Ortec Finance gets ‘batteries-included’ cloud-native platform on Azure Red Hat OpenShift

Risk-and-return management in a time of change

Finance leaders face a changing investment risk landscape from geopolitical turmoil, regulatory reforms, market instability, and climate risk factors. Ortec Finance helps its clients balance risk-and-return tradeoffs and improve investment decision-making. Clients include institutional investors, such as pension funds and insurance companies, and private wealth advisors around the world.

Ortec Finance packages its solutions as software as a service (SaaS) that clients can consume directly and as APIs to address their specific needs. This delivery model has driven enviable customer satisfaction and retention rates over the years, but the forward-looking company is always seeking ways to take advantage of evolving technologies and to improve its products. In 2019, Ortec Finance reorganized and took a fresh look at its technical strategy.

According to Ortec Finance Chief Technology Officer (CTO) Milan Seijbel, “We asked, ‘How can we optimize the way we service our clients?’ That led us to cloud-native platforms. We tried to tune them to our needs, and that turned out to be a worthwhile proof of concept. It helped us in improved understanding of what you can actually achieve at what cost.”

For a company that models and maps uncertainties, the journey to a cloud-native platform required careful consideration. “Building and maintaining a cloud-native platform is not considered our core business,” explains Ortec Finance Technologist Joris Cramwinckel. “Fully outsourcing cloud-native operations, on the other hand, does not match with our desire to be independent.”

For Ortec Finance, independence means staying flexible and using vendor-neutral, open-source technologies as much as possible. “We didn't want a vendor lock-in of any kind,” notes Seijbel. “We're looking for what suits our needs best and keeping options open for the future.”

The company found a middle ground in a cloud-native approach based on Azure platform as a service (PaaS) and managed services. PaaS means that Ortec Finance manages the applications and services it develops, and Microsoft manages everything else. It’s a big shift technically and culturally for a company accustomed to supporting the entire hardware and software stack itself.

A ‘batteries-included’ solution

Ortec Finance partnered with HCS Company, an IT firm in the Netherlands that specializes in open-source and Red Hat technologies. “They told us that we needed a ‘batteries-included’ cloud-native platform,” Cramwinckel recalls. “For us, that meant the platform should run on a fully managed infrastructure.”

The teams from Ortec Finance and HCS began building the ORCA platform, choosing the popular Kubernetes orchestration engine to manage cloud-native, container-based workloads. After surveying the market, Ortec Finance selected Red Hat OpenShift, an enterprise-ready Kubernetes container platform built for an open hybrid cloud strategy.

As an open-source technology, OpenShift’s philosophy met Ortec Finance’s need to remain as vendor-neutral as possible. “Our customers want that, too,” Cramwinckel points out. OpenShift runs on every cloud platform and even on-premises. But the team quickly learned that “vanilla Kubernetes,” as Cramwinckel observes, “is not our style.” The company wanted the ease of self-service PaaS for its solution engineers and customers, along with support for familiar patterns and standards. With this in mind, Ortec Finance developed a questionnaire to evaluate cloud vendors, comparing security and privacy capabilities, costs, and other features.

Seijbel says that Microsoft met the bar. “It passed all our questions that we had regarding GPDR, pricing, outcomes, and quality, so we figured this is the best way to start.”

A complete toolkit for managed Kubernetes

In a pilot project, Ortec Finance used its Navigator product to test managed OpenShift environments. Navigator is a monitoring, reporting, and analysis tool used by pension fund managers to determine whether an investment strategy is on track. Built in Kotlin using the Java Virtual Machine (JVM) web stack, Navigator now uses Spring Boot middleware for the back end and Nginx containers for the front end. Before Navigator’s cloud-native transformation, the application was deployed on Oracle WebLogic with an Oracle database—an application stack representative of other Ortec Finance products.

The pilot project featured a team of Ortec Finance engineers, together with advisors from HCS and the Microsoft FastTrack program. The team’s vision evolved as it tested components, even comparing the performance of Navigator’s containers deployed on both Azure Kubernetes Service (AKS) and Azure Red Hat OpenShift. “It’s about what fits best,” Cramwinckel emphasizes. “For anyone operating on our scale, I strongly believe that managed Kubernetes is the solution.”

Azure Red Hat OpenShift proved to be the best fit for Navigator and the “batteries-included” platform that Ortec Finance wanted. As a fully managed service, it abstracts much of the complexity associated with running containers on Kubernetes and provides a path to cloud-native services. “The fact that it’s built on open source components helped us with the vendor lock-in,” Seijbel reports. “It also is a complete platform in terms of services included. Other options were halfway.”

Azure Red Hat OpenShift is jointly engineered, managed, and supported by Microsoft and Red Hat. “In Azure, the infrastructure is glued really well to the middleware—to the OpenShift or the Kubernetes cluster,” observes Cramwinckel. “OpenShift can grow elastically. This is automatically done on the Azure infrastructure, and that wasn’t the case with some of the other self-managed OpenShift environments—even if they ran in a cloud infrastructure.”

An architecture that reflects ‘managed over DIY’

The ORCA platform architecture follows Ortec Finance’s philosophy of using managed services over do-it-yourself (DIY) development. The design also ensures that there’s room to grow. As Cramwinckel notes, “The services added to the platform will follow the principle of ‘managed over DIY,’ meaning that several of these services, like databases, are managed cloud solutions.”

It’s all about choices for the solution engineers and customers who use the ORCA platform. It gives them a way to efficiently deploy applications, oversee access and authorization, and manage application placement across multiple Kubernetes clusters. A continuous integration and continuous deployment (CI/CD) pipeline supports high-quality, repeatable DevOps practices and combines Azure services with familiar open-source tools.

For example, teams use Azure Artifacts, a managed service of Azure DevOps Services, to create, host, and share a variety of build packages. Argo CD, a Kubernetes GitOps tool, pulls updated code from Git repositories and works with the open-source Tekton framework to automate all parts of the development life cycle.

When engineers create a new, ready-to-run image containing an application or service, they push changes to Azure Container Registry. As a fully managed service, it offers fast, scalable retrieval of container workloads and connects across Azure services and environments, including Azure Red Hat OpenShift. Behind the managed OpenShift clusters, Kubernetes provides the power to automatically scale clusters as demand requires.

“Now we can cater to our developers with a broader portfolio of tools that they can select,” Cramwinckel reports. “Because it's way easier, from an ops perspective, to support tech in a cloud-native setting than in a traditional setting.”

That portfolio extends to the open-source tooling included in the ORCA platform. For example, solution engineers have access to tools they already know, such as Prometheus performance metrics and Grafana visualizations.

Across the entire platform, security is top of mind. ORCA is designed to expose as small an attack surface as possible. Azure Red Hat OpenShift provides integration with trusted Azure services, such as Azure Active Directory for role-based access control (RBAC) and Azure Key Vault to manage secrets and keys.

The platform’s flexible use of Azure Managed Services and open source is part of Ortec Finance’s security stance. According to Cramwinckel, “We are now equipped to handle the dynamics of the changing world. We have new technologies coming out. If vulnerabilities pop up, we can arc past them and change our stack.”

Choices for solution engineers

In designing the ORCA platform, Ortec Finance and HCS wanted to cater to the needs and preferences of the solution engineers. That flexibility extends to the choice of managed databases. For example, a product team familiar with Oracle relational databases moved its product to ORCA, choosing Azure Database for PostgreSQL for the data tier. Another team with decades of experience using Microsoft SQL Server moved its application to ORCA and chose Azure SQL Managed Instance. The service provides an always up-to-date SQL instance with pay-per-use billing that suits the workload, in which calculations are typically done only at the beginning of the month.

“Now we're in the process of onboarding a .NET stack, as well,” Cramwinckel reports.

He says that Azure makes it easy for engineers no matter which stack they use. “They can just click their point-in-time backup policies, see where the data is at rest and where the data is in transit. There are a lot of controls that are very accessible for engineers.” In addition, they can use the Azure Cost Management and Billing feature in the Azure portal to keep track of cloud spending. That’s a big benefit, he adds. “Azure gives you the feeling you’re in control.”

Not only do engineers get control, but also ORCA helps stimulate an open community of knowledge sharing—something that Ortec regards as one of the platform’s superpowers.

“Cloud-native is not just about technology,” Cramwinckel points out. “Shift comes with change, and there's a human part.” One piece of advice he offers is to follow innersource best practices for open-source development. Ortec Finance ultimately set up a separate team to govern and maintain the platform and to explain the available services to engineers. This best practice enables the engineering teams to get most out of ORCA and Azure in a responsible way.

A proven platform for meeting current and future needs

Seijbel is glad that Ortec Finance took its time to find the best components for the ORCA platform. “We were lucky that we didn't jump on everything that's called cloud from the very beginning. We stepped in a bit later so we could also build on what was already proven.”

With a range of cloud vendors, services, and tools to choose from, the proven track record of Azure stood out. “We now leverage the managed container platform Azure Red Hat OpenShift to fuel the company's technology objectives—enable growth, assure quality, and deliver fast.,” he observes.

Meanwhile, Ortec Finance continues to expand the ORCA platform. For example, teams are using Azure Machine Learning to refine the highly complex econometrics models that underpin many of the company’s financial solutions.

Ortec Finance is also sharing its Azure experience with others in the industry. “We talk to other companies that run Red Hat OpenShift, and they like to know how we feel about Azure Red Hat OpenShift. They’re very interested in following the same route,” Seijbel reports. “We have faith in the managed Azure Red Hat OpenShift solution.”