SlideShare una empresa de Scribd logo

A Blueprint for Cloud-Native Financial Institutions

Descargar como PPTX, PDF
A
Angelo Agatino Nicolosi

In this presentation we show how one of the largest bank in the nordics succeeded in adopting evolutionary architecture at scale.

Tecnología
1 de 62
A BLUEPRINT FOR CLOUD-NATIVE FINANCIAL INSTITUTIONS
ANGELO AGATINO NICOLOSI 2 https://dk.linkedin.com/in/anicolosi
AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 3
START-UP LIFE
ENTERPRISE LIFE 5
AN ENTERPRISE APPLICATION 6 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI
AN ENTERPRISE APPLICATION 7 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
AN ENTERPRISE APPLICATION 8 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
OUR DREAM: AGILE ENTERPRISE 9
ADOPT EVOLUTIONARY ARCHITECTURE 10 Refocus resources and efforts in building a future-proof architecture. …and stop trying to predict what the business and technology will look like in the future.
AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 11
DEN NY MOBILBANK Agility Quality High Availability
- Current status - Tight coupling - High complexity - Large Regression tests - Operational Issues - Local and Enterprise Change Advisory Boards - Release is a pain - Serious business losses Image from: https://disrupt-and-innovate.org 2015
• 05.2013: Release • 12.2013: ≈ 1M users Data from Wikipedia
15 • 05.2013: Release • 12.2013: ≈ 1M users • 05.2015: Release • 11.2015: 1M users Data from Wikipedia
2015
2015
- Is the mainframe really the issue? 2015
- Is the mainframe really the issue? - Thousands of modules, programs, copybooks, etc. in PL1 and Cobol. - External interfaces have been estimated to be > 50K. - No documentation. - Multiple versions with no way to know which one to use. - Same functionality implemented multiple times. 2015
- Is the mainframe really the issue? - Thousands of modules, programs, copybooks, etc. in PL1 and Cobol. - External interfaces have been estimated to be > 50K. - No documentation. - Multiple versions with no way to know which one to use. - Same functionality implemented multiple times. 2015
THE OUT OF MAINFRAME PROJECTS! A.K.A. THE ”RECODE THE BANK” PROJECTS 2015
- The system was complex to develop in. However: - All transactions hit one single DBMS. - Very skilled DBA central unit with dedicated specialists in any development team. - Constant monitoring and optimization. - RCAs on incidents seldom located root causes on this platform. DB2 2015
- Is the mainframe really the issue? - It was true that the system was complex. But just to develop in. - All transactions hit one single DBMS. - Very skilled DBA central unit with dedicated specialists in any development team. - Constant monitoring and optimization. - RCAs on incidents seldom located root causes on this platform. DB2 2015
… Middleware 2015
… 2015 Middleware
Illustration: Jim Nelson for his book ”On the shoulder of a giant”” #1 STAND ON THE SHOULDERS OF GIANTS And remove technical debt
Q4 2015 Identify Technical Debt Q1 2016 Public Cloud!
Q4 2015 Identify Technical Debt Q1 2016 Public Cloud! Q2 2016 Private Cloud
Q4 2015 Identify Technical Debt Q1 2016 Public Cloud! Q2 2016 Private Cloud Q3 2016 Production
#2 BE SMART 30 - Define an Exit Strategy - Use containers - Segregate business logic from ”infrastructure wiring” - Adopt an evolutionary architecture
AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 31
… Middleware TECHNICAL DEBT
APIGateway APIGateway STEP 1: ENSURE SEGREGATION Old middleware
APIGateway APIGateway STEP 2: MIGRATE BUSINESS LOGIC
STEP 3: PERFORM DATA MIGRATION APIGateway APIGateway
ENCLAVE - DEFINITION MICROSERVICES FOR THE ENTERPRISE 36 An enclave is a self-sufficient, secured and isolated platform composed of a set of services supporting any number of external or internal applications that resides within the same enterprise business domain.
- It has a single inbound (API Gateway) and a single outbound (Integration) network microsegment. - Microservices in the API Gateway and Integration Context are completely stateless (regarding the transactions). - It segregates business domains in different microsegments of network - Synchronous communication is discouraged (besides for data queries). - Mutual TLS everywhere microsegments are crossed. - Authorization through JWTs SOME DETAILS Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration
- It has a single inbound (API Gateway) and a single outbound (Integration) network microsegment. - Microservices in the API Gateway and Integration Context are completely stateless (regarding the transactions). - It segregates business domains in different microsegments of network - Synchronous communication is discouraged (besides for data queries). - Mutual TLS everywhere microsegments are crossed. - Authorization through JWTs SOME DETAILS Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration
ENCLAVES IN THE ENTERPRISE 39 L O C A L E N T E R P R I S E
PRACTICAL EXAMPLE: PAYMENTS 40 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending]
PRACTICAL EXAMPLE: PAYMENTS 41 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending]
PRACTICAL EXAMPLE: PAYMENTS 42 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending] • Payment systems perform the required checks and operations and fires an Enterprise Event [Status: Pending]
PRACTICAL EXAMPLE: PAYMENTS 43 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending] • Payment systems perform the required checks and operations and fires an Enterprise Event [Status: Pending] • Both Private Banking and MobilePay enclaves receives the Enterprise Event and update their state [Status: Approved]
PRACTICAL EXAMPLE: PAYMENTS 44 Private Banking Mobile Pay Payment Systems • Why do we use Local Events instead of simple queues? Audit
#3 FUTURE PROOF YOUR APPLICATIONS EASY TO CHANGE, EXTEND AND EXPERIMENT
WHAT ABOUT SECURITY? 46 Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration • The Enclave setup helps minimizing the blast radius in case of attacks. • Moreover, with the concept of EUP Ticket, cross platform communication is much more complicated to misuse
NEW TECH SOMETIMES MEANS INSTALL NEW STUFF… ENDPOINT SECURITY 47 • Great idea with having Device Management as security cornerstone. • However, that Access Proxy can be very complex to implement. Image from https://www.praetorian.com
ENCLAVES TO THE RESCUE 4848 • Great idea with having Device Management as security cornerstone. • Specific enclaves for internal applications will only be available to authorised devices. • For any other specialised use evaluate on a per needed basis avoiding the construction of complex systems (SSH tunnelling, Citrix, Jump Hosts, etc.)
AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 49
OPEN SERVICE BROKER API 50 A simple set of API endpoints which can be used to provision, gain access to and managing service offerings.
ENCLAVES AT SCALE: OPEN SERVICE BROKER API 51 Business Unit API Cloud2 Delivery Non-Production Production API Create Enclave API Create Business Domain API Create Microservice Cloud2 Engine Cloud2 Engine Cloud2 Engine
ENCLAVES ARE JUST ONE OF THE POSSIBLE BLUEPRINTS 52 Cloud Development Guild (R&D) Automation Application Blueprints
AN ENTERPRISE APPLICATION 53 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
AN ENTERPRISE APPLICATION 54 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
#4 AUTOMATE AND USE STANDARDS 55
HOWEVER 56
HOWEVER 57 - Building a cloud is hard (surprise!) - Customer Expectations - DevOps culture cannot be there in a project oriented organization.
#5 ORGANIZATION FIRST INVEST ON YOUR PEOPLE 58
AT BESTSELLER WE STARTED FROM THE ORGANIZATION 59 Customer Consumer Products Operations Finance & BI Workforce - Products instead of Projects - PO & SM as leaders - DevOps culture
AND NOW WE TACKLE THE TECH: A NEW ERP SYSTEM 60 PL/SQL
WRAP UP 1.Stand on the shoulders of giants (your legacy) 2.Be Smart (avoid vendor lock-ins and expect migrations) 3.Future proof your applications 4.Automate and use Standards 5.Start from the organization and invest on your people 61
THANKS! ANY QUESTIONS? 62

Recomendados

Observable Microservices (O'Reilly SACon London 2018)
Observable Microservices (O'Reilly SACon London 2018)Observable Microservices (O'Reilly SACon London 2018)
Observable Microservices (O'Reilly SACon London 2018)Maria Gomez
 
Observable microservices (O'Reilly SACon NY 2018)
Observable microservices (O'Reilly SACon NY 2018)Observable microservices (O'Reilly SACon NY 2018)
Observable microservices (O'Reilly SACon NY 2018)Maria Gomez
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint SoftwareJanis Gloystein
 
Webinar: Connecting & Sensing
Webinar: Connecting & SensingWebinar: Connecting & Sensing
Webinar: Connecting & SensingXylos
 
OWASP Bay Area Meetup - DevSecOps the Kubernetes Way
OWASP Bay Area Meetup - DevSecOps the Kubernetes WayOWASP Bay Area Meetup - DevSecOps the Kubernetes Way
OWASP Bay Area Meetup - DevSecOps the Kubernetes WayJimmy Mesta
 
Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Sander Hoogendoorn
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
 
NEcX Profile
NEcX ProfileNEcX Profile
NEcX ProfileVinu Gopinath
 

Recomendados

Observable Microservices (O'Reilly SACon London 2018)
Observable Microservices (O'Reilly SACon London 2018)Observable Microservices (O'Reilly SACon London 2018)
Observable Microservices (O'Reilly SACon London 2018)Maria Gomez
 
Observable microservices (O'Reilly SACon NY 2018)
Observable microservices (O'Reilly SACon NY 2018)Observable microservices (O'Reilly SACon NY 2018)
Observable microservices (O'Reilly SACon NY 2018)Maria Gomez
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint SoftwareJanis Gloystein
 
Webinar: Connecting & Sensing
Webinar: Connecting & SensingWebinar: Connecting & Sensing
Webinar: Connecting & SensingXylos
 
OWASP Bay Area Meetup - DevSecOps the Kubernetes Way
OWASP Bay Area Meetup - DevSecOps the Kubernetes WayOWASP Bay Area Meetup - DevSecOps the Kubernetes Way
OWASP Bay Area Meetup - DevSecOps the Kubernetes WayJimmy Mesta
 
Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Growing a microservices landscape (with smart use cases)
Growing a microservices landscape (with smart use cases)Sander Hoogendoorn
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
 
NEcX Profile
NEcX ProfileNEcX Profile
NEcX ProfileVinu Gopinath
 
Extreme DevOps in Fintech
Extreme DevOps in FintechExtreme DevOps in Fintech
Extreme DevOps in FintechAngelo Agatino Nicolosi
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal templateMoti Sagey מוטי שגיא
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
SplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbHSplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbHSplunk
 
How Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual AssistantHow Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual AssistanteG Innovations
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITApigee | Google Cloud
 
[Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering [Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering Fortifier. IT Company
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachCA Technologies
 
Streaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and ProductsStreaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and ProductsKai Wähner
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise xMatters Inc
 
What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017Kayla Wortley
 
Visa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API ManagementVisa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API ManagementCA Technologies
 
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Scaling agile from the ground up
Scaling agile from the ground upScaling agile from the ground up
Scaling agile from the ground upSander Hoogendoorn
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...Capgemini
 
SplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On VersionSplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On VersionSplunk
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)VMware Tanzu
 

Más contenido relacionado

La actualidad más candente

SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
SplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbHSplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbHSplunk
 
How Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual AssistantHow Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual AssistanteG Innovations
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITApigee | Google Cloud
 
[Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering [Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering Fortifier. IT Company
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachCA Technologies
 
Streaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and ProductsStreaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and ProductsKai Wähner
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise xMatters Inc
 
What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017Kayla Wortley
 
Visa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API ManagementVisa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API ManagementCA Technologies
 
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Scaling agile from the ground up
Scaling agile from the ground upScaling agile from the ground up
Scaling agile from the ground upSander Hoogendoorn
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...Capgemini
 
SplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On VersionSplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On VersionSplunk
 

La actualidad más candente (19)

Extreme DevOps in Fintech
Extreme DevOps in FintechExtreme DevOps in Fintech
Extreme DevOps in Fintech
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
SplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbHSplunkLive! Zurich 2018: MARVES GmbH
SplunkLive! Zurich 2018: MARVES GmbH
 
How Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual AssistantHow Citrix Admins can get a Virtual Assistant
How Citrix Admins can get a Virtual Assistant
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed IT
 
[Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering [Fortifier] Reliable software engineering
[Fortifier] Reliable software engineering
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
 
Streaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and ProductsStreaming Analytics - Comparison of Open Source Frameworks and Products
Streaming Analytics - Comparison of Open Source Frameworks and Products
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise Preview: 3 Steps to Monitoring in a Connected Enterprise
Preview: 3 Steps to Monitoring in a Connected Enterprise
 
What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017What's New in SecureAuth IdP in 2017
What's New in SecureAuth IdP in 2017
 
Visa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API ManagementVisa Europe Drives Innovation in Commerce and Payments with API Management
Visa Europe Drives Innovation in Commerce and Payments with API Management
 
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Scaling agile from the ground up
Scaling agile from the ground upScaling agile from the ground up
Scaling agile from the ground up
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
 
SplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On VersionSplunkLive! Houston IT Service Intelligence Hands On Version
SplunkLive! Houston IT Service Intelligence Hands On Version
 

Similar a A Blueprint for Cloud-Native Financial Institutions

Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)VMware Tanzu
 
Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureStefan van Oirschot
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share nmaka
 
Cloudify your applications: microservices and beyond
Cloudify your applications: microservices and beyondCloudify your applications: microservices and beyond
Cloudify your applications: microservices and beyondUgo Landini
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynoterajdeep
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern ApplicationRahul Kumar Gupta
 
Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Solace
 
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprisestackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
stackconf 2021 | Reference Architecture for a Cloud Native Digital EnterpriseNETWAYS
 
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aL105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aTony Pearson
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMiki Lombardi
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Samy Fodil
 
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...Shawn Wells
 
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...Club Alliances
 

Similar a A Blueprint for Cloud-Native Financial Institutions (20)

Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
Keynote: Software Kept Eating the World (Pivotal Cloud Platform Roadshow)
 
Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud future
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
 
Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share Pune open cloudfoundry keynote niranjan maka share
Pune open cloudfoundry keynote niranjan maka share
 
Cloudify your applications: microservices and beyond
Cloudify your applications: microservices and beyondCloudify your applications: microservices and beyond
Cloudify your applications: microservices and beyond
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynote
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern Application
 
Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture
 
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprisestackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
 
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aL105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902a
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - Plansoft
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
 
Dev ops
Dev opsDev ops
Dev ops
 
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...
 
EasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng OeiEasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng Oei
 
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...
2011.02. Ecosystème SaaS et Cloud 2011 - Enjeux et Perspectives - Point de Vu...
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

A Blueprint for Cloud-Native Financial Institutions

  • 2. ANGELO AGATINO NICOLOSI 2 https://dk.linkedin.com/in/anicolosi
  • 3. AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 3
  • 6. AN ENTERPRISE APPLICATION 6 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI
  • 7. AN ENTERPRISE APPLICATION 7 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
  • 8. AN ENTERPRISE APPLICATION 8 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
  • 9. OUR DREAM: AGILE ENTERPRISE 9
  • 10. ADOPT EVOLUTIONARY ARCHITECTURE 10 Refocus resources and efforts in building a future-proof architecture. …and stop trying to predict what the business and technology will look like in the future.
  • 11. AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 11
  • 13. - Current status - Tight coupling - High complexity - Large Regression tests - Operational Issues - Local and Enterprise Change Advisory Boards - Release is a pain - Serious business losses Image from: https://disrupt-and-innovate.org 2015
  • 14. • 05.2013: Release • 12.2013: ≈ 1M users Data from Wikipedia
  • 15. 15 • 05.2013: Release • 12.2013: ≈ 1M users • 05.2015: Release • 11.2015: 1M users Data from Wikipedia
  • 16. 2015
  • 17. 2015
  • 18. - Is the mainframe really the issue? 2015
  • 19. - Is the mainframe really the issue? - Thousands of modules, programs, copybooks, etc. in PL1 and Cobol. - External interfaces have been estimated to be > 50K. - No documentation. - Multiple versions with no way to know which one to use. - Same functionality implemented multiple times. 2015
  • 20. - Is the mainframe really the issue? - Thousands of modules, programs, copybooks, etc. in PL1 and Cobol. - External interfaces have been estimated to be > 50K. - No documentation. - Multiple versions with no way to know which one to use. - Same functionality implemented multiple times. 2015
  • 21. THE OUT OF MAINFRAME PROJECTS! A.K.A. THE ”RECODE THE BANK” PROJECTS 2015
  • 22. - The system was complex to develop in. However: - All transactions hit one single DBMS. - Very skilled DBA central unit with dedicated specialists in any development team. - Constant monitoring and optimization. - RCAs on incidents seldom located root causes on this platform. DB2 2015
  • 23. - Is the mainframe really the issue? - It was true that the system was complex. But just to develop in. - All transactions hit one single DBMS. - Very skilled DBA central unit with dedicated specialists in any development team. - Constant monitoring and optimization. - RCAs on incidents seldom located root causes on this platform. DB2 2015
  • 26. Illustration: Jim Nelson for his book ”On the shoulder of a giant”” #1 STAND ON THE SHOULDERS OF GIANTS And remove technical debt
  • 28. Q4 2015 Identify Technical Debt Q1 2016 Public Cloud! Q2 2016 Private Cloud
  • 29. Q4 2015 Identify Technical Debt Q1 2016 Public Cloud! Q2 2016 Private Cloud Q3 2016 Production
  • 30. #2 BE SMART 30 - Define an Exit Strategy - Use containers - Segregate business logic from ”infrastructure wiring” - Adopt an evolutionary architecture
  • 31. AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 31
  • 33. APIGateway APIGateway STEP 1: ENSURE SEGREGATION Old middleware
  • 35. STEP 3: PERFORM DATA MIGRATION APIGateway APIGateway
  • 36. ENCLAVE - DEFINITION MICROSERVICES FOR THE ENTERPRISE 36 An enclave is a self-sufficient, secured and isolated platform composed of a set of services supporting any number of external or internal applications that resides within the same enterprise business domain.
  • 37. - It has a single inbound (API Gateway) and a single outbound (Integration) network microsegment. - Microservices in the API Gateway and Integration Context are completely stateless (regarding the transactions). - It segregates business domains in different microsegments of network - Synchronous communication is discouraged (besides for data queries). - Mutual TLS everywhere microsegments are crossed. - Authorization through JWTs SOME DETAILS Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration
  • 38. - It has a single inbound (API Gateway) and a single outbound (Integration) network microsegment. - Microservices in the API Gateway and Integration Context are completely stateless (regarding the transactions). - It segregates business domains in different microsegments of network - Synchronous communication is discouraged (besides for data queries). - Mutual TLS everywhere microsegments are crossed. - Authorization through JWTs SOME DETAILS Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration
  • 39. ENCLAVES IN THE ENTERPRISE 39 L O C A L E N T E R P R I S E
  • 40. PRACTICAL EXAMPLE: PAYMENTS 40 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending]
  • 41. PRACTICAL EXAMPLE: PAYMENTS 41 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending]
  • 42. PRACTICAL EXAMPLE: PAYMENTS 42 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending] • Payment systems perform the required checks and operations and fires an Enterprise Event [Status: Pending]
  • 43. PRACTICAL EXAMPLE: PAYMENTS 43 Private Banking Mobile Pay Payment Systems • A payment is requested by a user in MobilePay [Status: Pending] • The request is committed in the MobilePay enclave and a Local Event is fired. [Status: Pending] • Payment systems perform the required checks and operations and fires an Enterprise Event [Status: Pending] • Both Private Banking and MobilePay enclaves receives the Enterprise Event and update their state [Status: Approved]
  • 44. PRACTICAL EXAMPLE: PAYMENTS 44 Private Banking Mobile Pay Payment Systems • Why do we use Local Events instead of simple queues? Audit
  • 45. #3 FUTURE PROOF YOUR APPLICATIONS EASY TO CHANGE, EXTEND AND EXPERIMENT
  • 46. WHAT ABOUT SECURITY? 46 Security Business DomainsBusiness DomainsBusiness Domains API Gateway Integration • The Enclave setup helps minimizing the blast radius in case of attacks. • Moreover, with the concept of EUP Ticket, cross platform communication is much more complicated to misuse
  • 47. NEW TECH SOMETIMES MEANS INSTALL NEW STUFF… ENDPOINT SECURITY 47 • Great idea with having Device Management as security cornerstone. • However, that Access Proxy can be very complex to implement. Image from https://www.praetorian.com
  • 48. ENCLAVES TO THE RESCUE 4848 • Great idea with having Device Management as security cornerstone. • Specific enclaves for internal applications will only be available to authorised devices. • For any other specialised use evaluate on a per needed basis avoiding the construction of complex systems (SSH tunnelling, Citrix, Jump Hosts, etc.)
  • 49. AGENDA The Dream A New Beginning The Cloud-Native Financial Institution Fast-Track to Evolutionary Architecture 49
  • 50. OPEN SERVICE BROKER API 50 A simple set of API endpoints which can be used to provision, gain access to and managing service offerings.
  • 51. ENCLAVES AT SCALE: OPEN SERVICE BROKER API 51 Business Unit API Cloud2 Delivery Non-Production Production API Create Enclave API Create Business Domain API Create Microservice Cloud2 Engine Cloud2 Engine Cloud2 Engine
  • 52. ENCLAVES ARE JUST ONE OF THE POSSIBLE BLUEPRINTS 52 Cloud Development Guild (R&D) Automation Application Blueprints
  • 53. AN ENTERPRISE APPLICATION 53 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
  • 54. AN ENTERPRISE APPLICATION 54 Network Compute Databases API Management Monitoring Application Security Message Broker Application Logs Audit Logs Resource Management Deployment Collaboration Integration PKI Audit Risk and Security Assessment …
  • 57. HOWEVER 57 - Building a cloud is hard (surprise!) - Customer Expectations - DevOps culture cannot be there in a project oriented organization.
  • 59. AT BESTSELLER WE STARTED FROM THE ORGANIZATION 59 Customer Consumer Products Operations Finance & BI Workforce - Products instead of Projects - PO & SM as leaders - DevOps culture
  • 60. AND NOW WE TACKLE THE TECH: A NEW ERP SYSTEM 60 PL/SQL
  • 61. WRAP UP 1.Stand on the shoulders of giants (your legacy) 2.Be Smart (avoid vendor lock-ins and expect migrations) 3.Future proof your applications 4.Automate and use Standards 5.Start from the organization and invest on your people 61

Notas del editor

  1. Angelo, worked in several companies during my carreer. Both in start-ups and large enterprises. About the latter, I have been in Danske Bank for 7 years where I grew from IT Developer to Head of Software Engineering. Recently I joined BESTSELLER, one of the leaders in the Fashion Business.
  2. Start-ups, you have a lot by default: Quick decisions, Fail fast DevOps Amazing development experience 0 legacy and full green field projects very fast development quick releases fast, strong and direct feedback loops. It is a real pleasure to work. However the challenge and impact is not there yet.
  3. The Enterprise is quite the opposite. Your company has already an impact on today’s market and you need to maintain it and expand it. Your may be constrained by: Current tech landscape Organizational hirerarchy Processes supporting different way of working Needed integration to existing systems
  4. In more detail, you are required to develop solutions that are already integrated in the enterprise technological landscape
  5. And respect specific processes
  6. From idea generation to production at Danske Bank you had to factor at leasr 70 days on top of the effort needed to develop and release the application or feature you wanted.
  7. Our dream was the one shared by any other enterprise: to bring the way of working and time to market you can have in start-ups while having the amazing challenges that only the enterprise world can offer you. From this the need for a higher degree of agility.
  8. We were tasked with the great assignment of building a new Mobile Bank for the following reasons: Higher availability Higher release quality Shorter time-to-market … and at the same time remove dependencies from external IT company
  9. We started in 2015 and we were standing on a platform on fire
  10. Just to understand what this meant business wise, let’s take the MobilePay example. A very successfull peer-to-peer payment app Danske Bank released in Denmark in 2013. Currently won the full market and aggregated 60+ banks in that market.
  11. Danske Bank could not release it in time to other markets. Vipps was released 2 years later in Norway, before Mobile Pay, winning the market. When MobilePay was released it was too late and it was later on closed down.
  12. A lot of people blamed it on the mainframe!
  13. Just because it was ugly…
  14. But was it really that the issue?
  15. Let’s look at its status…
  16. And you may conclude that it is actually true…
  17. Tens of projects were started with the only purpose of ”solving this issue”. However this really cannot be it. We have built a humongous business completely on the mainframe… can this really be this useless?
  18. However it really was not!
  19. Legacy is not necessarily technical debt.
  20. Let’s just zoom out a little and we will actually notice a middleware ring which every single transaction from our internal and customer facing applications must cross.
  21. This was actually where most of the technical debt resided.
  22. IMPORTANT STUFF #1 You work in an enterprise. If you deny your legacy you will have no compentitive advantage over the upcoming new players in the market. You will be destroyed. Leverage on your legacy while removing technical debt instead.
  23. So we started 2016 with getting code out there on several public cloud providers
  24. To just be shut down 3 months later since we were forced back on prem. Management decided to build our own private cloud, so we started reinventing the wheel.
  25. However, we did manage to get into prod by Q3 same year.
  26. IMPORTANT STUFF #2 Be smart!
  27. But was it really that the issue?
  28. Step 1: Create segregation through a layer of well defined APIs
  29. Build business logic reusing data on the existing system
  30. Migrate data while migrating to event driven design
  31. We started to define a set of best practices that then, based on input from our experiences in production, turned into a full blown architecture description.
  32. The microservices of course will be inside the network microsegments.
  33. Different applications hitting different domains, as for instance B2B and B2C, or processing of external streams of data hit the enclaves ”above the stream”. Then we have central systems hosting cross functional systems and business logic ”below the stream”. These systems host complex business logic, committing data continuously and emitting specific enterprise events.
  34. From idea generation to production at Danske Bank you had to factor at leasr 70 days on top of the effort needed to develop and release the application or feature you wanted.
  35. From idea generation to production at Danske Bank you had to factor at leasr 70 days on top of the effort needed to develop and release the application or feature you wanted.
  36. Split the IT organization based on Domains.