APISIX Boosts ZhongAn's Online Insurance in Traffic Governance and Security Management

Overview

About ZhongAn Online P&C Insurance

ZhongAn Online P&C Insurance Co., Ltd., also known as ZhongAn Insurance, is a leading online-only Insuretech company, specializing in crafting customer-centric insurance solutions tailored to diverse consumption scenarios. They rely on their proprietary infrastructure and cutting-edge technology, such as their cloud-based platform and advanced AI capabilities, to optimize product features for an enhanced customer experience and robust risk management. As of June 2023, ZhongAn has offered tech services to 750+ global clients in diverse sectors, including Southeast Asia, East Asia, Europe, and beyond, covering banking, insurance, brokerage, high-end manufacturing, Internet platforms, and more.

Challenges

• Managing high-concurrency internet scenarios presents challenges for ZhongAn Insurance, complicating traffic governance and causing discrepancies in monitoring, alerts, and authentication permissions.
• ZhongAn Insurance's gateway ecosystem lacked integration capabilities and was ill-suited for multi-cloud environments, impeding features like gradual deployments and cross-domain isolation.
• Internally, ZhongAn Insurance employed multiple gateways across different product lines, each with its own development and maintenance efforts, resulting in significant time and resource expenditures.

Results

• APISIX offers robust authentication and monitoring features, enabling the successful implementation of ZhongAn Insurance's BaaS product.
• By incorporating APISIX, ZhongAn Insurance has streamlined the management of its internal gateways and optimized resource allocation, resulting in enhanced efficiency and resource conservation.
• ZhongAn Insurance has leveraged APISIX for precise traffic governance, ensuring the isolation of traffic between multiple tenants, thereby safeguarding data security and system stability.

Background

ZhongAn's Business Characteristics

Diverse Insurance Offerings

ZhongAn Insurance boasts many insurance categories that span a wide spectrum, including vital ones like property insurance. Each category comes with its own distinct characteristics, regulatory considerations, and customer demands. Moreover, the diverse nature of insurance types often entails distinct underwriting, claim procedures, and risk evaluations. These disparities require a comprehensive and meticulous approach to management.

Multifaceted Operational Approach

As an internet-based insurance company, ZhongAn Insurance conducts all its operations online. It capitalizes on the inherent advantages of online traffic while managing numerous offline and traditional insurance aspects. More specifically, since ZhongAn Insurance depends on various channels for many of its service entry points, the company is actively pursuing enhanced business management by strengthening its control over traffic from these diverse channels.

Rigorous Regulatory Oversight

Operating in a sector that directly interfaces with financial transactions, the insurance industry falls within the purview of national financial regulators. Like banks and securities firms, insurance products come under the country's vigilant scrutiny, mandating strict adherence to industry-specific regulations. Annually, ZhongAn Insurance is required to align with the country's regulatory and developmental needs, including both business and technological aspects.

Pain Points Before Using APISIX

As ZhongAn continues to advance its business, it becomes increasingly clear that several challenges emerge in the realm of ecosystem integration and gateway management.

Limited Ecosystem Integration

ZhongAn Insurance grappled with several significant operational challenges.

• Deployment Across Diverse Environments: The company faced obstacles when deploying the same application or service across different environments.

• Phased Software Release in Production: It also struggled with implementing a gradual release of new software versions in the production environment, which could potentially lead to disruptions and issues.

• Inadequate Isolation Between Environments: The absence of adequate isolation between distinct computing environments or domains created a situation where ensuring seamless functionality became challenging, resulting in possible interference and conflicts.

• Challenges in Multi-Cloud Management: In the context of a multi-cloud environment, managing and resolving issues proved to be an ongoing challenge, impacting the efficiency and reliability of their cloud-based operations.

Unclear Gateway Positioning

The blurring of lines between technology and business within the gateway infrastructure introduces confusion and complications. When the boundaries between the two are not well defined, gateways often become repositories for an excess of business logic. This scenario has not only complicated the gateways' operations but also made them challenging to manage and maintain efficiently.

Multiple Gateway Choices Within ZhongAn

Within ZhongAn, different departments have frequently chosen varying gateway solutions. This diversity has introduced challenges in maintaining a uniform approach throughout the organization, as each gateway typically requires dedicated efforts for development and maintenance, leading to inefficiencies in time and resource management.

Governance Complexities

The diversity of gateways resulted in inconsistent implementation of monitoring, alerting, authentication, and authorization mechanisms. This inconsistency could pose some challenges to maintaining a unified approach to security and operations. Without a standardized governance framework, ensuring seamless operation across the gateways was a complex and demanding task.

Therefore, to address the complex business scenarios and industry-specific characteristics of ZhongAn Insurance, there is a strong need for effective traffic governance on the technical side.

Why ZhongAn Opted for APISIX

In a comprehensive technology selection process, ZhongAn Insurance carefully evaluated a range of renowned open-source products available in the market, including Kong, Traefik, APISIX, and Alibaba Cloud MSE. After careful consideration, the enterprise ultimately chose APISIX, drawn to its distinctive advantages:

• Effective Plugin Management: APISIX provides a flexible and dynamic plugin management system, meaning that ZhongAn can seamlessly add, modify, or remove plugins without requiring system downtime. The ability to hot-reload and update plugins in real time enables them to adapt swiftly to changing business and security requirements.

• High Scalability: APISIX simplifies the process of scaling its infrastructure as the need arises. Whether handling a sudden surge in traffic or accommodating future growth, ZhongAn can efficiently expand its services without grappling with complex and time-consuming configurations. This ease of scalability promotes agility and cost-efficiency.

• Plugin Extensibility: APISIX supports an array of extension plugins, including Lua, Java, Go, Python, and Wasm. This versatility empowers ZhongAn Insurance to select the most suitable technology for specific use cases, ensuring optimal performance and compatibility with their existing systems.

• Excellent Observability: APISIX offers great observability features that enable ZhongAn to gain deep insights into the behavior and performance of the services. The integration with tools like Zipkin, Skywalking, and Prometheus ensures comprehensive monitoring and troubleshooting capabilities, enhancing their ability to maintain high service quality.

• Service Mesh Integration: APISIX's service mesh integration, featuring Apisix-mesh-agent and Lua-centric Envoy-apisix, is a notable advantage. It can enhance ZhongAn's ability to manage and control microservices efficiently, ensuring reliable communication and security in their service ecosystem.

• Active Community: The active APISIX community is a valuable resource for ZhongAn Insurance. The company can benefit from timely support, updates, and issue resolution. In this dynamic technology landscape, having an engaged community can be a key factor in ensuring the reliability and sustainability of their tech stack.

ZhongAn Insurance underscored that, whether they are focusing on long-term enterprise-level planning or immediate strategies, Apache APISIX efficiently aligns with their business requirements.

Implementation of APISIX

Charging Based on Usage for BaaS Products

ZhongAn Insurance is progressively transitioning its core products into a backend-as-a-service (BaaS) model. Since these products offer insurance services with financial attributes, they entail more rigorous deployment requirements, prompting the need for a unified standard that covers both infrastructure products and cloud-based services for measurement and billing.

APISIX's authentication service plays an important role in providing real-name verification and vital auditing functionalities. This function ensures that all in-house products at ZhongAn Insurance align with the regulatory requirements typical of financial reporting. Besides, the robust logging capabilities of Apache APISIX enable comprehensive tracking of all internal transactions within the organization, including metrics like call frequencies and associated costs.

ZhongAn Insurance has also harnessed APISIX to present crucial metrics, gaining a good command of parameters such as API calls and peak usage. These metrics facilitate the calculation of peak audits through billing formulas.

The configuration center operates on layer 7 protocols, seamlessly integrating them into the measurement and billing system, which includes ElasticSearch (ES) and APISIX. In practical terms, this entails defining actions within the current APISIX structure to meet various company-specific business requirements and leveraging APISIX plugins to effectively implement orchestration capabilities.

Traffic Isolation Across Multi-Tenancy and Channels

With its extensive array of insurance products and diverse distribution channels, ZhongAn Insurance has identified a critical need for multi-tenant and multi-channel traffic isolation. Harnessing the power of APISIX, the company has gained unprecedented precision in controlling traffic, a capability that is indispensable in the dynamic landscape of internet-based insurance.

In some cases, when a project is big and has a significant flow of traffic within its channels, a dedicated cluster is set up for each channel. However, for smaller projects with lower overall channel traffic, the approach is to try merging these smaller channels into a single gateway entity or instance for shared usage.

Due to variations in integration processes and different upstream and downstream requirements, each application's integration leads to the creation of a unique domain name. This form of isolation, as depicted in the structure below, is referred to as first-level isolation.

Following the channel integration, there is a subsequent need for specific operations. Despite similar procedures, the subsequent phase demands distinct business control capabilities, distinct from first-level isolation. This scenario calls for the implementation of second-level isolation for channels, as indicated in the diagram.

By deploying a combination of first-level and second-level isolation, ZhongAn Insurance has successfully tackled the challenge of traffic isolation within its multi-tenant, multi-channel gateway environment.

Achievements After Using APISIX

Comprehensive Traffic Governance

With APISIX at the core of its strategy, ZhongAn Insurance has seamlessly integrated comprehensive traffic governance into its operations. Beyond its role in production traffic management, APISIX is now an essential component across the entire DevOps lifecycle. This holistic approach enables them to evaluate testing capabilities and support multi-version development during the testing phase, ensuring a cohesive and efficient traffic governance process that spans every operational stage.

Improved Traffic Monitoring and Analysis

APISIX empowers ZhongAn Insurance to meticulously record and replay traffic in their production environment, facilitating a nuanced understanding of traffic patterns. This functionality contributes to their ability to optimize system performance and efficiently address any emerging issues, enhancing the overall stability and performance of their infrastructure.

Enhanced Data Quality and Security

By harnessing APISIX, ZhongAn Insurance has implemented secure sandbox environments designed for the evaluation of improved models and domain isolation. This strategic step ensures a protected area for testing and deploying new models, all without any adverse effects on their live production environment. This approach underlines their dedication to comprehensive testing and data-environment safety.

Summary

ZhongAn Insurance is navigating the challenge of scaling up its operations across various departments as it plans for future growth. To facilitate this, ZhongAn is prioritizing cross-departmental collaboration for the deployment of Apache APISIX within their framework. It also aims to integrate APISIX with Nacos to establish a unified management system, ensuring efficient microservice routing and enhanced capabilities for their BaaS platform. Additionally, due to rapid business expansion, ZhongAn is exploring external service mesh products like APISIX Service Mesh and the combination of APISIX with etcd to meet their immediate deployment requirements.

Throughout the process of traffic management and execution planning, ZhongAn Insurance has remained steadfast in its reliance on the Apache APISIX architecture for comprehensive traffic control. This strategic choice has not only addressed longstanding business challenges but has also yielded impressive results in terms of BaaS product billing and traffic isolation. In the future, Apache APISIX will continue to be instrumental in assisting ZhongAn Insurance as they work towards complete and effective traffic management, thereby advancing traffic control and security governance in the realm of internet-based insurance.