Banks are quite conservative institutions. Strict internal regulations mean they are in no haste to implement some new technologies, even if it becomes mainstream. Bank of Georgia was among the first in the banking sector that broke away from this cliche and set a course for digitalization with an up-to-date technology stack.

CUSTOMER INFORMATION

Bank of Georgia (BoG) is one of the leading companies in the banking and financial services sector. It has a wide network of service centers and ATMs throughout Georgia and representative offices in London, Budapest, and Tel-Aviv. BoG is one of the largest employers in Georgia that actively supports healthcare, education, environment, and other important social issues.

DESCRIBING A PROBLEM

Banks could be very traditional in some ways, but they cannot stay away from modern trends. In order to stay competitive, you need to keep pace with the latest trends and best practices.

 

Vazha Pirtskhalaishvili, Head Of DevOps Engineering unit at BoG, comments:

Vazha Pirtskhalaishvili, Head Of DevOps Engineering unit at BoGh

I think that the most important part for banks is to realize that you are not only a traditional bank but you are actually competing in technology. And you have to be technologically advanced because every product in this age is digital and most of the stuff is done digitally. To have some kind of advantage over other players is very challenging. Let’s say, technology has to be in your core.

BoG was determined to become a technologically advanced bank. Driven by this realization, they decided to future-proof their systems and make them cloud-ready. So they started searching for a contractor that would help them achieve their goals.

CHOOSING A CONTRACTOR

BoG initiated the project with a clear vision of what they wanted to be done and achieved. Their criteria of choosing a contractor were no less distinct: it had to be a high-tech trustworthy company with a local representation in Tbilisi. SHALB was introduced as a potential contractor by HT Solutions, a Georgian IT consulting company and a longtime partner of BoG.

Vazha Pirtskhalaishvili, Head Of DevOps Engineering unit at BoGh

The project was too important for us, so we wanted a company that we could trust, – comments Vazha Pirtskhalaishvili. – We trust HT Solutions as we have done a lot of projects together before. And also we wanted a team that would be technologically advanced and have a modern stack, and actually SHALB met all those criteria.

That is how SHALB received a task to design a new infrastructure for the largest bank in Georgia. It was a unique and technologically challenging project that immediately ignited our professional interest: we were eager to start.

PROJECT DESCRIPTION

Requirements

BoG wanted a technology solution that would allow them the flexibility to manage applications on the infrastructure that best suit their needs. According to their values and goals, they opted for microservices architecture, containerization and Kubernetes.

 

We were asked to design a solid Kubernetes-orchestrated platform with the possibility to create and manage infrastructures, where BoG could migrate their microservices to. One of the key requirements was the system’s fault-tolerance as it was supposed to run business critical applications, and high availability of all architecture components. Also, the solution should have met strict security requirements, be integratable with existing security and authorization systems, and reside in BoG inhouse data centers.

 

The first step to take was refactoring the monolith to microservices. BoG teams were responsible for containerizing applications, creating Docker images and running builds. We were assigned with the task to have the services migrated and integrated into Kubernetes, and provide their smooth operation. Based on the prepared Docker images, our engineers created Helm charts, pods and deployments that were deployed to the Kubernetes cluster.

 

Technical implementation

The Kubernetes-driven platform design is based on VMware and Rancher technologies, and has been implemented by means of Terraform.

 

vSphere, a cloud computing virtualization platform from VMware, underlies low architecture level and unites all servers into a single system. On Top of that we applied Terraform to create and provision Kubernetes clusters, and Rancher Kubernetes Engine (RKE) to manage them.

 

The clusters’ Control Plane is shared between two datacenters, enabling automatic switching and traffic redirection in case the active DC fails. This scenario has been thoroughly tested as one of the critical customer requirements.

 

The network connectivity between container workloads has been implemented with Cilium CNI. By using the Cilium CNI network plugin we create the least privilege’s access connectivity model that includes awareness of Layer 7 communications, thereby further enhancing the network security.

 

The robust monitoring system is designed to comply with strict regulations on the security side. All the communication and behavior between microservices and the components inside the Kubernetes cluster is being properly tracked. Any anomalous or potentially harmful behavior is being detected and immediately reported to the security department. Aggregation of security reports is based on Falco rules; the reports are further streamed into the existing SIEM system.

 

Challenges

In the course of the project realization it was essential to meet BoG’s high standards, in particular for network security. The bank operates several datacenters that work under complex rules. The rules also define how the microservices communicate and connect with each other. Our system had to be designed with respect to these rules in order to provide secure connection, which was architecturally challenging. Moreover, the project should have been accomplished within short timeframes. This made things even more complicated as almost everything had to be designed from scratch.

 

Also, as a bank BoG has strict regulations in terms of working with other contractors and third-party teams. SHALB specialists had no access to the production site and had to prepare some solutions on their side before BoG engineers could implement them on theirs. This sometimes required double work to perform and actually slowed the whole process down.

 

With one of the largest IT departments in the region, BoG has strong engineering teams that do a good job on their side. Considering the project complexity and scale we were happy to join forces with their qualified staff and work together on some technical issues.

 

In particular, our team was stuck on a problem of how to properly configure Rancher to create servers on the VMware side in order to pass data to other systems that run on these servers under Kubernetes management. Finally, thanks to technical advice of BoG VMware-certified engineers, we managed to solve the problem and move forward.

 

What makes it different

The project is trailblazing both in regards to the application field (banking sector) and technical implementation (architecture and configuration of services). Despite the technologies in use being actively developed, there is still room for new features and components, both in Kubernetes and Rancher. Our custom solution covers the missing functionality and makes it work regardless of how this stack implements the features that the customer needs.

 

Also, the solution is spun up on the customer’s own datacenters and is based on the VMware virtualization platform, although normally such systems are designed for public clouds or their on-prem analogues like OpenShift.

PROJECT OUTCOME

After the project finalization, the customer received a flexible up-to-date platform, and all the tooling needed to launch, scale, deploy and destroy clusters on it. BoG specialists duly appreciated the advantages of Kubernetes in terms of scaling and quickness of deployments: first, it allows for automatic scaling in times of higher demand and downscaling when there is not, and second, it significantly accelerates deployments making them a lot faster than before. According to Vazha Pirtskhalaishvili, they noticed the difference almost at once after the project implementation.

CUSTOMER FEEDBACK

Commenting on the project, Vazha Pirtskhalaishvili admits:

Vazha Pirtskhalaishvili, Head Of DevOps Engineering unit at BoGh

The collaboration process went on smoothly and I think the guys did a pretty good job to achieve our goals. Personally I have to mention that there were some aspects that required additional work because with a project that big it is very difficult to plan everything ahead and you always have some pieces and bits that emerge in the process. And the guys didn’t hesitate to help even though it was not covered in our contract, which was a pleasant part.

 

Working on the BoG project gave us an inspiring DevOps experience and invaluable know-how of how to deploy cloud native in the fintech sector. And we are ready to share this knowledge with you! Invest in modernizing your systems today to future-proof them for tomorrow’s challenges. Drop by for a friendly talk by booking an online meeting or contact sales@shalb.com for more information.