BFSI Data Center to AWS Migration —
180 Servers. 14 Weeks. Zero Downtime.

The Challenge

A Bangalore-headquartered Non-Banking Financial Company (NBFC) with 12 branch offices across South India operated an aging on-premises data center at a leased colocation facility. By mid-2024, they faced a convergence of pressures that made cloud migration urgent:

• Aging infrastructure: 40% of servers had exceeded their 5-year useful life, with increasing hardware failures
• Lease expiry: The colocation lease was expiring in 18 months — continue, move, or cloud
• RBI IT Framework compliance gap: Upcoming audit revealed data protection and DR requirements that were difficult to meet on-premises cost-effectively
• Scalability constraints: A planned digital lending product required infrastructure that could scale from 0 to thousands of API calls per second — impossible with fixed on-premises capacity
• DR limitations: Their DR site was 4 hours away, had never been properly tested, and had an RTO of 24–48 hours

After evaluating build-vs-buy options, the CISO and IT Director chose full AWS migration — and selected Eglobe Infra Solutions as their migration partner.

"We needed a partner who understood both the technical complexity of a full data center migration and the regulatory environment of a BFSI organization. Eglobe's structured approach and BFSI experience gave us confidence." — CISO, NBFC Client (name withheld for confidentiality)

The Assessment Phase

Eglobe's architects spent three weeks on a thorough discovery and assessment before writing a single line of IaC or moving any workload.

• Full inventory of 180 servers using AWS Application Discovery Service (ADS) and manual discovery for legacy applications
• Network dependency mapping — identifying which applications communicate with each other, to plan migration waves without breaking dependencies
• Application profiling: database sizes, IOPS patterns, memory utilization, backup schedules, and uptime requirements
• Compliance mapping: identifying all data types (personally identifiable information, financial data) and their regulatory treatment under RBI guidelines
• Total Cost of Ownership (TCO) analysis comparing current colocation costs to projected AWS spend over 3 years

Key assessment findings: Of the 180 servers, 62 were candidates for Rehost (lift-and-shift), 48 for Re-platform (e.g., moving databases to RDS), 22 for Re-architect (microservices candidates for the new lending platform), and 48 for Retire (redundant or decommissioned workloads that had been accumulating for years).

The TCO analysis projected 38% infrastructure cost reduction in year 1, driven by rightsizing and Reserved Instance commitments, and growing further as legacy licenses were retired.

AWS Landing Zone Architecture

Before migrating any workload, Eglobe built a production-grade AWS Landing Zone in the ap-south-1 (Mumbai) region — ensuring all data stayed within India for RBI compliance.

Account Structure

• AWS Organizations with separate accounts for: Production, Staging, Development, Security/Logging, and Shared Services
• Service Control Policies (SCPs) enforcing region restriction to ap-south-1 — data cannot be written to any other region
• AWS IAM Identity Center (SSO) integrated with existing Active Directory for user access management

Network Foundation

• Transit Gateway connecting all accounts and environments with a hub-and-spoke topology
• AWS Direct Connect from the existing colocation facility during the migration period — ensuring reliable, high-speed migration bandwidth
• VPC design with separate subnets for: application layer, database layer, management, and egress — following AWS Well-Architected Framework
• AWS WAF + Shield Standard protecting public-facing endpoints

Security & Compliance

• AWS CloudTrail enabled across all accounts with a centralized S3 logging bucket — all API calls logged for audit purposes
• AWS Config with conformance packs aligned to CIS AWS Benchmark and custom NBFC compliance rules
• AWS GuardDuty + Security Hub for continuous threat detection and centralized findings management
• KMS Customer Managed Keys (CMK) for encryption of all EBS volumes, RDS databases, and S3 buckets
• Macie for automated PII detection in S3 buckets

Migration Execution — 6 Waves

All 180 servers (minus the 48 earmarked for retirement) were migrated in 6 structured waves over 14 weeks. Each wave followed the same discipline: pre-migration testing, cutover execution outside business hours, and a 48-hour hypercare period before the next wave began.

Disaster Recovery — Before & After

Before migration: RTO 24–48 hours, RPO 4–8 hours. DR site untested for 2 years. Manual process. 1 staff member trained.

After migration: RTO 15 minutes, RPO 15 minutes for tier-1 applications using Multi-AZ RDS and Auto Scaling. RTO 1 hour for tier-2 applications using AWS Backup + CloudFormation. Automated DR runbooks tested quarterly. Full team trained on AWS Incident Manager.

Results & Business Outcomes

• Zero unplanned production downtime across all 6 migration waves and 14 weeks
• 38% reduction in infrastructure TCO in Year 1 (compared to projected colocation renewal + hardware refresh cost)
• 99.99% uptime for core loan management systems in the 30 days post-migration
• RTO reduced from 24–48 hours to 15 minutes for tier-1 applications
• RBI IT Framework compliance audit passed successfully 3 months post-migration
• New digital lending product launched on EKS 6 weeks post-migration — handling 10,000+ API calls/day and auto-scaling as needed
• 48 servers decommissioned — colocation lease not renewed, saving ₹28 lakhs annually

"Eglobe didn't just move our servers to the cloud — they transformed our infrastructure into something genuinely future-ready. The new platform handled our lending product launch without a single incident. The ROI exceeded our projections." — IT Director, NBFC Client