1001010110101010
Thank you! Our team will contact you soon
Start Your AI Journey

Scaling Fintech Securely: How Geidea Migrated Mission-Critical Workloads to AWS and Outposts

  • Industry : Fintech
  • Country : KSA
aws
outposts

Executive Summary

Geidea, a leading fintech innovator in Saudi Arabia, partnered with Zero&One to lead a complex, multi-phase migration of their payment infrastructure from Nutanix NC2 to Amazon Web Services (AWS). The engagement includes replatforming Geidea's Payment Gateway workload onto Amazon EKS, migrating critical applications like Postilion and Apex, and deploying three Amazon Outposts across KSA and Egypt to meet low-latency, on-premises processing needs. Zero&One proposed a secure and compliant architecture leveraging AWS Control Tower and a fully automated Terraform deployment to ensure consistent provisioning. The architecture spans multi-region environments, integrating EC2, RDS, EKS, and centralized DevOps practices while enforcing PCI DSS compliance and security guardrails. This transformation not only modernizes Geidea's infrastructure but also supports their regional expansion strategy, aligning with Saudi Arabia's Vision 2030 and enabling high availability, scalability, and performance — all while maintaining strict operational control and data security.

Customer Challenge

As Geidea continued its expansion across the region, its existing infrastructure — running on Nutanix Cloud Cluster (NC2 on AWS) — began to present limitations in terms of scalability, operational agility, and regulatory alignment. With increasing workloads tied to payment processing, legacy systems struggled to deliver the performance, automation, and resilience required for critical services. Geidea needed to modernize its architecture while ensuring compliance with PCI DSS and other regulatory standards. One of the key challenges was migrating high-stakes applications like Postilion and Apex, which underpin core financial transactions, to a secure and scalable cloud-native environment without disrupting ongoing operations. Additionally, Geidea required a hybrid model with low-latency processing at the edge, prompting the need to extend AWS infrastructure to on-premises sites in KSA and Egypt using Amazon Outposts. They also faced the need to unify their environments across multiple regions and services through a centralized and automated framework. The new solution had to meet strict requirements around data encryption, access control, region-specific workload isolation, and network security — all while supporting future DevOps enablement, cross-account automation, and cost-efficient scalability. Ensuring governance, visibility, and audit readiness across a large-scale, distributed cloud environment was at the core of Geidea's transformation goals.

Why Zero&One and AWS

Zero&One brought deep AWS expertise and regional experience to deliver a secure, scalable, and compliant cloud solution tailored to Geidea's needs. As a Premier AWS Partner with specialization in migrations and DevOps, we ensured a smooth transition to AWS services — including EKS, EC2, and Outposts — aligned with PCI DSS requirements and best practices. Together, we enabled Geidea to modernize its payment infrastructure while maintaining control, performance, and regulatory compliance.

The Solution

To address Geidea's transformation goals, Zero&One designed a hybrid cloud architecture on AWS, integrating Amazon EKS, EC2, and Outposts, all governed through AWS Control Tower and deployed using Terraform for consistent and auditable infrastructure-as-code delivery. The migration began with the replatforming of Geidea's Payment Gateway workload from Nutanix Cloud Cluster (NC2) to Amazon EKS, enabling container orchestration and autoscaling across multiple Availability Zones. This included Kubernetes version upgrades, Helm chart validation, and deployment of multi-cluster environments for both Payment Gateway and CI/CD operations. A centralized DevOps account was established to manage cross-environment deployments securely and efficiently.

Simultaneously, critical applications such as Postilion and Apex were migrated to Amazon EC2, using an active-active or active-passive design depending on workload criticality. Application Load Balancers (ALBs) and Network Load Balancers (NLBs) were configured to manage internal traffic distribution, ensuring redundancy and high throughput. The corresponding Microsoft SQL Server databases were deployed on EC2 with multi-AZ replication for resilience, and encryption was enforced via AWS KMS. To meet low-latency and data residency requirements, three Amazon Outposts were deployed across KSA and Egypt. These Outposts extended AWS infrastructure directly into Geidea's on-premises data centers, allowing key workloads to run locally while maintaining consistency with AWS Regions. Secure communication was established via site-to-site VPNs, and router configurations were implemented to support the control plane and resource access across all environments.

The entire architecture was anchored in a secure Landing Zone configured through AWS Control Tower, split into specialized accounts for Networking, Security, DevOps, Logging, and Production. Preventive and detective Guardrails were configured to enforce compliance with PCI DSS and internal policies — including region-specific access restrictions, encryption at rest, and network control boundaries. This end-to-end deployment enabled Geidea to consolidate and modernize its environments, enforce governance across multiple regions, and achieve scalable, secure operations with built-in compliance from day one. To ensure governance and secure access, the solution established a master account retained by Geidea, while delegated administrative access was granted to a central hub account. Although not under MSP, Zero&One supported account structuring, Control Tower setup, and access policies through enablement sessions with Geidea's team.

Solution Architecture

geidea aws case study solution 1
geidea aws case study solution 2

Results and Benefits

The migration led by Zero&One enabled Geidea to successfully modernize its core payment infrastructure while ensuring operational continuity, security, and compliance. By transitioning from Nutanix NC2 to AWS-native services like EKS and EC2, and by deploying three Amazon Outposts across KSA and Egypt, Geidea achieved a seamless hybrid architecture that supports both cloud-native and on-premises workloads. Qualitatively, the solution improved agility through infrastructure automation using Terraform, centralized deployment pipelines, and a secure AWS Control Tower Landing Zone. With the environment split into dedicated accounts for DevOps, Logging, Security, and Production, Geidea now has clear operational separation, enhanced governance, and improved auditability. The use of AWS Guardrails and KMS encryption ensures the infrastructure meets PCI DSS and internal compliance mandates, while network-level policies prevent unauthorized access and restrict region usage. Quantitatively, over 88 machines were migrated to Amazon EC2, 124 to Egypt Outposts, and 166 to KSA Outposts. More than five major systems (including Postilion, Apex, PAM, MPASS, and AD replication) were transitioned across multiple Availability Zones, using both active-active and active-standby configurations to maximize availability. Through the implementation of multi-AZ database replicas and load-balanced services, application uptime and resilience were significantly improved, while right-sizing and resource optimization set the stage for long-term cost control and scalability. As a result, Geidea now operates on a secure, scalable, and regionally compliant AWS foundation — ready to support its growing fintech services across the region, while aligning with Saudi Arabia's Vision 2030 digital transformation objectives.

About Zero&One

Zero&One is a leading Premier AWS Consulting Partners in MENA region with a vision to empower businesses of all scales in their cloud adoption journey. We specialize in AWS services like DevOps, application modernization, cloud migration and serverless computing. We currently operate from our offices in Lebanon, UAE, and Saudi with 100+ certifications in our hands and serve 50+ happy customers across the region.

01
Contact Us

We'd like to hear from you

Copyright © Zero&One. All rights reserved - Policies.
Protect yourself and others from the covid-19 pandemic. Learn more