Form3 is building out a multi-cloud strategy. To avoid cloud vendor lock-in, they chose Cilium with Kubernetes. It also simplifies daily operations and troubleshooting.
Kevin Holditch, VP of Engineering at Form3, presenting the use cases
If you prefer to watch Kevin from Form3 presenting the use case, watch the recording of our webinar!
Watch now!
Company Profile
Form3 provides end-to-end managed payments services. If you want to transfer money from one bank to the other, there are five different payment integrations for Europe alone. And those are a necessity for the banks, not a differentiator. Form3 implements those connections so that the banks don’t have to think about them.
As a result of their success, Form3 is handling huge amounts of transactions with virtually unlimited numbers of users. This requires reliability and durability, Form3 must maintain SLAs for the clients, and outages and errors must be handled without the loss of data.
Situation & Challenge
To facilitate the high load, Form3 built out a Fast Payment System gateway. It was designed to run in two on-site datacenters, and in AWS. The obvious solution was to use Kubernetes, but the challenge was to get the networking right:
- The clusters need to be connected, for example, a Cockroach DB needed to be run across the three clusters.
- IP address ranges were crucial.
- Encryption was a must between the clusters.
- Network policies were needed to secure communication between services.
- Insight into the traffic was required to enable debugging.
Additionally, recently cloud vendor lock-in became a topic for tier 1 banks, and this had direct consequences for Form3: it was required to build out services into multi-cloud. A new platform was designed, that is about to launch in October this year. To be able to run across clouds, the requirements shifted again. While the clusters were networked by the team and not via cluster mesh, the need for network policies was considerable to restrict ingress and egress. Deep insight into the traffic was even more necessary for troubleshooting and debugging across the three clouds.
Solution
In both projects, the initial FPS gateway and the new multi-cloud platform succeeding it, the solution to the network requirements was picking the right CNI. And the right CNI was Cilium.
As a platform team it was key to pick a common CNI running on any cloud.
Kevin Holditch, VP of Engineering at Form3
- With Cilium it became possible to connect multiple clusters in the FPS Gateway project. For Form3 it was crucial to have a CockroachDB node in cluster A appear as it would be in cluster B.
- Transparent encryption via IPSEC saved Form3 a lot of headaches around compliance and security in the FPS gateway.
Really handy feature, we could just do that, and we got everything encrypted.
Kevin Holditch, VP of Engineering at Form3
- Cilium’s network policies enabled the team to enhance Kubernetes network policies to manage and secure communication in both projects, FPS Gateway and the multi-cloud platform. The cloud-native identities simplified policy management and restricted egress and ingress traffic in the new multi-cloud platform.
- The inbuilt observability via Hubble and integration into Grafana helped in both projects when debugging was needed – especially when cross-cluster and cross-cloud networking had to be troubleshooted.
- Low latency was ensured by CIlium’s performant package blocking at the networking layer.
Especially with the FPS gateway, Cilium simplified maintenance: the team could just take a site down, do maintenance, and it just works the moment it is brought back online again.
Value
For Form3, Cilium ensures reliable and secure networking in Kubernetes, both in the FPS Gateway and in the upcoming multi-cloud platform, avoiding cloud vendor lock-in with Cilium in the long term. It abstracts away the vendor-specific bits of the clusters. The advanced insights simplify daily operations and maintenance.
There wasn’t anything at that time which did anything like this out of the box.
Kevin Holditch, VP of Engineering at Form3
Learn more
If you want to learn more about Isovalent Enterprise for Cilium, try it yourself in one of our many labs. Depending on your role, we have the right set of labs prepared for you:
Also, don’t forget to check out our product page for more details about the enterprise features. You can find more customer resources in the corresponding section in our resource library.
Roland Wolters is Head of Technical Marketing at Isovalent where he and his team are responsible for communicating the technical value of eBPF, Cilium, and Isovalent Cilium Enterprise to customers, prospects, and partners. His areas of expertise include security, automation, and open source. He is a keen driver of agile processes and would be lost without his Kanban boards. Outside of work, he is usually most remembered for trying to frantically keep up with his rambunctious young triplets.
