\n
![](\"https:\/\/jirak.net\/wp\/wp-content\/uploads\/2016\/11\/111523_alkami_logo_gold_shiny.png\"){kind=logo}
<\/p>\nAlkami Technology Achieves \u201cA+\u201d Security and Scalability with NGINX Plus
\n<\/p>\n
<\/p>\n
<\/strong><\/p>\n In 2009, Alkami Technology set out to transform ordinary online banking into a high-value experience for both financial institutions and their end users. At the time, \u201cWeb 2.0\u201d companies like Twitter and Facebook were focusing on delivering superior user experiences, but the online banking experience was lagging behind. The team at Alkami Technology began creating a compelling user interface for online banking that would not only be friendly and intuitive, but also enrich the lives of end users.<\/p>\n Beyond traditional online banking activities, Alkami Technology<\/a> offers features in its platform that help end users become more educated about finance, build long-term wealth, and monitor and improve their spending habits. Alkami\u2019s platform revolutionizes the mobile and online banking experience by offering a valuable end-user experience and helping financial institutions strengthen their relationship with their customers. <\/p>\n Alkami initially anticipated that customers would prefer an on-premises software solution in the short term to a hosted offering. However, they quickly found that even large financial institutions were already looking ahead five to ten years and were making strategic decisions to move to hosted software solutions. Financial institutions increasingly don\u2019t want to own and manage their own data centers. In addition, the Federal Financial Institutions Examination Council (FFIEC) \u2013 the group responsible for setting regulations and standards for financial institutions \u2013 provided guidance that adopting cloud technologies was permissible. <\/p>\n With the financial industry embracing cloud and software-as-a-service (SaaS), Alkami\u2019s hosted platform for online and mobile banking quickly took off. Today the company serves well over 1 million users. The Infrastructure and Security team at Alkami works behind the scenes to continue improving the scalability and security of the application architecture in order to better serve the needs of the company’s growing user base, and to ensure that financial data is well protected on all fronts.<\/p>\n Alkami partners with a service provider to manage some pieces of its infrastructure, which is part of its strategic decision to focus on its core competency of building great online banking applications while a partner builds and manages the data center that hosts them. On the advice of the service provider, Alkami first used Riverbed Stingray (now Brocade vADC) appliances for load balancing. However, Alkami quickly found that Riverbed Stingray didn\u2019t have the security capabilities it needed. At the time, Riverbed Stingray didn\u2019t support TLS 1.2<\/a>, the most recent version of the secure protocol. <\/p>\n \u201cWe want to be not just on the forefront of online banking in terms of features, but also forward leaning in our security practices. Not having TLS 1.2 available in Riverbed Stingray was a deal breaker for us. We want the highest marks possible on security, and we want to be ahead of potential security issues, not react to them. Riverbed Stingray didn\u2019t take us where we needed to be from a security protocol standpoint,\u201d says Sean McElroy, VP of IT and CISO at Alkami Technology.<\/p>\n Alkami then replaced Riverbed Stingray with Citrix NetScaler virtual appliances for load balancing, but they ran into the same problem again. At the time, only Citrix NetScaler hardware appliances supported TLS 1.2, not virtual appliances. In addition, the Netscaler virtual appliances could not scale to the level Alkami needed. <\/p>\n \u201cIn order to get certain types of TLS encryption and the scale we needed, we found out that with Citrix NetScaler we would need to add physical appliances to our environment. But we\u2019re virtual. We\u2019re not going to go back to physical appliances at a certain scaling point. It just doesn\u2019t align with our strategy of being nimble and scalable to, at a certain threshold, have to move to a physical version of the product because a feature is not available in the virtual offering,\u201d explains McElroy.<\/p>\n Alkami also found that the NetScalers didn’t allow the administrator to specify the selection order for SSL\/TLS ciphers. In initiating an SSL\/TLS connection, the web browser or app sends a list of the ciphers it supports to the server, which compares the list to its own list of supported ciphers and selects the most secure cipher that overlaps. Alkami wanted fine-grained control over cipher ordering in order to guarantee selection of the cipher that provides the strongest security for its users. <\/p>\n <\/p>\n <\/p>\n <\/strong><\/p>\n As an online banking platform provider responsible for protecting a growing number of users\u2019 financial details, choosing a reliable, industry-validated solution was crucial for Alkami. On its ongoing quest to enhance both security and scalability, Alkami ultimately found NGINX Plus<\/a>. Alkami looked at NGINX Plus not just because of its reputation for performance, but because some of the largest websites in the world have chosen it.<\/p>\n \u201cWe knew that NGINX had widespread adoption for TLS termination and as a web server. And we know that large enterprises don\u2019t usually depend on a technology unless it\u2019s been validated on many different levels. With that level of industry acceptance, we worked with our managed service provider to start evaluating NGINX Plus internally in our environment,\u201d says McElroy.<\/p>\n Alkami first used NGINX Plus for TLS termination in front of the Citrix NetScaler load balancers to fill the gaps in security features and give it the flexibility and control to tune the ordering of ciphers in the TLS selection process. <\/p>\n NGINX Plus worked so well for TLS termination that it wasn\u2019t long before Alkami looked into using it for more than just a security layer. The Citrix NetScaler load balancers were struggling to handle the increasing traffic load as Alkami experienced organic growth \u2013 including ever larger customers \u2013 in the success of its online banking software. \u201cTo get the concurrent connection counts that we were wanting to be able to plan for, the virtual or physical Citrix Netscaler devices weren\u2019t going to be as scalable as we needed,\u201d notes McElroy.<\/p>\n After verifying in a load-test environment that NGINX Plus could scale to handle the anticipated level of traffic, Alkami completely replaced the frontend Citrix NetScaler load balancers in its production environment with NGINX Plus. NGINX Plus easily handled the traffic load without any issues.<\/p>\n Alkami then continued by replacing the Citrix Netscaler load balancers another layer down in its infrastructure, between the app servers and web servers. With NGINX Plus handling traffic at the frontend and between components, Alkami achieves security and scale throughout its architecture, without the limitations of the previous solutions from hardware vendors.<\/p>\n <\/p>\n <\/p>\n <\/strong><\/p>\n <\/p>\n <\/strong><\/p>\n The industry standard for determining security strength is the Qualys SSL Labs Server Test<\/a>. With NGINX Plus\u2019s security features, Alkami\u2019s customers earn an \u201cA+\u201d \u2013 the highest possible score on the test \u2013 for their online banking sites, which validates that Alkami can offer the best level of security to its customers.<\/p>\n Specifically, NGINX Plus enables Alkami to easily leverage TLS 1.2, the latest and most secure approved version of the TLS protocol. In addition, with NGINX Plus Alkami can control the SSL\/TLS cipher preference order<\/a>, staying on top of rapidly evolving security trends and ensuring the strongest cipher is always selected.<\/p>\n \u201cWe wanted to be using the solution that was most relevant for security best practices today, and have full control to advance as better security approaches are established. NGINX Plus gives us the flexibility and configurability to reorder ciphers and to achieve the highest level of security,\u201d explains McElroy. <\/p>\n <\/p>\n <\/strong><\/p>\n Given Alkami\u2019s rate of growth, an architecture that works for its current user base isn\u2019t enough. It needs a forward-looking architecture that\u2019s ready for future growth as well.<\/p>\n \u201cWhen we were looking at NGINX Plus, one of our requirements was to build an architecture that works for the number of users we have today, and scales out vertically and horizontally for the future. We wanted to develop that recipe once, and not have to redo it in six months time,\u201d says McElroy.<\/p>\n To date, NGINX Plus has done the job, working phenomenally well as Alkami has grown.<\/p>\n <\/p>\n <\/strong><\/p>\n One of the biggest benefits Alkami sees with NGINX Plus is the NGINX Plus live activity monitoring dashboard<\/a> and the increased visibility it gives into the traffic being load balanced<\/a>.<\/p>\n \u201cOne of the key value-adds for us has been the ability to provide our production operations team with more visibility into the way that the load balancers are functioning by using the NGINX Plus dashboard. This is tremendous for us.\u201d McElroy elaborates, \u201cjust being able to show the traffic flowing, and the errors as they\u2019re happening; that heads-up display we get is invaluable and that\u2019s something that we didn\u2019t have with the other solutions.\u201d<\/p>\n If an issue pops up with the application or infrastructure, it’s the operations team that identifies the root cause and solves it. With the real-time load and performance metrics on the NGINX Plus Dashboard, the team at Alkami can troubleshoot issues faster than ever before.<\/p>\n <\/p>\n <\/p>\n <\/strong><\/p>\n After validating NGINX Plus in its load testing environment to make sure it could handle its traffic loads, Alkami found the actual deployment process to be simple and straightforward. <\/p>\n McElroy’s team was able to implement NGINX Plus quickly in its environment in part due to strong documentation and award-winning support<\/a>. When asked whether his staff needed to contact NGINX Plus\u2019s dedicated support team, McElroy says, \u201cWe had a few clarifying questions but it was really a very straightforward implementation. The documentation is great, and so is the support from NGINX.\u201d<\/p>\n In addition, Alkami\u2019s deployment process leverages the automation capabilities of NGINX Plus<\/a>. Whereas Alkami\u2019s previous load balancers had a GUI interface that required manual configuration, NGINX Plus\u2019s command line interface enables Alkami\u2019s engineers to easily script the deployment process and automate configuration.<\/p>\n “The fact we can do scripted deployments of configuration files with NGINX Plus is great. It\u2019s very straightforward, it\u2019s easy to manage, and it has simplified our application deployment process,” McElroy explains. “As we further automate, knowing that NGINX Plus will be able to support our automation efforts is awesome.”<\/p>\n <\/p>\n <\/strong><\/p>\n Based in Plano, Texas, Alkami Technology, Inc. provides online and mobile banking solutions to credit unions and banks. The company\u2019s flagship product, the ORB Platform, offers security, flexibility, extensibility, and a superior architecture for the future of digital banking. With its modern interface, intelligent content-delivery system, and customizable feature set, the ORB Platform is the ultimate digital banking solution for financial institutions. Alkami provides the ORB Platform as a SaaS solution. For more information about Alkami, please visit www.alkamitech.com<\/a><\/p>\n The post Alkami Technology Achieves \u201cA+\u201d Security and Scalability with NGINX Plus<\/a> appeared first on NGINX<\/a>.<\/p>\n Source: Alkami Technology Achieves \u201cA+\u201d Security and Scalability with NGINX Plus<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Alkami Technology Achieves \u201cA+\u201d Security and Scalability with NGINX Plus Providing Flexibility to Ensure a Skyrocketing User Base is Protected Situation In 2009, Alkami Technology set out to transform ordinary online banking into a high-value experience for both financial institutions and their end users. At the time, \u201cWeb 2.0\u201d companies like Twitter and Facebook were focusing on delivering superior user experiences, but the online banking experience was lagging behind. The team at Alkami Technology began creating a compelling user interface for online banking that would not only be friendly and intuitive, but also enrich the lives of end users. Beyond traditional online banking activities, Alkami Technology offers features in its platform that help end users become more educated about finance, build long-term wealth, and monitor and improve their spending habits. Alkami\u2019s platform revolutionizes the mobile and online banking experience [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":11608,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[652],"class_list":["post-11607","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-nginx"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/11607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=11607"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/11607\/revisions"}],"predecessor-version":[{"id":11609,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/11607\/revisions\/11609"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/11608"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=11607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=11607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=11607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Alkami](\"https:\/\/assets.wp.nginx.com\/wp-content\/uploads\/2016\/09\/111523_alkami_logo_gold_shiny.png\"){kind=logo}
\n<\/p>\nSituation<\/h3>\n
![\"Alkami](\"https:\/\/assets.wp.nginx.com\/wp-content\/uploads\/2016\/11\/Alkami-Technology-1_Banner_A-1024x228.jpg\")
<\/p>\nSolution<\/h3>\n
![\"Alkami](\"https:\/\/assets.wp.nginx.com\/wp-content\/uploads\/2016\/11\/CaseStudy_Alkami-1024x442.png\")
<\/p>\nResults<\/h3>\n
A+ Security Rating<\/h4>\n
Forward-Looking Architecture<\/h4>\n
\n“<\/span>Right now NGINX Plus is supporting well over 1 million users in our environment. That environment is going to grow 200% this year as well. Based on what we’ve seen, we feel very confident that not only can NGINX Plus grow and scale with us, but that we can even pack things denser. We just don\u2019t foresee it becoming a bottleneck.”<\/span><\/div>\n– Sean McElroy, VP of IT and CISO at Alkami Technology<\/div>\n<\/div>\nIncreased Operational Visibility<\/h4>\n
![\"The](\"https:\/\/assets.wp.nginx.com\/wp-content\/uploads\/2016\/05\/dashboard-nginx-plus-r9-1024x464.png\")
<\/p>\nStraightforward Deployment and Increased Automation<\/h4>\n
About Alkami Technology<\/h3>\n