Mercedes-Benz Rus migrated Mercedes me services for Russian users from Microsoft Azure to Yandex Cloud. The company’s specialists performed the necessary refactoring of the service code and, with the help of DevOps engineers OpsGuru and Luxoft, changed Terraform scripts and deployed Yandex Managed Service for Kubernetes clusters, embedding them in the existing pipeline for the development and deployment of Mercedes Me applications on cloud sites around the world.
They managed to transfer the services of Mercedes Me without downtime. Now all Russian users of the Mercedes Me and Mercedes Me Remote Parking applications use Yandex Cloud. The multi-cloud infrastructure created meets all the requirements of the company’s information security and complies with the Federal Law № 152.
Migrating a service from a foreign cloud platform to Yandex Cloud
Mercedes-Benz AG developed the Mercedes Me App Family for Mobile Applications for customers.
- The Mercedes Me app provides remote access to cabin features and integrated external geolocation services.
- The Mercedes Me Service, which will also be available in Russia, will provide an opportunity to get high-quality customer service, e.g. to make an appointment with a dealer.
- The Mercedes Me Store will allow customers to buy subscription features such as autopilot or a navigator.
Mercedes Me services in most countries are deployed in the Microsoft Azure cloud. The company’s subsidiary Mercedes-Benz Rus is responsible for localizing and adapting applications in Russia. Since there are no Microsoft Azure data centers in Russia, the company needed a reliable cloud platform with a similar set of services, compliant not only with Russian legislation, in particular Federal Law № 152, but also with Mercedes’ own high security standards.
Mercedes-Benz Rus compiled a list of basic requirements for a cloud service provider. Their requirements for deployment included:
- The maximum number of managed services similar to those used by the company in Microsoft Azure
- dynamic site scaling
- use of standardized popular protocols and libraries
- the ability to use HashiCorp Terraform
- the maximum possible encryption of data at rest and in transit, using modern encryption tools and standards
- contractual obligations for data and network isolation.
After analyzing the cloud platform market in Russia, the company chose Yandex Cloud. Yandex’s cloud platform offered a set of managed services similar to Microsoft Azure, fully complied with the requirements of Russian regulators and the company’s own information security requirements (the use of encrypted disks and SSE encryption in S3, TLS support in microservices, support for SAML federations), and also provided assistance and support from experts in development, infrastructure and CI / CD during migration.
Deployment of Yandex Managed Service for Kubernetes and other cloud services clusters
Mercedes Me applications are based on a microservice architecture: they are placed in the container registry and delivered to regional cloud sites using the Spinnaker continuous delivery tool. Terraform is used to automate deployment.
At regional sites in Microsoft Azure, Mercedes Me services use Azure Kubernetes Service, Blob Storage, and CosmosDB. Azure Cache for Redis and Apache Kafka message broker on HDInsight are also used.
To deploy the site in Russia, they had to create a multi-cloud environment, which solved several difficult challenges. They needed to build a cloud infrastructure as close as possible to the existing sites in the Microsoft Azure ecosystem. In order to make as few as possible global changes to the applications themselves, all the programs used and their versions had to coincide as much as possible. For their own Microsoft Azure products, they needed to select and deploy equivalents which supported the same data encryption standards. In addition, it was necessary to decide whether to migrate some functional parts of the infrastructure, for example, Event Hub. They also needed to reconfigure automation tools in order to integrate into the existing pipeline of application deployment.
As a result, Mercedes-Benz Rus reached out to the expertise of external contractors and, in addition to its own team, attracted DevOps engineers OpsGuru and Luxoft to deploy in Yandex Cloud within a reasonable time.
The infrastructure created in Yandex Cloud includes two clusters of managed Kubernetes, to which the code is delivered and deployed in the same way as to other sites: through Spinnaker and Terraform. To implement this, they had to completely rewrite the automation scripts with the help of the specialists from OpsGuru and Luxoft. A load balancer has been set up at the Russian site. Here, application logs are also processed using Elasticsearch. The Opsgenie incident management system is responsible for analyzing this data, parsing notifications from Spinnaker and notifying employees. At the same time, they decided not to change the management of global events, the Azure Event Hub deals with them.
In addition to infrastructure changes, the developers of Mercedes Me needed to refactor the application code in those parts responsible for interacting with the queue processing service and with S3 storage. This is due to significant differences between the managed Apache Kafka services and the object stores in Yandex Cloud and Microsoft Azure.
To work with application data on the Russian site, Yandex Managed Service for MongoDB is used. Initially, Mercedes Me applications used version 3 of MongoDB, but its support within the managed service Yandex Cloud ended. The problem was solved by Yandex Cloud specialists, who extended the support of the cluster, and Mercedes-Benz Rus promptly migrated the service to the new version. Yandex Managed Service for Redis™ is responsible for caching in the cloud infrastructure. Due to the need to encrypt the Mercedes-Benz Rus connection, they appealed to Yandex Cloud with a request to implement Redis 6 with TLS support, which was quickly fulfilled.
Creating a multi-cloud infrastructure without stoppages
Mercedes-Benz Rus deployed the Mercedes Me applications for Russian users in Yandex Cloud, without interruptions to the services themselves. The resulting solution is fully integrated into the global pipeline for the development, delivery and monitoring of Mercedes Me services, and meets all information security requirements of Mercedes-Benz AG and Russian legislation.
As a result of the implementation of multi-cloud infrastructure, the Mercedes Me and Mercedes Me Remote Parking applications became available to Russian users. The company now plans to localize and deploy other ecosystem applications in Yandex Cloud.
Our company believes that we need to put more effort into product solutions than on infrastructure ones. If there is an opportunity to delegate specific risks to the provider, then we take advantage of it, choosing managed services when possible, for example. Cloud providers have an important feature: they have more expertise and resources to keep services up to date, which is important for maintaining a high level of security. This allows our specialists to focus on improving our products. We quickly established a good relationship with the specialists from Yandex Cloud, which allowed us to quickly resolve issues at the stage of contract negotiation and to overcome technical difficulties. This approach left me with a very good impression, and I believe that it was an important reason for the project’s success.