Bank of China has completed the largest-scale deployment of a distributed cloud platform in the finance industry. Its cloud platform greatly outperforms traditional data centers by improving hardware resource usage by over 2.5 times and shortening the application rollout time by more than five times through elastic resource scaling and full-process simplification.
“1234” Digital Development
Founded in 1912, Bank of China (BOC) is a large state-owned commercial bank managed by China’s Ministry of Finance that has become one of world’s most important banks. As one of the four major banks in China, it’s also one of 29 “Systemically Important Financial Institutions in the world.” With a Tier-1 capital of US$230 billion, BOC ranked 44th on the Fortune Global 500 list in 2019, and fourth on the Top 1000 World Banks list in 2018 by the global financial intelligence publication The Banker.
In 2018, BOC devised a new development strategy, which will be led by technology and driven by innovation; BOC will transform to build a world-class bank in the new era, with technology-driven digital development at its core. This strategy marked the start of a new chapter for BOC’s digital transformation.
BOC’s digital transformation will be based on its “1234” guideline. This means it will center on one “digital transformation” strategy; will build two architectures (enterprise-level service and technical); will create three digital platforms: cloud computing, big data, and AI platforms; and focus on four fields: service innovation and development, business and technology integration, technical capabilities, and transformation of scientific and technological mechanisms.
Cloud Platform: Eliminates the Traditional Centralized Architecture Bottleneck
The adoption of centralized architectures by banks in China dates back to the 1960s. In the early stage of informatization, BOC — like other banks in China — opted for centralized development, to implement intensive management and advanced operations. After four decades, BOC has established a complete centralized architecture information system, which is quite mature in terms of its technical system, technical services, and ecosystem construction.
With the rapid development of Internet finance and the rising national requirements for independent core capabilities, the centralized architecture no longer meets the application requirements of emerging services such as the Internet services, data analysis, and channel access.
Risk concentration: With a centralized architecture, if an exception occurs, the entire system may fail, causing a global system fault.
Difficult capacity expansion: With a centralized architecture, the overall system capability can be increased only by improving the device configuration. The capacity expansion cost is high, and the operations are inconvenient. Meanwhile, the capacity expansion capability of the hardware is limited, which is insufficient given the rapid evolution of products and technologies.
High costs: Most software and hardware devices of the centralized architecture are provided by foreign vendors that monopolize the market. In these circumstances, banks have a weak price bargaining position and inevitably end up paying high prices for the equipment. Compounding the problem, they also can’t control the key technologies involved.
In this context, BOC decided to give equal priority to centralized and distributed architectures. In 2017, BOC released its construction plan for a distributed cloud platform, planning to build ultra-large cloud data centers in Xi’an, Hefei, and Inner Mongolia.
Construction of a Distributed Cloud Platform
An ideal cloud platform must be devised before platform construction. The key lies in the services and the requirements of the frontline Operations and Maintenance (O&M) team. These requirements include unified back-end management of computing, storage, and network resource pools to implement flexible resource scheduling.
Meanwhile, the resource pool scale must be able to meet large-scale application deployment needs. The cloud platform should also support cross-DC management and dual-active deployment. Automated installation and one-click application deployment are also priorities, as well as flexible resource scaling of application systems based on service loads. Ideally, a cloud platform will lead to few changes to the existing O&M system and allow for full process standardization.
The solution design must also take into account the reliability and availability requirements of financial services, as well as data security and regulatory compliance requirements.
After BOC’s design prerequisites and service requirements were specified, the design solution was created. BOC’s cloud platform in Xi’an consists of multiple OpenStack zones, including the production intranet zone, production Demilitarized Zone (DMZ), service assurance intranet zone, service assurance DMZ, and the O&M zone. The OpenStack zones carry different types of services with different requirements.
Production zone: Consists of the intranet zone and DMZ. The intranet zone is the most important of all zones, which is used for core service computing and core data storage. This zone doesn’t directly communicate with external data to ensure system stability and data confidentiality. Meanwhile, the production DMZ is used for external information communication and serves as the buffer zone between the production intranet and external networks.
Service assurance zone: Consists of the intranet zone and DMZ. The two zones serve the same functions as the production zone, but the service assurance zone is responsible for application development, User Acceptance Test (UAT), and pressure test.
With this architecture, the production zone and service assurance zone are physically isolated, to ensure data security and that the development environment is the same as the actual application environment. Within the different zones, the logical isolation mode is used to ensure information exchange and fast application deployment. An independent O&M zone is also established, to effectively monitor the entire system and properly schedule resources.
The construction of BOC’s Xi’an cloud platform highlighted the following points:
High Availability (HA): The cloud platform HA is classified into regional and local. For regional HA, the cloud platform allows applications to be deployed in two remote Data Centers (DCs) at the same time and supports unidirectional and bidirectional data replication between the two DCs, implementing dual-active deployment of distributed applications in the two DCs. The equipment room in Hefei and the two equipment rooms in Inner Mongolia will implement mutual disaster recovery and backup to ensure high service reliability. Local HA is realized by deploying multiple Availability Zones (AZs) in an OpenStack region. When one AZ is faulty, the others take over to ensure service continuity and VM availability.
Large scale: To achieve large-scale deployment, the cloud platform must support large-scale deployment of Physical Machines (PMs) and Virtual Machines (VMs), meeting the deployment requirements of high-concurrency and high-performance services. The cloud platform supports flexible scheduling of physical resources in an OpenStack region to meet resource requirements during peak hours. The cloud platform supports smooth capacity expansion of resource pools, allowing for new service rollout and migration of traditional services in the future. Finally, the cloud platform supports the scheduling of drill resource pools to cope with emergencies that require large-scale resource expansion.
Standardization: Standardization is a prerequisite for automated O&M. The standardization of the cloud platform goes through the entire process of construction, including hardware configuration standardization; software architecture standardization; hardware resource pool construction, capacity expansion, return standardization; VM resource application, approval, provisioning standardization; and end user-oriented service catalog standardization. In the standard mode, the cloud platform construction, management, O&M, and application are performed based on the best practices and specifications, greatly reducing management difficulties and improving O&M efficiency.
Servitization: Financial cloud users are separated from cloud builders and maintainers, providing self-service for application O&M personnel and implementing one-click deployment of application systems. O&M personnel can orchestrate each step in the process through dragging, which makes the entire process clearer and greatly improves the orchestration efficiency. The cloud platform is more automated and convenient, so that O&M personnel can focus on cloud construction and O&M instead of application rollout.
Smart Finance Starts from the Cloud Platform
The cloud platform of BOC has deployed thousands of physical nodes and provisioned nearly 10,000 VMs, the largest deployment of the distributed cloud platform in the financial industry. BOC is also the first enterprise in the banking industry to deploy production services on the distributed cloud platform.
Compared with traditional data centers, the cloud platform improves hardware resource usage by over 2.5 times through elastic resource scaling and simplified processes, and shortens the application rollout time more than five-fold. In the past, it took several weeks, or even months, to prepare for application rollout. Now, it takes only about a week to release the service on the cloud platform.
In 2019, BOC began construction of the first and second phases of the Hefei cloud platform and the cloud platform in Inner Mongolia. When completed, BOC will have a distributed DC architecture based in Xi’an, Hefei, and Inner Mongolia. As the scale of the cloud platform expands, a wide range of financial services, such as Internet services and channel transaction services, will go online. As BOC develops and evolves its distributed cloud platform, Huawei will provide support by continually upgrading HUAWEI CLOUD.
【About Bank of China】
Founded in 1912 as a central financial enterprise managed by the Ministry of Finance of China, Bank of China (BOC) is a large state-owned commercial bank — one of the four major banks in China. It is also one of the 29 “Systemically Important Financial Institutions” around the world. With a Tier-1 capital of US$230 billion, BOC ranked 44th on the Fortune Global 500 list in 2019 and fourth on the Top 1000 World Banks list in 2018 by the global financial intelligence publication The Banker.