Marshall Wace: Active Directory and Kubernetes Workload Integration
How a hedge fund seamlessly migrated on-premises Active Directory (AD) infrastructure into their new cloud native Kubernetes platform
About Marshall Wace
Marshall Wace is a prominent multinational hedge fund known for its robust and innovative technological infrastructure underpinning its trading operations. With a strong focus on security, compliance, and operational efficiency, the institution continually seeks to leverage emerging technologies to improve and streamline its operations.
Seamless Integration of On-Premises Active Directory into Cloud-Native Kubernetes Platform
Marshall Wace sought to transition its existing trading support systems and Extract, Transform, and Load (ETL) pipelines to a new cloud-native Kubernetes platform. Their aim was to capitalise on the benefits of Kubernetes for scalability and automated deployments while preserving the existing authorisation framework in their on-premises Active Directory (AD) infrastructure.
Without ControlPlane’s intervention, Marshall Wace faced significant hurdles. Their objectives of lifting and shifting existing workloads to Kubernetes, maintaining existing authorisation strategies, and tackling the challenge of securing AD access over LDAP for Kubernetes workloads were difficult to achieve.
Marshall Wace needed to seamlessly integrate their on-premises Active Directory with their new Kubernetes platform in a secure manner. The project faced several challenges, including:
- Lack of industry-standard AD access over LDAP for Kubernetes workloads, which presented complexities in achieving secure and streamlined integration
- Difficulty of integrating the on-premises Active Directory into Kubernetes without disrupting existing authorisation mechanisms
ControlPlane implemented a comprehensive set of solutions, including:
- Development of a strategy for establishing secure communication between the Kubernetes workloads and the on-premises Active Directory
- Creation of a Kubernetes controller coupled with an authentication sidecar mechanism to securely inject temporary credentials from AD into container workloads
- Introduction of a new GitOps deployment approach for container workloads in Kubernetes
- Implementation of thorough application and system testing to ensure long-term maintenance and stability of the integrated platform
ControlPlane’s solutions had a significant impact on the project, yielding the following outcomes:
- Successful migration of the large existing application estate into containers and replatforming to Kubernetes with zero downtime
- Seamless integration of fundamental authentication and authorisation strategies from Active Directory into the Kubernetes platform, enabling the hedge fund to maintain its stringent security policies and compliance requirements
- Introduction of a streamlined GitOps deployment approach and infrastructure as code principles that simplified the deployment and management of container workloads in Kubernetes
ControlPlane’s expertise in low-level protocols integration and Golang development enabled Marshall Wace to integrate their on-premises Active Directory into a cloud-native Kubernetes platform successfully. This integration allowed the institution to leverage the benefits of cloud-native architectures while maintaining robust security and compliance standards.