands, OLB advises its more than 660.000 customers in person and via digital channels in its Private & Business Customers and Corporates & Diversified Lending segments. The Bank has about EUR 25 bn of total assets.
At-a-Glance
Oldenburgische Landesbank (OLB) is undergoing a major IT transformation program to implement a platform banking strategy. Central to this transformation, the bank adopted Rancher Prime, SUSE Linux Enterprise Server (SLES) and NeuVector Prime. These tools not only streamlined OLB’s migration to containerized platforms and reduced operational costs but also enabled the company to set up Kubernetes environments 99.5% faster, significantly accelerating the application deployment process. This shift has empowered OLB to meet stringent regulatory compliance requirements, while ensuring scalability and adaptability to new technologies.
Journey to containerization
With the rise of platform banking (the modern banking concept of providing a unified customer platform for banking and outsourced services), OLB recognized it needed to modernize its IT systems to maintain relevance in the industry and hone its competitive edge. As a result, OLB launched an ambitious IT modernization program with SUSE solutions to become cloud ready and transform from a legacy banking framework into a platform banking institution of the future.
OLB’s existing IT infrastructure, showcasing the company’s commitment to open source, operated in a mixed environment of on-premises Linux and Windows servers with virtual machines for over 10 years. Hosting up to 800 virtual machines solely for production, this monolithic system had become cumbersome and costly to manage. It also lacked an efficient way to integrate outsourced services, hindering OLB’s ability to establish a unified platform banking system.
OLB wanted to migrate these systems to the cloud to unlock a number of benefits of cloud computing:
- Access to cloud-exclusive solutions, enhancing OLB’s technological capabilities.
- Facilitates remote work with easy resource management.
- Bypasses traditional supply chain constraints.
- Instantly scales integration environments, eliminating hardware and installation costs.
With these benefits in mind, OLB analyzed its applications to determine the extent to which they were cloud ready. Aside from some newer technology, OLB found that most of its systems were not cloud ready.
Seeking innovative solutions, OLB turned to its workforce and asked its recent university graduates, “How would you launch a software development program for an established business?” The conversations that followed sparked the company to create a new department: software development and architecture. Its focus: to spearhead the company’s IT modernization, reduce manual IT workload and ensure the use of the latest, optimal technologies for OLB’s needs.
Subsequently, the newly formed team decided to containerize its applications as a steppingstone toward cloud-based operations and platform banking. It chose Rancher Prime, SLES and NeuVector Prime for this modern infrastructure.
“Unlike other tools, which run outside of the cluster, NeuVector Prime secures from both within the cluster and on the SLES nodes, securing each container from both the operating system and container network perspective. This approach is more intelligent than every other solution, a major point of differentiation.”
Why SUSE solutions?
Rancher Prime and SUSE Linux Enterprise Server
OLB launched its containerization project in early 2020 with a POC for Rancher Prime. Looking at SUSE’s history of delivering innovative, secure and stable solutions for business critical environments, OLB selected Rancher Prime to manage its container environment over Red Hat OpenShift for a number of reasons.
From the beginning, OLB was impressed by the skill set of the presales engineer who helped design the infrastructure to fit its needs, which proved to work within the POC timeframe. Throughout the process, the engineer expertly helped the team overcome challenges, making a positive impression.
More importantly, however, Rancher Prime’s simplicity won the team over. The bank needed a solution that could not only manage its new containerized environment efficiently but also allow for a smooth transition path from traditional virtual machine-based systems to Kubernetes, enabling its IT personnel to become productive earlier in the process. Rancher Prime stood out for its ease of use, allowing OLB’s team to manage containers without the complexity typically associated with such a significant technological shift. This ease of management was a key differentiator from Red Hat OpenShift, which often required more specialized knowledge and training.
“Rancher Prime lets us create new clusters with identical configurations and access controls, whether they are on a cloud provider or our virtual machine infrastructure. This wasn’t as easy to do with Red Hat OpenShift,” says Tim Westphal, IT director of the software and architecture department at OLB.
Additionally, OLB ranked Rancher Prime’s flexibility above the competition. “We designed the CI/CD pipelines that we’re using for deployments, and it’s fully automated in Rancher Prime. Red Hat OpenShift was trying to make us take a different approach that wouldn’t have been optimal for us,” says Westphal. “Plus, Rancher Prime allows us to put as much hardware and workloads into a node as we want for the same cost, which we couldn’t do with Red Hat OpenShift.”
Shortly after implementing Rancher Prime, the person responsible for operations thought it would be a good idea to have support for both the OS and the container orchestrator from the same vendor. Hence, OLB opted to implement SUSE Linux Enterprise Server (SLES) as the underlying enterprise infrastructure of its container environment, ultimately constructing nearly 100 SLES-based virtual machines atop highly performant systems that not only run cluster nodes but also support other vital infrastructure components.
NeuVector Prime
OLB originally selected another container security suite as its container security solution, but after a few years of this solution causing repeated disruptions to the workloads within its clusters, the team sought out alternative solutions. After a successful POC, the team decided to replace its initially chosen container security solution with NeuVector Prime. “Maintaining the stability of our workloads is a critical priority for us, and the instability caused by our first container security solution was no longer acceptable,” says Westphal.
Additionally, the team encountered several integration challenges with its first container security suite, particularly in areas such as OpenID Connect (OIDC) and role-based access controls. These features were not as adaptable as the team initially expected based on prior demonstrations.
“After careful evaluation, we chose NeuVector Prime because it offered the level of configurability we required,” says Westphal. “This was particularly important for integrating with our Configuration Management Databases [CMDBs], which is crucial for us, especially for various regulatory compliance reasons.”
The impact of SUSE solutions
Today, the team is still actively maintaining the software stack it introduced through its IT modernization program. In parallel, the team is phasing out older Debian and Windows systems, gradually migrating to containerized applications deployed on Rancher Prime, and subsequently decommissioning old virtual machines. The impact of the new infrastructure is reflected in a series of benefits.
Accelerates time to market
Implementing Rancher Prime marked a significant leap in OLB’s application deployment efficiency. Before, the process of deploying a new application involved time-consuming, manual virtual machine setups, often taking days. With Rancher Prime, OLB witnessed a revolutionary change – developers could declaratively define the resources they needed, and applications were up and running in just minutes. This transition significantly streamlined the deployment process, enabling the IT team to set up environments 99.5% faster. This efficiency gain allowed the team to focus more on innovation rather than operational tasks.
Simplifies adoption and migration processes
Rancher Prime’s simple user interface (UI) had a major impact on OLB’s transformation. Previously, most of the 140 IT personnel had no experience with container technology. “Rancher’s simple UI helped our team, mostly inexperienced with containers, to adapt without needing extensive training,” says Westphal.
Furthermore, Rancher Prime’s simplicity has played a critical role in maintaining uninterrupted operations in the midst of a data center migration. Due to the scale of transactions OLB processes each day, any disruption in its services could impact Germany’s economy. Because OLB’s systems are considered to have critical infrastructure relevance (critis relevance), new regulations require OLB’s two data centers, which used to be three kilometers apart, be moved to 50 kilometers apart.
“We have been meticulously migrating one of our data centers, node by node, to avoid service disruptions,” says Westphal. “It’s remarkable how Rancher Prime has simplified this migration process, ensuring a seamless transition without disrupting our critical services.”
Enables interoperability
SUSE’s dedication to open source and interoperability plays a key role in OLB’s IT modernization. While OLB continues migrating most applications to Rancher Prime and SLES, it strategically continues using Windows and Debian servers for specific operations. For example, OLB’s Oracle databases and core banking system, relying on the traditional COBOL programming language, will remain on separate systems. This selective approach also applies to cloud environments like Genesys in AWS or Office 365 in Azure, assessed individually by OLB.
“Harmonious operation of SUSE solutions with our diverse systems is a significant advantage,” remarks Westphal.
Rancher Prime’s interoperability across various cloud platforms, coupled with its consistent user experience regardless of the vendor, is also pivotal for OLB’s cloud strategy and regulatory compliance.
“Our multi-vendor cloud strategy is a necessity, driven by European regulatory standards requiring a robust exit strategy. Rancher Prime equips us with the flexibility to swiftly switch providers if needed, fulfilling this crucial requirement,” explains Westphal.
Simplifies role-based management
In the financial sector, regulations strictly limit developers to accessing only the information they’re directly responsible for. This was a driving force behind OLB creating nearly 800 virtual machines, assigning specific permission levels to each user. With Rancher Prime, however, managing individual access controls is much simpler.
A compliant practice, OLB uses its CMDB to track its systems, users and their respective responsibilities. By integrating the CMDB with Rancher Prime through an API, the team can now centrally manage workload permissions across the entire infrastructure with ease.
“Currently, all of our clusters are on-premises,” says Westphal. “However, our system’s flexibility will allow us to expand and establish additional clusters in the cloud. With Rancher Prime managing these cloud-based clusters, we can maintain the same level of permissions as our on-premises setup. Rancher Prime’s ability to seamlessly extend our operations to the cloud while keeping consistent permission levels is a significant advantage for us.”
Secures infrastructure from static and emerging threats
OLB is preparing to introduce NeuVector Prime into its production environment in March 2024, having recognized several significant advantages during the tool’s POC phase.
One standout feature is NeuVector Prime’s unique technical approach when integrated into OLB’s systems. “Unlike other tools, which run outside of the cluster, NeuVector Prime secures from both within the cluster and on the SLES nodes, securing each container from both the operating system and container network perspective. This approach is more intelligent than every other solution, a major point of differentiation,” Westphal says.
This unique positioning allows NeuVector Prime to efficiently scan all active workloads for new vulnerabilities and generate corresponding tickets through OLB’s Jira system. This continuous scanning process keeps OLB’s developers well-informed and quick to address any emerging security issues, even for workloads that have been inactive for extended periods.
NeuVector Prime fortifies OLB’s security framework primarily through two key functionalities. First, its integration with an open source analysis tool ensures build-time protection for OLB’s applications within the build pipeline, rejecting any builds when issues are detected. Westphal states, “Before deploying anything to our clusters, we use NeuVector Prime in tandem with our open source analysis tool to scrutinize static artifact-based vulnerabilities. This pre-deployment check guarantees compliance and security right from the build stage.”
Second, NeuVector Prime’s real-time protection capabilities are pivotal in defending OLB against evolving threats. “It identifies and blocks attack vectors like Log4j in live traffic, ensuring such threats don’t reach our workloads,” says Westphal. “NeuVector Prime is a comprehensive solution providing both runtime and build-time protection, and it is central to our security strategy.”
The impact of SUSE Support
The collaboration between OLB and SUSE Support has played a pivotal role in enhancing the bank’s IT infrastructure, contributing significantly to OLB’s modernization program.
“SUSE Support is exceptional,” says Oliver Bohlen, Linux operations manager at OLB. “It’s one of the basic things SUSE does from our point of view.”
During the transition to Rancher Prime and SLES, SUSE Support assisted OLB in identifying and resolving stability issues, advising on optimal sizing requirements for its needs. This guidance was invaluable in fine-tuning OLB’s infrastructure for maximum performance and reliability.
OLB’s interaction with its customer success manager at SUSE is another demonstration of SUSE’s client-focused approach. “Whenever a need arises, we relay it to our customer success manager who strives to assist us. If she can’t help us because of current configurations, we’ve seen some of our needs get added to product roadmaps,” says Westphal. “This is very promising. It reinforces our confidence in SUSE as a partner committed to our success.”
What’s next for OLB?
With SUSE solutions at the helm, OLB is not merely optimizing its current operations but is also firmly on course to evolve into a cloud-ready platform bank.
As OLB prepares for its forthcoming merger with another German bank, it faces a blend of challenges and significant opportunities. “The merger demands considerable resources, shifting our immediate focus. However, it offers a unique opportunity to modernize and containerize newly acquired applications, seamlessly integrating them into our infrastructure,” explains Westphal.
Looking ahead, maintaining regulatory compliance is a critical priority for OLB, particularly with the upcoming Digital Operational Resilience Act (DORA) from the European Union. Slated for enforcement in 2025, DORA’s stringent cybersecurity measures render NeuVector Prime a pivotal component. “Adhering to DORA’s evolving standards is crucial. NeuVector Prime’s advanced cybersecurity capabilities will be instrumental in aligning our processes with these new regulations, ensuring our proactive preparedness for this upcoming phase,” emphasizes Westphal.
In its ongoing journey with SUSE, OLB is committed to continual innovation, efficiency and strategic modernization. This commitment positions the bank to navigate the ever-evolving banking sector landscape confidently and agilely.