New platform and Managed Kubernetes introduced How XPERTyme got to be GDPR- compliant and ready for cloud native

About XPERTyme

There are two things that are particularly important for a provider of digital consulting platforms: data protection and ease of scaling. XPERTyme can guarantee both. To achieve this, however, the
Upper Bavarian company had to switch to a new cloud platform and reorganize its software development. Both were achieved with the help of SysEleven, the Berlin-based cloud and Kubernetes
specialists.

Today digital video consultation platforms are all the rage: Instead of having to wait a long time for an appointment with a specialist or lawyer, private individuals can use them to obtain expert advice quickly and conveniently at home on their computer, tablet, or smartphone. The technical basis for such systems often comes from XPERTyme, a company based in Weßling near Munich. They often fly under the radar because the
company also offers its fully automated solution as a white-label platform. This allows online consultants or webinar providers to use their own corporate design. XPERTyme’s experts handle the individual adjustments to the workflows.

Cloud and Kubernetes that are compliant with European standards

Especially in the medical environment, privacy and data protection are highly sensitive issues. Unauthorized eavesdropping or tapping of data must be prevented at all costs. That is why XPERTyme customers retain full data sovereignty. XPERTyme assumes the role of a pure data processor and is therefore fully bound by the client’s instructions. Each customer decides for themselves where they store personal data and who has
access to it.

However, this only partially meets the strict European privacy standards. This is because the solution provider relies on external services. For example, it requires a cloud service provider (CSP) to operate its platform. “We launched on Amazon Cloud Services (AWS) in 2017,” says Jürgen Wier, co-founder and Chief Technology Officer (CTO) of XPERTyme. “At the time it wasn’t an issue, but shortly afterwards we had our first discussions with the German Association of Statutory Health Insurance Physicians.” The problem: AWS is not subject to European data protection regulations, but to less restrictive US laws instead. Under these laws, the US government could possibly demand access to the hosted data.

When the European General Data Protection Regulation (GDPR) came into force in 2018, discussions became more serious. Some of XPERTyme’s major customers also raised concerns. At the latest since the GDPR update in 2022, applications that process personal data may no longer be operated on non-European cloud platforms. Medical and legal advice via video stream undoubtedly falls into this category.

Fast access and response times

XPERTyme therefore looked around early on for a replacement for AWS – preferably a German provider. That was easier said than done. “We received no response at all from a large French provider to our inquiry,” recalls Wier. An attempt with a major German telecommunications provider failed because the setup process was too long and too complicated and the offer was too costly. It took six weeks to set up an account, and
urgent requests for expert help were only answered after two weeks. The company became aware of SysEleven through a customer’s recommendation. The offer and service were just right. “With AWS, we had access within four hours and the response times were in the region of ten minutes,” explains Jürgen Wier, “and these factors were comparable with SysEleven.” In addition, with over 100 employees and three data centers at the time, the provider was the right size for a partner on an equal footing.
The switch from AWS to SysEleven turned out to not be too complicated. “Right out of the gate, we made sure that we were not too technically dependent on a specific cloud platform,” Jürgen Wier explains in detail, “which is why we were able to rebuild the services in such a way that we were able to manage without AWS-specific features.” Today, the GDPR-critical functions are run in SysEleven’s environment. The remaining areas will also be converted from AWS to SysEleven’s platform.
SysEleven also took over configuration of the Managed Databases. XPERTyme was able to handle the rest itself. The company needed about a month for initial deployment and adaptation of the automated functions. The customer platforms could be migrated overnight or over a weekend. All that remained was the administrative work required for GDPR certification – after all, customer data protection agreements also
had to be adapted.

Modernizing cloud-native development

In addition to GDPR compliance, SysEleven had another leg up: The Berlin-based provider also blazed the trail into the Kubernetes world for XPERTyme’s developers. The open source solution Kubernetes is considered the gold standard for the orchestration of cloud-native systems, such as dynamic assignment of microservices to containers, nodes, and clusters. XPERTyme needed this technology to get a head start on the competition, which was also planning to jump into Kubernetes.
However, at the time XPERTyme had little experience with this development paradigm, which is based on continuous adaptation and integration as well as close integration of development and operations (“DevOps”). The first attempts were made with container technology in a “Docker” environment with AWS’s own Amazon Elastic Container Service (ECS).
As part of the AWS universe, ECS was relatively easy to set up, but according to Wier, there was one decisive disadvantage: “Certain services could not be dynamically scaled or transferred to other servers.” This was one of the big reasons why XPERTyme decided to introduce a DevOps structure with Kubernetes orchestration about the same time the cloud platform would be changed.

Managed Kubernetes as an add-on

Initially, XPERTyme hired two DevOps specialists. However, the attempt to set up and manage Kubernetes on AWS itself proved to be complex and time-consuming at the time. That’s why it was a good thing that SysEleven was able to offer consulting expertise and services specifically in the Kubernetes environment. The in-house experts helped XPERTyme to, for example, design the system architecture with the cluster
organization and define the scaling parameters. Wier explains: “Defining the architecture was the biggest challenge for us – especially the concept of how the containers run within the clusters. All components that are to talk to each other must be clearly defined.”
The Berlin-based company even offers a managed Kubernetes environment under the name “MetaKube”. It relieves customers of a large part of the tasks associated with operating the orchestration tool. This “as-a-service” offering includes load balancers, backup and recovery, cluster monitoring, and clear dashboards. The Kubernetes monitoring tools Prometheus and Loki have also just been integrated as the latest additions.

What happens next

XPERTyme decided to introduce the core version of MetaKube, but is currently considering switching to the more comprehensive “MetaKube Accelerator” package. In addition to the two monitoring tools, it also contains functions such as compatibility tests carried out by SysEleven between the building blocks, provision and testing of updates, and pre-configured pipelines for continuous integration/continuous delivery (CI/CD).
A final decision on the introduction of the “Accelerator” has not yet been made. Nor is it urgent, as XPERTyme is already more than satisfied with its decision. “We are GDPR-compliant and up to date in terms of development technology,” confirms the CTO: “Without SysEleven, we certainly wouldn’t have been able to achieve this so quickly.”

We’re GDPR-compliant and up to date with the latest developments. Without SysEleven, we would certainly not have achieved this so quickly

Jürgen Wier, co-found- er and CTO, XPERTyme