Kreditanstalt für Wiederaufbau (KfW) bank goes AWS Cloud with Atlassian

kreuzwerker migrate KfW's Confluence application to managed hosting on AWS in Frankfurt/Main
23.02.2023

The KfW, which together with its subsidiaries DEG, KfW IPEX-Bank and FuB forms the KfW Bankengruppe, is a German state-owned investment and development bank, based in Frankfurt. As of 2014, it is the world’s largest national development bank and as of 2018 Germany’s third largest bank by balance sheet.

Kreditanstalt für Wiederaufbau (KfW), one of the leading development banks in the world, contracted kreuzwerker to service the managed hosting and managed application of the bank’s Atlassian Confluence application for collaboration with their external partners. Within the framework of regular re-tendering processes, KfW adapts its hosting strategy and scaling to current market developments.

Challenge

KfW initially tendered the managed hosting for up to 500 Atlassian Confluence users with additional requirements for the existing Confluence application. In particular, the high compliance guidelines based on KfW’s internal IT security had to be met.

Solution

After kreuzwerker was awarded the contract for managed hosting on a data-protection-compliant, high-performance, and stable AWS instance in Frankfurt/Main, the kick-off took place on September 5, 2022. The kreuzwerkers are both Atlassian and AWS certified and, as Advanced Partners, have equally outstanding technical expertise in the areas of infrastructure operation and application management. During the kick-off, the teams and responsibilities were created, and the milestones and target migration date (November 30, 2022) were agreed upon. In addition, an agile and close collaboration began immediately via a Jira real-time board with weekly meetings.

Then the coordination of the entire infrastructure setup and preparations for the actual migration began with questions that included: Which URLs should be used? Should the existing Confluence KfW site be used, or should there be a new domain? How should the Active Directories be connected? Which VPN tunnels or network couplings should there be? What are the requirements for the security concept? How should the real-time monitoring be set up? Which penetration tests are to be carried out before the transfer to production and how are these to be evaluated or which measures are to be taken? And finally: How should the production instance be provided and how should the migration proceed?

Parallel to the weekly technical coordination, the contractual issues were clarified (e.g., contract, AVV/DPA, authorized representatives).

As part of the migration planning, flowcharts were then created, e.g., quality assurance, migration, and rollback plan. Then – while the current Confluence instance remained active for users – a dry-run was carried out to create an image of the production data. Then, the migration to the new production instance at the new URL was initiated to perform bug fixes before the pages became accessible again. There were the typical anomalies after a data migration, such as jump labels on the content pages not being functional, mail dispatch being inoperable, embedded videos not being playable or preview images of embedded documents not being displayed. In part, this was due to IT security restrictions that required specific activations. These anomalies are well-known to kreuzwerkers from other managed hosting migration projects: often, customers’ internal security restrictions result in certain features of the application being functionally disabled. The reported errors could be resolved either through dedicated configurations at KfW’s IT security or within Confluence. Based on a structured and coordinated way of working, all project participants agreed in advance on the communication channels during the productive migration (hypercare phase) and up-to-date backups were provided.

Result

The migration itself – with daily updated productive data – took place on November 15, 2022 without incident. The project teams were ahead of the scheduled target date of November 30 by two weeks.

Since November 15, 2022, up to 500 Confluence users at KfW have been highly protected in kreuzwerker’s ongoing managed hosting operations. Incident reports and service interactions are structured and can be tracked at any time via the ticket platform already shared in the project. The current response times range from minutes to hours, depending on the priority. In any case, the previously agreed upon SLAs are currently being met. The customer is pleased with the significantly lower costs compared to before the migration, as well as the quick response in the event of operational disruptions. The kreuzwerkers are pleased with KfW’s positive feedback and would like to thank them for the much-appreciated project support.