Cloud Native Blueprints for Banking

A Team Perspective by Jared Ruckle, Ford Donald, and Guillermo Tantachuco of VMware

Secure, Hybrid Banking Reference Architectures for Cloud Native Applications

Cloud native patterns and practices help banks release high-quality software faster. This in turn, helps the business get a leg up in the market. In banking this translates into the following:

Industry Trend	Cloud Native Advantage
不断上升的消费者期望。消费者现在期望能够随时访问金融服务。他们希望能使用多种设备实时进行交付，能通过自助服务使用网上银行。这对银行来说是个挑战，尤其是那些仍然完全依赖传统技术构建堆栈的银行。投资银行面临许多相同的挑战。	如果使用云原生应用，首要任务是采用API优先设计。开发人员可以向使用多种设备的用户交付功能。优秀的API也会提供舒适的用户体验。
与金融科技企业的竞争加剧。软件正在吞噬金融服务业。初创企业正凭借自身的软件优势赢得市场份额。他们可以根据客户反馈快速实施改进。与现有企业相比，这些初创公司具备许多优势，例如更好的文化、更精简的流程、没有技术债务等等。在过去5年中，我们已经在许多行业看到了这种颠覆性的模式，而现在它蔓延到了金融服务业。	遵循三个要点可帮助您成为软件定义的企业。首先是微服务架构。这提倡对系统各组件进行快速迭代和小规模更改。接着是持续交付，为开发人员提供无障碍的生产途径。这将实现频繁部署小规模更改，随着时间的推移，这些小更改累积起来将带来巨大好处。最后是DevOps文化，摒弃了传统的开发人员和运维人员角色和目标。相反，这种文化的目标是为客户带来价值。
法规要求和合规性。IT系统、流程和应用需要跟上行业法规和合规标准的发展浪潮。这需要投入大量时间、关注和预算。	云原生方法重视自动化和功能设计的“安全第一”方法。这两点对合规性至关重要。高度自动化的系统会记录每个活动，这样可以轻松看到变更内容、时间以及触发更新的人员。此外，自动化系统可以经常使用新组件进行快速修补和更新。自动化系统通常只需较少的日常人员参与工作，从而提高了安全性。 “安全第一”意味着工程师在开始设计功能时就会考虑安全性，而不是后期添加。
安全性。威胁形势在不断发展和变化。银行必须与恶意软件、高级持续性威胁(APT)和凭证泄露风险作斗争。	企业安全圈内的传统观点建议“放慢速度来降低风险”。但是，在云原生领域，“加快速度才能降低风险”。为什么呢？经常变化的系统很少受到恶意软件和其他威胁的攻击。静态环境容易产生恶意用户，并对企业造成严重破坏。使用自动化将最新修补程序快速应用到系统。采用不可变的基础架构概念，并经常将堆栈重新部署成“已知最近是良好状态”。经常轮换凭证，这样任何泄露的凭证很快就会到期并失效。

How Do Banks Go About Becoming Cloud Native? It Starts with a Platform.

Many banks adopt self-service platforms to help teams deliver software continuously. Why? A platform provides a consistent, predictable, and secure way to deploy and run apps. Platforms deliver crucial features to developers in a unified self-service model. In other words, platforms hide the messy details of a very complex set of IT capabilities.

At its best, a platform is the boring and reliable presentation of all the features your teams need. Capabilities are accessible in a way that is fast and simple for its consumers. Platforms provide these capabilities as fully-automated “dial-tone” that just works. Every application team can easily consume platform services on their own. You can imagine the economies of scale with platforms. The more apps you run on a platform, the more efficient it becomes for the organization, and the more value it provides.

When an organization goes “all in” on the right cloud native platform, everyone wins. Developers, operators, and finance teams all realize massive gains.

Reference Architecture: Sample Customer Banking App

The following sample application was the result of a deep collaboration and co-engineering between VMware and a strategic banking customer. This application is an enterprise data platform. It acts as data source for all other services to get reference data. We can see how the platform enables the developers to focus on their custom code. VMware Tanzu and Spring Cloud Services take care of ongoing management and operation.

Reference Architecture for Data Ingestion based on Spring Cloud Stream

This co-architected application features 14 custom services. Meanwhile, VMware Tanzu manages the underlying infrastructure and runtime dependencies. The platform also handles essential elements such as config server, service registry, circuit breaker dashboard, and app autoscaler.

The team’s white paper encapsulated several more learnings as reference architectures.