Customer Stories / Financial Services / Netherlands

2024
NN-Group Logo

Building an Enterprise-Level Managed Kubernetes Platform Using Amazon EKS with NN-Group

Learn how NN-Group transformed developer operations and enhanced scalability using Amazon EKS.

99%

change success rate in deployments for CI/CD

2.5

hours average time to production

2,000+

systems and applications managed by Container Platform v2

600+

annual deployments achieved with the new system

10

machine learning inference points deployed

Overview

NN-Group is an international financial services company, active in 11 countries, with a strong presence in Japan and throughout Europe. With a rich history that dates back over 175 years, the company provides retirement services, pensions, insurance, banking, and investments to approximately 19 million customers worldwide. To deliver cutting-edge services, NN-Group built NN Container Platform v1 (CPv1), a collection of infrastructure and open-source tools that provides a centralized interface for developers to deploy and manage applications on Kubernetes.

However, CPv1 lacked the scalability that NN-Group required. So its Container Platform Team chose to redesign the service using Amazon Web Services (AWS), creating CPv2: a managed solution that streamlines the deployment and management of containerized applications yet aims to be more than just a container runtime. Through this project, NN-Group achieved high availability for its mission-critical applications while boosting developer productivity.
 

Financial Services Image

Opportunity | Using Amazon EKS to Enhance Availability and Developer Autonomy for NN-Group

NN-Group wants to be known for its customer engagement, talented people, and contribution to society. The company has a strategic commitment to become a digital and data-driven organization. For NN-Group, it is essential to prioritize standardization, simplification, and automation within its technology landscape without losing focus on better serving its customers.

NN-Group’s Container Platform Team empowers the company’s engineers by offering them a highly scalable, managed Kubernetes platform that integrates key technologies that adhere to internal security and compliance standards. It is the team’s responsibility to validate that compute resources are provisioned, policy management is taken care of, security integrations are done, and operational metrics and dashboards are available.

Initially, the team created CPv1 to help developers standardize their ways of working. Developers used this managed solution to deploy applications and systems using their preferred cloud services, including Amazon Elastic Kubernetes Service (Amazon EKS), the most trusted way to start, run, and scale Kubernetes.

Over time, CPv1 became increasingly complex as developers introduced different programming languages to its platform as well as new third-party and open-source solutions. CPv1 also lacked the scalability required to accommodate these extensive customization options. Deployments would often take days to pass through the continuous integration/continuous deployment (CI/CD) pipeline and, in some cases, they would fail.

To prepare for the future, NN-Group needed to modernize the way that its developers manage and deploy applications to Kubernetes. So it began to explore a redesign of CPv1 that would make it more scalable, modular, extensible, and efficient.
 

kr_quotemark

With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications.”

Laurens Noodelijk
Product Owner, Container Platform Team, NN-Group

Solution | Achieving a 99 Percent Deployment Success Rate for CI/CD While Enhancing Developer Efficiency

In 2021, NN-Group began to build CPv2. This solution relies on Amazon EKS to run Kubernetes environments on AWS, which are used to host and scale critical business applications. Developers have access to a managed Amazon EKS Kubernetes cluster. Here, they have the choice to either run their workload on Karpenter-provisioned Amazon Elastic Compute Cloud (Amazon EC2) nodes—which provide secure and resizable compute capacity—or use Amazon EKS on AWS Fargate, a serverless, pay-as-you-go compute engine. Both options can be used in parallel within the same environment.

The NN-Group Container Platform Team uses AWS Cloud Development Kit (AWS CDK), a service used to define cloud application resources, to deploy and manage the platform stack and implement guardrails for operational security and compliance. “We’re not shipping a lightweight microservice to AWS; we’re creating an entire Kubernetes environment and pipeline that is written from the same codebase,” says Gijs van Renswoude, developer for the Container Platform Team at NN-Group. “Every developer on our team can generate a complete copy of that environment in 20 minutes and test it in 2 minutes.”

To enhance the functionality and manageability of CPv2, NN-Group has adopted a range of Amazon EKS add-ons. These add-ons simplify the deployment, scaling, and management of Kubernetes applications by integrating directly into the Amazon EKS environment. For example, Amazon VPC CNI, CoreDNS, and kube-proxy are used for networking. Amazon EBS CSI and Amazon EFS CSI drivers provide storage for Kubernetes clusters. “The advantages of Amazon EKS add-ons are twofold,” says Laurens Noodelijk, product owner for the Container Platform Team at NN-Group. “First, we do not have to manage them. AWS takes care of all the networking complexity. In turn, this empowers us to focus on higher-level tasks.”

CPv2 is used to manage 50 Amazon EKS clusters and about 1,800 nodes. In total, between 200 and 250 developers interact with the service daily, managing over 2,000 applications and systems. These include Seldon, an MLOps application that the service uses to host 10 machine learning inference models, with more to follow. Seldon simplifies the process of bringing these models to production by providing an integrated environment for their deployment, lifecycle, and monitoring. These models are key for the company’s AI-driven digital services and competitive advantage. “Our current setup runs Seldon very well,” says Noodelijk. “It requires several complex add-ons that we have been able to provision in a modular way on AWS.”

To keep these applications secure, NN-Group adopted Amazon GuardDuty, a threat detection service, for continuous monitoring and actionable alerts on security events. To track the health and performance of the applications and the Kubernetes environment, the company adopted Amazon CloudWatch, which observes and monitors resources and applications. The company also uses Karpenter to identify when nodes need to be replaced. (See figure 1, NN-Group’s CPv2 Architecture.)

After migrating from CPv1 to CPv2, the Container Platform Team achieved over 600 annual deployments with a 99 percent change success rate for CI/CD, and it decreased its average time to production to 2 hours and 22 minutes. With the combination of Bottlerocket and Karpenter, NN-Group can also perform security patches for its operating system in hours instead of days. “Previously, we had to manually deploy new Amazon machine images, which took days,” says Noodelijk. “Now a patch is automatically implemented whenever it becomes available.”

Architecture Diagram

Figure 1. NN-Group's CPv2 Architecture

Click to enlarge for fullscreen viewing. 

Outcome | Facilitating Faster Innovation at Scale with Machine Learning and Customer Insights

Using CPv2, NN-Group improved its ability to deploy and manage cutting-edge applications. The company is now shifting its focus to machine learning, aiming to bring the Seldon solution to production by the end of June 2024. With the scalable and adaptable infrastructure provided by CPv2, the company will be well-equipped to support its developers’ evolving projects and innovations.

“With CPv2 on AWS, we provide our developers with a foundational control plane to run different types of applications and systems,” says Noodelijk. “We provide a universal, scalable, and extensible cloud-based API that can cater to the most exotic use cases that we can think of.”
 

About NN-Group

NN-Group is an international financial services company active in 11 countries, with a strong presence in a number of European countries and Japan. Its roots lie in the Netherlands, and its rich history stretches back over 175 years.

AWS Services Used

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service to run Kubernetes in the AWS cloud and on-premises data centers.

Learn more »

AWS Fargate

AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers.

Learn more »

AWS Cloud Development Kit (AWS CDK)

AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.

Learn more »

Amazon GuardDuty

Amazon GuardDuty combines ML and integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.

Learn more »

More Financial Services Customer Stories

Showing results: 21-24
Total results: 506

no items found 

  • India

    Protium drives innovation in the cloud with AWS

    This case study highlights how Protium, a renewable energy company, used AWS to build a cloud-based platform that helps manage and optimize their energy assets.
    2023
  • Chile

    Breaking Barriers in FinTech: Generative AI Solutions Help Bolsa de Productos de Chile Optimizes Invoicing Processes

    Bolsa de Productos de Chile had to manually review up to 2,000 invoices per day, proving to be too much to handle which could also cause errors. They partnered up with AWS Partner Morris & Opazo and Amazon Web Services (AWS) to help implement an generative AI-powered solution called Puerto X Monitor to automate invoice validation and reduce operational risk. The results featured a reduced need for large teams of industry experts as well as improved risk management and help to validate over 1 million invoices to date.

    2025
  • Europe, Middle East, & Africa

    TP ICAP on AWS

    Liquidity and data solutions specialist TP ICAP is trusted by clients worldwide for its market intelligence, data and analytics, and broking services. The company has moved 50 percent of its IT estate to Amazon Web Services, giving it the scale and security to run critical financial trading platforms as well as accelerating decarbonization and supporting its commitment to sustainability. By using the latest generative artificial intelligence solutions such as Amazon Bedrock, TP ICAP’s Parameta Solutions is transforming how its teams put new ideas into action.
    2024
  • United States

    Coinbase Boosts Efficiency and Accelerates Development by Collaborating with AWS

    Discover how Coinbase works with AWS experts to drive cost savings, scalability, reliability, and accelerated development.
    2024
1 127

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.