Industry Use Cases of Amazon Kubernetes Service(AKS)

What is AKS?

Azure Kubernetes Service (AKS) is a fully-managed service that allows you to run Kubernetes in Azure without having to manage your own Kubernetes clusters. Azure manages all the complex parts of running Kubernetes, and you can focus on your containers

Why Use Kubernetes?

  • Container Orchestration: Without container orchestration, If a container was to go down and stop working, an engineer would need to know the container has failed and manually start a new one. Wouldn’t it be better if this was handled automatically by its own system? Kubernetes provides a robust declarative framework to run your containerized applications and services resiliently.
  • Cloud Agnostic: Kubernetes has been designed and built to be used anywhere (public/private/hybrid clouds)
  • Prevents Vendor Lock-In: Your containerized application and Kubernetes manifests will run the same way on any platform with minimal changes
  • Increase Developer Agility and Faster Time-to-Market: Spend less time scripting deployment workflows and focus on developing. Kubernetes provides a declarative configuration which allows engineers to define how their service is to be ran by Kubernetes, Kubernetes will then ensure the state of the application is maintained
  • Cloud Aware: Kubernetes understands and supports a number of various clouds such as Google Cloud, Azure, AWS. This allows Kubernetes to instantiate various public cloud based resources, such as instances, VMs, load balancers, public IPs, storage..etc.

Azure Kubernetes Best Practices

Cluster Multi-Tenancy

  • Logically isolate clusters to separate teams and projects in an effort to try to minimize the number of physical AKS clusters you deploy
  • Namespace allows you to isolate inside of a Kubernetes cluster
  • Same best practices with hub-spoke but you do it within the Kubernetes cluster itself

Scheduling and Resource Quotas

  • Enforce resource quotas — Plan out and apply resource quotas at the namespace level
  • Plan for availability
  • Define pod disruption budgets
  • Limit resource intensive applications — Apply taints and tolerations to constrain resource intensive applications to specific nodes

Cluster Security

Azure AD and Kubernetes RBAC integration

  • Bind your Kubernetes RBAC roles with Azure AD Users/Groups
  • Grant your Azure AD users or groups access to Kubernetes resources within a namespace or across a cluster

“Azure is a key differentiator for Finastra. Microsoft combines first-class technology with world-class brand recognition to create instant impact for our customers.”

Félix Grévy: Global Head of Product Management

Creating a development ecosystem

With fintech gaining momentum, Finastra seized the opportunity to champion collaboration and opened its core systems to third party development. Félix Grévy, Global Head of Product Management at explains, “Our goal was to create an ecosystem of development partners to deliver applications quickly and at low cost. At the same time, our customers would be able to leverage fintech innovation in our familiar and stable workflow environment.”

Fast and secure cloud native environment

Finastra’s early commitment to build in a cloud-native environment opened a host of API opportunities. Azure was the preferred cloud solution for four main reasons: its API management security features, its technical capabilities, its support of open source technologies and crucially, its inbuilt global regulatory and data residency compliance.

Azure Active Directory provides world-class authentication and security. This allows Finastra to manage users and single sign-on across all applications. Active Directory is widely used in banks, feeds into Federated Identity Management protocol and supports OAuth 2.0. “Our integration with Active Directory is highly attractive to our banking and financial clients,” confirms Grévy.

And the platform is fast. Azure provides the latest CPU processors to run its ‘financial model builder’ algorithmic calculations, and results show a ten-fold increase in speed for customers leveraging V100 GPUs to calculate a portfolio of 30 years swaps. It’s a win all round.

Open source solution

Leveraging open source technology was a key consideration when designing As Grévy puts it, “We didn’t want to reinvent the wheel. We wanted to rely on proven, industry-approved techniques and technologies.” Finastra uses HTML5 for its user interface, Java & JavaScript in the backend and frontend development takes place in node.js. “We also use Helm Chart, Node-Red, Eclipse Che, Spring Boot, to name a few. The ease of integration we have experienced with Azure proves Microsoft has a genuine commitment to open source.”

Hybrid connectivity

Azure utilizes comprehensive techniques to manage hybrid connectivity for the large volume of banking clients that still run data on-premise. Azure ExpressRoute provides a direct, secure link between banks and the cloud. This adds value to the platform, as Grévy explains, “Banks can run their core system on-premise, while still managing marketplace applications on the cloud. We are facilitating their controlled exposure to the cloud, and that’s exciting.”

Streamlined API management

Azure’s API integration allows for an end-to-end solution between the banking environment, fintech partners and the platform. Extensive API analytic features give Finastra intricate insight into their platform portfolio: “For example,” explains Grévy, “we are able to see which APIs are getting the most use, and which ones aren’t. We use this information to understand current trends on a very granular level. We share findings with our API partners to help them maximize success and optimize their application delivery journey.”

Working with such a large portfolio of partners and customers requires a complete delivery integration pipeline. This allows the team to publish, upgrade, maintain and deploy APIs in a continuous fashion. As the team dives deeper into Infrastructure as Code (IoC), Cosmos DB stores configuration information to support optimal build environments. Releases are smoother and less prone to errors with Virtual Studio Team Services (VSTS) where the team also collaborates on code and experiments with A/B split testing. “Our platform intersects a great deal of data and technology,” says Grévy, “yet our complete integration with Azure streamlines our infrastructure, simplifies our processes and makes our lives infinitely easier.”

Embracing Azure Kubernetes Service

Kubernetes is at the heart of the platform, allowing the orchestration of Docker containers. Fintech applications can run and scale with ease on Azure Kubernetes Service (AKS), the next-generation service that builds on the Azure Container Service Engine (ACS). Currently on an ACS-engine, Finastra plans to migrate to AKS. AKS brings a fundamental benefit to the development team at Finastra, as Grévy explains, “AKS gives us a pure Kubernetes and Docker imaging environment that we don’t have to manage ourselves. Our team has regained the resources to accelerate deployment and maximize our PaaS offering.”

The team uses Azure Container Registry (ACR) to simplify container development, while geo-replication helps run disaster recovery procedures for different locations. The ACR can also audit whether data residency is running in the same jurisdiction as the banks. Inbuilt application auto scaling allows the team to manage cost burden and react quickly to meet spiked demands of partners and customers.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store