Full reimplementation of AURA Distribution — Credit Suisse's central IAM permission distribution system — from a proprietary Java EE 7 platform to Java 21, Spring Boot 3.2, and OpenShift. Including architecture, CI/CD, monitoring, and production rollout.
Java 21, Spring Boot 3.2, MQ (ConnectionFactories), multiple datasources, Prometheus, Grafana, Jenkins Pipeline, Helm Charts, OpenShift (Kubernetes).
All stage-specific Java EE container-managed configuration — databases and MQ ConnectionFactories — was migrated into the application itself, enabling fully portable, container-native deployments.
8 months
From kickoff to production
Standards
instead of proprietary platform
OpenShift
Upgrade from Java EE 7
AURA Distribution is the component responsible for taking permissions modeled in AURA Portal and distributing them to authorization-relevant endpoints: AURA Runtime and the central Active Directory. Get it wrong, and sensitive systems are either exposed or locked down. There is no middle ground.
The existing implementation ran on a CS-proprietary Java EE 7 platform that was being decommissioned. Migration was not optional — and neither was continuity. We were brought in to rebuild the system from scratch, on a modern, platform-independent stack, without disrupting ongoing operations.
AURA Distribution is, at its core, an ETL system. It supports both event-driven reconciliation of individual permission changes and full batch reconciliation across all permission and resource data — ensuring that every authorization-relevant endpoint stays in sync with AURA Portal at all times.
One of the most complex aspects of the migration was configuration: multiple database connections and MQ ConnectionFactories had previously been managed by the Java EE container. We moved all of this into the application itself — stage-aware, fully portable, and container-native. No external dependencies. No surprises between environments.
Alongside the reimplementation, we built the full operational infrastructure: Helm Charts for deployment, Jenkins pipelines for CI/CD, and Prometheus metrics with Grafana dashboards for real-time operational visibility.
The new AURA Distribution runs on Credit Suisse's strategic OpenShift infrastructure. The proprietary dependency is gone. The new stack is standard, open, and fully maintainable — without any risk of being locked into a platform that no longer exists.
The project also delivered a step change in operational quality: automated pipelines, Helm-based deployments, and real-time monitoring were not afterthoughts — they were part of the system from day one.
A secure, user-friendly, and high-performance web app developed on behalf of the Republic of Austria.
Europe’s largest and highly available power trading platform M7, operated by Deutsche Börse.
Self-service Identity and Access Management for streamlined access control.
Greenfield rebuild of Austria's sovereign bond auction platform — managing EUR 315 billion in federal debt.
Migration of a mission-critical client access management platform from Credit Suisse to UBS Azure cloud infrastructure.
Modernization of Credit Suisse's central IAM authorization backend — from monolith to microservices on OpenShift, handling 10M+ requests per day across 4 global regions.
Full-stack migration of Credit Suisse's central IAM system: 15 applications, 5M+ lines of code, migrated to Java 21, Spring Boot 3, and OpenShift in 8 months.
