Porsche Informatik accelerates compliance and growth

A trailblazer in the automotive industry for more than 50 years, Porsche Informatik is proud to shape tomorrow’s mobility solutions. Leveraging its existing Microsoft Azure Red Hat OpenShift environment, the company upgraded its Red Hat OpenShift platform to Red Hat OpenShift 4. The automotive innovator realized that an enterprise-level cluster configuration tool was essential to ensure expansion, consistency, and compliance. Red Hat Advanced Cluster Management for Kubernetes allows the company to ensure all clusters are configured consistently to ensure compliance with ever tougher regulatory requirements. A Red Hat Technical Account Manager (TAM) opens access to Red Hat experts and peers to resolve new challenges.

Benefits: 

• Modernized configuration management to support growth from 2 to 15 clusters
• Ensured consistency and, thereby, compliance with ever stricter regulatory requirements
• Enabled an infrastructure-as-code approach while embedding DevOps in the operations team

Part of Porsche Holding Salzburg, one of the largest and most successful automotive trading companies in Europe with a revenue of roughly €29.4 billion, Porsche Informatik develops groundbreaking digital solutions for the automotive industry of the future. Millions of users in 34 countries across 4 continents depend on the 180 smart, effective, and sustainable solutions created by its 950 specialists. 

Recognizing end-user experience as a critical success factor in the digital era, Porsche Informatik adopted Red Hat OpenShift in 2017 to ensure scalability and accelerate innovation. OpenShift serves as the application platform for apps used by the Volkswagen dealer network worldwide. The Car Configurator runs on Azure Red Hat OpenShift, for instance. 

With regulatory and compliance, costs, and right-sizing in mind, the automotive software specialist needed a configuration and policy management tool to help it meet those requirements in its growing OpenShift environment. “On moving to Red Hat OpenShift 4, we decided to expand from 2 clusters to more than 10,” said Michael Karnutsch, Infrastructure & Cloud Architect, Porsche Informatik. “This expansion required enterprise-level configuration management for our small operations team to configure these clusters consistently.” 

Some of the new clusters would run on premise on top of a virtualized environment, while others would run on Azure Red Hat OpenShift. Porsche Informatik also needed to ensure that these clusters comply with the new regulatory environment, including configuration, audit, and backups.

With Red Hat OpenShift 4, Karnutsch and his team explored the new features and capabilities now available. “I had read about Red Hat Advanced Cluster Management for Kubernetes in blog posts, so I decided to test it,” said Karnutsch. “We could see it was an enterprise-level policy and configuration management tool.” 

Today, Red Hat Advanced Cluster Management helps Porsche Informatik manage more than 15 clusters, some virtualized and based on premise with others Azure-based in the cloud. Those clusters run in both production and non-production environments and even in sandbox environments for testing configuration updates, upgrades, and more. Clusters are also segmented by purpose: business-to-business, business-to-customer, and special purchases for financial services and the Cross3 dealer management system.

Policies are created using Policy Generator and tested by GitLab CI in the sandbox environment. They live in a self-hosted GitLab environment where Porsche Informatik organizes them into policies for cluster administrators—including network policies, limits, and quotas, operator policies, backup policies, and Egress network firewall policies—and policies specific to the virtualized and Azure environments, including policies for monitoring and DNS settings. The definition files then manage each cluster’s unique features: its name, its size, its NFS (network file system) backup settings, and more.

Porsche Informatik engaged a Red Hat Technical Account Manager (TAM) to support its OpenShift implementation. “We have regular meetings with our TAM to progress outstanding issues and learn about Red Hat updates,” said Karnutsch. “Their involvement has evolved with our needs. They supported us a lot at the start of this project. Today, they just help us with challenging problems that are not immediately solvable.”

Modernized configuration management to support growth from 2 to 15 clusters 

“The most important thing for us is that all of our clusters look the same—have the same operators, the same configuration—whatever their purpose and wherever they are running,” said Karnutsch. “Red Hat Advanced Cluster Management ensures all are configured the same way whether developers decide to deploy them on premise or in the Azure cloud.”

Previously, Porsche Informatik took a ClickOps approach to configure management. This approach required developers to manually configure and deploy automated infrastructure across multiple clouds. While this may have worked for only 2 clusters, with 15 clusters and growing, ClickOps opens the door to inconsistencies and human error.

“Red Hat Advanced Cluster Management centralizes our configuration management and changes to cluster configurations can only be made through the policies stored in our GitLab environment,” said Karnutsch.

Importantly, Red Hat Advanced Cluster Management ensures Porsche Informatik can expand its OpenShift environment without expanding its operations team. The infrastructure-as-code—or rather configuration-as-code—approach makes cluster configuration and administration very simple. “Our operations team consists of 3 people,” said Karnutsch. “Without the advanced policy and configuration management, we would need a team of 5 or 6 people.” 

The team can, for example, provide developers or the business with a new cluster—or even create a new cluster in the event of an issue—within a few hours. “This speed is only possible because the entire configuration is available as code with Red Hat Advanced Cluster Management policies,” said Karnutsch.

Ensured consistency and, thereby, compliance with ever stricter regulatory requirements

This consistency means Porsche Informatik can be confident that it is compliant with national and international regulatory requirements, including those set by the European Banking Authority (EBA) and the Digital Operational Resilience Act (DORA), across all its clusters. These requirements demand a higher-than-ever level of security and compliance across systems. 

“Internal and external regulations are increasing, including configuration, audit, and backups,” said Karnutsch. “Red Hat Advanced Cluster Management has supported us with compliance from day one. We use its policies to create and deploy Compliance Operator, Kyverno policy engine, Kubernetes Network Policy, and Egress Firewall objects to meet regulatory requirements.”

Enabled an infrastructure-as-code approach while embedding DevOps in the operations team 

DevOps has been introduced to Porsche Informatik’s operations team. “The infrastructure-as-code and configuration-as-code have enabled the incorporation of the DevOps methodology within our operations,” said Karnutsch. “Everything is now code. Everything is stored in a repository. Everything is repeatable.”

The team now runs its tests as pipelines and takes a GitOps approach to automating infrastructure provisioning and software deployment. Change requests are merged to avoid duplication of effort.

Engaging a Red Hat TAM brought extra reassurance to the operations team. “We can access professional help at any time,” said Karnutsch. “That makes us feel secure.” The TAM has helped the Porsche Informatik operations team internalize Red Hat expertise, including the Policy Generator team, the Red Hat Advanced Cluster Management product owner, and the GitOps team. 

“Our TAM also helps us access other customers to understand how they are resolving challenges similar to the ones we face,” said Karnutsch. “They’re helping us connect with other companies working on establishing Egress policies.” A round table that takes place several times a year allows Red Hat customers to discuss their challenges and solutions with each other.

Porsche Informatik is driving further success by rolling out 2 new clusters to support new banking applications. These new clusters must fulfill tougher security and compliance requirements than previous clusters.

“We are currently evaluating to what extent Red Hat Advanced Cluster Security can support us in compliance with national and international regulations as well as our internal minimum requirements,” said Karnutsch. “Our primary focus is on the security of container images and the network.” 

Karnutsch and his team also plan to migrate to open virtual networking - Kubernetes (OVN-Kubernetes) in 2024. Part of Red Hat OpenShift Networking, the OVN-Kubernetes network plugin is the default network provider for Red Hat OpenShift.

“Red Hat Advanced Cluster Management provides us with enterprise-level configuration management for our small operations team to ensure our clusters are configured consistently and meet security and regulatory requirements,” said Karnutsch. “Red Hat and the technologies they provide will continue to play a critical role in driving our future success.”