Bare.ID entrusts its Kubernetes environment to the German cloud and Kubernetes provider SysEleven
When it comes to cloud services, the “Big Three” – AWS, Microsoft and Google – are nearly always the first choice. Unless, that is, the company has special custom requirements that none of these hyperscalers can fulfill. For example, IAM and SSO specialist Bare.ID decided to entrust the German cloud and Kubernetes provider SysEleven with Bare.ID’s infrastructure and the automation of its Kubernetes environment.
Based in Wiesbaden, Bare.ID’s field includes central identity and access management (IAM) in cloud environments. The highly specialized spin-off from the AOE Group offers a product with the highest security standards: IAM that includes multi-factor authentication and single sign-on (SSO) based on the open source framework “Keycloak”.
Bare.ID’s customers are primarily in the area of critical infrastructure. Above all, they include banks and government agencies as well as companies in the healthcare sector – in other words, organizations for which the statutory “KRITIS” regulations come into play. These include, for example, the obligation to host IT systems or have them hosted exclusively within the jurisdiction of the General Data Protection Regulation (GDPR/DSVGO) – that is, not hosted in the USA, where data protection rules are less strict than in Europe. This requirement affects not only immediate service partners, but also the partners’ suppliers. It even applies to companies that are European-owned but in which non-European investors own a stake – at least if they exercise control over the company through its corporate bylaws.
Compliance as USP
This all means that it wasn’t up for discussion that Bare. ID‘s core team would run the infrastructure for its own operations and customer services itself. That in turn laid down what they were looking for in a (new) Managed Kubernetes provider. Given the high security requirements, the company also couldn’t simply follow the lead of its parent company AOE Group and use Amazon Web Services (AWS). “Our biggest USP is our compliance level,” explains Bare.ID’s authorized officer Steffen Ritter: “If I didn‘t have that, we’d be replaceable.”
Thus Ritter and his team were looking for a provider that could deliver infrastructure as a service (IaaS) without sacrificing functionality and technology compared to the Big Three while providing it from within Europe – or better yet, Germany. In the course of its web research, Bare.ID came across SysEleven. The Berlin-based cloud and Kubernetes provider complies with KRITIS regulations by operating not only two physically separate data centers in the German capital, but another one in Frankfurt.
Infrastructure as Code
Naturally, Ritter looked around for alternatives. Using a catalog of criteria, he and his team took a closer look at four particular German players. Bare.ID felt most comfortable with SysEleven. A whole range of technical factors spoke in favor of the Berlin-based company.
For example, Bare.ID highly valued that the configuration of the entire infrastructure would be possible via APIs – in other words, through program code. Another advantage of SysEleven’s was that the product offered an interface to start “terraforming” right away. With this open source tool, cloud resources required for operation can be allocated securely, transparently, and recoverably, without having the drudge of configuring the hardware via the web.
True cloud-native development does not deliver monolithic program blocks. Instead, it creates microservices that communicate with each other via APIs and are grouped into larger units called “containers” for ease of deployment. These containers are populated and managed with the help of orchestration tools. This allows for the extensive automation of DevOps, which in turn frees administrators from worrying about having to painstakingly allocate resources or control processes.
Plainly said, this means that SysEleven facilitates the development of cloud-native applications and fully takes care of their GDPR-compliant hosting.
The project’s course
Bare.ID made the decision to go with SysEleven in March 2021. The subsequent setup of the managed Kubernetes infrastructure took one person from Bare.ID about six weeks. “We were well aware of what the target architecture should look like, but I’m confident that even less savvy companies can make the move to a managed Kubernetes infrastructure in a feasible amount of time – provided they have the right partner.” Since early summer 2021, Bare.ID has offered its SaaS product based on MetaKube.
When asked about lessons learned, Ritter, a very demanding customer, has to think it over a little. “There were no problems or stumbling blocks during the implementation that I could complain about,” he said. The only shortcomings were that a workaround was required during implementation to connect to the S3-compatible storage. In addition, updates could not be imported for a short time. However, these problems did not result in any restrictions and could be solved quickly together with SysEleven’s team.
The result: Focus on the essentials
“After we chose SysEleven, we turned to MetaKube very early on,” Ritter reports. In the meantime, the infrastructure is in live operation and is an important component of Bare.ID’s entire service. In particular, the benefits include the high degree of automation, which has a positive impact on work results: “Our DevOps team is freed from daily routine tasks and can focus more on developing specialized applications,” says Ritter. “Our services now scale more easily based on load thanks to SysEleven’s service – and that‘s a big advantage for us,” Ritter said. In addition, Bare.ID can fully meet its customers’ demanding data protection requirements.
Steffen Ritter’s conclusion as Bare.ID’s authorized officer: “We made exactly the right choice with SysEleven. MetaKube meets our requirements with flying colors, comes very close to a self-operated Kubernetes, and gives our DevOps far more freedom than ever before.”