Container Visibility and Microservices Security Was Critical for Migration Project
The Container Project
A year ago, Arvato, a subsidiary of Bertelsmann, embarked on an ambitious plan to migrate to a microservices based architecture with Docker containers as a key enabler. The project required robust microservices security and would enable Arvato to be more effective in processing consumer and device data from customers to detect fraud. But strict data protection laws in Germany means this has to be done securely. In addition, TÜV compliance regulations require logical separation of applications.
Arvato has successfully deployed the first phase of the migration to production, but not without a few challenges. The project required development of a new big data app as well as migration of an existing application. There were initial difficulties debugging connections between services. Several technologies and platforms were tested before deployment to production.
Getting run-time visibility and security was a final hurdle.
The NeuVector Microservices Security Solution
NeuVector was selected to “inject intelligence” into the run-time environment for visibility and network security.
- Apply security best practices to containers and microservices
- Get network visibility to debug and protect containers
- Enable TÜV compliance through segmentation & scanning
“NeuVector provides the network inspection, visualization, and security needed for dynamic container environments. The solution integrates easily into our automated workflow and the built-in intelligence lets us scale quickly. It even helped us debug network connections from mis-configured application updates,” said Tobias Gurtzick, Security Architect, Arvato
The NeuVector microservices security solution provided image vulnerability scanning, network observation, and detection of traffic flows. This was critical for validating all internal and external connections. In the production environment, NeuVector provides automated application segmentation, high availability, and rolling updates, which will enable Arvato to continue to expand securely.
NeuVector’s container-based solution easily integrated into the continuous integration and continuous delivery (CI/CD) pipeline of Arvato. It seamlessly worked with new and legacy technologies including nodejs, ubuntu, Docker, Rancher, ELK (Elasticsearch, Logstash, Kibana), Graphana and legacy database services.