Making a Mammoth Run Continuous Delivery in a bank
Making a Mammoth Run
Continuous Delivery in a bank
I am Laurent GrangeauI love to automate things and run apps at scale. You can find me at @laurentgrangeau
Hello!
I am Christophe LecointeI tinker around and simplify things
Hello!
Overview of softwares in bank industries1
Banking overview
Old codeThere is lots of legacy code. Generally, the code base is > 5 years.
No agile processMostly waterfall process, ITIL compliant.
RegulationBanks can’t do what they want. There is a lot of regulation and audits.
Monolithic softwaresAs softwares were designed years ago, there is little microservices, and no 12factor principles.
Releases are manualGenerally, release is a manual process with service interruption.
Obsolete infrastructuresThere are still mainframe computers or specialized appliances like Sparc machines.
Fintechs arrival2
$12.7 billions funding
1.000+ companies
Leverage on cutting edge technologies
Fintech landscape
Appears in 2008
$921 millions cumulative investment
805 blockchain startups
$4.9 billions Bitcoin capitalisation
Blockchain ecosystem
Fintechs are taking market
shares…It’s time to
react !
BANKS
FINTECHS
Continuous Delivery program3
Be like the GAFABe faster, bring more business value,
reduce maintenance costs
Change management
Agile coachsBring more business value, involve stakeholders.
ex. Scrum, Kanban, Backlog grooming, …
Software craftsmanship coachsBuild robust, testable and sustainable code.
ex. TDD, BDD, Clean code, …
DevOps coachsAutomate the delivery.
ex. IaC, Automated deployment, …
PlatformBacklog
groomingDevelopment
interfaceSource code management
Continuous integration Testing Libraries
repositoryDeployment automation
Metrology
Infrastructure as code
400+ applications transformed
Reduce TTM from months to 2 weeks
Reduce deploy time from months to minutes
What’s next ?4
New challenges
◉ Variabilization◉ Service discovery◉ Infrastructure hybridation◉ Multi-tenancy◉ Secret management
Let’s use HashiCorp tools !Leveraging on tools like Vault or Consul
Platform
Metrology
Backlog grooming
Development interface
Source code management
Continuous integration Testing Libraries
repositoryDeployment automation
Platform
RegistryDocker-swarm
The registratordiscovers newcontainers and feeds the registry
Application K/V store
DEV STAGING PROD
K/V store K/V store
Update version
Service discovery
Registry
Service providerService consumer
1. Publish2. Find
3. Bind
Network overlay
Host Host Host Host
SDNs
Infrastructure hybridation
Private cloud Public cloud
Password generation
On demandcredentials
No longer needharcodedcredentials
1. Request credentials
2. Connect
3. Scale
4. Connect
Addcredentials
Impersonification
I want totroubleshootproblems
Production
Works for SSH and DB !
1. Request credentials
2. Generate access
3. Login with generated credentials
Dev
PKI : certificates generation
Host Host Host
Generatingon demandcertificatesfor containerscommunication
Request certificates
DemoScary live demo time !
5
Demo
Commit
Webhook
Deploy
Compose
Compose
Generatecredentials
Conclusion6
Continuous delivery is now complete part of the bank
Huge change on the manner of working
Nearly everything is automated
Any questions ?You can find us at◉ @laurentgrangeau◉ [email protected]◉ [email protected]
Thanks!