In few industries are the requirements for security and traceability as demanding as in BaFin-regulated sectors. Whether VAIT, DORA, or ISO 27001, regulatory frameworks impose clearly defined processes, documentation requirements, and response times. Unsurprisingly, IT plays a central role in meeting these obligations. However, while compliance discussions often focus on data storage, server location, authentication, and similar topics, one critical area receives far less attention: infrastructure. Yet this is precisely where decisive measures can be implemented to significantly reduce the workload for administrators, IT management, compliance teams, and executive leadership alike.
The WERTGARANTIE Group faced exactly this situation when it began searching for a way to manage its rapidly growing infrastructure—now comprising more than 400 Linux servers—more efficiently. The company used this opportunity to fundamentally reassess dependencies within its server landscape and ultimately decided to move entirely to open source solutions.
The Company
The WERTGARANTIE Group is a group of specialist insurers and warranty service providers in eight European countries that has grown over more than 60 years. Around 8.4 million customers use the products of the insurance group, which is headquartered in Hanover. The group insures household and consumer electronics, bicycles, e-bikes and e-scooters, eyeglasses, hearing aids, smart home systems, and home wiring. Over 1,300 employees work for the Wertgarantie Group. More than 7,200 specialist retailers are partners.
To ensure that this infrastructure runs smoothly, the Technical Management department ensures the stable operation of around 400 Linux servers that form the digital backbone of the company—from internal databases to security-critical services.
The Challenge: Efficiency Under Regulatory Pressure
In highly regulated IT environments such as insurance companies, patch and update management is no longer merely a technical task—it is a compliance issue. Any unpatched vulnerability represents not only a security risk, but potentially a violation of regulatory requirements.
At WERTGARANTIE, this previously involved a high degree of manual effort. An outdated Spacewalk server formed the basis of repository management, supplemented by custom scripts and manual verification processes. The biggest challenge was the heterogeneous server landscape, which included Debian, Ubuntu, and Oracle Linux. Common open-source tools such as Foreman or Katello could not fully support this environment—particularly when it came to managing Oracle databases.
The Turning Point: From Manual Work to Automation
The goal was clear: centralization, automation, and transparency.
“I’ve been using Foreman for many years,” says Onno Siebrecht, Technical Manager at WERTGARANTIE. “But we reached our limits in our Oracle Linux environment. orcharhino was the logical choice for us—a solution that supports both Debian and Oracle Linux equally well.”
Developed by ATIX AG, orcharhino is a platform for server automation, patch management, and lifecycle management built on established open-source components such as Foreman, Katello, and Pulp. It enables centralized management of heterogeneous Linux environments, internal provisioning of software packages, and automated deployment of security updates—regardless of whether systems are based on Debian, Ubuntu, Red Hat, or Oracle Linux. For organizations with high demands for transparency, traceability, and IT governance, orcharhino is far more than an administrative tool.
It becomes a central control hub that connects efficiency, security, and compliance.
With orcharhino, WERTGARANTIE was able to replace two separate patch management systems. Instead of redundant processes, the company now operates a single, unified platform for all Linux distributions—fully on-premises, highly secure, and integrated into the existing VMware and Docker environment.
Today, orcharhino serves as the central repository and patch management system. All Linux systems retrieve their packages internally, are updated automatically, and can be patched quickly and selectively in the event of critical security vulnerabilities. Local caching minimizes bandwidth usage and external network connections—an important factor in an industry subject to strict data protection requirements.
One particularly valuable feature is the integrated role-based access control, which allows employees without direct system responsibility to view version and patch levels. This significantly improves audit readiness in accordance with ISO 27001.
The Solution in Practice
“orcharhino has completely changed the way we work,” says Siebrecht.
“We not only save time and resources, but we finally have a clear overview of all systems and package versions. Checking for security vulnerabilities now takes minutes instead of hours.”
WERTGARANTIE also integrates Ansible into orcharhino as a powerful automation tool. New servers can be deployed faster, and projects can be completed more quickly with the same team size. In the background, the system ensures that all components remain up to date, compliant, and fully documented—an invaluable advantage in a regulated IT environment.
By combining automation and compliance, WERTGARANTIE achieves what many organizations struggle with: ensuring security, speed, and traceability at the same time.
Added Value: Technology as a Compliance Enabler
In an environment where evidence, audit trails, and standardized processes are mandatory, automation becomes a strategic instrument. orcharhino helps WERTGARANTIE view regulatory requirements not as obstacles, but as drivers of quality.
Its reporting capabilities provide complete transparency, while standardized workflows make compliance with legal requirements fully traceable and auditable. As a result, orcharhino becomes far more than a tool—it is a compliance platform that combines technical excellence with regulatory assurance.
The platform supports multiple Linux distributions—from Debian and Ubuntu to Oracle Linux—offering maximum technological flexibility. This independence is not only a strategic advantage, but also a clear expression of control and transparency over the company’s own infrastructure. In an industry where regulatory requirements and security policies heavily influence technology choices, this means WERTGARANTIE retains full autonomy in selecting its systems, without dependency on external vendors or licensing models. This strengthens the company’s ability to act independently and ensures that technology decisions always align with its compliance and security objectives.
Outlook: Deeper Integration Ahead
The “Auto-Update” project led by Onno Siebrecht and his team exemplifies this strategic direction. Step by step, orcharhino is expected to take over the automated creation and deletion of virtual machines—up to the complete provisioning of a production-ready instance from a single centralized system.
In addition, tighter integration with the existing log management and SIEM system (Elastic Stack) is planned to enable even more precise tracking of security-relevant events.
From Server Landscape to “Compliance Infrastructure”
The WERTGARANTIE Group demonstrates that modern IT in the insurance sector is about more than operational stability—it is compliance infrastructure. With orcharhino, the company has taken a decisive step toward aligning security, efficiency, and compliance.
Where manual processes and regulatory hurdles once shaped daily operations, there is now an automated, audit-ready, and highly available platform. A clear example of how automation can become the key to regulatory excellence—and a genuine competitive advantage.
