Background
FinVault is a fast-growing B2B payments platform serving over 600 enterprise clients across Southeast Asia. By late 2023, their infrastructure — a mix of on-premise bare-metal servers and a single colocation facility — was reaching its limits. Peak transaction volumes were causing latency spikes, manual deployments were causing downtime, and compliance auditors were flagging security gaps.
The leadership team had attempted an internal cloud migration 18 months prior but stalled due to complexity. They came to NexCore with a clear mandate: migrate safely, don’t break payments, and do it in a way the internal team can own long-term.
FinVault’s transaction monitoring dashboard, rebuilt on the new infrastructure.
Our Approach
We began with a two-week discovery sprint — mapping every workload, dependency, data flow, and compliance requirement. Rather than a big-bang migration, we designed a phased strangler-fig pattern: new traffic flows through cloud infrastructure while legacy systems stay live, with gradual cutover by service.
“We don’t lift and shift. We reimagine how each workload should run in cloud-native form — then build toward that target state incrementally.”
AWS was chosen as the primary cloud provider for its financial services compliance tooling (PCI DSS, SOC 2 Type II), with GCP used for the analytics and ML workloads where BigQuery offered a cost and capability advantage over Redshift. All infrastructure was codified in Terraform from day one — no manual console configuration.
What We Built
The final architecture consists of a multi-region AWS setup spanning Singapore and Tokyo, with active-active failover across both regions. The payments processing core runs on EKS (Kubernetes), autoscaling from 12 to 200+ pods during peak periods with sub-200ms p99 latency. A zero-trust network perimeter replaced the legacy VPN-based access model, and all secrets are managed through HashiCorp Vault. https://beesmart.ltd/projects/ravana-x/
On the observability side, a unified Datadog stack replaced five separate monitoring tools — engineers now have a single pane of glass for metrics, logs, and traces across all 47 services.
The new multi-region Kubernetes cluster handling FinVault’s payment processing workloads.
Handover & Knowledge Transfer
The final month of the engagement was dedicated entirely to knowledge transfer. We ran 12 workshop sessions with FinVault’s engineering team, produced 140+ pages of architecture documentation, and built a custom internal runbook library covering 60+ operational scenarios. The team can now fully operate, scale, and extend the infrastructure independently.
Challenge & Solution
What We Walked Into
- Bare-metal servers with no automated failover — single points of failure on every critical path
- Manual deployments via SSH taking 3–4 hours, causing weekly maintenance windows
- No centralised secrets management — credentials stored in plaintext config files
- Compliance gaps flagged by PCI DSS auditors, putting card processing licence at risk
- Zero observability — no unified logging, metrics, or distributed tracing
- A previous migration attempt that had created a tangled partial-cloud state
What We Delivered
- Multi-region active-active AWS architecture with automated failover under 30 seconds
- Full GitOps pipeline via GitHub Actions + ArgoCD — deployments in under 8 minutes with zero downtime
- HashiCorp Vault for secrets management with dynamic credentials and automatic rotation
- PCI DSS Level 1 compliant architecture with network segmentation and audit logging throughout
- Unified Datadog stack replacing 5 tools — single pane of glass for 47 microservices
- Full Terraform codebase, documentation library, and engineering team training programme
How We Deliver
Discovery & Audit
We analyze your current systems, processes, or workflows to identify strengths, weaknesses, and opportunities for improvement.
Solution Design
We create detailed blueprints and roadmaps tailored to your business objectives — covering architecture, automation, security, and integration as applicable.
Phased Implementation
Solutions are delivered in controlled phases using industry best practices, ensuring minimal disruption and measurable results.
Handover & Ongoing Support
We provide full documentation, training, and optional managed services so your team can confidently operate and scale the solution.
