Customer Stories / Financial Services / Netherlands

2024
NN-Group Logo

Building an Enterprise-Level Managed Kubernetes Platform Using Amazon EKS with NN-Group

Learn how NN-Group transformed developer operations and enhanced scalability using Amazon EKS.

99%

change success rate in deployments for CI/CD

2.5

hours average time to production

2,000+

systems and applications managed by Container Platform v2

600+

annual deployments achieved with the new system

10

machine learning inference points deployed

Overview

NN-Group is an international financial services company, active in 11 countries, with a strong presence in Japan and throughout Europe. With a rich history that dates back over 175 years, the company provides retirement services, pensions, insurance, banking, and investments to approximately 19 million customers worldwide. To deliver cutting-edge services, NN-Group built NN Container Platform v1 (CPv1), a collection of infrastructure and open-source tools that provides a centralized interface for developers to deploy and manage applications on Kubernetes.

However, CPv1 lacked the scalability that NN-Group required. So its Container Platform Team chose to redesign the service using Amazon Web Services (AWS), creating CPv2: a managed solution that streamlines the deployment and management of containerized applications yet aims to be more than just a container runtime. Through this project, NN-Group achieved high availability for its mission-critical applications while boosting developer productivity.
 

Financial Services Image

Opportunity | Using Amazon EKS to Enhance Availability and Developer Autonomy for NN-Group

NN-Group wants to be known for its customer engagement, talented people, and contribution to society. The company has a strategic commitment to become a digital and data-driven organization. For NN-Group, it is essential to prioritize standardization, simplification, and automation within its technology landscape without losing focus on better serving its customers.

NN-Group’s Container Platform Team empowers the company’s engineers by offering them a highly scalable, managed Kubernetes platform that integrates key technologies that adhere to internal security and compliance standards. It is the team’s responsibility to validate that compute resources are provisioned, policy management is taken care of, security integrations are done, and operational metrics and dashboards are available.

Initially, the team created CPv1 to help developers standardize their ways of working. Developers used this managed solution to deploy applications and systems using their preferred cloud services, including Amazon Elastic Kubernetes Service (Amazon EKS), the most trusted way to start, run, and scale Kubernetes.

Over time, CPv1 became increasingly complex as developers introduced different programming languages to its platform as well as new third-party and open-source solutions. CPv1 also lacked the scalability required to accommodate these extensive customization options. Deployments would often take days to pass through the continuous integration/continuous deployment (CI/CD) pipeline and, in some cases, they would fail.

To prepare for the future, NN-Group needed to modernize the way that its developers manage and deploy applications to Kubernetes. So it began to explore a redesign of CPv1 that would make it more scalable, modular, extensible, and efficient.
 

kr_quotemark

With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications.”

Laurens Noodelijk
Product Owner, Container Platform Team, NN-Group

Solution | Achieving a 99 Percent Deployment Success Rate for CI/CD While Enhancing Developer Efficiency

In 2021, NN-Group began to build CPv2. This solution relies on Amazon EKS to run Kubernetes environments on AWS, which are used to host and scale critical business applications. Developers have access to a managed Amazon EKS Kubernetes cluster. Here, they have the choice to either run their workload on Karpenter-provisioned Amazon Elastic Compute Cloud (Amazon EC2) nodes—which provide secure and resizable compute capacity—or use Amazon EKS on AWS Fargate, a serverless, pay-as-you-go compute engine. Both options can be used in parallel within the same environment.

The NN-Group Container Platform Team uses AWS Cloud Development Kit (AWS CDK), a service used to define cloud application resources, to deploy and manage the platform stack and implement guardrails for operational security and compliance. “We’re not shipping a lightweight microservice to AWS; we’re creating an entire Kubernetes environment and pipeline that is written from the same codebase,” says Gijs van Renswoude, developer for the Container Platform Team at NN-Group. “Every developer on our team can generate a complete copy of that environment in 20 minutes and test it in 2 minutes.”

To enhance the functionality and manageability of CPv2, NN-Group has adopted a range of Amazon EKS add-ons. These add-ons simplify the deployment, scaling, and management of Kubernetes applications by integrating directly into the Amazon EKS environment. For example, Amazon VPC CNI, CoreDNS, and kube-proxy are used for networking. Amazon EBS CSI and Amazon EFS CSI drivers provide storage for Kubernetes clusters. “The advantages of Amazon EKS add-ons are twofold,” says Laurens Noodelijk, product owner for the Container Platform Team at NN-Group. “First, we do not have to manage them. AWS takes care of all the networking complexity. In turn, this empowers us to focus on higher-level tasks.”

CPv2 is used to manage 50 Amazon EKS clusters and about 1,800 nodes. In total, between 200 and 250 developers interact with the service daily, managing over 2,000 applications and systems. These include Seldon, an MLOps application that the service uses to host 10 machine learning inference models, with more to follow. Seldon simplifies the process of bringing these models to production by providing an integrated environment for their deployment, lifecycle, and monitoring. These models are key for the company’s AI-driven digital services and competitive advantage. “Our current setup runs Seldon very well,” says Noodelijk. “It requires several complex add-ons that we have been able to provision in a modular way on AWS.”

To keep these applications secure, NN-Group adopted Amazon GuardDuty, a threat detection service, for continuous monitoring and actionable alerts on security events. To track the health and performance of the applications and the Kubernetes environment, the company adopted Amazon CloudWatch, which observes and monitors resources and applications. The company also uses Karpenter to identify when nodes need to be replaced. (See figure 1, NN-Group’s CPv2 Architecture.)

After migrating from CPv1 to CPv2, the Container Platform Team achieved over 600 annual deployments with a 99 percent change success rate for CI/CD, and it decreased its average time to production to 2 hours and 22 minutes. With the combination of Bottlerocket and Karpenter, NN-Group can also perform security patches for its operating system in hours instead of days. “Previously, we had to manually deploy new Amazon machine images, which took days,” says Noodelijk. “Now a patch is automatically implemented whenever it becomes available.”

Architecture Diagram

Figure 1. NN-Group's CPv2 Architecture

Click to enlarge for fullscreen viewing. 

Outcome | Facilitating Faster Innovation at Scale with Machine Learning and Customer Insights

Using CPv2, NN-Group improved its ability to deploy and manage cutting-edge applications. The company is now shifting its focus to machine learning, aiming to bring the Seldon solution to production by the end of June 2024. With the scalable and adaptable infrastructure provided by CPv2, the company will be well-equipped to support its developers’ evolving projects and innovations.

“With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications and systems,” says Noodelijk. “We provide a universal, scalable, and extensible cloud-based API that can cater to the most exotic use cases that we can think of.”
 

About NN-Group

NN-Group is an international financial services company active in 11 countries, with a strong presence in a number of European countries and Japan. Its roots lie in the Netherlands, and its rich history stretches back over 175 years.

AWS Services Used

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service to run Kubernetes in the AWS cloud and on-premises data centers.

Learn more »

AWS Fargate

AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers.

Learn more »

AWS Cloud Development Kit (AWS CDK)

AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.

Learn more »

Amazon GuardDuty

Amazon GuardDuty combines ML and integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.

Learn more »

More Financial Services Customer Stories

Showing results: 13-16
Total results: 506

no items found 

  • United Kingdom

    Mortgage Advice Bureau and BJSS Accelerate Complaints Process Using AWS

    Mortgage Advice Bureau (MAB) is an established, multi-award winning, UK mortgage intermediary that provides advice, both through its own branded brokers and through other brokers. It processes about 12,000 mortgages a month and receives around 400 complaints per year. Those complaints, however, are a serious matter, because MAB is regulated by the UK’s Financial Conduct Authority (FCA), whose Financial Ombudsman is the last resort for disputes. MAB wanted to ensure that it could resolve complaints in a timely manner and before they were escalated to the Financial Ombudsman. It engaged AWS Partner BJSS to help build a solution using AI on Amazon Web Services (AWS) to speed up the processing of complaints, reducing initial response times by 75 percent.

    2025
  • Thailand

    Pi Securities Uses Amazon QuickSight to Develop Advanced BI and CRM Tool

    Pi Securities, leading brokerage company based in Thailand, developed Pi Financial, an application that allows investors to securely trade and manage their assets with ease, all while keeping track of their portfolio growth and achieving their financial goals, after migrating to AWS.

    2024
  • India

    Deriv Reduces Trading Latency by 50% with AWS Global Accelerator

    Learn how Deriv used AWS Global Accelerator to reduce latency by 50% and enhance data protection for secure, reliable trading in remote markets.
    2024
  • Singapore

    AXS Singapore Accelerates Innovation Using AWS, Launching AXS Drive App in 24 Weeks

    Learn how the Singapore-based multi-channel payment solutions provider modernized its infrastructure on AWS, rolling out the innovative app and positioning itself for strategic growth across Southeast Asia.
    2024
1 127

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.