Location
Mumbai

Domain
Financial Services – Investment Banking & Stock Brokerage

Solutions Offered
Nutanix Kubernetes Platform (NKP)

Overview

A leading financial services and investment brokerage organization headquartered in Mumbai wanted to modernize its application infrastructure to support critical trading and analytics workloads. The firm serves millions of retail investors through digital platforms, requiring a secure, compliant, and high-performing IT environment to maintain reliability and customer trust.

Challenge

The organization required an on-premises, enterprise-grade Kubernetes platform to run its core trading and analytics applications. Being part of the regulated financial sector, the deployment had to strictly adhere to compliance standards with no external connectivity or cloud dependency.

However, during the initial deployment, multiple challenges emerged:

• Corporate firewalls blocked the ports required for Kubernetes communication.
• The default installation process attempted to fetch images from the internet, which was disallowed in an air-gapped setup.
• No private container registry existed to host Kubernetes and application images locally.

This combination of network isolation, compliance mandates, and restricted connectivity made the deployment particularly complex.

Key Challenges

1. Regulatory Compliance – The environment had to be completely isolated (air-gapped) and hardened for security.
2. Firewall & Networking Restrictions – Multiple required ports were closed, interrupting cluster operations.
3. Container Image Management – Absence of a private registry for image retrieval in an offline setup.
   
4. Deployment Constraints – Standard deployment tools expected internet access, making them incompatible with the air-gapped environment.

Our Solution

Network Techlab’s digital infrastructure team implemented a Nutanix Kubernetes Platform (NKP) deployment tailored for a fully offline, secure environment. The project was executed in multiple structured phases:

1. Establishing a Private Container Registry

• Set up an on-prem Harbor registry to host Kubernetes and application images. 
• Loaded the NKP air-gapped bundle into the registry, ensuring that all required components could be accessed locally without internet dependency. 

2. Air-Gapped Deployment Using NKP CLI

• Deployed the NKP management cluster via the NKP Command Line Interface (CLI) in air-gapped mode. 
• The installation succeeded with all dependencies sourced from the internal registry. 
• Configured the management cluster as the central control plane for future managed cluster operations. 

3. Integration of Enterprise-Grade Capabilities

To enhance performance, observability, and governance, several integrations were implemented:

• Networking: MetalLB (load balancing) and Traefik (ingress). 
• Monitoring & Logging: Grafana, Loki, and Prometheus for real-time insights. 
• Cost Visibility: Kubecost for resource utilization and optimization. 
• Data Protection: Velero for scheduled backups. 
• Governance: Gatekeeper for policy enforcement and FluxCD for GitOps-driven automation. 
• Service Mesh: Istio for microservice communication management.
  
• Storage: Nutanix Volumes for persistent data support.

Results

• Regulatory Compliance Achieved: Successfully deployed a fully air-gapped, compliant Kubernetes platform.
• Secure & Isolated Environment: No external dependencies; complete adherence to data protection policies.
• Operational Simplification: NKP reduced the complexity of cluster lifecycle management.
• Centralized Visibility: Unified monitoring and governance across all clusters.
• Future-Ready Infrastructure: Scalable, resilient, and optimized for modern cloud-native workloads.

Conclusion

Through methodical planning and close collaboration with the client’s IT and security teams, Network Techlab delivered a secure, enterprise-grade Kubernetes platform designed for regulated environments. The deployment overcame complex firewall restrictions and compliance barriers to establish a fully offline, yet fully functional digital infrastructure. 

The resulting solution empowers the organization with centralized management, observability, and policy enforcement, all while maintaining strict security and operational compliance — setting the stage for future cloud-native growth within a controlled on-prem environment.

Network Techlab (I) Ltd.
41, Sarvodaya Industrial Estate, Opp. Paper Box, Off. Mahakali Caves Road, Andheri East, Mumbai – 400093. India
P: 022-6681 4141 | info@netlabindia.com | www.netlabindia.com
Mumbai | Navi Mumbai | Ahmedabad | Vadodara | Vapi | Pune | Bangalore | Chennai | Goa | Delhi | Kolkata