Safaricom unlocks new levels of availability with F5 and NGINX

Safaricom is the largest telecommunications operator in Kenya, and one of the most profitable companies in the East and Central Africa region. It is a major pioneer in the African telcoms space, and offers mobile telephony, mobile money transfer, consumer electronics, ecommerce, cloud computing, data, music streaming, and fiber optic services. 

Highly conscious of its leadership position and evolving customer demands, Safaricom has always been committed to addressing arising challenges head on through innovation.

Towards the end of 2019, it had a chance to do just that as the availability of its critical apps was starting to become a concern.

As a part of an ongoing application modernisation strategy, Safaricom’s business critical systems encompassed mobile money, airtime purchasing, customer registration, and interactive voice response systems – all of which were provided by APIs to several other applications.

And everything worked well. Or at least it did until a service dropped offline. To get back up to speed, each application had to be manually relinked, which resulted in hours of downtime. For Safaricom – determined to safeguard its industry-leading customer service credentials –this was unacceptable. 

“Downtime had the potential to cause a critical risk to the organization in terms of both our revenue generating capacity and market reputation,” says George Njuguna, CIO at Safaricom. “Any time a delay starts to impact on your customers is bad news. We needed 24/7, high availability and the ability to free up our IT teams to do more productive work.”

Keen to transform headache into opportunity, Safaricom pulled out all the stops to identify a suitable solution that would support both their future application strategy and wider business continuity ambitions.

After a period of research, Safaricom’s DevOps team concluded that the business needed to move away from a monolithic application architecture to a high availability environment that could leverage the benefits of containers and microservices.

The big question was how?

NGINX: the (not so) secret ingredient

Alex Kipkirui, Senior Manager of Enterprise Integration and Order Management, explains how one of his team’s first port of calls was NGINX, which was already supporting Safaricom with load balancing at its three data centers.

Safaricom knew NGINX had a potential ace up its sleeve with an API gateway solution, which is a lightweight piece of software running on an application server that manages connection points for other app services or mobile apps to push or pull data. This includes taking API calls from clients and routing them to the appropriate microservice via request routing, composition, and protocol translation.

“We were very happy with NGINX’s work and support to date, and we knew they could offer us more. This is exactly why we were keen to learn what an API gateway solution could do for us,” Kipkirui recalls.

After a few meetings with the NGINX team, which became a part of F5 last year, it soon became clear that the answer was a lot.

Discussions between the combined F5 and NGINX team, as well as Safaricom’s DevOps experts, quickly determined that the best way ahead was to implement an IP load balancing solution. In practice, this would entail using NGINX Plus as the API gateway, while also harnessing the power of the F5 BIG-IP Virtual Edition for API geo-redundancy and application security. It was an easy decision for Safaricom to proceed once a Proof of Concept (POC) showed that the design could reduce potential downtime from hours to minutes. Production began immediately.

“The API gateway really was a critical component of this project, as it ensures we are able implement a greater level of security across our infrastructure, including protecting ourselves against distributed denial of service attacks. This allows us to accelerate our application modernisation programme while maintaining a high level of security,” Kipkirui enthuses.

Today Safaricom has far better control over the IP that they are exposing externally. It now achieves high availability through key features such as global server load balancing with connection limiting, queueing, JSON/XML-based API routing, rate limiting and method restrictions.

On top of that, Safaricom has also markedly reinforced application security across all three active data centers. F5’s BIG-IP VE can be easily provisioned and configured automatically by network operators and developers alike, allowing them to be integrated within existing CI/CD pipelines and ensuring all applications are deployed – and highly available – with the requisite security, compliance and traffic management capabilities.

Unlocking new possibilities

The full project was delivered in just six months and has already had a huge impact on how Safaricom runs its business, launches new services, and delivers the seamless user experience customers have come to expect.

Last month, it unveiled a new version of its flagship mySafaricom app, which operates in a hybrid environment and draws information from cloud-based and on-premises services. Thanks to the power of the NGINX API gateway, it has been able to achieve massively improved API performance, response times and security compared to the previous version of the app.

In another recent development, Safaricom was included in the 2020 Fortune Change the World List, which recognizes companies that have made a positive social impact. Safaricom ranked 7th for its role in transforming how people in Kenya are paying for and accessing healthcare through M-TIBA, which is a partnership with CarePay and PharmAccess.

“M-TIBA has shown how, through partnerships, we can use the mobile phone to drive healthcare inclusion for millions of people”, said Peter Ndegwa, CEO of Safaricom, speaking as the ranking was announced.

Never one to stand still, Safaricom is already looking to expand the scope of its work with F5 and NGINX as it looks to support additional teams across the organization.

“When I look for a vendor, I need to know they are committed. Are they there for the long haul? I’m not just talking about commitment to us as a business, but also our community and continent,” Njuguna explains.

“Trust on this front is very important, and F5 and NGINX tick all the boxes in this respect. I can sleep at night knowing that the money I got from the board is going to good use, and that we can focus on tackling bigger problems, pioneering new services, and delivering excellence for our customers, rather than wasting time on operational issues.”

  • Service disruptions
  • Outdated application architecture
  • Need for containers and microservices

  • Greater availability
  • Reinforced application security
  • Improved API performance