Customer Stories / Financial Services / Netherlands
![NN-Group Logo NN-Group Logo](https://d1.awsstatic.com/NN-Group%20Logo.8840043e7f68709e188ec9e5b9b2c54591102150.png)
Building an Enterprise-Level Managed Kubernetes Platform Using Amazon EKS with NN-Group
Learn how NN-Group transformed developer operations and enhanced scalability using Amazon EKS.
99%
change success rate in deployments for CI/CD
2.5
hours average time to production
2,000+
systems and applications managed by Container Platform v2
600+
annual deployments achieved with the new system
10
machine learning inference points deployed
Overview
NN-Group is an international financial services company, active in 11 countries, with a strong presence in Japan and throughout Europe. With a rich history that dates back over 175 years, the company provides retirement services, pensions, insurance, banking, and investments to approximately 19 million customers worldwide. To deliver cutting-edge services, NN-Group built NN Container Platform v1 (CPv1), a collection of infrastructure and open-source tools that provides a centralized interface for developers to deploy and manage applications on Kubernetes.
However, CPv1 lacked the scalability that NN-Group required. So its Container Platform Team chose to redesign the service using Amazon Web Services (AWS), creating CPv2: a managed solution that streamlines the deployment and management of containerized applications yet aims to be more than just a container runtime. Through this project, NN-Group achieved high availability for its mission-critical applications while boosting developer productivity.
![Financial Services Image Financial Services Image](https://d1.awsstatic.com/device-a-image-assets/photos-1200px/Financial-Services-2_Lifestyle_230_1200.1c02a47d9092e4ed19dec4ec14dd2c008cd70d2f.jpg)
Opportunity | Using Amazon EKS to Enhance Availability and Developer Autonomy for NN-Group
NN-Group wants to be known for its customer engagement, talented people, and contribution to society. The company has a strategic commitment to become a digital and data-driven organization. For NN-Group, it is essential to prioritize standardization, simplification, and automation within its technology landscape without losing focus on better serving its customers.
NN-Group’s Container Platform Team empowers the company’s engineers by offering them a highly scalable, managed Kubernetes platform that integrates key technologies that adhere to internal security and compliance standards. It is the team’s responsibility to validate that compute resources are provisioned, policy management is taken care of, security integrations are done, and operational metrics and dashboards are available.
Initially, the team created CPv1 to help developers standardize their ways of working. Developers used this managed solution to deploy applications and systems using their preferred cloud services, including Amazon Elastic Kubernetes Service (Amazon EKS), the most trusted way to start, run, and scale Kubernetes.
Over time, CPv1 became increasingly complex as developers introduced different programming languages to its platform as well as new third-party and open-source solutions. CPv1 also lacked the scalability required to accommodate these extensive customization options. Deployments would often take days to pass through the continuous integration/continuous deployment (CI/CD) pipeline and, in some cases, they would fail.
To prepare for the future, NN-Group needed to modernize the way that its developers manage and deploy applications to Kubernetes. So it began to explore a redesign of CPv1 that would make it more scalable, modular, extensible, and efficient.
![kr_quotemark kr_quotemark](https://d1.awsstatic.com/case-studies/CustomerReferences_QuoteMark.16fc612d9e480eaec3e716161a76c4a71428c86a.png)
With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications.”
Laurens Noodelijk
Product Owner, Container Platform Team, NN-Group
Solution | Achieving a 99 Percent Deployment Success Rate for CI/CD While Enhancing Developer Efficiency
In 2021, NN-Group began to build CPv2. This solution relies on Amazon EKS to run Kubernetes environments on AWS, which are used to host and scale critical business applications. Developers have access to a managed Amazon EKS Kubernetes cluster. Here, they have the choice to either run their workload on Karpenter-provisioned Amazon Elastic Compute Cloud (Amazon EC2) nodes—which provide secure and resizable compute capacity—or use Amazon EKS on AWS Fargate, a serverless, pay-as-you-go compute engine. Both options can be used in parallel within the same environment.
The NN-Group Container Platform Team uses AWS Cloud Development Kit (AWS CDK), a service used to define cloud application resources, to deploy and manage the platform stack and implement guardrails for operational security and compliance. “We’re not shipping a lightweight microservice to AWS; we’re creating an entire Kubernetes environment and pipeline that is written from the same codebase,” says Gijs van Renswoude, developer for the Container Platform Team at NN-Group. “Every developer on our team can generate a complete copy of that environment in 20 minutes and test it in 2 minutes.”
To enhance the functionality and manageability of CPv2, NN-Group has adopted a range of Amazon EKS add-ons. These add-ons simplify the deployment, scaling, and management of Kubernetes applications by integrating directly into the Amazon EKS environment. For example, Amazon VPC CNI, CoreDNS, and kube-proxy are used for networking. Amazon EBS CSI and Amazon EFS CSI drivers provide storage for Kubernetes clusters. “The advantages of Amazon EKS add-ons are twofold,” says Laurens Noodelijk, product owner for the Container Platform Team at NN-Group. “First, we do not have to manage them. AWS takes care of all the networking complexity. In turn, this empowers us to focus on higher-level tasks.”
CPv2 is used to manage 50 Amazon EKS clusters and about 1,800 nodes. In total, between 200 and 250 developers interact with the service daily, managing over 2,000 applications and systems. These include Seldon, an MLOps application that the service uses to host 10 machine learning inference models, with more to follow. Seldon simplifies the process of bringing these models to production by providing an integrated environment for their deployment, lifecycle, and monitoring. These models are key for the company’s AI-driven digital services and competitive advantage. “Our current setup runs Seldon very well,” says Noodelijk. “It requires several complex add-ons that we have been able to provision in a modular way on AWS.”
To keep these applications secure, NN-Group adopted Amazon GuardDuty, a threat detection service, for continuous monitoring and actionable alerts on security events. To track the health and performance of the applications and the Kubernetes environment, the company adopted Amazon CloudWatch, which observes and monitors resources and applications. The company also uses Karpenter to identify when nodes need to be replaced. (See figure 1, NN-Group’s CPv2 Architecture.)
After migrating from CPv1 to CPv2, the Container Platform Team achieved over 600 annual deployments with a 99 percent change success rate for CI/CD, and it decreased its average time to production to 2 hours and 22 minutes. With the combination of Bottlerocket and Karpenter, NN-Group can also perform security patches for its operating system in hours instead of days. “Previously, we had to manually deploy new Amazon machine images, which took days,” says Noodelijk. “Now a patch is automatically implemented whenever it becomes available.”
Architecture Diagram
Outcome | Facilitating Faster Innovation at Scale with Machine Learning and Customer Insights
Using CPv2, NN-Group improved its ability to deploy and manage cutting-edge applications. The company is now shifting its focus to machine learning, aiming to bring the Seldon solution to production by the end of June 2024. With the scalable and adaptable infrastructure provided by CPv2, the company will be well-equipped to support its developers’ evolving projects and innovations.
“With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications and systems,” says Noodelijk. “We provide a universal, scalable, and extensible cloud-based API that can cater to the most exotic use cases that we can think of.”
About NN-Group
NN-Group is an international financial services company active in 11 countries, with a strong presence in a number of European countries and Japan. Its roots lie in the Netherlands, and its rich history stretches back over 175 years.
AWS Services Used
Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service to run Kubernetes in the AWS cloud and on-premises data centers.
AWS Fargate
AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers.
Learn more »
AWS Cloud Development Kit (AWS CDK)
AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.
Amazon GuardDuty
Amazon GuardDuty combines ML and integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.
Learn more »
More Financial Services Customer Stories
Total results: 502
no items found
-
United States
Affirm Reduces Manual Security Response…
Affirm is a payment network that empowers consumers and helps merchants drive growth through flexible and transparent financing options. The company wanted to streamline its security operations program to address manual triage, decentralized tooling, and increasing alert fatigue. AWS Partner Expel offered a managed detection and response (MDR) service that integrated seamlessly with Affirm’s Amazon Web Services (AWS) environment. Expel MDRTM centralizes monitoring, automates routine tasks, and enhances detection and response workflows Expel reduced the volume of security alerts fielded by engineers by 50 percent and helped Affirm scale the foundations of its security operations program efficiently.
-
United States
MarketReader Launches Its Real-Time Market…
MarketReader is an artificial intelligence (AI) analytics platform providing the financial sector with data-driven explanations of real-time asset movement. During development, MarketReader experienced delays in data delivery and received incomplete datasets from its initial data provider—which reduced the quality of the platform’s insights. To launch its differentiated product, the MarketReader team moved to cloud-based data solutions from AWS Partner Nasdaq, hosted on Amazon Web Services (AWS), to obtain direct access to high-quality, real-time market data for all US-listed securities. This approach elevated MarketReader’s US market coverage, increased data delivery time by 98 percent, and helped the platform go live within eight months. MarketReader now delivers timely, accurate insights. It publishes a daily newsletter in only seven minutes, driving customer engagement and expanding the newsletter’s reach up to 400 percent beyond MarketReader’s current client base.
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.