Skip navigation
containers_sunset_alamy.jpg Alamy

Liberty Mutual’s Container Deployment – From Docker to Kubernetes

Liberty Mutual made an early bet on containers and continues to expand its approach seven years later. Learn why the insurance firm went all in on container technology.

In 2015, well before many IT managers knew what containers could really do, Liberty Mutual was sold on the concept. At that time, a group of core IT staff latched onto the technology concept as an approach for modernizing its workloads. Today, the insurance company manages more than 20,000 active containers at any given time across 1,000 nodes of infrastructure, supporting applications globally.

“Our company is 110 years old, so we have a lot of workloads that need to be modernized to some degree,” said Eric Drobisewski, a Liberty Mutual senior enterprise architect who was part of the group behind the initial container deployment. “We didn’t want to just lift and shift applications or the problems of today into the public cloud as is. We wanted a more transformational method to gain greater value from the move.”

Docker Container Deployment

After doing some research, the group settled on containers as a good pathway for critical workloads. “Whether running on physical servers or virtual machines, the container approach provided the lift of modernization where we didn’t have to fully refactor applications and workloads to get them to the target state,” Drobisewski said. It was a bonus that containers also benefitted from some of the more modern DevOps practices, principles, and toolsets.

Shortly after choosing the container path, Liberty Mutual adopted a digital transformation plan, which Drobisewski calls its “technology manifesto.” The push for digital transformation was well timed, he said, because it gave the IT team -- 5,000 staff members strong -- a runway to start experimenting with containers and discovering what they could really do.

For Liberty Mutual’s container deployment, the IT team selected Docker, the de facto container technology at the time. Developers began using Docker Swarm, an open source container orchestration platform, to modernize its applications and port them to a public or private cloud or, in some cases, on-premises.

The team saw immediate benefits and realized that containers would play a more important role in the organization than first thought. Developers could use Docker to scale quickly. At the time, Docker was easier to operate than Kubernetes.

One particularly useful tool was Docker Compose, an elegant way for developers to deploy containers while exposing only what developers needed to see. Developers could also deliver code changes much more rapidly, confidently, and consistently than before.

Within 12 months, the IT team was running about 8,000 containers. By the second year, that number rose to about 12,000.

However, as Liberty Mutual scaled its container usage, the technology began to experience network issues. Network fragility caused the team to rearchitect its cluster infrastructure.  “These were things that weren’t that obvious when we started, but as we scaled, they became significant pain points,” Drobisewski said. “We learned from it. Take the time upfront to really understand what the appropriate cluster network and namespace architecture should look like to support your business.”

Moving on to Kubernetes

By 2019, Kubernetes had become easier to use and increasingly popular. Drobisewski appreciated the platform’s vertical scalability, an important feature as the company moved from horizontally bound virtual machines to a large scale-out infrastructure that can scale vertically on demand.

Today, Kubernetes is the standard at Liberty Mutual. The organization uses the technology for everything from load balancers, proxy servers, and web servers, to more complex efforts like building multifaceted applications on cloud-native, microservices-based architectures. More challenging was moving traditional workloads from a service-oriented architecture to a container-orchestrated flow, but the effort was well worth it, Drobisewski said.

One of Liberty Mutual’s most successful (and most difficult) projects involved migrating its VM-based, service-oriented architecture running IBM’s WebSphere Business Process Manager to containers. By moving it into a cloud-native architecture running Kubernetes, the team could improve security, increase velocity, and reduce costs.

“It was a massive transformation for us, but now with all of our workloads sitting in a container-based architecture, everything is part of the common substrate,” Drobisewski explained. “Those workloads will now be easily and directly migrated into a public cloud ecosystem with no additional work required. That portability dynamic and interoperability is massively valuable.”

Liberty Mutual’s container-focused approach has also saved the company significant time and money. Higher density enables the team to run up to 80 containers per physical host or virtual machine in the public cloud. That density has also allowed for much better cost optimization.

“We don’t have to treat everything as 1:1 anymore,” Drobisewski said. “We could easily have moved virtual machines from our private cloud, like EC2 instances running in Amazon. You could say you gain something by doing that, but it’s a very 1:1 movement. Instead, we provided a container abstraction on top of it via Kubernetes, which means that we can run massive density across these hosts. It gives us a large, cost-optimized fleet of resources compared to what we do just at a VM level.”

In addition, containers strengthened IT security. Containers allow for a sophisticated security model to be applied at a granular level and offer transparency to everything happening through all layers of the container image, he noted.

Lessons Learned

While containers have made a difference to Liberty Mutual’s operations, it can be daunting to keep up with the continued innovation and emerging technology within the container space, Drobisewski said. “It’s a blessing and a curse when you have that much buy-in from the open source community but you have to stay abreast of it and make sure you are applying the latest updates and fixes,” he said.

Drobisewski recommended that organizations think carefully about the right abstraction for your developers. “The last thing you want to do is just unleash Kubernetes to the general developer population and expect that they are going to understand it or maintain it,” he said. Instead of exposing Kubernetes directly as an API to your developers, he advised looking for the suitable abstraction and simplifying the deployment model as much as possible.

And despite the major benefits of containers, they aren’t ideal for every situation.

“Initially, when we looked at the performance and persistence of the underlying storage, these became concerns that were more simply addressed through managed services such as AWS Relational Database Service for critical database workloads,” he said.

Liberty Mutual has now set its sights on pushing Kubernetes beyond its role as a container orchestrator. The IT team is looking to extend the constructs of Kubernetes and its API model to provide functions at the control-plane level. For example, the team is considering how it can use the common API construct to manage infrastructure across public and private clouds -- and even the edge. Ideally, it would be a common framework for running technologies and connecting to other downstream resources within the cloud ecosystem that were not originally part of the native construct of Kubernetes.

“Think about an ecosystem where you have Kubernetes clusters running, databases running, maybe some in [AWS] or [Google Cloud Platform], even running on something like Kafka, [with] maybe some Elastic hash stuff in there,” he said. “It could all be managed, provisioned, and deployed through that Kubernetes construct through the control plane model.”

About the author

 Karen D. Schwartz headshotKaren D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish