Architect’s Corner: How TrustBills built a secure, compliant Kubernetes platform for the German market

In today’s Architect’s Corner, we speak with Florian Herzberg, former CTO and now SVP of Product Management at TrustBills, an innovative financial services company using Kubernetes to build out the world’s first auction platform for trade receivables.  With GDPR coming in force in early 2018, information security is top of mind for platform architects.  In this interview, Florian discusses how TrustBills built a flexible, resilient Kubernetes platform that still satisfies the strict data security and protection policies that German companies are required to adhere to.

Key technologies discussed

Container Runtime – Docker, rkt

Scheduler – Kubernetes

Infrastructure provider- On premises

Can you tell us a little bit about what TrustBills does?

TrustBills is the first auction platform for trade receivables. Within the broad category of trade receivables, there are a lot of different financial products, forfaiting, factoring, ABCP, supply chain finance. What we have done is create an auction platform where a supplier can upload his specific trade receivables and investors can bid on them, essentially betting on the risk of the trade receivable. The advantage to the supplier is that they get 100% of the auction price straight away, they don’t have to wait until the trade receivable is due to finance the ongoing operations of their business.

Trading in receivables is not a new idea, but the way it has been done so far was very fragmented and slow. There only was a very restricted market where supply and demand suffered from various limitations. TrustBills essentially connects buyers with sellers. In particular, TrustBills enables institutional investors the possibility to invest directly in trade receivables. With TrustBills, the entire process is fully automated, making it much easier for suppliers to sell their receivables and for investors to acquire them.

Can you tell us now a little bit about your role in the company?

I am Senior Vice President of Product Management. I started at TrustBills in May 2016 initially as CTO since I have a development background but I’ve moved into a more pure product management role as we’ve grown. I’m really focused on automation of all the important business processes enabled by the platform and work with our large partners, mainly banks, to make sure that the platform fits their needs.

Can you tell us a little bit about how TrustBills is using containers?

Well to start, since we have trust in our company name, we take trust really seriously. We have to work with a lot of different parties-banks, suppliers, debtors, investors- and we have to make sure that all their personal and financial data is stored properly and secure. As a starting point, we run a self-hosted cluster. We can’t use cloud service provider, because their offer doesn’t fit our needs. Our customers and regulators require that all data is stored on German servers in accordance with German privacy policy which is one of the strongest in the world. All our containerized workloads run in this environment.

We can’t use cloud service provider, because their offer doesn’t fit our needs. Our customers and regulators require that all data is stored on German servers in accordance with German privacy policy which is one of the strongest in the world. All our containerized workloads run in this environment.

What drew us to containers is the logical separation that they provide between different services. Because we have to run our own infrastructure, we need to be really efficient with how we allocate resources. Containers let us provide performance guarantees for each service, but isolate resources so that if one service is compromised, not all other services are compromised as well. I think that this is one of the strong benefits that TrustBills provides in regards to trust and data security. Containers enable that.

I should also probably mention that we use rkt and Docker as the container engine and Kubernetes as the orchestration layer.

We are huge fans of open-source software and before we found Portworx, we tested almost every free and open source product for running stateful containers and they couldn’t satisfy our high requirements in scalability, resilience and security….even if all of them are based on great ideas, they didn’t suit our demands.

What were some of the challenges that you needed to overcome in order to run stateful services like databases in containers?

As you know, stateless services in containers aren’t a big problem at all. But stable stateful services in containers are a bigger challenge. We are huge fans of open-source software and before we found Portworx, we tested almost every free and open source product for running stateful containers and they couldn’t satisfy our high requirements in scalability, resilience and security. We looked at Rook as a self-hosted Ceph cluster within k8s, GlusterFS, OpenEBS and Rancher Longhorn. And even if all of them are based on great ideas, they didn’t suit our demands.

We ran our tests over a period of about 10 months and saw great improvements within the projects but nothing as stable, performant, and secure as Portworx. Already in the early stages of our research, we’ve been looking into the free-tier px-dev project of you and got in contact. We were super impressed with the service and reaction time whenever we had problems or questions regarding Portworx. It has been really easy to install and operate. There were two minor issues during our final integration and it took not even 24 hours until we solved that with your support team.

For TrustBills who is innovating in the financial markets space where there is no room for errors, it’s really important to have partners we can rely on. Especially for such a central component of the platform, storage.

We looked into nearly every open source solution on the market and after nearly 10 months evaluation phase, we decided the best solution for us is Portworx.

What advice would you give someone who is seriously considering running stateful containers and production?

Buy Portworx [chuckle]. And we’ve actually told people that. Our current CTO and I were invited to a huge technology conference in Hamburg and we were asked to talk about containers and Kubernetes. One of the major topics in our lecture was stateful services. We told the audience what I just told you, that we looked into nearly every open source solution on the market and after nearly 10 months evaluation phase, we decided the best solution for us is Portworx. If any other company comes to me with exactly that question, we would always tell them, “Just go with Portworx.”