IAM tools help Oracle Red Bull Racing keep pace with strict F1 regs
Oracle Red Bull Racing massively improved the efficiency of its aerodynamics testing procedures after implementing new identity technology from 1Password. Learn more about this unlikely link
As countless case studies published on Computer Weekly have shown through the years, every minute and every penny that a Formula 1 team is spending on research, development and testing is precious and only grudgingly wasted.
In a cost-capped sport that is as much an engineering competition as it is one of driver skill, victory – whether in the drivers’ or constructors’ championships – often comes down to the finest of margins.
This season, the world of F1 is also dealing with a once-in-a-decade overhaul of the sporting regulations that have essentially forced a ground-up redesign of its cars. For some, like Mercedes-AMG Petronas, this has paid off big time. But for Oracle Red Bull Racing, the past few weeks have been rough ones.
The team’s drivers, former world champ Max Verstappen and his new partner Isack Hadjar, may not have much to show for it as they head to Miami for the fourth round of the season, but at HQ in Milton Keynes, its engineers are working flat out and morale is good.
When it comes to testing parts and components in its wind tunnel, a recent engagement with identity and access management specialist 1Password is paying dividends, with the team’s technicians now able to work much more efficiently.
In a world like cyber security, success can be hard to quantify. Sometimes it can even be dangerous to say too much, lest you speak candidly and give a watching threat actor something to go on. But in this instance, Oracle Red Bull Racing can definitively state that after adopting 1Password, it has slashed its wind tunnel recovery time from an hour to two minutes – that’s a cut of 97% – during the test and development process.
But why is that the statistic we’re running with? And how does identity and access management (IAM) technology apply to wind tunnels? It seems an unlikely link on the surface, but Matt Cadieux, team CIO, explains why it matters.
“The guys who are developing and improving the tunnel and its software push boundaries. The models are bigger, the complexity is bigger, and sometimes when you’re running that load for the first time, the infrastructure is not capable enough,” says Cadieux. “Probably once a every few months we have an outage, and it’s largely due to pushing boundaries with our tools and methods.”
A challenging customer
Ian Brunton heads up software development at Oracle Red Bull Racing’s Aerodynamics team. He takes up the story.
“The people I work with are essentially responsible for writing the software used across the teams of engineers that design the car. We plug into commercial CAD [Computer Aided Design] packages and tie them up to the CFD [Computational Fluid Dynamics] estate so that we can iterate quickly in those early stages,” he says.
“We also support the wind tunnel … We’re currently building a new wind tunnel here which is a significantly challenging project, but I think will pay a dividend in helping us build, ultimately, the fastest car on the planet.”
Brunton describes his team as challenging customers when it comes to IT. He sets high standards and expectations, and by his own admission is harsh in their application. “We’re aiming to provide high uptime,” he says, “and the last thing we need is any system, regardless of what it is, not operating as it is expected to.”
The need for uptime becomes even more important because the wind tunnel environment is a highly regulated one in terms of the number of hours the team is allowed to do testing, as well as the number of experiments that it can run.
“We basically have an eight-week period in which we have to audit what we’ve done in that period, and we have a budget to use in that period,” says Brunton. “To some extent, the pressure is on – it’s almost worse in the wind tunnel than it is at the track … Generally, at the track, you have components that are well manufactured, you know they’re going to fit together and you have a limited number of options in which to configure and build the car.
“But when you’re at the tunnel, it’s effectively an experiment in what we think is going to add performance. There might be parts that maybe don’t completely fit; engineers are discovering, as they’re going, how to design that part.
“[With] the pressure that those guys are under to build the car in that timeframe, they can’t afford any downtime – [we don’t want to waste] time, or waste runs in terms of that experiment. Losing that budget is criminal in the sense that it has a direct impact on the performance of the car on the track.”
It’s about trying to optimise the amount of time that the people working at the tunnel can focus on just working at the tunnel
Ian Brunton Oracle Red Bull Racing
From Brunton’s perspective, a failure in an inherently complex system – with close to 20 services running across multiple clusters using multiple Kafka topics and different databases, that has caused the tunnel to shut down before completion, wasting time and slows development – is a big problem.
“If something happens and the system needs to be reset, it relies on someone at the tunnel realising there’s a problem and getting on the phone to someone like me – and that can be in the middle of the night because the tunnel runs 24 hours a day – I’ve got to take the call, get onto my machine, figure out the problem and start bringing that system back online,” says Brunton.
In essence, what 1Password enables him to do is to automate returning the systems to a known steady state, so that someone who is technical in terms of car design and engineering but may not know what Kubernetes is or what a SQL database does can effectively hit a big red button and get things moving again.
With 1Password, service restoration is fully automated with Ansible and RunDeck, and a complete redeploy can be triggered in around two minutes with the playbook authenticating via a dedicated, rotatable token to retrieve the secrets it needs at runtime.
“It’s about trying to optimise the amount of time that the people working at the tunnel can focus on just working at the tunnel,” says Brunton.
ID control plane
But the engagement doesn’t begin and end with wind tunnel uptime; the efficiencies go much deeper.
In moving its secrets into 1Password, Oracle Red Bull Racing has created a single, trusted control plane for credentials spanning Kubernetes clusters, environments, namespaces, factory, wind tunnel and simulation workloads.
Developers now access shared vaults with clear ownership and repeatable patterns to make sure that they can retain predictable access during redeployments or workflow changes, while human and automation access are segregated into dedicated vaults with limited user access for critical Kubernetes workloads – this includes Aero clusters and Kubernetes deployments.
The team is now using 1Password’s Kubernetes Operator, authenticated via 1Password Connect Server, to pull values from 1Password items and create Kubernetes secrets for workloads. If items change, the operator can update the secret and trigger a roll-out to allow workloads to pick up the new values.
In Brunton’s Aerodynamics unit alone, for example, five vaults hold almost 100 entries for cluster credentials, SQL passwords, client secrets, access tokens and Windows Virtual Machine (VM) logins. Meanwhile, his colleagues in Vehicle Performance and Powertrains maintain more than 150 entries. Now that new deployments default to 1Password, the two teams can reduce the time they spend coordinating access, limit potentially dangerous ad hoc sharing, and understand what credentials are current when developers are in the process of modifying (or restoring) workloads.
For simulation workflows, Oracle Red Bull Racing is using the 1Password command line interface (CLI) to retrieve SQL connection strings and Microsoft Entra ID credentials to access their needed services. Now that these secrets are centralised, they can replace plaintext credentials with secret references from a shared and governed source instead of having to embed secrets in code or configuration files – another risk.
Since their applications now rely on secret references, this means users can safely change out their credentials and support both safer automation and earlier application programming interface (API) adoption. The results are improved fidelity and capability much earlier in the simulation process, when changes are much easier to manage – and more affordable – than doing it outside of simulation.
Going trackside
“We’re always trying to raise the bar with our cyber posture and credential management,” says Cadieux. “Everyone here is part of a team and tries to do the right thing – and if you tap someone on the shoulder, it usually corrects the behaviour quite quickly – so having early visibility and being able to nip problems in the bud with a simple tap is helpful.”
Having standardised secrets and access across engineering, Oracle Red Bull Racing is now looking to take 1Password trackside. On a given race weekend, it runs multiple advanced Monte Carlo (the mathematical model, not the Grand Prix) simulations to evaluate different scenarios and support on-the-fly strategy decisions.
It is now exploring the application of these same patterns to its Oracle Cloud Infrastructure (OCI)-based trackside systems – including credential and certificate management – through which it can achieve consistent automation at race-day pressure.
Mercedes-AMG Petronas switches from paper guides to incorporate AR designs into its workflow and see quickly how parts form car assemblies resulting in gains in team’s operations that add up to improved performance on the racetrack.
Learn how the technical teams behind Formula One are using Salesforce’s tools to enhance fan activation and engagement at 24 races across the world, and how they are bringing AI into play with Agentforce capabilities.
Read more on Identity and access management products
