Making a Mammoth Run

Continuous Delivery in a bank

I am Laurent GrangeauI love to automate things and run apps at scale. You can find me at @laurentgrangeau

Hello!

I am Christophe LecointeI tinker around and simplify things

Hello!

Overview of softwares in bank industries1

Banking overview

Old codeThere is lots of legacy code. Generally, the code base is > 5 years.

No agile processMostly waterfall process, ITIL compliant.

RegulationBanks can’t do what they want. There is a lot of regulation and audits.

Monolithic softwaresAs softwares were designed years ago, there is little microservices, and no 12factor principles.

Releases are manualGenerally, release is a manual process with service interruption.

Obsolete infrastructuresThere are still mainframe computers or specialized appliances like Sparc machines.

Fintechs arrival2

$12.7 billions funding

1.000+ companies

Leverage on cutting edge technologies

Fintech landscape

Appears in 2008

$921 millions cumulative investment

805 blockchain startups

$4.9 billions Bitcoin capitalisation

Blockchain ecosystem

Fintechs are taking market

shares…It’s time to

react !

BANKS

FINTECHS

Continuous Delivery program3

Be like the GAFABe faster, bring more business value,

reduce maintenance costs

Change management

Agile coachsBring more business value, involve stakeholders.

ex. Scrum, Kanban, Backlog grooming, …

Software craftsmanship coachsBuild robust, testable and sustainable code.

ex. TDD, BDD, Clean code, …

DevOps coachsAutomate the delivery.

ex. IaC, Automated deployment, …

PlatformBacklog

groomingDevelopment

interfaceSource code management

Continuous integration Testing Libraries

repositoryDeployment automation

Metrology

Infrastructure as code

400+ applications transformed

Reduce TTM from months to 2 weeks

Reduce deploy time from months to minutes

What’s next ?4

New challenges

◉ Variabilization◉ Service discovery◉ Infrastructure hybridation◉ Multi-tenancy◉ Secret management

Let’s use HashiCorp tools !Leveraging on tools like Vault or Consul

Platform

Metrology

Backlog grooming

Development interface

Source code management

Continuous integration Testing Libraries

repositoryDeployment automation

Platform

RegistryDocker-swarm

The registratordiscovers newcontainers and feeds the registry

Application K/V store

DEV STAGING PROD

K/V store K/V store

Update version

Service discovery

Registry

Service providerService consumer

1. Publish2. Find

3. Bind

Network overlay

Host Host Host Host

SDNs

Infrastructure hybridation

Private cloud Public cloud

Password generation

On demandcredentials

No longer needharcodedcredentials

1. Request credentials

2. Connect

3. Scale

4. Connect

Addcredentials

Impersonification

I want totroubleshootproblems

Production

Works for SSH and DB !

1. Request credentials

2. Generate access

3. Login with generated credentials

Dev

PKI : certificates generation

Host Host Host

Generatingon demandcertificatesfor containerscommunication

Request certificates

DemoScary live demo time !

5

Demo

Commit

Webhook

Deploy

Compose

Compose

Generatecredentials

Conclusion6

Continuous delivery is now complete part of the bank

Huge change on the manner of working

Nearly everything is automated

Any questions ?You can find us at◉ @laurentgrangeau◉ laurent.grangeau@gmail.com◉ christophe.lecointe@tuta.io

Thanks!