Binx introduced a faster, cheaper and more secure way to manage cloud accounts across the Knab organization. This resulted in a significant reduction of time needed to create new accounts and introduced unprecedented flexibility for Knab to develop new innovations on Amazon Web Services.
This initiative had quite some impact on our engineering team. Binx brought experience and know-how to get the job done. Their pragmatic approach and knowledge-sharing mentality give them the edge Knab is looking for.
Technical DetailsAWS Finance
“Being an online bank requires secure, scalable and easy maintainable infrastructure. Knab had the ambition to provide everyone within the organization with easy access to AWS features. To do so, Knab needs an environment that is optimized for performance, efficiency, cost management, reliability, and security”, introduces Peter Zuiddam, head of system engineering at Knab.
Before the start of the initiative, the rollout of stacks was done in various ways. This process needed to be standardized and improved. Teams had different ways of deploying infrastructure and software on numerous developer machines. For the next steps, Knab had the need for a standard way of working including reviewing and publishing to live environments.
The Data Lake was already running on Amazon Web Service, but used a third-party solution. In practice, this solution did not provide the desired flexibility and performance while seeing cost- and security-optimizations at the same time. On top of this, Knab knew that workspaces were not optimally functioning.
“We asked AWS Advanced Partner Binx to improve the AWS environment by working closely together with our teams by becoming integral parts of it. We had already worked together in the past, so I knew that Binx could get the job done, and they would share knowledge with our teams along the way”, Zuiddam explains.
Making Accounts Available in a Structured Way
To standardize the rollout of new Cloud accounts, Binx suggested introducing an Account Vending Machine (AVM). The objective of the AVM is to provision accounts that are fully compliant with all regulations imposed on financial institutions. The accounts are deployed using infrastructure-as-code best-practices, standard tooling for pipelines and with all the infrastructure-code centralised.
The AVM provides the Agile teams with immediate access to third-party solutions, like machine learning analysis and Cloud Security Posture Management, as well as pre-configured AWS Services.
Integrating With the CI/CD Process
Binx Cloud Engineer Thijs de Vries operated as a full team member in the Knab Platform-team. “To create a fluent workflow we helped integrate AWS with a platform that covers the entire application lifecycle, and enables DevOps. The Platform Team creates the accounts for a so-called Initiative.”
Each initiative has its own requirements regarding connectivity between the on-prem environment and/ or other external providers. “To keep the network secure, a network landing zone has been created which will manage all incoming and outgoing traffic. This way, all network configurations are managed in one place while being able to monitor the traffic for anomalies”, said de Vries. Each change is tracked in source control and reversible if needed.
To realize their ambitions of an optimal cloud environment including optimal functioning workspaces, Knab decided to migrate its data lake from a third-party managed solution to an in-house and fully automated platform. They asked Binx to design and setup a faster, cheaper and more secure environment on Knab’s cloud platform, in close cooperation with the data lake team.
Thanks to AVM it is possible to manage dozens of accounts in parallel and to manage the account life cycle management more efficiently. With the new data lake, Knab runs a cloud environment that is cheaper, faster and more secure. The virtual server based architecture has been replaced by a serverless and fully infrastructure-as-code based design, resulting in a faster and more scalable environment. Data can be analysed much faster, for less money.
Knab IT Platform engineers have different demands. If they run machine learning analytics, CSPM production-ready, they can now create clusters of servers that they can easily re-architect to get a failsafe set up for their specific process, including backup and recovery strategy.
“After the migration, the roll-out of new AWS accounts for the different types of users within Knab has been converted into a straightforward process. This has led to a more efficient and flexible process, increasing our innovation capabilities”, concludes Zuiddam.
“If for example Knab employees want to make forecasts, and make informed decisions on sizing & costs for Knab projects, they can easily get a list of accounts on the platform. They can then add budgets to these lists to report on costs and performance.”
Download the Whitepaper “Cloud Migration Scenarios” including more customer stories
About the customer
Knab is just a little different from other banks. Knab wants to make people financially smarter. They put the customer first in everything they do.