How Axione Simplifies & Secures Deployments | Traefik Labs

About Axione

Axione is a French telecommunications company that builds and operates network infrastructures across different cities and regions locally and abroad. It helps local authorities in their Public Initiative Network projects with a range of infrastructures and services to support the development and adoption of digital technology. It operates over 6 million Fiber to the Home (FITH) in 6,500 cities and has a workforce of 2,900 employees in 51 agencies.

Neil Orley, Head of SRE, and Alexandre Etmezguine, DevOps engineer, are part of the DevOps services team in the IT department. They are in charge of providing all IT services required to build network infrastructure, following the deployment of each project, and also equipping the sales department with the right tools to market their services.

Overview

Axione operates an infrastructure that consists of three large independent clusters, each of which is in a dedicated data center. The DevOps team manages applications and services within each cluster, handling everything from replacing the disks, and applying network upgrades to upgrading virtual machines. Around 90% of the infrastructure is legacy, consisting of VMs running monolithic, Java-based applications inside Docker containers. The team is currently using HashiCorp Consul to maintain a service registry for configuring VMs.

For the DevOps team, maintaining the security of infrastructure and applications and deploying the right tools to facilitate their management are paramount to maintaining smooth operations for the business. Recently Axione also started modernizing its architecture with new microservices projects deployed in the public cloud and are experiencing new challenges in managing a hybrid architecture between clusters running on-premises and in the cloud.

Choosing Traefik Enterprise as an integrated API gateway and reverse proxy

Prior to migrating to Traefik Enterprise, Axione relied on Nginx as a reverse proxy. The team managed Nginx manually, requiring them to go to each server individually to test and deploy configurations. The team was spending countless hours configuring Nginx and started facing an exponential number of issues when different people needed to edit multiple configurations, directly impacting their production environments.

The Axione team could not deploy new configurations without first waiting to finish editing and updating the existing ones. They first tried to solve this issue by creating a DevOps pipeline to automate the deployment of any configuration changes. But later, when requirements to add SSO logins emerged, they faced additional difficulties with the integration and maintenance of their authentication solutions. As the team started struggling more and more, they began looking for alternative solutions to Nginx.

“We were looking for a solution that could automate the configuration of service deployments to simplify and reduce maintenance costs.”

Alexandre Etmezguine, SRE DevOps, Axione

The team at Axione needed an API gateway that could be extended with reverse proxy functionality. They benchmarked numerous solutions and selected Traefik Enterprise as the best and most flexible solution to answer their needs.

“When we benchmarked solutions, we found that Traefik Enterprise was the most adapted to our needs because of its flexibility, capabilities, and competitive price.”

Alexandre Etmezguine, SRE DevOps, Axione

Secure, manage, & scale all your APIs.See how Traefik Enterprise simplifies, automates, and centralizes API management and security with one easy-to-use solution.Learn More

Traefik Enterprise simplifies routing, configuration, service deployment, and maintenance

The first requirement of the DevOps team was to find a solution that could easily automate the configuration and deployment of new services. Traefik Enterprise offers automated service discovery and routing, and also fully integrates with Axione’s CI/CD Git pipeline. Any changes are automatically and consistently pushed to all 3 clusters without any manual intervention. Today, it takes less than fifteen minutes to upgrade all their clusters with zero downtime, saving the team countless hours every month.

For the deployment of new services, the team uses Git’s pipeline capabilities as well as Traefik Enterprise’s integration with HashiCorp Consul for service discovery. The service discovery integration with Traefik Enterprise automatically generates a new configuration, making any deployment fully automated. As a result, the team now creates and populates environments for developers very quickly and is able to maintain DevOps practices across the development team.

“With Traefik Enterprise, we update our 3 clusters in less than 15 minutes with no downtime. We are saving so much time.”

Alexandre Etmezguine, SRE DevOps, Axione

Traefik Enterprise strengthens application security

Given the growing array of cyber attacks in today’s world, security is a top priority for Axione. The DevOps team was looking for an integrated solution that could provide both reverse proxy and authentication capabilities. With Traefik Enterprise, the team strengthened the security posture of their APIs and applications by using the OIDC middleware to integrate SSO logins. The team also integrates security headers to applications to forbid certain paths and routes to protect dangerous paths.

And thanks to Traefik’s library of plugins that include custom features, the team also integrates security features to rewrite header responses and add web application firewall capabilities. Traefik’s catalog of plugins consists of more than 100 plugins to this day.

“We are leveraging Traefik Enterprise’s middleware and plugins. It is so easy to use. With only 2 lines of code, we have a plugin working”

Alexandre Etmezguine, SRE DevOps, Axione

Traefik Enterprise is a highly available and performant solution

Traefik Enterprise’s distributed architecture separates the control plane and data plane, equipping Axione with a highly available platform to ensure they never lose any application requests. In the event the control plane is inaccessible, the data plane continues to work, serving application requests uninterrupted. Because of this high degree of availability, Axione today uses Traefik Enterprise to route 100% of their traffic.

Traefik’s architecture has also increased the performance of Axione’s applications. Immediately after deploying some applications behind Traefik Enterprise, Axione saw significant performance and latency improvements (about 20%) compared to running the same applications behind Nginx (visualized below).

“Traefik Enterprise instantly improved our application performance, even for our legacy applications, and it is quite impressive.”
“Traefik Enterprise is highly distributed and available, which is important for us because we can update our clusters without any downtime.”

Alexandre Etmezguine, SRE DevOps, Axione

Traefik Enterprise is infrastructure-agnostic.

The team at Axione is beginning to deploy services in the cloud to see how they can manage hybrid architectures that will stretch their clusters across on-prem and cloud environments. Because Traefik Enterprise is infrastructure-agnostic and works in both legacy environments and cloud native environments, it can be used seamlessly both on-premises and in the cloud, with or without an orchestrator.

The team began exploring different orchestrators to use in the future. They are planning on switching to Kubernetes but are also looking at alternatives like HashiCorp Nomad. Traefik Enterprise is orchestrator-agnostic and will remain their solution of choice regardless of the container orchestrator they choose.

“We secure applications and infrastructure while deploying tools that improve project management with the Agile methodology. We have begun to modernize our architecture with a microservice strategy and have started deploying new services in the cloud. The nice thing about Traefik is that it works with both legacy and cloud environments so we don’t have to learn and adopt a new tool as we adopt new cloud native architectures.”

Alexandre Etmezguine, SRE DevOps, Axione

Traefik Enterprise offers 24/7 enterprise support.

Given that uptime is a core requirement for Axione, the DevOps team required enterprise-grade support to ensure their system remains always operational. Traefik Enterprise offers unparalleled, 24x7 support to maintain the stability of the infrastructure. Axione has had a very positive experience with the support team at Traefik Labs.

“We have a terrific relationship with the support team at Traefik Enterprise. David has helped us understand our architecture and what we wanted to achieve with Traefik Enterprise. We are very happy with the support, which is very efficient.”

Alexandre Etmezguine, SRE DevOps, Axione

Results

Axione today uses Traefik Enterprise’s integrated API gateway and reverse proxy for both VMs and microservices. Axione has migrated all staging and production environments to Traefik Enterprise and all public and private traffic of their applications enters through Traefik Enterprise. Axione currently has 250 applications and more than 1000 application URLs running behind Traefik Enterprise.

Bottom line

Axione is in the process of modernizing its infrastructure, deploying new applications in microservices in the cloud. All applications are routed through Traefik Enterprise, which will remain the solution being used as they modernize their infrastructure. Traefik Enterprise is a secure, performant, automated, and infrastructure-agnostic solution. It is part of a thriving ecosystem that allows the team to tap into a vast array of capabilities and integrations with cloud native solutions. As Axione continues scaling and modernizing its infrastructure, it will continue relying on Traefik Enterprise.

“We started our journey with Traefik Enterprise a year ago and are now renewing the contract for three years. We would definitely recommend Traefik Enterprise.”

Neil Orley, Head of SRE, Axione

Secure, manage, & scale all your APIs. Want to simplify API management and security? Request a demo today and see Traefik Enterprise in action.Request a demo

This is a companion discussion topic for the original entry at https://traefik.io/blog/axione-simplifies-and-secures-deployments-traefik-enterprise-api-gateway/