Founded in 1803, Powszechny Zakład Ubezpieczeń SA (PZU) is the oldest and largest insurance provider in Poland. It is also a leading provider across Eastern Europe, with subsidiaries in Latvia, Lithuania, Ukraine and more. Specializing in property, accident and life insurance, PZU brings its customers peace of mind by protecting the things that matter most.
At-a-Glance
As part of its mission to build a safer life for all, PZU’s IT team adopted Kubernetes to create a more robust and scalable application architecture and offer better services. However, the small team managing the Kubernetes platform found itself in technical debt and struggling to scale to support the company’s growth. By choosing SUSE solutions and services, PZU was able to streamline, automate and secure its Kubernetes clusters, simplifying the management of the environment and accelerating the delivery of new digital services.
Modernizing without limits and upgrading PZU’s container platform
Offering nearly 200 insurance and pension products in the Polish market alone, PZU aims to be at the forefront of developing innovative services for its customers. As customer expectations for digital services continuously increase, PZU invests significant time and effort in staying ahead of new technologies and market trends.
During the rise of containerized applications, PZU was an early adopter of containers and cloud native technology. By harnessing the scalability and self-healing capabilities of container platforms, the insurance company could build a more robust infrastructure, and application developers could be more agile in developing new digital services for both business users and customers.
Wanting to leverage the power, security and independence of open source, PZU adopted Kubernetes in 2016 to develop and deploy its internal container platform. Known internally as SAHUL 1.0, PZU built this Kubernetes-based system to support its business applications.
Even though PZU was quickly seeing the benefits of Kubernetes infrastructure, they began to experience challenges around technical debt. Kubernetes had evolved significantly, but as a large financial company with live production environments running 24/7, PZU could not afford to roll out upgrades to its container platform without incurring downtime and costly disruption to operations.
In parallel, the SAHUL platform had grown from supporting just one business application to 50. As PZU grew through acquisitions and an expanding user base, the small container management team struggled to scale SAHUL at a pace in line with demand.
To future-proof its containerized applications and ensure it would be ready to meet growth demands, PZU prepared to develop SAHUL 2.0. “Scalability, high availability and resilience are crucial in the insurance industry,” explains Szymon Madej, DevOps Architect for Containerization Platforms and Microservices at PZU. “As insurers, we sell security and manage risk. We needed to reflect this same level of reliability and resilience in our applications.”
“One of the most striking outcomes has been the dramatic reduction in the time required to create clusters. With SUSE Rancher Prime, the process has been shortened by 99.5% — from days to mere minutes.”
Szymon Madej,
DevOps Architect for Containerization Platforms and Microservices,
Powszechny Zakład Ubezpieczeń SA
Transforming PZU’s microservices with SUSE solutions
SUSE Rancher Prime meets strict compliance standards
PZU wanted SAHUL 2.0 to be a more advanced, automated and streamlined container platform that would offer new capabilities while removing management overhead to its lean 10-person containerization management team. Even though the team discussed options with multiple vendors, including SUSE, Red Hat and VMware, they ultimately went with SUSE based on its stringent security and compliance requirements. The security certifications of Rancher Kubernetes Engine 2 (RKE2) were a deciding factor, critical for PZU to meet strict compliance standards in a highly regulated market. In addition, PZU valued the ability to deploy SUSE Rancher Prime on its air-gapped, on-premises infrastructure without internet connectivity.
Working with SUSE and Simplicity (a SUSE Diamond Partner), PZU developed the new platform, migrating the existing 50 business applications from SAHUL 1.0 to SAHUL 2.0. The insurance company now operates 15 clusters — both management and workload — across three separate SUSE Rancher Prime environments, running more than 10,000 containers.
SUSE Security introduces dedicated cloud native security
Reaffirming its commitment to security, the insurance company selected SUSE Security to complement its deployment of SUSE Rancher Prime. The SAHUL 1.0 platform did not have dedicated Kubernetes security tools, with the team relying on general-purpose enterprise security solutions.
Using the opportunity of developing SAHUL 2.0 to explore and test SUSE Security, PZU found that the solution offered the capabilities it had been missing, providing end-to-end monitoring and security for its Kubernetes environment.
SUSE Storage powers consistent, high availability business ops
To further mitigate the performance issues of SAHUL 1.0, PZU also chose to deploy SUSE Storage. PZU utilizes a complex multi-vendor, on-premises hardware infrastructure to deploy its containers, making it difficult to deliver consistent high availability to support continuous business operations. SUSE Storage provides highly-available persistent storage for Kubernetes that can run on any platform, simplifying management for the PZU containerization team.
SUSE Premium Support streamlines transformation
Alongside SUSE Diamond Partner, Simplicity, PZU worked with SUSE Premium Support to deploy its new SUSE Rancher Prime environment. With a complicated production environment that could not tolerate any downtime during the migration to SAHUL 2.0, the containerization management team at PZU saw the benefit of support from SUSE experts to streamline the process.
After successfully running its new SUSE Rancher Prime environment for close to a year, PZU also engaged SUSE Premium Support to support further development of its containerized environment.
“We looked for a single point of contact who understands our environment, and that is precisely what we found in SUSE Premium Support,” explains Madej. “Having a dedicated engineer who knows the complexities of our air-gapped infrastructure saves a lot of time, as we don’t need to repeatedly explain our operations during each new interaction.”
The impact of SUSE Solutions
SUSE Rancher Prime automation shortens time-to-market
SUSE Rancher Prime has been central to the successful development of SAHUL 2.0, automating and standardizing PZU’s containerized environment to reduce management workload and improve performance.
For example, PZU used SUSE Rancher Prime’s Fleet tool to implement automation based on the GitOps framework, as well as automating processes to install updates and build new clusters. Automation allows the 10-person container management team to complete routine tasks more efficiently, improving time-to-market for innovative application development.
“One of the most striking outcomes has been the dramatic reduction in the time required to create clusters,” explains Madej. “With SUSE Rancher Prime, the process has been shortened by 99.5% — from days to mere minutes.”
He adds: “Our newfound efficiency positively impacts the software development teams responsible for creating PZU’s business applications. Efficient business applications mean efficient service for millions of customers across Poland and Eastern Europe.”
SUSE Rancher Prime reduces technical debt
With the new platform built with SUSE Rancher Prime, the team at PZU can now upgrade containers without causing downtime for live-production systems. Upgrades are continuous, automated and can be executed without specific maintenance windows. By keeping on top of upgrades, PZU will no longer find itself in technical debt as Kubernetes continues to grow and evolve, keeping its containerized environment robust.
“On our previous platform, upgrades were time-consuming and disruptive,” says Madej. “Upgrading a cluster would require several hours of downtime, affecting all the applications running on it. Now, upgrades can be done at any time, seamlessly.”
SUSE Security keeps sensitive data in containers secure
Thanks to SUSE Security, PZU now has a zero trust architecture protecting its containerized environments and can monitor its entire container lifecycle. At the same time, SUSE Security has simplified security and governance for the team, fortifying sensitive container data scale without adding management overhead.
“Before adopting SUSE Security, we lacked a tool capable of fully understanding our Kubernetes environment,” notes Madej. “It’s a relief to finally resolve this major challenge.”
SUSE Storage optimizes application performance
With high availability capabilities from SUSE Storage, PZU can ensure that its systems are resilient and stay up and running 24/7. SUSE Storage has also made it possible for PZU to deploy new features and applications more efficiently. This has helped the company use its heterogeneous hardware infrastructure at full potential.
SUSE Premium Support smooths deployment and bridges skills gaps
By engaging SUSE Premium Support during the development and implementation of SAHUL 2.0, PZU ensured a seamless go-live experience, free from delays or issues. With expert assistance from SUSE, PZU successfully resolved challenges and integrated the SUSE solution with its complex business ecosystem.
“SUSE frequently contacts us to check if we need any additional assistance,” says Madej. “They are proactive in addressing our needs, and their commitment to supporting us has been crucial to ensuring the success of our implementation.”
Recognizing the growing complexity of its environment, PZU decided to continue its SUSE Premium Support contract, maintaining a consistent, efficient, single point of contact for support. “While open source community support works well up to a certain scale, it becomes increasingly inefficient as the complexity and size of the environment grow,” explains Madej. “At our stage, having access to dedicated support allows us to focus on resolving problems quickly without wasting time.”
This collaborative approach has also strengthened PZU’s team’s expertise. While the containerization management team is highly skilled in Kubernetes and SUSE Rancher Prime, they are still mastering SUSE Security. With guidance from a SUSE Premium Support engineer, PZU resolves challenges that exceed the team’s current capacity. “We approach support as a collaborative effort,” adds Madej. “SUSE has responded to our needs and even implemented changes in their development cycle based on our feedback.”
What’s next for PZU?
Today, PZU continues on its containerization and microservices journey, aiming to expand its Kubernetes environment to support more business applications. By leveraging the benefits of containerization wherever possible, PZU will continue to optimize the development of innovative digital services for its business users and customers, giving more people access to peace of mind through its insurance products.
At the same time, the containerization management team will be closely following the development of SUSE’s technology portfolio. “At the moment, we are particularly excited about the possibilities of SUSE Cloud Observability,” concludes Madej. “We are very interested in conducting a proof of concept for this product and introducing observability into our SUSE stack.”