Banks are quite conservative institutions. Strict internal regulations mean they are usually in no rush to implement new technologies, even if they become mainstream. Bank of Georgia was among the first in the banking sector that broke away from this stereotype and set a course for digitalization with an up-to-date technology stack.
Bank of Georgia (BoG) is one of the leading companies in the banking and financial services sector. It has a wide network of service centers and ATMs throughout Georgia, with representative offices in London, Budapest, and Tel-Aviv.
BoG is one of the largest employers in Georgia that actively supports healthcare, education, the environment, and other important social issues.
DESCRIBING A PROBLEM
Banks can be very traditional in some ways, but even they cannot ignore modern trends. In order to stay competitive, you need to keep pace with the latest technological developments and best practices.
Vazha Pirtskhalaishvili, Head Of DevOps Engineering unit at BoG, commented:
BoG was determined to become a technologically advanced bank. Driven by this realization, they decided to future-proof their systems and make them cloud-ready. To do so, their search began for a contractor that would help them achieve their goals.
CHOOSING A CONTRACTOR
BoG initiated the project with a clear vision of what they wanted to achieve. Their criteria for choosing a contractor was equally clear: it had to be a trustworthy high-tech company with local representation in Tbilisi. SHALB was introduced as a potential contractor by HT Solutions, a Georgian IT consulting company and longtime partner of BoG.
That is how SHALB received a task to design a new infrastructure for the largest bank in Georgia. It was a unique and technologically challenging project that immediately ignited our professional interest: we were eager to start.
BoG wanted a technology solution that would allow them the flexibility to manage applications on infrastructure that best suited their needs. According to their values and goals, they opted for microservices architecture, containerization, and Kubernetes.
We were asked to design a solid Kubernetes-orchestrated platform with the possibility to create and manage infrastructures which BoG could migrate their microservices to. One of the key requirements was the system’s fault-tolerance as it was to run business critical applications and have high availability of all architecture components. The solution also had to meet strict security requirements, be integrated with existing security and authorization systems, and reside in BoG’s inhouse data centers.
The first step to take was refactoring the monolith to microservices. BoG teams were responsible for containerizing applications, creating Docker images and running builds. SHALB was assigned with the task of having the services migrated and integrated into Kubernetes and provide their smooth operation. Based on the prepared Docker images, our engineers created Helm charts, pods, and deployments that were deployed to the Kubernetes cluster.
The Kubernetes-driven platform design is based on VMware and Rancher technologies and has been implemented by means of Terraform.
vSphere, a cloud computing virtualization platform from VMware, provides the basis for low architecture level and unites all servers into a single system. On top of that we applied Terraform to create and provide Kubernetes clusters, and Rancher Kubernetes Engine (RKE) to manage them.
The clusters’ Control Plane is shared between two data centers, enabling automatic switching and traffic redirection in case the active DC fails. This scenario has been thoroughly tested as one of the critical customer requirements.
The network connectivity between container workloads has been implemented with Cilium CNI. By using the Cilium CNI network plugin we created a connectivity model with the fewest privilege’s access, and includes awareness of Layer 7 communications, thereby further enhancing the network security.
The robust monitoring system is designed to comply with strict security regulations. All the communication and behavior between microservices and the components inside the Kubernetes cluster is tracked. Any anomalous or potentially harmful behavior is detected and immediately reported to the security department. Aggregation of security reports is based on Falco rules; the reports are further streamed into the existing SIEM system.
It was essential to meet BoG’s high standards, in particular for network security. The bank operates several data centers that work under complex rules. The rules also define how the microservices communicate and connect with each other. As a result, our system had to be designed in accordance with these rules in order to provide secure connection, which was architecturally challenging. In addition, the project was required to be completed within a short timeframe. This made things even more complicated as almost everything had to be designed from scratch.
As a bank, BoG also has strict regulations in terms of working with other contractors and third-party teams. SHALB specialists had no access to the production site and had to prepare some solutions on their side before BoG engineers could implement them on theirs. This sometimes required double the work to perform and inevitably slowed the whole process down.
With one of the largest IT departments in the region, BoG has strong engineering teams that are very good at what they do. Considering the project complexity and scale, we were happy to join forces with their qualified staff and work together on some technical issues.
In particular, our team was stuck on the problem of how to properly configure Rancher to create servers on the VMware side in order to pass data to other systems that run on these servers under Kubernetes management. Finally, thanks to technical advice of BoG VMware-certified engineers, we managed to solve the problem and move forward.
What makes it different
The project is trailblazing both in terms of the application field (banking sector) and technical implementation (architecture and configuration of services). Despite the technologies in use being actively developed, there is still room for new features and components, both in Kubernetes and Rancher. Our custom solution covers the missing functionality and makes it work regardless of how this stack implements the features that the customer needs.
Also, the solution is set up on the customer’s own data centers and is based on the VMware virtualization platform, although normally such systems are designed for public clouds or their on-prem analogues like OpenShift.
On completion of the project, the customer received a flexible and up-to-date platform, and all the tooling needed to launch, scale, deploy and destroy clusters on it. BoG specialists duly appreciated the advantages of Kubernetes in terms of scaling and quickness of deployments: first, it allows for automatic scaling in times of higher demand and downscaling when demand is reduced, and second, it significantly accelerates deployments making them a lot faster than before. According to Vazha Pirtskhalaishvili, they noticed the difference almost immediately after the project implementation.
Commenting on the project, Vazha Pirtskhalaishvili confirmed:
Working on the BoG project gave us an inspiring DevOps experience and invaluable know-how of how to deploy cloud native in the fintech sector. Now we are ready to share this knowledge with you! Invest in modernizing your systems today to future-proof them for tomorrow’s challenges. Drop by for a friendly talk by booking an online meeting or contact firstname.lastname@example.org for more information.