Lineas is a private rail freight operator that provides transport throughout Belgium, Germany, the Netherlands, Luxembourg, Switzerland and France. Lineas transports a wide variety of goods for their customers, from raw materials, chemicals and semi-finished products to industrial and consumer goods.
For its daily business, it is crucial that Lineas has a secure, high-performance and efficient IT infrastructure that is available 24/7.
Our collaboration with Lineas was already ongoing. A project team of ACA IT-Solutions developed a new application for Lineas that brings together real-time data about transports, such as delays and current position. Lineas can then use this information for train schedules and capacity bookings.
Our cloud team was given another assignment:
The application had to be available 24/7 and process a lot of data. In addition, the application had to be able to communicate with a data center that we don’t manage ourselves. Moreover, this communication always had to go through a secure VPN connection. Security was an important aspect, but was not to compromise easy management.
As a solution, we set up 3 different Kubernetes clusters within the same number of AWS accounts.
The advantage of this is that we can keep user management and rights management separate. For example, a user can get certain rights on one account, but not on another. That makes it easier to manage!
It is also more convenient for Lineas to view the costs per account and to cancel or add an account at any time. By splitting it up into different accounts, Lineas gets a more flexible solution, without sacrificing security.
In a classic approach, everything is configured manually and changes in the infrastructure do not take place in a transparent way. Our infrastructure-as-code approach, in which infrastructure is written as executable code, allowed us to set up the three environments with the same code. As a result, they are and remain identical and a new environment can be set up quickly. Because everything is described in code, we always have exact control over changes. This way we can easily test the adaptations to an environment before they go into production.
One of the major challenges was the set-up of the network components. Lineas had drawn up a clear vision for this, but not all components were available yet. For us, this meant that things were regularly changed, which we then had to quickly respond to. Thanks to our infrastructure-as-code approach, we could not only quickly but also efficiently record changes in pieces of code and then put them into production.
Strong security had always been a priority. All components were first set up via a secure VPN-connection and all outgoing traffic first passed through a Fortigate firewall. Thanks to our focus on a smooth and close cooperation with Lineas and a third party that manages the network part, we’ve been able to bring this to a successful conclusion. For example, we made extensive use of Namespaces and connectivity between containers was limited by NetworkPolicies (Calico). After all, containers can freely communicate with each other as standard. By setting up firewalls between these containers, security was maintained at a high level, without having to compromise on efficiency or speed.
Wij zorgen voor een persoonlijke cloud ervaring en het komt snel jouw richting uit! Getting started Cloud migration Cloud optimization Managed cloud Cloud security Cloud DevOps Atlassian Hosting Kubernetes