- idealo needed secure network infrastructure that would complement OpenShift container orchestration.
- Tigera Calico enabled idealo to provision network infrastructure that was secure and easy for the developers to deploy.
- The idealo team now has secure application connectivity that delivers agility and self-service.
idealo internet Company Profile
idealo internet GmbH is a Berlin-based start-up success story. Founded in 2000, idealo has pursued a mission of helping consumers make the best purchasing decisions. The idealo team grew to more than 700 employees spanning 40 countries. The company is now Europe’s leading price comparison website and one of the largest portals in the German e-commerce market. idealo enjoys more than 1.3 million page impressions per day, 50,000 Online-Shops, approximately 3.3 billion product offers and more than 4 million mobile app downloads.
OpenShift and Legacy Network Challenges
Idealo selected Red Hat OpenShift for Docker container orchestration to speed development and enable a “self-service” approach for application development teams. “Developers had been slowed down by waiting for the operations team to provision network infrastructure,” commented project manager Andrea Huber. “You could not deploy a network configuration as a developer, you had to wait for operations. It slowed people down and wasn’t helping developer morale.”
idealo’s development process struggled with a brittle legacy network originally designed for virtual machines (VMs) that used statically configured virtual LANs (VLANs) for segmentation. The VLAN approach was unable to support the dynamic containerized environment. The static VLAN architecture assigned networking segments to organizational units, but it became unwieldy as responsibilities for applications shifted between development teams. “If responsibility for one application moved from Team A to Team B, it was in the wrong network segment and you had to change the whole networking setup.” said Huber.
Idealo needed a fresh approach to enable developer self-service to speed application development while maintaining the same level of security provided by the legacy network.
Network Architectural Decisions
Rather than deploying the OpenShift container orchestration solution on top of the virtualization layer, idealo deployed on bare metal servers within their on premises datacenter. That kept the solution simple.
The team focused on application connectivity providers that had OpenShift integration and narrowed the decision to two options: Tigera Calico and the openshift-sdn. The team decided against the openshift-sdn option due the complexity that approach would have imposed. Idealo wanted to implement a simple, flat Layer 3 (L3) network where developers could declare network policies in a self-service solution. The idealo team concluded that Calico provided the optimal approach.
“The Calico solution allows developer self-service and solves a lot of problems for us” commented idealo developer Odilo Durchschlag. “We start with a “deny all” rules for the network, and developers have to implement the network policies that their software requires.”
Implementing Calico for OpenShift
The initial Calico integration was done in partnership with local software company Endocode AG. The idealo team also met with a Tigera solution architect during the process to validate their design decisions. “During the process, we had a good meeting with a Tigera solution architect who was visiting Berlin,” Durchschlag highlighted. “He helped with some questions and design decisions on how we set up our production cluster. The deployment was straightforward in the end. It was very easy to implement; far easier than everything else I have seen in my career with networking solutions.”
Idealo’s growth drives them to constantly add nodes, and those nodes benefit from extremely simple connectivity when compared to the legacy VM-focused architecture with static VLAN segments.
Results with Tigera Calico
Existing and new applications have been deployed into the OpenShift environment with Tigera Calico networking, and the deployment speed is noticeably quicker for idealo developers. “We now have a self-service infrastructure where developers declare network policy definitions on their own and no longer have to reach out to the operations team,” said Huber.
The containerized development environment has minimized costs through more efficient resource utilization. Additionally, idealo has happier development teams that can apply network policies for security as well as deploy the resources they need without contacting an operations team. “We clearly get the feedback from developers that they are really happy with the new container platform,” Explained Durchschlag. “They are very happy with the speed and self-service of the new environment.”