Ashnik designs an Infrastructure Log Monitoring platform using ELK for a leading Bank in Asia
The Customer:
Our customer is one of the leading banks in Asia and a financial services and products provider.
The Challenge:
The customer wanted to track the performance of applications built on microservices architecture by collecting and analyzing performance metrics.
The Solution:
Ashnik team helped in deploying a multi-node elastic cluster outside the OpenShift platform to successfully ingest logs from Openshift as well as from other VM-based legacy applications.
The Benefits:
Ashnik helped the customer with a centralized view for their OpenShift container platform across multiple data centers.
The Customer
Our customer is one of the top banks in Asia and a leading provider of financial services and products since inception. The bank and its subsidiaries offer an array of commercial banking, specialist financial, and wealth management services, ranging from consumer, corporate, investment, private, and transaction banking to treasury, insurance, asset management, and stockbroking services.
The Background
The customer had embarked on a digitization journey that included a microservice’s strategy for new application development using Openshift as a container orchestration platform. This necessitated the customer to relook at their application deployment models, their performance objectives, and goals to get the maximum out of their investment.
The Challenges
The customer faced various business challenges that involved making tweaks to their microservices strategy. With their new applications running on OpenShift as the container orchestration platform across multiple data centers, the operations team was finding it tedious and time-consuming to track the performance of applications and analyze their metrics.
The entire process needed to be integrated with Search Guard for their AD/LDAP (authentication) and RBAC (authorization) integration. The client wanted to enrich the information with details like a pod, namespaces for different Kubernetes set up for various users in monitoring the source data.
The customer’s team needed one centralized system for monitoring the application, system, infrastructure, and microservices by the container/K8 logs in real-time. They additionally needed to extract particular insights from the setup such as performance, user, response, system activity monitoring, and infrastructure uptime.
It was critical for the customer to find quick and relevant data to diagnose and automate various issues through alerts, visualization, and dashboards, especially concerning performance metrics. Through real-time monitoring, another technical challenge that they wanted to avoid was providing actionable insights by simply leveraging the Elastic machine learning capabilities to detect anomalies as well.
Other key issues:
- When a container would get deleted, all the related logs would also get deleted – making the team unable to track issues
- The information had to be enriched with details for multiple application teams, as they all had varying requirements and interests
- The customer wanted to gather VM-based application logs in a centralized logging and monitoring platform for a single access view
The Solution
Ashnik offered a four-step solution to address the customer challenges as detailed below – Installation, Source Ingestion, Integration with Dashboarding, and Alerts.
- Installation
Ashnik installed and configured an Elasticsearch cluster, followed by Logstash and Kibana on another node. Ashnik also configured Filebeat as a daemon set of K8s in OpenShift as well as a service in the application VM. - Source Ingestion
Ashnik assisted in the manual ingestion of Data from multiple OpenShift platform pods and VM-based application servers using Filebeat. - Integration
Ashnik helped create transformation / grok pattern / metadata mappings and In setting up AD/LDAP authentication for users, seamless integration of Search Guard for the authentication and authorization of OpenShift users to Kibana. - Dashboarding and Alerts
With the ELK OpenShift container log monitoring system, one of the core emphases was to create sample dashboards and alerts. Ashnik helped create multiple spaces for different users from various customer teams.
The Process
The implementation of Ashnik’s OpenShift Container Log Monitoring platform helped to reduce various bottlenecks that were occurring in the pipeline. The steps implemented:
- Deployment of a multi-nodal elastic cluster in specifically ingesting logs from OpenShift which is based on VM applications
- Integration of AD/LDP system, which was built by RBAC that was based on various required privileges along with building different “Spaces” for various users
- Depending on the OpenShift logs, certain legacy application logs were ingested using elastic Filebeat agent on VM servers, to obtain a single view of application logs
- Seamless configuration of Kubernetes and container plugins in isolating metadata in terms of K8 and being identified based on the namespace and label
- Deployment of elastic agent Filebeat as a daemon set within the Openshift environment for seamless identification of automatic pods and ingestion
The Benefits
Ashnik designed a centralized view for the customer’s OpenShift container platform running across multiple data centers. They were able to track application and infrastructure performance in real-time now by collecting and analyzing metrics.
- The ELK Stack helped them track performance in real-time, collecting and analyzing the metrics. It enabled the team to monitor the application, infrastructure, microservices, containers, and the system as a whole
- Enabled better monitoring of underutilized servers, resulting in reduced infrastructure costs, along with the ability to provide alerts on their overutilized application servers
- Reduced issue resolution time as the team didn’t have to dig deep into a specific container log, to get the required information to resolve the issue
- Log data analytics for debugging issues in deployed applications and services, such as determining the reason for container termination, application crash, etc.
- With the implementation of ELK Stack, real-time monitoring enabled actionable insights through integration with capabilities like Machine Learning, Anomaly Detection, Graph Correlation, etc., that empowered different types of alerts based on need such as search, business analytics, etc.
- After configuring Elastic agent Filebeat as a daemon set in the OpenShift environment for automatic pods identification and ingestion, it became possible to segregate container logs based upon their metadata like pod name, container id, container name, image name/id, Kubernetes, label, etc. The ingested data then could be filtered out based upon this information for further drill down
- All the legacy application logs along with OpenShift logs were ingested using the elastic Filebeat agent on VM servers to get a unified view of the application logs
- Using Kibana Spaces teams could monitor the logs relevant to them
Customer Delight
The customer team is incredibly happy with the design and approach by Ashnik that has enhanced the value of their investment in Openshift by enabling them to use OpenShift as a container orchestration platform across data centers and ease the performance tracking of various applications by collecting and analyzing relevant metrics.