CIAM NextGen – Realization of a New CIAM Platform in China
Mercedes-Benz Group AG needed to replace its previous CIAM system to provide customers in China with more powerful access and to deliver new services faster. In addition, legal requirements in China had to be met. In less than 6 months, iC Consult developed and implemented a solution as a managed service based on the Service Layers platform and the Daimler Hybrid Cloud.
At a glance
Replacement of the existing CIAM platform with a completely new development using a local hybrid cloud in China
Products and services:
Managed Kubernetes, Service Layers, Ping Directory, Ping Federate and Ping Access
- Customer Identity and Access Management (CIAM) as a managed service in different regions in the hybrid cloud of Daimler AG, especially directly in Beijing for the Chinese market
- Shorter time-to-market due to very short deployment cycles
- Full compliance with the Chinese Cyber Security Legislation (CCSL)
- Reliable traceability of all changes due to complete configuration and infrastructure as code
- Production platform that is always up to date including the IAM products used
With nearly 300,000 employees and measured by annual revenue of 167 billion euros (2018), Mercedes-Benz is the world’s third-largest automotive manufacturer. The company operates its own production facilities in China for both passenger cars and vans. This and the high growth potential of the Chinese market underline the outstanding importance of the project.
In addition to classic automotive engineering, connected, digital services are gaining more and more importance. These range from localizing the parking space with a cell phone and remotely checking the status of the vehicle to route planning from the sofa. All such services require that the user‘s identity and access rights can be verified quickly, securely, and unambiguously.
Mercedes-Benz claims that the quality of digital services must be as outstanding as the vehicles themselves – from finance and sales to after-sales measures and connectivity solutions. This is particularly true for important growth markets such as China. To ensure a first-class position in terms of both performance and integration into the Chinese digital ecosystem – especially the connection to the ubiquitous app „We Chat“ – a system centrally operated in Europe alone was no longer an option. Instead, an additional local solution had to be found that would enable a connection to the central data center in Germany, as several essential services continue to run there. Cloning and operating these services in parallel in China would have compromised the smooth coordination of the overall system. What was needed was a globally consistent identity and access management for Mercedes-Benz: CIAM NextGen.
The provision of a dedicated CIAM platform in China not only enables delay-free use, but also creates a powerful, scalable basis for future expansions. It is hosted within a new hybrid cloud in China, which was built and scaled in parallel by Mercedes-Benz. One of the key requirements for the system was the highly automated, fast, and cost-effective integration of new services to enable rapid rollouts. In addition to the technical requirements, compliance with China‘s cyber security law played an important role. Given the importance of the Chinese growth market, the project was a very high priority for Mercedes-Benz. Expectations at management level were correspondingly high.
As of November 2018, a new, future-proof platform with the latest technologies was to be built, which can be installed regionally, synchronized worldwide and is capable of further scaling and mapping new functionalities. Even if the approach of radically cutting back old habits was the right one from a technical point of view, it still represented a major challenge. Even more so, as CIAM NextGen was to provide reliable access to more than 200 applications. The integration of WeChat alone, China‘s No. 1 app for communication, identification, cashless payment, etc., with millions of users simultaneously, promised an enormous load.
iC Consult, which had been entrusted with the implementation, was well aware of this challenge and the tight schedule. The go-live in China was scheduled for July 31, 2019 and for the rest of the world on September 30, 2019. There was no leeway, as the launch of various series did not allow any postponement. So, there were only 9 months to complete the entire development and implementation. Since the customer preferred its own Daimler Hybrid Cloud (DHC) for strategic and data protection reasons, public clouds such as AWS or Microsoft Azure were ruled out from the outset. The choice fell on a managed Kubernetes solution with Service Layers, the managed service for IAM from iC Consult. This combination enables near-term deployment of the IAM cloud infrastructure and provides an industrialized approach to automated application integration. The use of the DevOps methodology with its very short deployment cycles also contributed to the shortened time to market.
The platform is operated in Mercedes-Benz’s data centers in China and Germany. The strength of Service Layers lies in its particularly quick and easy setup, use and customization. The Service Layers stack is scalable and can synchronize user data across multiple clusters in regional instances. Since both the infrastructure and the configuration are completely as code, all changes can be tracked and reliably replicated. Additional applications and services can thus be set up and delivered worldwide in a largely automated manner. The high level of standardization simultaneously reduces both costs and risks compared with independent new developments. Thanks to the close and very trustful cooperation with the DHC team, it was possible to implement the required environments despite the tight time schedule. The seamless cooperation between the various iC Consult sites during the integration of Service Layers also contributed decisively to a punctual start. Even after the implementation, iC Consult continues to support the project by ensuring operations and 24/7 support.
On the very first day, five applications – including the WeChat integration into Mercedes Me – were connected to the system. By the end of 2019, another 200 applications had been migrated to CIAM NextGen. In total, 8 million people use the Mercedes-Benz CIAM. Shortly after the launch, 2.7 million Chinese had already migrated to the new system and were benefiting from the enormous increase in performance. The system, which is partly responsible for the storage and processing of data in China, complies with the laws of the People‘s Republic and thus ensures legal certainty. The DHC as an on-premises solution has proven its worth. All in all, CIAM NextGen, with its automation capabilities, contributes significantly to implementing Mercedes-Benz’s „Twice as fast“ strategy in identity and access management as well. Whereas previously it could take up to six weeks from commissioning to the integration of an additional application, it now – thanks to standardized and automated processes – takes just a few hours to create client applications and provide the necessary infrastructure.
With CIAM NextGen, Mercedes-Benz now has a CIAM platform that can be efficiently deployed in different regions and data centers. The customer in the fastestgrowing automotive market thus benefits from locally available computing power and the resulting significantly improved user-friendliness, meeting current and future requirements. Market-specific adaptions such as the seamless integration of WeChat further increase acceptance. Even more crucial from the operator‘s point of view is that, thanks to the Service Layers platform, up-to-date basic IAM products are now always available, as well as an extremely efficient infrastructure for the global provision of applications. Thanks to the flexibility of CIAM NextGen, the appearance can be adapted for other brands such as Mercedes-Benz Trucks or Smart without much effort.