Trace Id is missing
April 09, 2021

Swiss Re accelerates Java app modernization using Azure Spring Apps

Technical Story

For more than 150 years, Swiss Re, one of the world’s largest reinsurers, has used data to make the world more resilient. These days, the company uses Microsoft Azure to power a digital transformation that includes the modernization of business-critical financial systems. To speed up deployments and take advantage of the Azure ecosystem, developers traded their existing solutions for Azure platform as a service (PaaS). Swiss Re Group Finance IT built new Java-based financial apps and migrated existing ones using Azure Spring Apps, a fully managed infrastructure for Spring Boot applications. Azure not only supports the company’s strict security and regulatory requirements, but it also gives business users convenient, self-service access to key apps. In addition, Swiss Re developers can develop and deploy solutions faster, thanks to fully automated processes.

Swiss Re

“'Cloud–native’ must provide tangible results. Azure Spring Apps helps by taking away the implementation and management effort, so we can focus on our core competencies.”

Jonathan Jones, Lead Solutions Architect, Group Finance IT, Swiss Re

An incremental approach to modernization

As a global wholesaler of reinsurance, Swiss Re is on a mission to help make the world more resilient. Recognizing that resilience requires finding new business models, the company uses Azure services to transform the insurance industry. In fact, Swiss Re even formed a strategic alliance with Microsoft in early 2020. The move to Azure was part of a digital transformation initiative started a few years back to gain the continuous innovation and agility of cloud-native applications.

Behind the scenes, the Swiss Re Group Finance IT team is responsible for providing a stable and accurate service for the business—especially during the all-important closing periods, when the company publishes its financial results. The group is responsible for apps that support, define, and execute business rules, manage data models, and validate data—all steps subject to a high level of governance and regulation.

According to Jonathan Jones, Lead Solutions Architect, Group Finance IT, Swiss Re, the IT team adopted the strangler pattern in its modernization journey. In this approach to cloud design, developers gradually update the company’s Spring Boot applications and incrementally retire legacy systems.

“One day, the idea goes, we should wake up and be all in the public cloud,” Jones says. In the meantime, the transition must be transparent to users, even though the move from a monolithic architecture to a series of right-sized services poses many challenges. The Group Finance IT team was trying to move forward while handling issues with the legacy systems and a backlog of requests from the product teams.

The strangler pattern reduces the risk associated with refactoring monolithic applications, but this approach takes time. As Jones notes, “We have to be able to make progress without waiting for service requests and long fulfillment chains. We wanted to remove as much friction as possible from the development process.”

With this in mind, the Group Finance IT team began looking into managed platforms and virtualized infrastructures that make life as simple as possible for developers. The team also set Zero Trust as a goal. Zero Trust is a security concept that starts with assuming that any identity or device on a corporate network is not secure and must be continually verified. Before granting access to corporate resources, identities and devices are verified to be secure and compliant.

The team’s goals suggested secure PaaS and infrastructure as code (IaC). “Azure Spring Apps arrived at a good time,” Jones points out.

“We chose Azure Spring Apps to concentrate on writing apps and running them with minimum overhead.”

Jonathan Jones, Lead Solutions Architect, Group Finance IT, Swiss Re

PaaS simplifies development and deployment on Azure

To make it simpler to deploy and operate Spring Cloud applications, Microsoft, together with Pivotal (now part of VMware), created Azure Spring Apps. The platform abstracts away the complexity of managing infrastructure and Spring Cloud middleware.

“We have complicated logic in our business services,” Jones explains. “We didn’t want further complications. We wanted something that was secure, easy, developer-friendly, and operations-friendly. Azure Spring Apps fitted our strategy.”

Swiss Re was an early adopter of Azure Spring Apps and provided input to the Microsoft product team during the service’s preview period. “Swiss Re gave us the kind of valuable feedback that only real-world experience with a workload can provide,” notes Asir Selvasingh, Azure Principal Program Manager, Microsoft. “Their feedback helped us improve our service and make it even better for our customers.”

The transition to Azure Spring Apps was easy. The Swiss Re developers could focus on building their business logic while Azure took care of dynamic scaling, security patches, compliance standards, and high availability. Azure Spring Apps supports popular integrated development environments (IDEs) and frameworks, plus tools for continuous integration and continuous deployment (CI/CD). The Java and Angular developers at Swiss Re could continue to work in their chosen environments—IntelliJ and Visual Studio Code—to build applications compatible with Azure.

Jones points out how much the team liked the platform’s simplicity. “We give it a JAR file and have an application running. We don't need a specialist DevOps engineer on call. For us, this makes good economic sense.”

Swiss Re accelerated its modernization efforts by hosting its Spring Boot applications on Azure Spring Apps.

An “unremarkable” architecture for Spring Boot apps on Azure

Group Finance IT has built a cloud-native infrastructure on Azure to support what it calls mini-services. Swiss Re runs a mixture of many services—some have a front end built in Angular, and some don't. Some are API-only services called by other systems. Jones prefers to call them mini-services because they are decomposed to a level that makes sense within Group Finance IT.

“We designed an architecture that is very simple and very unremarkable,” Jones explains. “’Unremarkable’ is a compliment—we're happy with the simplicity. That's what we were aiming for.”

It may be simple, but security is paramount, so the Azure infrastructure is designed to minimize the exposure of the services. All ingress comes through the Spring Cloud Gateway application, which is shielded by Cloudflare. The team didn’t need to find a new solution for content delivery network (CDN) services or distributed denial-of-service (DDoS) mitigation. Azure supports the company’s existing networking components from Cloudflare, in addition to other popular networking solutions.

Cloudflare works as a reverse proxy and makes requests to the Spring Cloud Gateway application. The gateway then routes requests to the back-end Spring Boot services, all of which run on private IP addresses. Developers saved time using Spring Boot Starters for the Spring Initializer, which provide integration features for working with Azure. For example, Spring Security provides integration support for Azure Active Directory and authentication with role-based access control (RBAC).

"The system-assigned managed identity that Spring Apps provides is used a lot. Managed identities are one of the best things in Azure,” Jones says.

The managed identities of the back-end services are used to access other Azure services. For example, the Spring Boot services retrieve static content from Azure Data Lake Storage and authenticate to Azure Key Vault. Secrets can then be injected directly into applications through Spring.

With a simple Spring Data JDBC call, the team can store and retrieve information in Azure Database for PostgreSQL, a managed version of the popular open-source PostgreSQL database. For persistency, any data managed in the mini-services is stored in PostgreSQL.

Big data analytics on Azure Spring Apps

The Java-based financial apps run in Azure Spring Apps as part of an Azure platform used by Group Finance IT to provide big data analytics, reports, and visualizations. The data flow is based on Azure Databricks, a data analytics platform designed for team collaboration.

Raw data is stored in Azure Data Lake Storage, a next-generation data lake solution for big data analytics. By using different tiers of storage, Swiss Re can keep the costs down, while taking advantage of the high availability and disaster recovery features offered by the service.

Another division at Swiss Re has a similar reporting architecture. For details about that implementation, see Swiss Re drives deeper, faster insights with Azure Synapse Analytics.

The Java-based financial apps run in Azure Spring Apps as part of an Azure platform used by Group Finance IT to provide big data analytics, reports, and visualizations.

The ease of end-to-end support

With Azure Spring Apps, the developers can continue to use the tools they already know. The Git repositories, work items, and pipelines are hosted in Azure DevOps, and the team uses Apache Maven for builds. To accelerate the development experience, Azure Spring Apps includes a Maven plug-in and Visual Studio Code extensions.

“Our infrastructure is deployed via the Terraform task in Azure DevOps, and we were happy that the Azure Resource Manager provider was available early for Azure Spring Apps,” Jones notes.

On the other end of the application life cycle, the team automates software monitoring as much as possible. In the past, the developers used an open source stack—Elasticsearch, Logstash, and Kibana (ELK)—but they traded it in when they saw how easy Azure Spring Apps makes it to track application performance and to detect and diagnose issues.

Azure Spring Apps works with Azure Monitor to aggregate logs, metrics, and distributed app traces in one place. During development, the Swiss Re team leans heavily on the log streaming feature, which sends real-time application console logs for troubleshooting.

Everything is automated, and any failures raise tickets in the incident management system. “Ultimately, we keep our end users happy by running a reliable and performant system,” Jones explains. “We were happy when the Azure Spring Apps team released the Application Insights Java In-Process agent in late 2020. Now we get monitoring of the JDBC calls, too."

A no-compromise approach to security

Before the platform went live, Swiss Re subjected Azure to a tough battery of performance and penetration tests. Teams ran simulations of high loads on the system to make sure that the gateway and back-end services could handle the expected level of concurrency. Parts of the platform have to handle many simultaneous HTTP requests with significant payload. To make sure the platform was secure, the teams ran deep penetration testing on the deployments.

Happily, Azure Spring Apps passed on all counts. As Jones points out, “The performance and penetration tests passed without any kind of issue whatsoever, which we expected of Azure.” Jones’s team also executes tests after deployments to make sure that new deployments do not violate the company’s security policies.

Azure Spring Apps is designed to allow developers to take advantage of the secure infrastructure and worldwide reach of Azure. To Swiss Re, this was a key consideration in the move to the public cloud. The company follows the Cloud Security Alliance Cloud Controls Matrix (CSA CCM), and all applications must meet the standards set by the Common Vulnerabilities and Exposures (CVE) system.

As Jones puts it, “We try to lower our attack surface by delegating activities like network management and compute management to Microsoft. The fewer moving parts we must configure and maintain, the better.”

Moving forward with Azure

The Azure Spring Apps platform gives Swiss Re a production environment where developers can deploy and monitor apps with very little overhead. “We now have this ability to pivot quickly, which we couldn’t do before,” Jones notes. “From Cloudflare to Azure Spring Apps, we're in control.”

The project also created a runway for app development—something that wasn’t necessarily in the original scope. Back then, the plan was to update some reporting functions, but scope creep proved to be a benefit. Reusable templates make it easy to deploy Spring Boot apps on Azure, and other teams are following suit. One IT team dropped the serverless approach it was evaluating after seeing how much easier it was to use the existing deployment templates and Azure Spring Apps. Developers can update a config file with the name of an app running the pipeline and then deploy to an environment that they know is reliable and that meets the company’s strict security requirements.

“We paved the road for other squads within Group Finance IT who have been able to deploy apps to this Spring Apps instance. It gives us a kind of economy of scale,” Jones adds. “We didn’t need to upskill in Kubernetes. We don't need a heavy support organization to keep the platform up and running.”

As the company continues to roll out its application modernization efforts on Azure, the Group Finance IT team is also looking ahead. The team plans to add Azure Event Grid to improve automation but otherwise doesn’t expect the new platform will need to change much over time. As Jones says, “This is the place where we deploy our apps now.”

“We wanted something that was secure, easy, developer-friendly, and operations-friendly. Azure Spring Apps fitted our strategy.”

Jonathan Jones, Lead Solutions Architect, Group Finance IT, Swiss Re

Hero image © Christian Richters, 2017

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft