eins energie in sachsen: On-premise integration cloud platform

Cloud-Native Software
APIs and Data Products
Together with eins energie in sachsen and make IT, a Kubernetes-based integration platform was developed that enables efficient, secure and scalable system management through automated GitOps mechanisms, self-service for DevOps teams and comprehensive monitoring and security solutions such as OpenTelemetry, Grafana and Kubewarden. Staging concepts also ensure high availability and security throughout the entire development cycle.

The Project at a Glance

Provision of an On-Premises Integration Platform: A comprehensive kubernetes-based integration platform is provided for operating cloud-enabled APIs and integrations and is deployed on-premises at the customer's site.

BSI Compliance: The integration platform, as part of critical infrastructure, meets the necessary requirements of the BSI IT-Grundschutz (Bundesamt für Sicherheit in der Informationstechnik – which is something like the Federal Office for Information Security). This is ensured through policy enforcement.

Open Source: The integration platform is primarily built using open-source components to accelerate development and reduce both development and maintenance costs.

Efficiency through Automation and Configuration: Through the Infrastructure-as-Code approach, the integration platform is fully automated in its deployment.

Self-Service: The integration platform is designed to be used in a self-service approach by various DevOps teams.


Initial Situation

The existing IT landscape of eins energie in sachsen includes hundreds of partially business-critical applications within a heterogeneous system environment. There are numerous individual integrations, often characterized by point-to-point communication and the use of various technologies.

This complexity makes integrating new systems and managing existing connections both challenging and time-consuming. Given the dynamic changes in the energy market, flexibility is essential to actively shape these developments. Fast and seamless integration has thus become a key element of digital transformation.

Against this backdrop, the decision was made to adopt an API- and event-driven architecture. By utilizing Mulesoft and Kafka on a Kubernetes-based platform for providing APIs and integrations, a technological foundation for future cloud-native applications was established.

A crucial factor is ensuring that the solution meets the requirements of critical infrastructures, particularly regarding the security of integration points.


Solution

In collaboration with eins energie in sachsen and make IT, a solution was developed based on a proof of concept (PoC) while taking into account the BSI IT-Grundschutz Compendium. Kubernetes serves as the foundation of the entire integration platform, supported by Rancher for managing Kubernetes clusters. Kafka is deployed on Kubernetes, and Mulesoft utilizes Kubernetes for API and integration provisioning.

The entire integration platform is designed to be accessible via a self-service approach for various DevOps teams. Automated GitOps mechanisms, along with Mulesoft CloudHub, enable the efficient management of business applications.

Despite the complexity of the integration platform, ease of operation is ensured through monitoring and optimization mechanisms. OpenTelemetry and Grafana are used for monitoring, while OpenSearch handles log and metric data. Jaeger and Kiali provide comprehensive tools for analyzing microservices and their interactions. Kubewarden enables policy enforcement for compliance with the security requirements of IT-Grundschutz and thus provides an important governance tool for DevOps teams.

The entire integration platform is fully automated using an Infrastructure-as-Code approach. Staging concepts for testing and production environments have been considered to ensure high availability and security throughout all phases of the development cycle.


Outcome

Thanks to the nearly fully automated approach using Infrastructure-as-Code and GitOps, the integration platform can be redeployed with changes in a very short time, enabling seamless evolution. The must-have criteria of BSI IT-Grundschutz – such as access control, isolation principles, and data security – are adhered to. Furthermore, a staging concept allows the platform team to advance platform development independently of live operations.

The integration platform enables DevOps teams to rapidly and reliably deploy and manage their own services, integrations, and APIs. The first applications have already been successfully deployed in production.

The Project at a Glance

Provision of an On-Premises Integration Platform: A comprehensive kubernetes-based integration platform is provided for operating cloud-enabled APIs and integrations and is deployed on-premises at the customer's site.

BSI Compliance: The integration platform, as part of critical infrastructure, meets the necessary requirements of the BSI IT-Grundschutz (Bundesamt für Sicherheit in der Informationstechnik – which is something like the Federal Office for Information Security). This is ensured through policy enforcement.

Open Source: The integration platform is primarily built using open-source components to accelerate development and reduce both development and maintenance costs.

Efficiency through Automation and Configuration: Through the Infrastructure-as-Code approach, the integration platform is fully automated in its deployment.

Self-Service: The integration platform is designed to be used in a self-service approach by various DevOps teams.


Initial Situation

The existing IT landscape of eins energie in sachsen includes hundreds of partially business-critical applications within a heterogeneous system environment. There are numerous individual integrations, often characterized by point-to-point communication and the use of various technologies.

This complexity makes integrating new systems and managing existing connections both challenging and time-consuming. Given the dynamic changes in the energy market, flexibility is essential to actively shape these developments. Fast and seamless integration has thus become a key element of digital transformation.

Against this backdrop, the decision was made to adopt an API- and event-driven architecture. By utilizing Mulesoft and Kafka on a Kubernetes-based platform for providing APIs and integrations, a technological foundation for future cloud-native applications was established.

A crucial factor is ensuring that the solution meets the requirements of critical infrastructures, particularly regarding the security of integration points.


Solution

In collaboration with eins energie in sachsen and make IT, a solution was developed based on a proof of concept (PoC) while taking into account the BSI IT-Grundschutz Compendium. Kubernetes serves as the foundation of the entire integration platform, supported by Rancher for managing Kubernetes clusters. Kafka is deployed on Kubernetes, and Mulesoft utilizes Kubernetes for API and integration provisioning.

The entire integration platform is designed to be accessible via a self-service approach for various DevOps teams. Automated GitOps mechanisms, along with Mulesoft CloudHub, enable the efficient management of business applications.

Despite the complexity of the integration platform, ease of operation is ensured through monitoring and optimization mechanisms. OpenTelemetry and Grafana are used for monitoring, while OpenSearch handles log and metric data. Jaeger and Kiali provide comprehensive tools for analyzing microservices and their interactions. Kubewarden enables policy enforcement for compliance with the security requirements of IT-Grundschutz and thus provides an important governance tool for DevOps teams.

The entire integration platform is fully automated using an Infrastructure-as-Code approach. Staging concepts for testing and production environments have been considered to ensure high availability and security throughout all phases of the development cycle.


Outcome

Thanks to the nearly fully automated approach using Infrastructure-as-Code and GitOps, the integration platform can be redeployed with changes in a very short time, enabling seamless evolution. The must-have criteria of BSI IT-Grundschutz – such as access control, isolation principles, and data security – are adhered to. Furthermore, a staging concept allows the platform team to advance platform development independently of live operations.

The integration platform enables DevOps teams to rapidly and reliably deploy and manage their own services, integrations, and APIs. The first applications have already been successfully deployed in production.

About the customer

eins energie in sachsen GmbH & Co. KG (eins) is the leading municipal infrastructure provider in Chemnitz and the South Saxony region. Headquartered in Chemnitz, the company supplies around 400,000 residential and commercial customers with natural gas, electricity, internet, heating and cooling, and water. Additionally, eins manages wastewater disposal for households, businesses, and industries in Chemnitz and parts of the surrounding area, while also offering energy-related services. make IT GmbH is a subsidiary of the eins Group. As an IT service provider based in Chemnitz, the company specializes in the development and maintenance of customized software solutions.

We create digital experiences and products that drive progress for our customers and foster freedom for growth.

Let’s explore how we can collaborate effectively.