Built with ZITADEL: 23 Technologies' Kubernetes-as-a-Service

23 Technologies Image

Key Outcomes

  • Centralized Authentication Solution: 23 Technologies successfully partnered with ZITADEL to centralize their fragmented authentication mechanisms across multiple services. By using ZITADEL as their primary Identity Provider (IdP), they achieved a cohesive user management system, eliminating complexities from multiple infrastructures.

  • Efficient Organizational Management: With ZITADEL's robust organizational and instance structures, 23 Technologies can now effectively manage their organizational hierarchy through a single ZITADEL instance. This enhancement offers partners and customers seamless onboarding, streamlined role allocation, and the ability to deploy services efficiently.

  • Streamlined Deployment on Kubernetes: ZITADEL's use of Helm charts greatly benefited 23 Technologies, simplifying their deployment process. As a result, 23 Technologies could seamlessly run ZITADEL on their Kubernetes clusters, further integrating their Managed Kubernetes offering.

Introduction

We spoke to Christian Berendt, CEO of 23 Technologies, a company that offers a service for Managed Kubernetes and was founded in late 2020.

They initially adopted Gardener, an open-source Managed Kubernetes-as-a-Service solution developed by SAP in Germany. However, Christian noted challenges with Gardener, especially in its deployment framework. To address this, 23 Technologies developed their own solution based on the open-source project. The outcome is an enterprise-grade Kubernetes engine called 23KE for industrial use and for the use of Cloud Service Providers (CSPs) and Managed Service Providers (MSPs). It prioritizes scalability, reliability, and the self-repair of Kubernetes clusters without unnecessary bloatware.

Christian clarified their position in the market: they don’t sell only infrastructure. Instead, they act as a middleware layer for both managed and cloud services targeting independent software vendors, large enterprises, and the Industrial Internet of Things (IIoT) world. Their Kubernetes engine caters to industrial applications and other Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) (such as platform services like Prometheus and Grafana, and industrial services like CODESYS and OpenPLC), with a focus on scalability, reliability, and self-healing of Kubernetes clusters. Their primary offering is Kubernetes Clusters as a Service.

Christian discusses the shift in Europe from major cloud providers (often referred to as "scalers") to regional cloud infrastructures. European customers are increasingly interested in using regional cloud services, like OVHcloud, IONOS, and Deutsche Telekom. However, many of these regional cloud services in Europe are smaller and often lack the same reach as the major scalers. For instance, a European cloud provider might not have resources in Asia, which could be a problem if one wants to deploy services worldwide.

23 Technologies addresses these challenges by providing a middleware layer for cloud services. Instead of relying on the infrastructure provided by regional providers, they establish a Managed Kubernetes layer. This allows them to deploy Kubernetes on any cloud infrastructure, be it AWS, Azure, OVHcloud, IONOS, and so on. Their solution offers customers the flexibility of choosing from various cloud infrastructures via the service.

The User Journey

  • For Partners: Upon registration, service providers undergo an onboarding process and are categorized based on partnership tiers. Once integrated, they possess the capabilities to manage their client base, allocate roles, and roll out services on their behalf.
  • For Users: Users can sign in to a dashboard, enabling them to tap into the services they're permitted to use, navigate links to their respective services, or put forth requests for new ones.

23 Technologies' Value Proposition

  • 23 Technologies simplifies the cloud infrastructure, requiring customers to have just one contract with 23 Technologies to access any cloud infrastructure.
  • Through their service, businesses can deploy services globally without being limited to a specific cloud provider.
  • Their service is tailored to regional requirements. For example, if a service needs to be run in Sri Lanka, 23 Technologies can set up a Kubernetes cluster in that region and deploy the requested service.

Problem and Solution

The Problem: Fragmented Authentication

23 Technologies operates as a middleware layer between a variety of cloud infrastructures and their clients. As they integrated multiple external services, such as cloud solutions, IIoT platforms, and software services, a significant challenge arose: each of these services had its own separate authentication mechanism. This resulted in:

  • Complicated Onboarding/Offboarding: Each service's unique authentication required distinct setup and teardown procedures.
  • Disjointed User Experience: Users had to juggle multiple identity management platforms, causing confusion and inefficiencies.
  • Security Concerns: Managing multiple authentication systems can lead to vulnerabilities if not maintained with precision.

In essence, there was a clear need for a centralized identity provider that could simplify the identity management process for all integrated services.

The Solution: A Centralized, User-Friendly and Cloud Native Identity Platform

To address the fragmented authentication issue, 23 Technologies was looking for a solution that:

  1. Centralizes Authentication: A singular system where all integrated services trust one primary IdP for authenticating users.
  2. Enhances User Experience: A unified system reduces the confusion of multiple logins and creates a smoother user experience.
  3. Boosts Security: One integrated solution is easier to monitor, update, and secure.

After evaluating several platforms, including Keycloak, Authentik, and ZITADEL, they ultimately chose ZITADEL.

With ZITADEL, 23 Technologies introduced a centralized ID service for their service. This service aims to provide a European-centric authentication system comparable to the widespread logins offered by platforms like Google, Github, Facebook, or Instagram, tailored specifically for B2B and IIoT needs. Key features from ZITADEL that 23 Technologies utilizes include the:

  • Distinct Hierarchical Architecture for User Management - Instance and Organization Structures in ZITADEL allow them to efficiently manage their organizational hierarchy with a singular ZITADEL instance.

  • User-friendly Self-Service: ZITADEL offers an intuitive self-service option, allowing users and organizations to manage their profiles, preferences, and security settings without requiring administrative intervention. This directly streamlines user management.

  • Efficient OIDC Workflows: OpenID Connect (OIDC) is a modern authentication protocol that allows centralized authentication. ZITADEL's efficient handling of OIDC aids in providing cohesive identity and access management, linking all services under a unified system.

The decision to integrate ZITADEL was also influenced by the following factors:

  • No Feature Bloat: While many platforms offer an array of features, not all are essential for every organization. ZITADEL's focus on providing just the necessary features (without unnecessary add-ons) ensures that the system remains efficient and user-friendly.

  • Responsiveness of Support: Effective support is paramount, especially when integrating crucial systems like authentication. The ZITADEL team's responsiveness ensured that any challenges faced during integration were swiftly addressed.

Technology Architecture and Deployment

23 Technologies Diagram 1

Figure 1 - ZITADEL Integration: Centralizing Authentication in a Multi-Service Cloud Environment

Base Layer: The foundational infrastructure is primarily built on cloud technology, with OpenStack being the principal component.

Kubernetes Management: 23 Technologies utilizes Gardener for Kubernetes management. Additionally, they have developed their own tool named 23 KE to facilitate the deployment and oversight of Kubernetes across multiple cloud providers.

User Management and Authentication: ZITADEL provides 23 Technologies with a centralized system for user management, ensuring organized and efficient handling of user data. It offers authentication mechanisms, such as multi-factor authentication and single sign-on, ensuring users securely access the system. Beyond authentication, ZITADEL aids in authorization, defining user roles, granting permissions, and maintaining access controls. Various services work harmoniously with ZITADEL's authentication and authorization protocols, maintaining consistent and secure user credentials and permissions across the platform.

Deployment Preferences: Instead of using ZITADEL Cloud, 23 Technologies has chosen to host ZITADEL as an independent service. With an emphasis on security and reliability, they store user identities on a trusted cloud provider based in Germany. Aligning with their inclination towards open-source solutions, they have deployed the open-source variant of ZITADEL, utilizing Helm charts provided by ZITADEL and leveraging a Cockroach database for backend operations.

Learning Curve and Product Support

While the solution has largely been efficient, Christian's team did face some challenges initially, particularly concerning version upgrades and the integration of the database layer for which they used CockroachDB. However, these issues were subsequently addressed, and the overall experience with ZITADEL has been straightforward. Christian praised the ZITADEL team for their responsiveness, both at the management level and in technical support.

Future Plans

In General

The service platform, currently geared towards German-speaking regions, offers deployment for various platform services like Harbor, Grafana, and Prometheus. They intend for other CSPs and MSPs to be able to integrate their solutions into the 23 Technologies solution.

Future provisions will allow customers to operate their Kubernetes cluster, integrate it with the 23 Technologies service, and deploy services on top of their clusters, adhering to a "bring-your-own-device" philosophy.

While their initial focus is on Germany, they have plans to expand to the DACH region (Germany, Austria, Switzerland), then to the rest of Europe, and eventually to a global audience. They are open to serving any region based on demand.

Integrating ZITADEL within the Gaia-X Narrative

23 Technologies aims to integrate ZITADEL as a centralized authentication service, especially in the context of the Gaia-X initiative in Europe. Their vision is for users to have a unified ID, similar to a Github login, to access multiple online platforms, thereby removing the hassle of creating multiple accounts and repeated registrations. Gaia-X is a European strategy to boost investment in the regional cloud market. Its primary objective is to set up a standardized data ecosystem that promotes smooth data exchanges between entities, such as car manufacturers and their vehicles. One key aspect of Gaia-X is the federation service, which prioritizes self-sovereign identities. The ultimate aim is to build trust in digital identities, ensuring genuine online verification of a company or its personnel. While the details are still being refined, 23 Technologies has plans to weave ZITADEL into the Gaia-X story. Being associated with Gaia-X and other European projects like Catena-X and Manufacturing-X offers them a chance to better access European opportunities.

Testimonials

Portrait of Christian Berendt

“What I appreciate most about ZITADEL is the responsiveness and supportiveness of the ZITADEL team. Beyond the product itself, the team and community around it play a crucial role in our satisfaction. We value the open communication lines, especially through platforms like Discord.”

-Christian Berendt, CEO, 23 Technologies GmbH

Liked it? Share it!