finleap connect: Achieve Regulatory Compliance, Strengthen Security and Improve DevSecOps Productivity

Jul 1, 2020

finleap connect is a Software as a service and technology provider that helps companies and startups in the banking, insurance and asset management industries get geared up quickly. The company offers plug-and-play SaaS and PaaS innovations to jump start new digital offerings, eliminating the need for startups to develop time- and cost-intensive infrastructure components from scratch.

Designing, deploying and operating the infrastructure support for finleap connect is a six-person team of software engineers, including principal platform engineer Christian Hüning.

Hüning recalls how finleap connect began its search to find a service mesh that could deliver not only the operational efficiencies the company needed but also allow them to meet the high security and compliance standards required to comply with banking and privacy regulations, including Europe’s General Data Protection Regulation (GDPR), Federal Financial Supervisory Authority regulations (BaFin), and the revised Payment Services Directive (PSD2).

This search ultimately led them to adopt Linkerd.

The Linkerd service mesh is such an integral part of our environment that I can’t imagine how we’d operate without it. With a small team, we are managing about 2,000 sidecar proxies. Linkerd solved a problem for us when it came to mTLS connections between our services. This was an important part of an overall effort to enable us to spin up new environments in about 10 minutes, rather than the 3 or 4 weeks it used to take.

— Christian Huning, Director Cloud Technologies

Challenge

Hüning described finleap connect’s original infrastructure and the challenges that ensued as the company grew. “Our original infrastructure was based on an OpenStack environment running virtual machines. As we began scaling to serve more startups and partners, this VM-based environment began to suffer technical limitations, and it was becoming more and more expensive to maintain. Spinning up a new environment for a customer was taking three to four weeks, not including time to purchase and install hardware, and we knew we simply had to be more agile than that to serve our customers.

The company decided that moving to a Kubernetes-based container service architecture could provide more flexibility and scalability, reduce complexity, and provide greater reliability and security for its applications. finleap connect eventually opted for a bare-metal container service architecture, orchestrated with Kubernetes, to provide its critical applications. finleap connect also wanted a service mesh to support mTLS encryption for all the traffic between services in the cluster and do so without adding overhead that would meaningfully degrade performance.

Solution

The company was under enormous time pressure to deploy a solution in three to four months, because it was experiencing scaling issues as its business grew. “We tried Istio and got it running, but we didn’t like what it meant for developers,” recalled Hüning. “Istio had a huge configuration file, and we wanted something that abstracted all that heavy load away. We then found Linkerd and had a great feeling about the community behind it. Those folks knew what they were talking about, and we had confidence that the promises they made would be honored. Sure enough, the first version we installed just worked.”

Huening says the payoffs of using Linkerd have continued to mount. “The visibility Linkerd gives us into our system was an added benefit at first, but it has become quite foundational to us now to have these insights into latency and metrics.”

Linkerd also enables the finleap connect infrastructure team to automate activities and thereby continue to scale with ease. “The Linkerd service mesh is such an integral part of our environment that I can’t imagine how we’d operate without it. With a small team, we are managing about 2,000 sidecar proxies. Linkerd solved a problem for us when it came to mTLS connections between our services. This was an important part of an overall effort to enable us to spin up new environments in about 10 minutes, rather than the 3 or 4 weeks it used to take.

“Linkerd also helps us add helpful things in a very simple way,” continued Hüning. “For example, without any previous experience, we introduced a canary deployment with Flagger, and it was just so simple. One engineer took on the challenge, completed it in a couple of days, and then taught an internal seminar to show the rest of us how simple it was!”

Huening is happy to share with other infrastructure engineers a little investment advice from the world of Fintech IT: “If you want to see what a service mesh can do for you, I would recommend Linkerd, because it’s super simple to get started with and gives you the features you really need. Linkerd just works.”

Ready to get started?

Sign up for Buoyant's service mesh newsletter