Switching to serverless computing


Anthony delanoix 33068

Onderlinge ‘s-Gravenhage is a privately held, (life) insurance/pension provider located in The Hague, The Netherlands Founded in 1895 in an era with hardly any social security, the company evolved into a full service life insurance provider with a financially strong foundation and has been serving its participants for over 120 years.

The challenge

Encumbered by an ageing IT infrastructure, combined with a planned office relocation, the IT team urged company management to allow them to look into migrating their existing server and application infrastructure to the public cloud and at the same time switching from traditional desktops to a cloud-based desktop/VDI solution. This move would prevent them from having to significantly invest into both replacing the existing infrastructure and expanding their IT team.

Onderlinge being a regulated financial institution, this provided an additional challenge as their IT infrastructure has to comply with the strict policies as set by the governing organisation “De Nederlandsche Bank (DNB)”. This led us to introduce the AWS legal department to the customer’s management/legal teams to help them prepare and comply to the required certifications, regulations and procedures, as stated by DNB. Leaning on the publicly available AWS Shared Services model and compliance program, we were able to provide these documents and subsequently DNB approved the migration of services to AWS, leading to a full migration to Amazon Workspaces as the main client solution for all employees, both on-premise and remotely.

All Onderlinge employees can now connect to their Workspace in a secure, hassle free way.

The solution

Switching from the existing desktop environment was drastic and simple, using experience previously gained from a full on-premise datacenter/vmWare server migration to the AWS Cloud. All employees were given either a PCoIP based Thin Client or a ChromeBook to connect to the new Workspaces environment. A “golden” image was developed, based on internal application and user requirements and subsequently rolled out to each end-user Workspace. Integration with the existing AWS and remaining on-premise infrastructure was established, using a combination of Amazon Directory Services and redundant VPN connectivity, to provide fast and secure access from and to both sides. For possible future requirements, provisions were made to allow for a simple implementation of Amazon Direct Connect, providing additional, low-latency connectivity to the AWS environment. Workspaces security was optimised by requiring MFA access when logging on from either outside the office network or mobile client devices using RADIUS integration with existing security solutions. 

To provide all Onderlinge employees secure and safe internet connectivity from their Workspaces, traffic destined for internet is being redirected over a custom built, highly available proxy cluster which both blocks unwanted internet access and filters possible malicious traffic for the employees. All employees were assigned a standardised Workspace instance type, allowing no exceptions for specific worker tasks that could possibly require more CPU or memory resources. These ‘resource-heavy’ tasks are offloaded to custom, application specific Amazon Appstream 2.0 stacks, optimising running cost and providing highly flexible, resource-intensive compute power on demand.

Overschakelen van de bestaande desktopomgeving was drastisch en eenvoudig, met behulp van ervaring die eerder was opgedaan met een volledige lokale datacenter/vmWare-servermigratie naar de AWS Cloud.

The result

All Onderlinge employees can now connect to their Workspace in a secure, hassle free way, providing them the freedom to access their desktop and applications from anywhere, at any given time, using any possible device. This has accelerated employee efficiency and flexibility and helped Onderlinge in their migration to a new way of working.